* [PATCH 0/2] Drop obsolete configs from hardening.config
@ 2024-02-08 9:10 Lukas Bulwahn
2024-02-08 9:10 ` [PATCH 1/2] hardening: drop obsolete UBSAN_SANITIZE_ALL from config fragment Lukas Bulwahn
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Lukas Bulwahn @ 2024-02-08 9:10 UTC (permalink / raw)
To: Kees Cook, Gustavo A . R . Silva, linux-hardening
Cc: kernel-janitors, linux-kernel, Lukas Bulwahn
Dear Kees,
here are two patches cleaning up the hardening config fragment from obsolete
config options.
Feel free to squash them if you think they should not be two separate commits.
Lukas
Lukas Bulwahn (2):
hardening: drop obsolete UBSAN_SANITIZE_ALL from config fragment
hardening: drop obsolete DRM_LEGACY from config fragment
kernel/configs/hardening.config | 4 ----
1 file changed, 4 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] hardening: drop obsolete UBSAN_SANITIZE_ALL from config fragment
2024-02-08 9:10 [PATCH 0/2] Drop obsolete configs from hardening.config Lukas Bulwahn
@ 2024-02-08 9:10 ` Lukas Bulwahn
2024-02-08 9:10 ` [PATCH 2/2] hardening: drop obsolete DRM_LEGACY " Lukas Bulwahn
2024-02-10 6:31 ` [PATCH 0/2] Drop obsolete configs from hardening.config Kees Cook
2 siblings, 0 replies; 4+ messages in thread
From: Lukas Bulwahn @ 2024-02-08 9:10 UTC (permalink / raw)
To: Kees Cook, Gustavo A . R . Silva, linux-hardening
Cc: kernel-janitors, linux-kernel, Lukas Bulwahn
Commit 7a628f818499 ("ubsan: Remove CONFIG_UBSAN_SANITIZE_ALL") removes the
config UBSAN_SANITIZE_ALL, but one reference to that config is left in the
hardening.config fragment.
Drop this reference in hardening.config fragment.
Note that CONFIG_UBSAN is still enabled in the hardening.config fragment,
so the functionality when using this fragment remains the same.
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
---
kernel/configs/hardening.config | 1 -
1 file changed, 1 deletion(-)
diff --git a/kernel/configs/hardening.config b/kernel/configs/hardening.config
index 95a400f042b1..4dc0cd342ced 100644
--- a/kernel/configs/hardening.config
+++ b/kernel/configs/hardening.config
@@ -44,7 +44,6 @@ CONFIG_UBSAN_BOUNDS=y
# CONFIG_UBSAN_BOOL
# CONFIG_UBSAN_ENUM
# CONFIG_UBSAN_ALIGNMENT
-CONFIG_UBSAN_SANITIZE_ALL=y
# Linked list integrity checking.
CONFIG_LIST_HARDENED=y
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] hardening: drop obsolete DRM_LEGACY from config fragment
2024-02-08 9:10 [PATCH 0/2] Drop obsolete configs from hardening.config Lukas Bulwahn
2024-02-08 9:10 ` [PATCH 1/2] hardening: drop obsolete UBSAN_SANITIZE_ALL from config fragment Lukas Bulwahn
@ 2024-02-08 9:10 ` Lukas Bulwahn
2024-02-10 6:31 ` [PATCH 0/2] Drop obsolete configs from hardening.config Kees Cook
2 siblings, 0 replies; 4+ messages in thread
From: Lukas Bulwahn @ 2024-02-08 9:10 UTC (permalink / raw)
To: Kees Cook, Gustavo A . R . Silva, linux-hardening
Cc: kernel-janitors, linux-kernel, Lukas Bulwahn
Commit 94f8f319cbcb ("drm: Remove Kconfig option for legacy support
(CONFIG_DRM_LEGACY)") removes the config DRM_LEGACY, but one reference to
that config is left in the hardening.config fragment.
As there is no drm legacy driver left, we do not need to recommend this
attack surface reduction anymore.
Drop this reference in hardening.config fragment.
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
---
kernel/configs/hardening.config | 3 ---
1 file changed, 3 deletions(-)
diff --git a/kernel/configs/hardening.config b/kernel/configs/hardening.config
index 4dc0cd342ced..ed126d7b5e83 100644
--- a/kernel/configs/hardening.config
+++ b/kernel/configs/hardening.config
@@ -92,6 +92,3 @@ CONFIG_SYN_COOKIES=y
# Attack surface reduction: Use the modern PTY interface (devpts) only.
# CONFIG_LEGACY_PTYS is not set
-
-# Attack surface reduction: Use only modesetting video drivers.
-# CONFIG_DRM_LEGACY is not set
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] Drop obsolete configs from hardening.config
2024-02-08 9:10 [PATCH 0/2] Drop obsolete configs from hardening.config Lukas Bulwahn
2024-02-08 9:10 ` [PATCH 1/2] hardening: drop obsolete UBSAN_SANITIZE_ALL from config fragment Lukas Bulwahn
2024-02-08 9:10 ` [PATCH 2/2] hardening: drop obsolete DRM_LEGACY " Lukas Bulwahn
@ 2024-02-10 6:31 ` Kees Cook
2 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2024-02-10 6:31 UTC (permalink / raw)
To: Gustavo A . R . Silva, linux-hardening, Lukas Bulwahn
Cc: Kees Cook, kernel-janitors, linux-kernel
On Thu, 08 Feb 2024 10:10:43 +0100, Lukas Bulwahn wrote:
> here are two patches cleaning up the hardening config fragment from obsolete
> config options.
>
> Feel free to squash them if you think they should not be two separate commits.
>
> Lukas
>
> [...]
Applied to for-next/hardening, thanks!
[1/2] hardening: drop obsolete UBSAN_SANITIZE_ALL from config fragment
https://git.kernel.org/kees/c/8ab2b5398287
[2/2] hardening: drop obsolete DRM_LEGACY from config fragment
https://git.kernel.org/kees/c/8dafd56868ef
Take care,
--
Kees Cook
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-02-10 6:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-08 9:10 [PATCH 0/2] Drop obsolete configs from hardening.config Lukas Bulwahn
2024-02-08 9:10 ` [PATCH 1/2] hardening: drop obsolete UBSAN_SANITIZE_ALL from config fragment Lukas Bulwahn
2024-02-08 9:10 ` [PATCH 2/2] hardening: drop obsolete DRM_LEGACY " Lukas Bulwahn
2024-02-10 6:31 ` [PATCH 0/2] Drop obsolete configs from hardening.config Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox