From 8514e2952b1faf7e5069407d5df5e814b3af4a0b Mon Sep 17 00:00:00 2001 From: Tk-Glitch Date: Mon, 15 Jan 2024 16:35:22 +0100 Subject: [PATCH] 6.6: Update defconfig to 6.6.11 and import `arch/Kconfig: Default to maximum amount of ASLR bits` https://gitlab.archlinux.org/archlinux/packaging/packages/linux-lts/-/commit/de42b55679bc535116b861d993286c450a6cabef --- linux-tkg-config/6.6/config.x86_64 | 14 ++++---- .../6.6/0012-misc-additions.patch | 33 +++++++++++++++++++ 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/linux-tkg-config/6.6/config.x86_64 b/linux-tkg-config/6.6/config.x86_64 index a3abe9a..ed533b6 100644 --- a/linux-tkg-config/6.6/config.x86_64 +++ b/linux-tkg-config/6.6/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.8-arch1 Kernel Configuration +# Linux/x86 6.6.11 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.1 20230801" CONFIG_CC_IS_GCC=y @@ -123,14 +123,16 @@ CONFIG_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT_DEFAULT_ON=y CONFIG_BPF_UNPRIV_DEFAULT_OFF=y -# CONFIG_BPF_PRELOAD is not set +CONFIG_USERMODE_DRIVER=y +CONFIG_BPF_PRELOAD=y +CONFIG_BPF_PRELOAD_UMD=m CONFIG_BPF_LSM=y # end of BPF subsystem CONFIG_PREEMPT_BUILD=y # CONFIG_PREEMPT_NONE is not set -# CONFIG_PREEMPT_VOLUNTARY is not set -CONFIG_PREEMPT=y +CONFIG_PREEMPT_VOLUNTARY=y +# CONFIG_PREEMPT is not set CONFIG_PREEMPT_COUNT=y CONFIG_PREEMPTION=y CONFIG_PREEMPT_DYNAMIC=y @@ -878,9 +880,9 @@ CONFIG_SOFTIRQ_ON_OWN_STACK=y CONFIG_ARCH_HAS_ELF_RANDOMIZE=y CONFIG_HAVE_ARCH_MMAP_RND_BITS=y CONFIG_HAVE_EXIT_THREAD=y -CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_ARCH_MMAP_RND_BITS=32 CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y -CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16 CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y CONFIG_PAGE_SIZE_LESS_THAN_64KB=y CONFIG_PAGE_SIZE_LESS_THAN_256KB=y diff --git a/linux-tkg-patches/6.6/0012-misc-additions.patch b/linux-tkg-patches/6.6/0012-misc-additions.patch index dc95632..9d1e2f6 100644 --- a/linux-tkg-patches/6.6/0012-misc-additions.patch +++ b/linux-tkg-patches/6.6/0012-misc-additions.patch @@ -821,3 +821,36 @@ index c2308783053c..29e1cada7667 100644 -- GitLab +From 3a88b77d3cb9f9cd8a8aee052ab479b73aeb2e80 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" +Date: Sat, 13 Jan 2024 15:29:25 +0100 +Subject: [PATCH] arch/Kconfig: Default to maximum amount of ASLR bits + +To mitigate https://zolutal.github.io/aslrnt/; do this with a patch to +avoid having to enable `CONFIG_EXPERT`. +--- + arch/Kconfig | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/Kconfig b/arch/Kconfig +index f4b210ab061291..837d0dbb28ea08 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -1032,7 +1032,7 @@ config ARCH_MMAP_RND_BITS + int "Number of bits to use for ASLR of mmap base address" if EXPERT + range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX + default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT +- default ARCH_MMAP_RND_BITS_MIN ++ default ARCH_MMAP_RND_BITS_MAX + depends on HAVE_ARCH_MMAP_RND_BITS + help + This value can be used to select the number of bits to use to +@@ -1066,7 +1066,7 @@ config ARCH_MMAP_RND_COMPAT_BITS + int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT + range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX + default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT +- default ARCH_MMAP_RND_COMPAT_BITS_MIN ++ default ARCH_MMAP_RND_COMPAT_BITS_MAX + depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS + help + This value can be used to select the number of bits to use to