Skip to content

6.12 patchset #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 74 commits into from
Apr 16, 2025
Merged

6.12 patchset #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
74 commits
Select commit Hold shift + click to select a range
9d551c5
regenerate microdroid defconfigs
maade93791 Apr 14, 2025
5c0b9fc
microdroid: enable CONFIG_EXPERT
maade93791 Aug 1, 2024
cda3bfe
add toggle for disabling newly added USB devices
thestinger May 16, 2017
8874e87
add back Android paranoid check for socket creation
thestinger Apr 22, 2021
e43f3bf
bug on kmem_cache_free with the wrong cache
randomhydrosol Dec 6, 2021
6654dac
mm: add support for verifying page sanitization
thestinger May 4, 2017
d816c59
arm64: determine stack entropy based on mmap entropy
thestinger May 22, 2017
d0fd1b3
randomize lower bits of the argument block
thestinger May 11, 2017
6f32fbf
support randomizing the lower bits of brk
thestinger May 30, 2017
5540ce9
mm: randomize lower bits of brk
thestinger Jun 1, 2017
6ec3f5c
mm: guarantee brk gap is at least one page
thestinger Jun 1, 2017
c4273f7
use max mmap entropy by default to cover init
flawedworld Dec 13, 2021
b26ab37
add __read_only for non-init related usage
thestinger May 7, 2017
aa11f6d
make sysctl constants read-only
thestinger May 7, 2017
e53f2b9
mark slub runtime configuration as __ro_after_init
thestinger May 14, 2017
1cb9f53
add __ro_after_init to slab_nomerge and slab_state
thestinger May 3, 2017
c78ca86
mark kmem_cache as __ro_after_init
thestinger May 28, 2017
b228908
mark softirq_vec as __ro_after_init
thestinger Jul 4, 2017
6381824
enable CONFIG_INIT_ON_FREE_DEFAULT_ON
flawedworld Dec 13, 2021
ecf439c
Makefile: set -fvisibility=hidden for full LTO
randomhydrosol Dec 20, 2021
c25c854
arm64: enable 48-bit address space
flawedworld Dec 13, 2021
e2f68f7
arm64: raise default mmap bits for 48-bit address space
flawedworld Dec 13, 2021
18546d8
add FLAG_COMPAT_VA_39_BIT to execveat()
muhomorr Aug 27, 2022
98e2161
enable CONFIG_SYN_COOKIES
flawedworld Dec 19, 2021
c97ac2f
switch to sha256 for module signing
thestinger Oct 23, 2022
1281434
improve sign-file support for BoringSSL
thestinger Oct 25, 2022
1781ebe
switch to forced module signing
thestinger Mar 22, 2024
160d9b8
enable lockdown LSM in confidentiality mode
thestinger Oct 26, 2022
dc53750
disable LDISC_AUTOLOAD
thestinger Oct 25, 2022
81cc3e2
enable DEBUG_SG
thestinger Oct 28, 2022
106f9da
disable BINFMT_MISC
thestinger Oct 31, 2022
025865c
enable BPF JIT hardening by default
thestinger Mar 30, 2023
7f42e9a
x86_64: raise DEFAULT_MMAP_MIN_ADDR
thestinger Apr 21, 2023
602a732
mm: kfence: respect BUG_ON_DATA_CORRUPTION
thestinger Apr 22, 2023
4f8dbf2
enable RANDOMIZE_KSTACK_OFFSET_DEFAULT
thestinger Apr 21, 2023
55522f6
bugfix: clear 39-bit VA flag after exec
muhomorr Nov 13, 2023
571cfba
disable unnecessary sysrq functionality
thestinger Feb 1, 2024
b576ef3
temporarily ignore sysrq_always_enabled
thestinger Feb 19, 2024
b2febf4
enable reset attack mitigation for UEFI
thestinger Jan 19, 2024
521c64f
arm64: temporarily disable forced module signing
thestinger Apr 15, 2024
810ea7c
disable UNWIND_PATCH_PAC_INTO_SCS
thestinger Feb 4, 2024
7f70052
enable ARM64_BTI_KERNEL
thestinger Feb 4, 2024
089b709
ANDROID: usb: typec: tcpm: Bring back tcpm_update_sink_capabilities
Sep 29, 2020
41533f4
usb: typec: tcpm: add option to ignore alt modes
muhomorr Feb 23, 2024
81dd488
ANDROID: tools/resolve_btfids: Pass CFLAGS to libsubcmd build via EXT…
nathanchance Sep 7, 2023
61857b1
selinux: add security_sid_to_context_type() function
muhomorr Sep 3, 2023
4e5739b
selinux: cache zygote context types when loading policy
muhomorr Sep 3, 2023
d111568
selinux: allow zygote to set flags in task_security_struct
muhomorr Sep 3, 2023
6ea1346
selinux: add function for auditing tsec_flags-related denials
muhomorr Sep 28, 2023
cb851fc
selinux: support restricting dynamic code execution via tsec_flags
muhomorr Aug 31, 2023
ca229c9
selinux: support blocking ptrace access via tsec_flags
muhomorr Sep 28, 2023
254a096
x86_64: enable forced module signing
maade93791 Jun 17, 2024
405b3c0
arm64: update ABI for virtual device
maade93791 Jun 17, 2024
f66ad07
add build script for virtual-device with support for module signing
maade93791 Jun 18, 2024
afe228c
extend deny_new_usb to USB gadgets
muhomorr Jun 19, 2024
5ebd370
add update_virt_prebuilts.sh
maade93791 Jun 19, 2024
f70782e
disable CONFIG_HIBERNATION
thestinger Oct 26, 2024
89fb772
enable CONFIG_RANDSTRUCT_FULL
thestinger Aug 29, 2024
e908c7b
use deterministic RANDSTRUCT seed based on timestamp
thestinger Aug 29, 2024
214e698
enable CONFIG_RANDOM_KMALLOC_CACHES
thestinger Aug 29, 2024
5453b3e
enable CONFIG_EFI_DISABLE_PCI_DMA
thestinger Aug 29, 2024
5c150db
add CONFIG_MICRODROID entry and enable it for microdroid_defconfig
maade93791 Aug 1, 2024
99fc453
selinux: don't cancel loading sepolicy because of missing context_typ…
maade93791 Sep 10, 2024
7442add
microdroid: enable CONFIG_FORTIFY_SOURCE
thestinger Oct 26, 2024
26b9f39
microdroid: disable CONFIG_RSEQ
thestinger Oct 26, 2024
b1b623e
microdroid: match gki KFENCE configuration
thestinger Oct 26, 2024
9117a96
android: disable unused CONFIG_LEGACY_TIOCSTI
thestinger Oct 26, 2024
f0569bb
android: disable unused cachestat syscall
thestinger Oct 26, 2024
4bcb606
disable unused TIPC
thestinger Nov 11, 2024
9ba1f7e
zero memory in early boot
thestinger Feb 6, 2025
ad533d3
slub: add multi-purpose random canaries
thestinger May 3, 2017
42fb4e0
config regen
maade93791 Apr 14, 2025
cc0fbc4
add back tipc.ko to modules_out
maade93791 Apr 14, 2025
94cf16c
add sha1_generic.ko to modules_out
maade93791 Apr 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 2 additions & 9 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -967,16 +967,9 @@ endif

ifdef CONFIG_LTO_CLANG
ifdef CONFIG_LTO_CLANG_THIN
CC_FLAGS_LTO := -flto=thin -fsplit-lto-unit
CC_FLAGS_LTO := -flto=thin -fsplit-lto-unit -fvisibility=default
else
CC_FLAGS_LTO := -flto
endif

ifeq ($(SRCARCH),x86)
# Workaround for compiler / linker bug
CC_FLAGS_LTO += -fvisibility=hidden
else
CC_FLAGS_LTO += -fvisibility=default
CC_FLAGS_LTO := -flto -fvisibility=hidden
endif

# Limit inlining across translation units to reduce binary size
Expand Down
4 changes: 4 additions & 0 deletions arch/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1664,6 +1664,10 @@ config ARCH_HAS_KERNEL_FPU_SUPPORT
Architectures that select this option can run floating-point code in
the kernel, as described in Documentation/core-api/floating-point.rst.

config MICRODROID
bool "Enables support for Microdroid VM"
default n

source "kernel/gcov/Kconfig"

source "scripts/gcc-plugins/Kconfig"
Expand Down
2 changes: 2 additions & 0 deletions arch/arm/mm/init.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,8 @@ void __init bootmem_init(void)

find_limits(&min_low_pfn, &max_low_pfn, &max_pfn);

early_memzero((phys_addr_t)min_low_pfn << PAGE_SHIFT,
(phys_addr_t)max_low_pfn << PAGE_SHIFT);
early_memtest((phys_addr_t)min_low_pfn << PAGE_SHIFT,
(phys_addr_t)max_low_pfn << PAGE_SHIFT);

Expand Down
30 changes: 20 additions & 10 deletions arch/arm64/configs/gki_defconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,13 +49,13 @@ CONFIG_EXPERT=y
# CONFIG_SYSFS_SYSCALL is not set
# CONFIG_FHANDLE is not set
# CONFIG_RSEQ is not set
# CONFIG_CACHESTAT_SYSCALL is not set
CONFIG_KALLSYMS_ALL=y
CONFIG_PROFILING=y
CONFIG_RUST=y
CONFIG_ARCH_SUNXI=y
CONFIG_ARCH_HISI=y
CONFIG_ARCH_QCOM=y
CONFIG_ARM64_VA_BITS_39=y
CONFIG_ARM64_VA_BITS_48=y
CONFIG_SCHED_MC=y
CONFIG_NR_CPUS=32
CONFIG_PARAVIRT_TIME_ACCOUNTING=y
Expand All @@ -65,14 +65,11 @@ CONFIG_ARMV8_DEPRECATED=y
CONFIG_SWP_EMULATION=y
CONFIG_CP15_BARRIER_EMULATION=y
CONFIG_SETEND_EMULATION=y
# CONFIG_ARM64_BTI_KERNEL is not set
CONFIG_RANDOMIZE_BASE=y
# CONFIG_RANDOMIZE_MODULE_REGION_FULL is not set
CONFIG_UNWIND_PATCH_PAC_INTO_SCS=y
CONFIG_CMDLINE="console=ttynull stack_depot_disable=on cgroup_disable=pressure kasan.stacktrace=off kvm-arm.mode=protected bootconfig"
CONFIG_CMDLINE_EXTEND=y
# CONFIG_DMI is not set
CONFIG_HIBERNATION=y
CONFIG_PM_WAKELOCKS=y
CONFIG_PM_WAKELOCKS_LIMIT=0
# CONFIG_PM_WAKELOCKS_GC is not set
Expand All @@ -98,13 +95,15 @@ CONFIG_JUMP_LABEL=y
CONFIG_SHADOW_CALL_STACK=y
CONFIG_AUTOFDO_CLANG=y
CONFIG_CFI_CLANG=y
CONFIG_ARCH_MMAP_RND_BITS=33
CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
CONFIG_MODVERSIONS=y
CONFIG_GENDWARFKSYMS=y
CONFIG_MODULE_SCMVERSION=y
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_PROTECT=y
CONFIG_MODULE_SIG_SHA256=y
CONFIG_MODPROBE_PATH="/system/bin/modprobe"
CONFIG_BLK_DEV_ZONED=y
CONFIG_BLK_WBT=y
Expand All @@ -114,10 +113,10 @@ CONFIG_BLK_INLINE_ENCRYPTION=y
CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=y
CONFIG_GKI_HACKS_TO_FIX=y
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
CONFIG_BINFMT_MISC=y
# CONFIG_SLAB_MERGE_DEFAULT is not set
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_RANDOM_KMALLOC_CACHES=y
CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
# CONFIG_COMPAT_BRK is not set
CONFIG_MEMORY_HOTPLUG=y
Expand Down Expand Up @@ -150,6 +149,7 @@ CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_NET_IPIP=y
CONFIG_NET_IPGRE_DEMUX=y
CONFIG_NET_IPGRE=y
CONFIG_SYN_COOKIES=y
CONFIG_NET_IPVTI=y
CONFIG_INET_ESP=y
CONFIG_INET_UDP_DIAG=y
Expand Down Expand Up @@ -244,7 +244,6 @@ CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_REJECT=y
CONFIG_IP6_NF_MANGLE=y
CONFIG_IP6_NF_RAW=y
CONFIG_TIPC=m
CONFIG_L2TP=m
CONFIG_BRIDGE=y
CONFIG_VLAN_8021Q=m
Expand Down Expand Up @@ -323,6 +322,8 @@ CONFIG_ARM_SCMI_PROTOCOL=y
CONFIG_ARM_SCMI_TRANSPORT_VIRTIO=y
CONFIG_ARM_SCPI_PROTOCOL=y
# CONFIG_EFI_ARMSTUB_DTB_LOADER is not set
CONFIG_RESET_ATTACK_MITIGATION=y
CONFIG_EFI_DISABLE_PCI_DMA=y
CONFIG_GNSS=m
CONFIG_ZRAM=m
CONFIG_ZRAM_BACKEND_LZ4=y
Expand Down Expand Up @@ -406,6 +407,8 @@ CONFIG_INPUT_MISC=y
CONFIG_INPUT_UINPUT=y
# CONFIG_VT is not set
# CONFIG_LEGACY_PTYS is not set
# CONFIG_LEGACY_TIOCSTI is not set
# CONFIG_LDISC_AUTOLOAD is not set
CONFIG_SERIAL_8250=y
# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set
CONFIG_SERIAL_8250_CONSOLE=y
Expand Down Expand Up @@ -599,7 +602,6 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VHOST_VSOCK=y
CONFIG_STAGING=y
CONFIG_ASHMEM=y
CONFIG_ASHMEM_RUST=y
CONFIG_COMMON_CLK_SCPI=y
# CONFIG_SUNXI_CCU is not set
CONFIG_CLK_KUNIT_TEST=m
Expand Down Expand Up @@ -720,8 +722,13 @@ CONFIG_FORTIFY_SOURCE=y
CONFIG_STATIC_USERMODEHELPER=y
CONFIG_STATIC_USERMODEHELPER_PATH=""
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
CONFIG_INIT_ON_FREE_DEFAULT_ON=y
CONFIG_BUG_ON_DATA_CORRUPTION=y
CONFIG_RANDSTRUCT_FULL=y
CONFIG_CRYPTO_ECDH=y
CONFIG_CRYPTO_DES=y
CONFIG_CRYPTO_ADIANTUM=y
Expand Down Expand Up @@ -757,6 +764,8 @@ CONFIG_MODULE_ALLOW_BTF_MISMATCH=y
CONFIG_HEADERS_INSTALL=y
# CONFIG_SECTION_MISMATCH_WARN_ONLY is not set
CONFIG_MAGIC_SYSRQ=y
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
# CONFIG_MAGIC_SYSRQ_SERIAL is not set
CONFIG_UBSAN=y
CONFIG_UBSAN_TRAP=y
# CONFIG_UBSAN_SIGNED_WRAP is not set
Expand All @@ -775,6 +784,7 @@ CONFIG_PANIC_TIMEOUT=-1
CONFIG_SOFTLOCKUP_DETECTOR=y
CONFIG_WQ_WATCHDOG=y
CONFIG_SCHEDSTATS=y
CONFIG_DEBUG_SG=y
CONFIG_HIST_TRIGGERS=y
CONFIG_PID_IN_CONTEXTIDR=y
CONFIG_KUNIT=m
Expand Down
43 changes: 28 additions & 15 deletions arch/arm64/configs/microdroid_defconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,22 @@ CONFIG_RCU_BOOST=y
CONFIG_RCU_NOCB_CPU=y
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
# CONFIG_UTS_NS is not set
# CONFIG_TIME_NS is not set
# CONFIG_PID_NS is not set
# CONFIG_NET_NS is not set
# CONFIG_RD_GZIP is not set
# CONFIG_RD_BZIP2 is not set
# CONFIG_RD_LZMA is not set
# CONFIG_RD_XZ is not set
# CONFIG_RD_LZO is not set
# CONFIG_RD_ZSTD is not set
CONFIG_BOOT_CONFIG=y
CONFIG_EXPERT=y
# CONFIG_RSEQ is not set
# CONFIG_CACHESTAT_SYSCALL is not set
CONFIG_PROFILING=y
CONFIG_ARM64_VA_BITS_39=y
CONFIG_KEXEC_FILE=y
CONFIG_ARM64_VA_BITS_48=y
CONFIG_SCHED_MC=y
CONFIG_NR_CPUS=32
CONFIG_PARAVIRT_TIME_ACCOUNTING=y
CONFIG_KEXEC_FILE=y
CONFIG_ARM64_SW_TTBR0_PAN=y
CONFIG_RANDOMIZE_BASE=y
# CONFIG_RANDOMIZE_MODULE_REGION_FULL is not set
Expand All @@ -39,15 +38,18 @@ CONFIG_VIRTUALIZATION=y
CONFIG_JUMP_LABEL=y
CONFIG_SHADOW_CALL_STACK=y
CONFIG_CFI_CLANG=y
CONFIG_ARCH_MMAP_RND_BITS=33
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
CONFIG_MICRODROID=y
CONFIG_BLK_DEV_ZONED=y
CONFIG_PARTITION_ADVANCED=y
# CONFIG_MSDOS_PARTITION is not set
CONFIG_IOSCHED_BFQ=y
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
CONFIG_BINFMT_MISC=y
# CONFIG_SLAB_MERGE_DEFAULT is not set
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_RANDOM_KMALLOC_CACHES=y
CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
# CONFIG_COMPAT_BRK is not set
CONFIG_MEMORY_HOTPLUG=y
Expand All @@ -61,6 +63,7 @@ CONFIG_LRU_GEN=y
CONFIG_NET=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_SYN_COOKIES=y
CONFIG_VSOCKETS=y
CONFIG_VIRTIO_VSOCKETS=y
# CONFIG_WIRELESS is not set
Expand All @@ -69,13 +72,12 @@ CONFIG_PCIEPORTBUS=y
CONFIG_PCIEAER=y
CONFIG_PCI_IOV=y
CONFIG_PCI_HOST_GENERIC=y
CONFIG_PCIE_DW_PLAT_EP=y
CONFIG_PCIE_KIRIN=y
CONFIG_PCIE_DW_PLAT_EP=y
CONFIG_PCI_ENDPOINT=y
CONFIG_FW_LOADER_USER_HELPER=y
# CONFIG_FW_CACHE is not set
CONFIG_ARM_SCMI_PROTOCOL=y
# CONFIG_ARM_SCMI_POWER_DOMAIN is not set
CONFIG_ZRAM=y
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_LOOP_MIN_COUNT=16
Expand All @@ -93,6 +95,8 @@ CONFIG_DM_VERITY_FEC=y
# CONFIG_INPUT_KEYBOARD is not set
# CONFIG_INPUT_MOUSE is not set
# CONFIG_LEGACY_PTYS is not set
# CONFIG_LEGACY_TIOCSTI is not set
# CONFIG_LDISC_AUTOLOAD is not set
CONFIG_SERIAL_8250=y
# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set
CONFIG_SERIAL_8250_CONSOLE=y
Expand All @@ -101,7 +105,6 @@ CONFIG_SERIAL_8250_RUNTIME_UARTS=0
CONFIG_SERIAL_OF_PLATFORM=y
CONFIG_NULL_TTY=y
CONFIG_VIRTIO_CONSOLE=y
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_CCTRNG=y
# CONFIG_DEVMEM is not set
# CONFIG_DEVPORT is not set
Expand All @@ -126,6 +129,7 @@ CONFIG_VIRTIO_PCI=y
CONFIG_VIRTIO_BALLOON=y
CONFIG_STAGING=y
CONFIG_HWSPINLOCK=y
# CONFIG_ARM_SCMI_POWER_DOMAIN is not set
CONFIG_EXT4_FS=y
# CONFIG_EXT4_USE_FOR_EXT2 is not set
CONFIG_EXT4_FS_POSIX_ACL=y
Expand All @@ -140,10 +144,17 @@ CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_STATIC_USERMODEHELPER=y
CONFIG_STATIC_USERMODEHELPER_PATH=""
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
CONFIG_INIT_ON_FREE_DEFAULT_ON=y
CONFIG_BUG_ON_DATA_CORRUPTION=y
CONFIG_RANDSTRUCT_FULL=y
CONFIG_CRYPTO_HCTR2=y
CONFIG_CRYPTO_LZO=y
CONFIG_CRYPTO_SHA2_ARM64_CE=y
Expand All @@ -154,29 +165,31 @@ CONFIG_DMA_RESTRICTED_POOL=y
CONFIG_PRINTK_TIME=y
CONFIG_PRINTK_CALLER=y
CONFIG_DYNAMIC_DEBUG_CORE=y
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_INFO_DWARF5=y
CONFIG_DEBUG_INFO_REDUCED=y
CONFIG_HEADERS_INSTALL=y
# CONFIG_SECTION_MISMATCH_WARN_ONLY is not set
CONFIG_MAGIC_SYSRQ=y
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
# CONFIG_MAGIC_SYSRQ_SERIAL is not set
CONFIG_UBSAN=y
CONFIG_UBSAN_TRAP=y
CONFIG_UBSAN_LOCAL_BOUNDS=y
# CONFIG_UBSAN_SHIFT is not set
# CONFIG_UBSAN_BOOL is not set
# CONFIG_UBSAN_ENUM is not set
CONFIG_PAGE_OWNER=y
CONFIG_DEBUG_STACK_USAGE=y
CONFIG_KASAN=y
CONFIG_KASAN_HW_TAGS=y
CONFIG_KFENCE=y
CONFIG_KFENCE_SAMPLE_INTERVAL=500
CONFIG_KFENCE_NUM_OBJECTS=63
CONFIG_KFENCE_STATIC_KEYS=y
CONFIG_PANIC_ON_OOPS=y
CONFIG_PANIC_TIMEOUT=-1
CONFIG_SOFTLOCKUP_DETECTOR=y
CONFIG_WQ_WATCHDOG=y
CONFIG_SCHEDSTATS=y
# CONFIG_DEBUG_PREEMPT is not set
CONFIG_BUG_ON_DATA_CORRUPTION=y
CONFIG_DEBUG_SG=y
CONFIG_HIST_TRIGGERS=y
CONFIG_PID_IN_CONTEXTIDR=y
# CONFIG_RUNTIME_TESTING_MENU is not set
18 changes: 14 additions & 4 deletions arch/arm64/include/asm/elf.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,11 @@
#ifdef CONFIG_ARM64_FORCE_52BIT
#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3)
#else
#define ELF_ET_DYN_BASE (2 * DEFAULT_MAP_WINDOW_64 / 3)
/*
* Originally used DEFAULT_MAP_WINDOW_64, switched to DEFAULT_MAP_WINDOW for compatibility with 39-bit mode.
* Will return the value of DEFAULT_MAP_WINDOW_64 if compat_va_39_bit is not enabled.
*/
#define ELF_ET_DYN_BASE (2 * DEFAULT_MAP_WINDOW / 3)
#endif /* CONFIG_ARM64_FORCE_52BIT */

#ifndef __ASSEMBLY__
Expand Down Expand Up @@ -186,13 +190,19 @@ struct linux_binprm;
extern int arch_setup_additional_pages(struct linux_binprm *bprm,
int uses_interp);

// same as mmap_rnd_bits when VA_BITS == 39
#define MMAP_RND_BITS_39_BIT 24

/* 1GB of VA */
#ifdef CONFIG_COMPAT
#define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \
0x7ff >> (PAGE_SHIFT - 12) : \
0x3ffff >> (PAGE_SHIFT - 12))
((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \
(test_thread_flag(TIF_39BIT) ? \
((1UL << MMAP_RND_BITS_39_BIT) - 1) >> (PAGE_SHIFT - 12) : \
((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)))

#else
#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12))
#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12))
#endif

#ifdef __AARCH64EB__
Expand Down
9 changes: 5 additions & 4 deletions arch/arm64/include/asm/processor.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@

#define DEFAULT_MAP_WINDOW_64 (UL(1) << VA_BITS_MIN)
#define TASK_SIZE_64 (UL(1) << vabits_actual)
#define TASK_SIZE_39 (UL(1) << 39)
#define TASK_SIZE_MAX (UL(1) << VA_BITS)

#ifdef CONFIG_COMPAT
Expand All @@ -66,11 +67,11 @@
#define TASK_SIZE_32 (UL(0x100000000) - PAGE_SIZE)
#endif /* CONFIG_ARM64_64K_PAGES */
#define TASK_SIZE (test_thread_flag(TIF_32BIT) ? \
TASK_SIZE_32 : TASK_SIZE_64)
TASK_SIZE_32 : (test_thread_flag(TIF_39BIT) ? TASK_SIZE_39 : TASK_SIZE_64))
#define TASK_SIZE_OF(tsk) (test_tsk_thread_flag(tsk, TIF_32BIT) ? \
TASK_SIZE_32 : TASK_SIZE_64)
TASK_SIZE_32 : (test_tsk_thread_flag(tsk, TIF_39BIT) ? TASK_SIZE_39 : TASK_SIZE_64))
#define DEFAULT_MAP_WINDOW (test_thread_flag(TIF_32BIT) ? \
TASK_SIZE_32 : DEFAULT_MAP_WINDOW_64)
TASK_SIZE_32 : (test_thread_flag(TIF_39BIT) ? TASK_SIZE_39 : DEFAULT_MAP_WINDOW_64))
#else
#define TASK_SIZE TASK_SIZE_64
#define DEFAULT_MAP_WINDOW DEFAULT_MAP_WINDOW_64
Expand All @@ -87,7 +88,7 @@
#ifdef CONFIG_COMPAT
#define AARCH32_VECTORS_BASE 0xffff0000
#define STACK_TOP (test_thread_flag(TIF_32BIT) ? \
AARCH32_VECTORS_BASE : STACK_TOP_MAX)
AARCH32_VECTORS_BASE : (test_thread_flag(TIF_39BIT) ? TASK_SIZE_39 : STACK_TOP_MAX))
#else
#define STACK_TOP STACK_TOP_MAX
#endif /* CONFIG_COMPAT */
Expand Down
Loading