Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Tirdad patch to kernel #26

Open
wants to merge 106 commits into
base: master
Choose a base branch
from
+746 −275
Open

Add Tirdad patch to kernel #26

Changes from 1 commit
Commits
Show all changes
106 commits
Select commit Hold shift + click to select a range
8bc7636
make DEFAULT_MMAP_MIN_ADDR match LSM_MMAP_MIN_ADDR
thestinger May 27, 2017
a8488f5
enable HARDENED_USERCOPY by default
thestinger May 29, 2017
74df025
disable HARDENED_USERCOPY_FALLBACK by default
thestinger Apr 26, 2018
4eb0d58
enable SECURITY_DMESG_RESTRICT by default
thestinger May 3, 2017
c51ecd0
set kptr_restrict=2 by default
thestinger May 3, 2017
d4adb1e
enable DEBUG_LIST by default
thestinger May 3, 2017
1ccc60c
enable BUG_ON_DATA_CORRUPTION by default
thestinger May 29, 2017
1d4df4f
enable ARM64_SW_TTBR0_PAN by default
thestinger Feb 25, 2018
8c8221b
arm64: enable RANDOMIZE_BASE by default
thestinger Feb 25, 2018
522a7a8
enable SLAB_FREELIST_RANDOM by default
thestinger May 3, 2017
e66a9db
enable SLAB_FREELIST_HARDENED by default
thestinger Aug 20, 2017
a54f690
disable SLAB_MERGE_DEFAULT by default
thestinger Jul 8, 2017
6dc663b
enable FORTIFY_SOURCE by default
thestinger May 8, 2017
1b317c4
enable PANIC_ON_OOPS by default
thestinger May 3, 2017
d6c6493
stop hiding SLUB_DEBUG behind EXPERT
thestinger May 15, 2017
3970d13
stop hiding X86_16BIT behind EXPERT
thestinger May 4, 2017
3945314
disable X86_16BIT by default
thestinger May 4, 2017
8ffec63
stop hiding MODIFY_LDT_SYSCALL behind EXPERT
thestinger May 4, 2017
9d44baa
disable MODIFY_LDT_SYSCALL by default
thestinger May 4, 2017
f108bf6
set LEGACY_VSYSCALL_NONE by default
thestinger May 29, 2017
fd40a80
stop hiding AIO behind EXPERT
Bernhard40 Oct 6, 2017
7b271c4
disable AIO by default
Bernhard40 Oct 6, 2017
08bb496
remove SYSVIPC from arm64/x86_64 defconfigs
thestinger Feb 25, 2018
c01594f
disable DEVPORT by default
thestinger May 27, 2017
1373658
disable PROC_VMCORE by default
thestinger May 27, 2017
b74b828
disable NFS_DEBUG by default
thestinger May 28, 2017
3014c2f
enable DEBUG_WX by default
thestinger May 29, 2017
d2c3ec4
disable LEGACY_PTYS by default
thestinger Jan 5, 2018
a865724
disable DEVMEM by default
thestinger Jan 5, 2018
aaa4557
enable IO_STRICT_DEVMEM by default
thestinger Jan 5, 2018
cf7b465
disable COMPAT_BRK by default
thestinger May 7, 2017
250a7a8
use maximum supported mmap rnd entropy by default
thestinger May 7, 2017
63ee9bb
enable protected_{symlinks,hardlinks} by default
thestinger May 30, 2017
e400d98
enable SECURITY by default
thestinger Feb 25, 2018
b9c3132
enable SECURITY_YAMA by default
thestinger May 29, 2017
e915334
enable SECURITY_NETWORK by default
thestinger Feb 25, 2018
128adb0
enable AUDIT by default
thestinger Feb 25, 2018
9a82a14
enable SECURITY_SELINUX by default
thestinger Feb 25, 2018
982fabd
enable SYN_COOKIES by default
thestinger Jan 6, 2018
a32a012
add __read_only for non-init related usage
thestinger May 7, 2017
3c64c49
make sysctl constants read-only
thestinger May 7, 2017
6394f49
mark kernel_set_to_readonly as __ro_after_init
thestinger May 12, 2017
9682c78
mark slub runtime configuration as __ro_after_init
thestinger May 14, 2017
659c806
add __ro_after_init to slab_nomerge and slab_state
thestinger May 3, 2017
c2668ce
mark kmem_cache as __ro_after_init
thestinger May 28, 2017
080a508
mark __supported_pte_mask as __ro_after_init
thestinger May 12, 2017
12b1e2a
mark kobj_ns_type_register as only used for init
thestinger Jul 4, 2017
9e3cfd8
mark open_softirq as only used for init
thestinger Jul 4, 2017
114a072
remove unused softirq_action callback parameter
thestinger Jul 4, 2017
983d7af
mark softirq_vec as __ro_after_init
thestinger Jul 4, 2017
dd112cf
mm: slab: trigger BUG if requested object is not a slab page
thestinger Sep 17, 2019
1d286a3
bug on kmem_cache_free with the wrong cache
thestinger May 3, 2017
da2673e
bug on !PageSlab && !PageCompound in ksize
thestinger May 3, 2017
bf7150e
mm: add support for verifying page sanitization
thestinger May 4, 2017
2c095f3
slub: Extend init_on_free to slab caches with constructors
tsautereau-anssi Sep 20, 2019
9458c89
slub: Add support for verifying slab sanitization
thestinger May 4, 2017
2ce1956
slub: add multi-purpose random canaries
thestinger May 3, 2017
468095d
security,perf: Allow further restriction of perf_event_open
bwhacks Jan 11, 2016
99a3330
enable SECURITY_PERF_EVENTS_RESTRICT by default
thestinger May 4, 2017
f5058d9
add sysctl to disallow unprivileged CLONE_NEWUSER by default
hallyn May 31, 2013
ec73ebd
add kmalloc/krealloc alloc_size attributes
thestinger May 3, 2017
533c43f
add vmalloc alloc_size attributes
thestinger May 3, 2017
fe1765f
add kvmalloc alloc_size attribute
thestinger Jul 4, 2017
eee3fa3
add percpu alloc_size attributes
thestinger May 14, 2017
694cbc9
add alloc_pages_exact alloc_size attributes
thestinger May 14, 2017
0ca98c2
Add the extra_latent_entropy kernel parameter
ephox-gcc-plugins May 30, 2016
ecbd814
ata: avoid null pointer dereference on bug
thestinger May 16, 2017
14c10d0
sanity check for negative length in nla_memcpy
thestinger May 16, 2017
5cc8adb
add page destructor sanity check
thestinger May 16, 2017
6973f4b
PaX shadow cr4 sanity check (essentially a revert)
thestinger May 16, 2017
eaa87f6
add writable function pointer detection
thestinger Jul 9, 2017
5639af8
support overriding early audit kernel cmdline
thestinger Jul 9, 2017
8cc6f2c
FORTIFY_SOURCE intra-object overflow checking
thestinger Jun 3, 2017
224b56e
Revert "mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes"
thestinger Aug 27, 2017
5bcddc9
x86_64: move vdso to mmap region from stack region
thestinger May 11, 2017
8b31fc5
x86: determine stack entropy based on mmap entropy
thestinger May 22, 2017
01ece9e
arm64: determine stack entropy based on mmap entropy
thestinger May 22, 2017
b596f54
randomize lower bits of the argument block
thestinger May 11, 2017
0f012fe
x86_64: match arm64 brk randomization entropy
thestinger May 30, 2017
4f3d196
support randomizing the lower bits of brk
thestinger May 30, 2017
0e35de5
mm: randomize lower bits of brk
thestinger Jun 1, 2017
e0da9d8
x86: randomize lower bits of brk
thestinger Jun 1, 2017
b55113f
mm: guarantee brk gap is at least one page
thestinger Jun 1, 2017
3a4c898
x86: guarantee brk gap is at least one page
thestinger Jun 1, 2017
293f984
x86_64: bound mmap between legacy/modern bases
thestinger Jul 4, 2017
030e84d
restrict device timing side channels
thestinger May 16, 2017
b36b517
add toggle for disabling newly added USB devices
thestinger May 16, 2017
cc19037
hard-wire legacy checkreqprot option to 0
thestinger Feb 25, 2018
941ac11
security: tty: Add owner user namespace to tty_struct
nmatt0 May 29, 2017
3134273
security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
nmatt0 May 29, 2017
b3029bd
enable SECURITY_TIOCSTI_RESTRICT by default
thestinger May 4, 2017
69b5671
disable unprivileged eBPF access by default
anthraxx May 7, 2018
453f635
enable BPF JIT hardening by default (if available)
anthraxx May 7, 2018
95d0499
enable protected_{fifos,regular} by default
anthraxx Nov 4, 2018
51bb625
Revert "mark kernel_set_to_readonly as __ro_after_init"
anthraxx Jan 13, 2019
1336a9e
modpost: Add CONFIG_DEBUG_WRITABLE_FUNCTION_POINTERS_VERBOSE
tsautereau-anssi May 6, 2019
d803650
mm: Fix extra_latent_entropy
tsautereau-anssi May 7, 2019
86bcf07
add CONFIG for unprivileged_userns_clone
anthraxx Jul 31, 2019
b9b5b84
enable INIT_ON_ALLOC_DEFAULT_ON by default
anthraxx Sep 19, 2019
a746e05
enable INIT_ON_FREE_DEFAULT_ON by default
anthraxx Sep 19, 2019
922fadc
add CONFIG for unprivileged_userfaultfd
anthraxx Oct 1, 2019
932258a
slub: Extend init_on_alloc to slab caches with constructors
tsautereau-anssi Nov 29, 2019
fc730cc
Tirdad patch (tcp.h)
0xsirus Feb 19, 2020
16be9f3
Tirdad patch (sequre_seq.c)
0xsirus Feb 19, 2020
6e1815c
Tirdad patch (sysctl_net_ipv4.c)
0xsirus Feb 19, 2020
692c4af
Tirdad patch (tcp_input.c)
0xsirus Feb 19, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
stop hiding AIO behind EXPERT
@Bernhard40 @anthraxx
Bernhard40 authored and anthraxx committed Feb 5, 2020
commit fd40a8086f0650ef58ee8d89e89a9666bb4bc0d1
2 changes: 1 addition & 1 deletion init/Kconfig
View file
Original file line number Diff line number Diff line change
@@ -1514,7 +1514,7 @@ config SHMEM
which may be appropriate on small systems without swap.

config AIO
bool "Enable AIO support" if EXPERT
bool "Enable AIO support"
default y
help
This option enables POSIX asynchronous I/O which may by used