6:36 a.m.
From: Herton R. Krzesinski <herton(a)redhat.com>
redhat: switch the vsyscall config to CONFIG_LEGACY_VSYSCALL_XONLY=y
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1876977
As discussed upstream eg. at
https://lore.kernel.org/linux-api/87h7bzjaer.fsf@oldenburg.str.redhat.com/T/
and pointed on the bug's description above, VSYSCALL_XONLY is more
secure while still maintaining useful backward compatibility.
We also plan to do this change on the RHEL side with a centos-stream-9
change, so the change here covers both Fedora and RHEL/CentOS.
v2: move the CONFIG_LEGACY_VSYSCALL* files to the x86 directory, as they
are x86 only settings, as reported/suggested by Waiman Long.
Signed-off-by: Herton R. Krzesinski <herton(a)redhat.com>
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_LEGACY_VSYSCALL_EMULATE=y
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_LEGACY_VSYSCALL_XONLY is not set
diff --git a/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_EMULATE
b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_EMULATE
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_EMULATE
@@ -0,0 +1 @@
+# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_NONE
b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_NONE
rename from redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_NONE
rename to redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_NONE
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_NONE
+++ b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_NONE
diff --git a/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_XONLY
b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_XONLY
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_XONLY
@@ -0,0 +1 @@
+CONFIG_LEGACY_VSYSCALL_XONLY=y
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1531
6:36 a.m.
New subject: [OS-BUILD PATCHv2] redhat: switch the vsyscall config to
CONFIG_LEGACY_VSYSCALL_XONLY=y
From: Herton R. Krzesinski on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1531#note_7926...
v2: move the CONFIG_LEGACY_VSYSCALL* files to the x86 directory, as they
are x86 only settings, as reported/suggested by Waiman Long.
10:52 a.m.
New subject: [OS-BUILD PATCHv2] redhat: switch the vsyscall config to
CONFIG_LEGACY_VSYSCALL_XONLY=y
From: Don Zickus on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1531#note_8060...
@llong1 @darcari @dnlsn - poke?
830
days inactive
849
days old
kernel@lists.fedoraproject.org
2 comments
2 participants
participants (2)
-
Don Zickus (via Email Bridge) -
Herton R. Krzesinski (via Email Bridge)