Emily
ed89b5b3f1
linux_*_hardened: don't set PANIC_ON_OOPS
...
Upstreamed in anthraxx/linux-hardened@366e0216f1 .
2020-04-17 16:13:39 +01:00
Emily
0d5f1697b7
linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED}
...
Upstreamed in anthraxx/linux-hardened@786126f177 ,
anthraxx/linux-hardened@44822ebeb7 .
2020-04-17 16:13:39 +01:00
Emily
4fb796e341
linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK
...
Upstreamed in anthraxx/linux-hardened@c1fe7a68e3 ,
anthraxx/linux-hardened@2c553a2bb1 .
2020-04-17 16:13:39 +01:00
Emily
3eeb5240ac
linux_*_hardened: don't set DEBUG_LIST
...
Upstreamed in anthraxx/linux-hardened@6b20124185 .
2020-04-17 16:13:39 +01:00
Emily
0611462e33
linux_*_hardened: don't set {,IO_}STRICT_DEVMEM
...
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66 .
Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
2020-04-17 16:13:39 +01:00
Emily
303bb60fb1
linux_*_hardened: don't set DEBUG_WX
...
Upstreamed in anthraxx/linux-hardened@55ee7417f3 .
2020-04-17 16:13:39 +01:00
Emily
33b94e5a44
linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION
...
Upstreamed in anthraxx/linux-hardened@3fcd15014c .
2020-04-17 16:13:39 +01:00
Emily
db6b327508
linux_*_hardened: don't set LEGACY_VSYSCALL_NONE
...
Upstreamed in anthraxx/linux-hardened@d300b0fdad .
2020-04-17 16:13:39 +01:00
Emily
130f6812be
linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}
...
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3 .
2020-04-17 16:13:39 +01:00
Emily
8c68055432
linux_*_hardened: don't set MODIFY_LDT_SYSCALL
...
Upstreamed in anthraxx/linux-hardened@05644876fa .
2020-04-17 16:13:39 +01:00
Emily
8efe83c22e
linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR
...
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd .
2020-04-17 16:13:39 +01:00
Emily
3d4c8ae901
linux_*_hardened: don't set VMAP_STACK
...
This has been on by default upstream for as long as it's been an option.
2020-04-17 16:13:39 +01:00
Emily
7d5352df31
linux_*_hardened: don't set X86_X32
...
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
2020-04-17 16:13:39 +01:00
Emily
0d4f35efd4
linux_*_hardened: use linux-hardened patch set
...
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened , and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
2020-04-17 16:13:39 +01:00
Emily
3d01e802bd
linux: explicitly enable SYSVIPC
...
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
2020-04-17 16:12:29 +01:00
Tim Steinbach
e341107367
linux: 5.4.32 -> 5.4.33
2020-04-17 08:34:01 -04:00
Tim Steinbach
d9258d33be
linux: 4.19.115 -> 4.19.116
2020-04-17 08:34:01 -04:00
Tim Steinbach
f6e64feb14
linux: 5.6.3 -> 5.6.4
2020-04-13 08:36:35 -04:00
Tim Steinbach
bba4a30f8c
linux: 5.5.16 -> 5.5.17
2020-04-13 08:36:27 -04:00
Tim Steinbach
2b6e16abe0
linux: 5.4.31 -> 5.4.32
2020-04-13 08:36:19 -04:00
Tim Steinbach
f47969645b
linux: 4.9.218 -> 4.9.219
2020-04-13 08:36:11 -04:00
Tim Steinbach
e06d2a4682
linux: 4.19.114 -> 4.19.115
2020-04-13 08:36:04 -04:00
Tim Steinbach
f717bfeedb
linux: 4.14.175 -> 4.14.176
2020-04-13 08:35:56 -04:00
Tim Steinbach
3a8f6159cb
linux: 4.4.218 -> 4.4.219
2020-04-13 08:35:32 -04:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Tim Steinbach
7bd91fe7af
linux: 5.6.2 -> 5.6.3
2020-04-08 08:51:08 -04:00
Tim Steinbach
1c637d2326
linux: 5.5.15 -> 5.5.16
2020-04-08 08:51:07 -04:00
Tim Steinbach
5653337922
linux: 5.4.30 -> 5.4.31
2020-04-08 08:51:07 -04:00
Jörg Thalheim
a737f030cf
Merge pull request #71481 from eadwu/bcachefs/update-10
...
bcachefs: update 10
2020-04-06 15:43:36 +01:00
Edmund Wu
04a5e5ab7c
linux_testing_bcachefs: 5.3.2020.03.25 -> 5.3.2020.04.04
2020-04-06 10:29:33 -04:00
Tim Steinbach
c36ec10158
linux: 4.9.217 -> 4.9.218
2020-04-02 14:03:09 -04:00
Tim Steinbach
e2df587f25
linux: 4.4.217 -> 4.4.218
2020-04-02 14:03:02 -04:00
Tim Steinbach
782db49b5a
linux: 4.14.174 -> 4.14.175
2020-04-02 14:02:48 -04:00
Tim Steinbach
4fbd9e3ab8
linux: 5.6.1 -> 5.6.2
2020-04-02 10:03:15 -04:00
Tim Steinbach
f2025f2d6d
linux: 5.5.14 -> 5.5.15
2020-04-02 10:03:07 -04:00
Tim Steinbach
bf0b6ab809
linux: 5.4.29 -> 5.4.30
2020-04-02 10:02:52 -04:00
Tim Steinbach
d47ba3e4b5
linux: 4.19.113 -> 4.19.114
2020-04-02 10:02:40 -04:00
Tim Steinbach
ef3f3f2728
linux_latest-libre: 17387 -> 17402
2020-04-01 10:46:07 -04:00
Tim Steinbach
902ebcdd44
linux: 5.5.13 -> 5.5.14
2020-04-01 10:46:06 -04:00
Tim Steinbach
7bae57f249
linux: 5.4.28 -> 5.4.29
2020-04-01 10:46:06 -04:00
Tim Steinbach
7f56fdd997
linux: Init 5.6.1
...
Change linux_latest to 5.6
2020-04-01 10:46:02 -04:00
Tim Steinbach
c76bad0ec0
linux: 5.6-rc5 -> 5.6-rc7
2020-03-29 16:50:02 -04:00
Jörg Thalheim
ac45e96d2f
Merge pull request #83220 from dasj19/linux-libre-fix
...
linux-libre: added --force flag for deblobbing.
2020-03-29 15:03:22 +01:00
Edmund Wu
00e7a675f7
linux_testing_bcachefs: 5.2.2019.10.12 -> 5.3.2020.03.25
2020-03-26 12:12:43 -04:00
Tim Steinbach
ec87ed26e6
linux: 5.5.11 -> 5.5.13
2020-03-25 13:03:19 -04:00
Tim Steinbach
bec620d85b
linux: 5.4.27 -> 5.4.28
2020-03-25 13:03:10 -04:00
Tim Steinbach
9105efdcde
linux: 4.19.112 -> 4.19.113
2020-03-25 13:02:56 -04:00
Daniel Șerbănescu
8431497dd2
linux-libre: added --force flag for deblobbing.
2020-03-23 16:07:13 +01:00
Tim Steinbach
f0d17c2a17
linux_latest-libre: 17322 -> 17387
2020-03-22 12:05:45 -04:00
Tim Steinbach
8055a37aca
linux: 5.5.9 -> 5.5.11
2020-03-22 12:05:34 -04:00
