feat: hardend

This commit is contained in:
Euiseo Cha 2023-03-25 16:29:45 +09:00
parent adf818b9b3
commit f6e9ef2fac
No known key found for this signature in database
GPG key ID: 220CC17AA79A0AEA

View file

@ -57,7 +57,7 @@ CONFIG_POSIX_MQUEUE=y
CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_WATCH_QUEUE=y CONFIG_WATCH_QUEUE=y
CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_USELIB=y # CONFIG_USELIB is not set
CONFIG_AUDIT=y CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y CONFIG_AUDITSYSCALL=y
@ -226,7 +226,7 @@ CONFIG_IPC_NS=y
CONFIG_USER_NS=y CONFIG_USER_NS=y
CONFIG_PID_NS=y CONFIG_PID_NS=y
CONFIG_NET_NS=y CONFIG_NET_NS=y
CONFIG_CHECKPOINT_RESTORE=y # CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_SCHED_AUTOGROUP=y CONFIG_SCHED_AUTOGROUP=y
# CONFIG_SYSFS_DEPRECATED is not set # CONFIG_SYSFS_DEPRECATED is not set
CONFIG_RELAY=y CONFIG_RELAY=y
@ -279,8 +279,8 @@ CONFIG_KALLSYMS_ALL=y
CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_KALLSYMS_BASE_RELATIVE=y
CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
CONFIG_KCMP=y # CONFIG_KCMP is not set
CONFIG_RSEQ=y # CONFIG_RSEQ is not set
# CONFIG_DEBUG_RSEQ is not set # CONFIG_DEBUG_RSEQ is not set
# CONFIG_EMBEDDED is not set # CONFIG_EMBEDDED is not set
CONFIG_HAVE_PERF_EVENTS=y CONFIG_HAVE_PERF_EVENTS=y
@ -631,7 +631,7 @@ CONFIG_DPTF_PCH_FIVR=m
CONFIG_ACPI_WATCHDOG=y CONFIG_ACPI_WATCHDOG=y
CONFIG_ACPI_EXTLOG=m CONFIG_ACPI_EXTLOG=m
CONFIG_ACPI_ADXL=y CONFIG_ACPI_ADXL=y
CONFIG_ACPI_CONFIGFS=m # CONFIG_ACPI_CONFIGFS is not set
# CONFIG_ACPI_PFRUT is not set # CONFIG_ACPI_PFRUT is not set
CONFIG_ACPI_PCC=y CONFIG_ACPI_PCC=y
# CONFIG_ACPI_FFH is not set # CONFIG_ACPI_FFH is not set
@ -765,7 +765,7 @@ CONFIG_KEXEC_CORE=y
CONFIG_HAVE_IMA_KEXEC=y CONFIG_HAVE_IMA_KEXEC=y
CONFIG_HOTPLUG_SMT=y CONFIG_HOTPLUG_SMT=y
CONFIG_GENERIC_ENTRY=y CONFIG_GENERIC_ENTRY=y
CONFIG_KPROBES=y # CONFIG_KPROBES is not set
CONFIG_JUMP_LABEL=y CONFIG_JUMP_LABEL=y
# CONFIG_STATIC_KEYS_SELFTEST is not set # CONFIG_STATIC_KEYS_SELFTEST is not set
# CONFIG_STATIC_CALL_SELFTEST is not set # CONFIG_STATIC_CALL_SELFTEST is not set
@ -1109,7 +1109,7 @@ CONFIG_KSM=y
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
CONFIG_MEMORY_FAILURE=y CONFIG_MEMORY_FAILURE=y
CONFIG_HWPOISON_INJECT=m # CONFIG_HWPOISON_INJECT is not set
CONFIG_ARCH_WANT_GENERAL_HUGETLB=y CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
CONFIG_ARCH_WANTS_THP_SWAP=y CONFIG_ARCH_WANTS_THP_SWAP=y
CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_TRANSPARENT_HUGEPAGE=y
@ -1123,7 +1123,7 @@ CONFIG_USE_PERCPU_NUMA_NODE_ID=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y
CONFIG_FRONTSWAP=y CONFIG_FRONTSWAP=y
# CONFIG_CMA is not set # CONFIG_CMA is not set
CONFIG_MEM_SOFT_DIRTY=y # CONFIG_MEM_SOFT_DIRTY is not set
CONFIG_GENERIC_EARLY_IOREMAP=y CONFIG_GENERIC_EARLY_IOREMAP=y
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
CONFIG_PAGE_IDLE_FLAG=y CONFIG_PAGE_IDLE_FLAG=y
@ -1148,7 +1148,7 @@ CONFIG_ARCH_HAS_PTE_SPECIAL=y
CONFIG_MAPPING_DIRTY_HELPERS=y CONFIG_MAPPING_DIRTY_HELPERS=y
CONFIG_SECRETMEM=y CONFIG_SECRETMEM=y
# CONFIG_ANON_VMA_NAME is not set # CONFIG_ANON_VMA_NAME is not set
CONFIG_USERFAULTFD=y # CONFIG_USERFAULTFD is not set
CONFIG_HAVE_ARCH_USERFAULTFD_WP=y CONFIG_HAVE_ARCH_USERFAULTFD_WP=y
CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y
CONFIG_PTE_MARKER_UFFD_WP=y CONFIG_PTE_MARKER_UFFD_WP=y
@ -2373,7 +2373,7 @@ CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
CONFIG_EFI_RUNTIME_WRAPPERS=y CONFIG_EFI_RUNTIME_WRAPPERS=y
CONFIG_EFI_BOOTLOADER_CONTROL=m CONFIG_EFI_BOOTLOADER_CONTROL=m
CONFIG_EFI_CAPSULE_LOADER=m CONFIG_EFI_CAPSULE_LOADER=m
CONFIG_EFI_TEST=m # CONFIG_EFI_TEST is not set
CONFIG_EFI_DEV_PATH_PARSER=y CONFIG_EFI_DEV_PATH_PARSER=y
CONFIG_APPLE_PROPERTIES=y CONFIG_APPLE_PROPERTIES=y
CONFIG_RESET_ATTACK_MITIGATION=y CONFIG_RESET_ATTACK_MITIGATION=y
@ -2492,8 +2492,8 @@ CONFIG_MTD_DATAFLASH_OTP=y
CONFIG_MTD_MCHP23K256=m CONFIG_MTD_MCHP23K256=m
CONFIG_MTD_MCHP48L640=m CONFIG_MTD_MCHP48L640=m
CONFIG_MTD_SST25L=m CONFIG_MTD_SST25L=m
CONFIG_MTD_SLRAM=m # CONFIG_MTD_SLRAM is not set
CONFIG_MTD_PHRAM=m # CONFIG_MTD_PHRAM is not set
CONFIG_MTD_MTDRAM=m CONFIG_MTD_MTDRAM=m
CONFIG_MTDRAM_TOTAL_SIZE=4096 CONFIG_MTDRAM_TOTAL_SIZE=4096
CONFIG_MTDRAM_ERASE_SIZE=128 CONFIG_MTDRAM_ERASE_SIZE=128
@ -2589,7 +2589,7 @@ CONFIG_PNP=y
CONFIG_PNPACPI=y CONFIG_PNPACPI=y
CONFIG_BLK_DEV=y CONFIG_BLK_DEV=y
CONFIG_BLK_DEV_NULL_BLK=m CONFIG_BLK_DEV_NULL_BLK=m
CONFIG_BLK_DEV_FD=m # CONFIG_BLK_DEV_FD is not set
# CONFIG_BLK_DEV_FD_RAWCMD is not set # CONFIG_BLK_DEV_FD_RAWCMD is not set
CONFIG_CDROM=y CONFIG_CDROM=y
CONFIG_PARIDE=m CONFIG_PARIDE=m
@ -4656,7 +4656,7 @@ CONFIG_IPWIRELESS=m
CONFIG_MWAVE=m CONFIG_MWAVE=m
# CONFIG_DEVMEM is not set # CONFIG_DEVMEM is not set
CONFIG_NVRAM=m CONFIG_NVRAM=m
CONFIG_DEVPORT=y # CONFIG_DEVPORT is not set
CONFIG_HPET=y CONFIG_HPET=y
CONFIG_HPET_MMAP=y CONFIG_HPET_MMAP=y
CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HPET_MMAP_DEFAULT=y
@ -10584,10 +10584,10 @@ CONFIG_NTFS3_FS_POSIX_ACL=y
# #
CONFIG_PROC_FS=y CONFIG_PROC_FS=y
# CONFIG_PROC_KCORE is not set # CONFIG_PROC_KCORE is not set
CONFIG_PROC_VMCORE=y # CONFIG_PROC_VMCORE is not set
CONFIG_PROC_VMCORE_DEVICE_DUMP=y CONFIG_PROC_VMCORE_DEVICE_DUMP=y
CONFIG_PROC_SYSCTL=y CONFIG_PROC_SYSCTL=y
CONFIG_PROC_PAGE_MONITOR=y # CONFIG_PROC_PAGE_MONITOR is not set
CONFIG_PROC_CHILDREN=y CONFIG_PROC_CHILDREN=y
CONFIG_PROC_PID_ARCH_STATUS=y CONFIG_PROC_PID_ARCH_STATUS=y
CONFIG_PROC_CPU_RESCTRL=y CONFIG_PROC_CPU_RESCTRL=y
@ -10754,7 +10754,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y
CONFIG_SUNRPC_SWAP=y CONFIG_SUNRPC_SWAP=y
CONFIG_RPCSEC_GSS_KRB5=m CONFIG_RPCSEC_GSS_KRB5=m
CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES=y CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES=y
CONFIG_SUNRPC_DEBUG=y # CONFIG_SUNRPC_DEBUG is not set
CONFIG_SUNRPC_XPRT_RDMA=m CONFIG_SUNRPC_XPRT_RDMA=m
CONFIG_CEPH_FS=m CONFIG_CEPH_FS=m
CONFIG_CEPH_FSCACHE=y CONFIG_CEPH_FSCACHE=y
@ -11474,8 +11474,8 @@ CONFIG_MAGIC_SYSRQ=y
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x01b6 CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x01b6
CONFIG_MAGIC_SYSRQ_SERIAL=y CONFIG_MAGIC_SYSRQ_SERIAL=y
CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE=""
CONFIG_DEBUG_FS=y # CONFIG_DEBUG_FS is not set
CONFIG_DEBUG_FS_ALLOW_ALL=y # CONFIG_DEBUG_FS_ALLOW_ALL is not set
# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set # CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set
# CONFIG_DEBUG_FS_ALLOW_NONE is not set # CONFIG_DEBUG_FS_ALLOW_NONE is not set
CONFIG_HAVE_ARCH_KGDB=y CONFIG_HAVE_ARCH_KGDB=y
@ -11674,11 +11674,11 @@ CONFIG_RING_BUFFER=y
CONFIG_EVENT_TRACING=y CONFIG_EVENT_TRACING=y
CONFIG_CONTEXT_SWITCH_TRACER=y CONFIG_CONTEXT_SWITCH_TRACER=y
CONFIG_TRACING=y CONFIG_TRACING=y
CONFIG_GENERIC_TRACER=y # CONFIG_GENERIC_TRACER is not set
CONFIG_TRACING_SUPPORT=y CONFIG_TRACING_SUPPORT=y
CONFIG_FTRACE=y CONFIG_FTRACE=y
CONFIG_BOOTTIME_TRACING=y CONFIG_BOOTTIME_TRACING=y
CONFIG_FUNCTION_TRACER=y # CONFIG_FUNCTION_TRACER is not set
CONFIG_FUNCTION_GRAPH_TRACER=y CONFIG_FUNCTION_GRAPH_TRACER=y
CONFIG_DYNAMIC_FTRACE=y CONFIG_DYNAMIC_FTRACE=y
CONFIG_DYNAMIC_FTRACE_WITH_REGS=y CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
@ -11686,7 +11686,7 @@ CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y
# CONFIG_FPROBE is not set # CONFIG_FPROBE is not set
CONFIG_FUNCTION_PROFILER=y CONFIG_FUNCTION_PROFILER=y
CONFIG_STACK_TRACER=y # CONFIG_STACK_TRACER is not set
# CONFIG_IRQSOFF_TRACER is not set # CONFIG_IRQSOFF_TRACER is not set
# CONFIG_PREEMPT_TRACER is not set # CONFIG_PREEMPT_TRACER is not set
CONFIG_SCHED_TRACER=y CONFIG_SCHED_TRACER=y
@ -11699,10 +11699,10 @@ CONFIG_TRACER_SNAPSHOT=y
# CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set # CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set
CONFIG_BRANCH_PROFILE_NONE=y CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
CONFIG_BLK_DEV_IO_TRACE=y # CONFIG_BLK_DEV_IO_TRACE is not set
CONFIG_KPROBE_EVENTS=y # CONFIG_KPROBE_EVENTS is not set
# CONFIG_KPROBE_EVENTS_ON_NOTRACE is not set # CONFIG_KPROBE_EVENTS_ON_NOTRACE is not set
CONFIG_UPROBE_EVENTS=y # CONFIG_UPROBE_EVENTS is not set
CONFIG_BPF_EVENTS=y CONFIG_BPF_EVENTS=y
CONFIG_DYNAMIC_EVENTS=y CONFIG_DYNAMIC_EVENTS=y
CONFIG_PROBE_EVENTS=y CONFIG_PROBE_EVENTS=y
@ -11711,7 +11711,7 @@ CONFIG_FTRACE_MCOUNT_RECORD=y
CONFIG_FTRACE_MCOUNT_USE_CC=y CONFIG_FTRACE_MCOUNT_USE_CC=y
CONFIG_TRACING_MAP=y CONFIG_TRACING_MAP=y
CONFIG_SYNTH_EVENTS=y CONFIG_SYNTH_EVENTS=y
CONFIG_HIST_TRIGGERS=y # CONFIG_HIST_TRIGGERS is not set
CONFIG_TRACE_EVENT_INJECT=y CONFIG_TRACE_EVENT_INJECT=y
# CONFIG_TRACEPOINT_BENCHMARK is not set # CONFIG_TRACEPOINT_BENCHMARK is not set
# CONFIG_RING_BUFFER_BENCHMARK is not set # CONFIG_RING_BUFFER_BENCHMARK is not set
@ -11777,7 +11777,7 @@ CONFIG_IO_DELAY_0XED=y
# CONFIG_DEBUG_ENTRY is not set # CONFIG_DEBUG_ENTRY is not set
# CONFIG_DEBUG_NMI_SELFTEST is not set # CONFIG_DEBUG_NMI_SELFTEST is not set
CONFIG_X86_DEBUG_FPU=y CONFIG_X86_DEBUG_FPU=y
CONFIG_PUNIT_ATOM_DEBUG=m # CONFIG_PUNIT_ATOM_DEBUG is not set
# CONFIG_UNWINDER_ORC is not set # CONFIG_UNWINDER_ORC is not set
CONFIG_UNWINDER_FRAME_POINTER=y CONFIG_UNWINDER_FRAME_POINTER=y
# end of x86 Debugging # end of x86 Debugging
@ -11786,7 +11786,7 @@ CONFIG_UNWINDER_FRAME_POINTER=y
# Kernel Testing and Coverage # Kernel Testing and Coverage
# #
# CONFIG_KUNIT is not set # CONFIG_KUNIT is not set
CONFIG_NOTIFIER_ERROR_INJECTION=m # CONFIG_NOTIFIER_ERROR_INJECTION is not set
CONFIG_PM_NOTIFIER_ERROR_INJECT=m CONFIG_PM_NOTIFIER_ERROR_INJECT=m
# CONFIG_NETDEV_NOTIFIER_ERROR_INJECT is not set # CONFIG_NETDEV_NOTIFIER_ERROR_INJECT is not set
CONFIG_FUNCTION_ERROR_INJECTION=y CONFIG_FUNCTION_ERROR_INJECTION=y