From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [RFC PATCH] kernel: Disable CONFIG_DEBUG_FS Date: Sun, 18 Sep 2022 11:08:32 +0200 Message-ID: <554CECE8-9BD4-4305-8105-9077BB5AA493@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1617029112016325300==" List-Id: --===============1617029112016325300== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Agreed. Reviewed-by: Michael Tremer > On 17 Sep 2022, at 21:24, Peter M=C3=BCller wr= ote: >=20 > According to the kernel's documentation, >=20 >> debugfs is a virtual file system that kernel developers use to put >> debugging files into. Enable this option to be able to read and >> write to these files. >=20 > There is no legitimate reason why one has to do so on an IPFire machine. > Further, the vast debugging options (i.e. related to various drivers) > have never been enabled, limiting the use of this virtual file system > even further. >=20 > This patch therefore proposes to disable it entirely, since its > potential security impact outweights its benefits. Due to operational > constraints, changes to ARM kernel configurations will be made if this > patch is approved for x86_64. >=20 > Signed-off-by: Peter M=C3=BCller > --- > config/kernel/kernel.config.x86_64-ipfire | 45 +++-------------------- > 1 file changed, 5 insertions(+), 40 deletions(-) >=20 > diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kern= el.config.x86_64-ipfire > index aa1e847dd..5dcdc9d7e 100644 > --- a/config/kernel/kernel.config.x86_64-ipfire > +++ b/config/kernel/kernel.config.x86_64-ipfire > @@ -78,7 +78,6 @@ CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=3Dy > CONFIG_GENERIC_IRQ_RESERVATION_MODE=3Dy > CONFIG_IRQ_FORCED_THREADING=3Dy > CONFIG_SPARSE_IRQ=3Dy > -# CONFIG_GENERIC_IRQ_DEBUGFS is not set > # end of IRQ subsystem >=20 > CONFIG_CLOCKSOURCE_WATCHDOG=3Dy > @@ -158,7 +157,6 @@ CONFIG_RCU_NEED_SEGCBLIST=3Dy > CONFIG_LOG_BUF_SHIFT=3D18 > CONFIG_LOG_CPU_MAX_BUF_SHIFT=3D12 > CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=3D13 > -# CONFIG_PRINTK_INDEX is not set > CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=3Dy >=20 > # > @@ -330,7 +328,6 @@ CONFIG_X86_EXTENDED_PLATFORM=3Dy > CONFIG_X86_INTEL_LPSS=3Dy > CONFIG_X86_AMD_PLATFORM_DEVICE=3Dy > CONFIG_IOSF_MBI=3Dy > -# CONFIG_IOSF_MBI_DEBUG is not set > CONFIG_X86_SUPPORTS_MEMORY_FAILURE=3Dy > CONFIG_SCHED_OMIT_FRAME_POINTER=3Dy > CONFIG_HYPERVISOR_GUEST=3Dy > @@ -348,7 +345,6 @@ CONFIG_XEN_PVHVM=3Dy > CONFIG_XEN_PVHVM_SMP=3Dy > CONFIG_XEN_PVHVM_GUEST=3Dy > CONFIG_XEN_SAVE_RESTORE=3Dy > -CONFIG_XEN_DEBUG_FS=3Dy > CONFIG_XEN_PVH=3Dy > CONFIG_XEN_DOM0=3Dy > CONFIG_KVM_GUEST=3Dy > @@ -398,7 +394,6 @@ CONFIG_X86_MCELOG_LEGACY=3Dy > CONFIG_X86_MCE_INTEL=3Dy > CONFIG_X86_MCE_AMD=3Dy > CONFIG_X86_MCE_THRESHOLD=3Dy > -# CONFIG_X86_MCE_INJECT is not set >=20 > # > # Performance monitoring > @@ -421,7 +416,6 @@ CONFIG_X86_MSR=3Dy > CONFIG_X86_CPUID=3Dy > # CONFIG_X86_5LEVEL is not set > CONFIG_X86_DIRECT_GBPAGES=3Dy > -# CONFIG_X86_CPA_STATISTICS is not set > # CONFIG_AMD_MEM_ENCRYPT is not set > # CONFIG_NUMA is not set > CONFIG_ARCH_SPARSEMEM_ENABLE=3Dy > @@ -543,7 +537,6 @@ CONFIG_ACPI_CONTAINER=3Dy > CONFIG_ACPI_HOTPLUG_IOAPIC=3Dy > CONFIG_ACPI_SBS=3Dm > CONFIG_ACPI_HED=3Dy > -# CONFIG_ACPI_CUSTOM_METHOD is not set > # CONFIG_ACPI_BGRT is not set > # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set > CONFIG_ACPI_NFIT=3Dm > @@ -554,7 +547,6 @@ CONFIG_ACPI_APEI=3Dy > CONFIG_ACPI_APEI_GHES=3Dy > CONFIG_ACPI_APEI_PCIEAER=3Dy > CONFIG_ACPI_APEI_MEMORY_FAILURE=3Dy > -# CONFIG_ACPI_APEI_EINJ is not set > # CONFIG_ACPI_APEI_ERST_DEBUG is not set > # CONFIG_ACPI_DPTF is not set > CONFIG_ACPI_WATCHDOG=3Dy > @@ -772,7 +764,6 @@ CONFIG_ARCH_HAS_STRICT_MODULE_RWX=3Dy > CONFIG_STRICT_MODULE_RWX=3Dy > CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=3Dy > CONFIG_ARCH_USE_MEMREMAP_PROT=3Dy > -CONFIG_LOCK_EVENT_COUNTS=3Dy > CONFIG_ARCH_HAS_MEM_ENCRYPT=3Dy > CONFIG_HAVE_STATIC_CALL=3Dy > CONFIG_HAVE_STATIC_CALL_INLINE=3Dy > @@ -785,7 +776,6 @@ CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=3Dy > # > # GCOV-based kernel profiling > # > -# CONFIG_GCOV_KERNEL is not set > CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=3Dy > # end of GCOV-based kernel profiling >=20 > @@ -837,8 +827,6 @@ CONFIG_BLK_DEV_THROTTLING=3Dy > # CONFIG_BLK_CGROUP_FC_APPID is not set > # CONFIG_BLK_CGROUP_IOCOST is not set > # CONFIG_BLK_CGROUP_IOPRIO is not set > -CONFIG_BLK_DEBUG_FS=3Dy > -CONFIG_BLK_DEBUG_FS_ZONED=3Dy > # CONFIG_BLK_SED_OPAL is not set > CONFIG_BLK_INLINE_ENCRYPTION=3Dy > CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=3Dy > @@ -971,7 +959,10 @@ CONFIG_VMAP_PFN=3Dy > CONFIG_ARCH_USES_HIGH_VMA_FLAGS=3Dy > CONFIG_ARCH_HAS_PKEYS=3Dy > # CONFIG_PERCPU_STATS is not set > -# CONFIG_GUP_TEST is not set > + > +# > +# GUP_TEST needs to have DEBUG_FS enabled > +# > # CONFIG_READ_ONLY_THP_FOR_FS is not set > CONFIG_ARCH_HAS_PTE_SPECIAL=3Dy > CONFIG_MAPPING_DIRTY_HELPERS=3Dy > @@ -1464,7 +1455,6 @@ CONFIG_ATM_CLIP=3Dm > CONFIG_ATM_BR2684=3Dm > # CONFIG_ATM_BR2684_IPFILTER is not set > CONFIG_L2TP=3Dm > -# CONFIG_L2TP_DEBUGFS is not set > CONFIG_L2TP_V3=3Dy > CONFIG_L2TP_IP=3Dm > CONFIG_L2TP_ETH=3Dm > @@ -1677,7 +1667,6 @@ CONFIG_CFG80211_EXTRA_REGDB_KEYDIR=3D"" > CONFIG_CFG80211_REG_CELLULAR_HINTS=3Dy > CONFIG_CFG80211_REG_RELAX_NO_IR=3Dy > CONFIG_CFG80211_DEFAULT_PS=3Dy > -# CONFIG_CFG80211_DEBUGFS is not set > CONFIG_CFG80211_CRDA_SUPPORT=3Dy > CONFIG_CFG80211_WEXT=3Dy > CONFIG_CFG80211_WEXT_EXPORT=3Dy > @@ -1693,7 +1682,6 @@ CONFIG_MAC80211_RC_DEFAULT_MINSTREL=3Dy > CONFIG_MAC80211_RC_DEFAULT=3D"minstrel_ht" > CONFIG_MAC80211_MESH=3Dy > CONFIG_MAC80211_LEDS=3Dy > -# CONFIG_MAC80211_DEBUGFS is not set > # CONFIG_MAC80211_MESSAGE_TRACING is not set > # CONFIG_MAC80211_DEBUG_MENU is not set > CONFIG_MAC80211_STA_HASH_MAX_SIZE=3D0 > @@ -1867,7 +1855,6 @@ CONFIG_DMA_SHARED_BUFFER=3Dy > # Bus devices > # > CONFIG_MHI_BUS=3Dm > -# CONFIG_MHI_BUS_DEBUG is not set > # CONFIG_MHI_BUS_PCI_GENERIC is not set > # end of Bus devices >=20 > @@ -2168,7 +2155,6 @@ CONFIG_LIBFCOE=3Dm > CONFIG_FCOE=3Dm > CONFIG_FCOE_FNIC=3Dm > CONFIG_SCSI_SNIC=3Dm > -CONFIG_SCSI_SNIC_DEBUG_FS=3Dy > CONFIG_SCSI_DMX3191D=3Dm > CONFIG_SCSI_FDOMAIN=3Dm > CONFIG_SCSI_FDOMAIN_PCI=3Dm > @@ -2195,7 +2181,6 @@ CONFIG_SCSI_QLA_ISCSI=3Dm > CONFIG_QEDI=3Dm > CONFIG_QEDF=3Dm > CONFIG_SCSI_LPFC=3Dm > -# CONFIG_SCSI_LPFC_DEBUG_FS is not set > CONFIG_SCSI_DC395x=3Dm > CONFIG_SCSI_AM53C974=3Dm > CONFIG_SCSI_WD719X=3Dm > @@ -2626,10 +2611,8 @@ CONFIG_NET_VENDOR_LITEX=3Dy > CONFIG_NET_VENDOR_MARVELL=3Dy > CONFIG_MVMDIO=3Dm > CONFIG_SKGE=3Dm > -# CONFIG_SKGE_DEBUG is not set > CONFIG_SKGE_GENESIS=3Dy > CONFIG_SKY2=3Dm > -# CONFIG_SKY2_DEBUG is not set > CONFIG_PRESTERA=3Dm > CONFIG_PRESTERA_PCI=3Dm > CONFIG_NET_VENDOR_MELLANOX=3Dy > @@ -2955,7 +2938,6 @@ CONFIG_ATH9K_BTCOEX_SUPPORT=3Dy > CONFIG_ATH9K=3Dm > CONFIG_ATH9K_PCI=3Dy > CONFIG_ATH9K_AHB=3Dy > -# CONFIG_ATH9K_DEBUGFS is not set > CONFIG_ATH9K_DFS_CERTIFIED=3Dy > # CONFIG_ATH9K_DYNACK is not set > # CONFIG_ATH9K_WOW is not set > @@ -2964,7 +2946,6 @@ CONFIG_ATH9K_RFKILL=3Dy > CONFIG_ATH9K_PCOEM=3Dy > CONFIG_ATH9K_PCI_NO_EEPROM=3Dm > CONFIG_ATH9K_HTC=3Dm > -# CONFIG_ATH9K_HTC_DEBUGFS is not set > CONFIG_ATH9K_HWRNG=3Dy > CONFIG_CARL9170=3Dm > CONFIG_CARL9170_LEDS=3Dy > @@ -2975,14 +2956,12 @@ CONFIG_AR5523=3Dm > CONFIG_WIL6210=3Dm > CONFIG_WIL6210_ISR_COR=3Dy > CONFIG_WIL6210_TRACING=3Dy > -# CONFIG_WIL6210_DEBUGFS is not set > CONFIG_ATH10K=3Dm > CONFIG_ATH10K_CE=3Dy > CONFIG_ATH10K_PCI=3Dm > CONFIG_ATH10K_SDIO=3Dm > CONFIG_ATH10K_USB=3Dm > CONFIG_ATH10K_DEBUG=3Dy > -# CONFIG_ATH10K_DEBUGFS is not set > # CONFIG_ATH10K_TRACING is not set > CONFIG_ATH10K_DFS_CERTIFIED=3Dy > CONFIG_WCN36XX=3Dm > @@ -3241,7 +3220,6 @@ CONFIG_XEN_NETDEV_BACKEND=3Dm > CONFIG_VMXNET3=3Dm > CONFIG_FUJITSU_ES=3Dm > CONFIG_HYPERV_NET=3Dm > -# CONFIG_NETDEVSIM is not set > CONFIG_NET_FAILOVER=3Dm > # CONFIG_ISDN is not set >=20 > @@ -5116,7 +5094,6 @@ CONFIG_DRM_AMDGPU=3Dm > CONFIG_DRM_AMD_DC=3Dy > CONFIG_DRM_AMD_DC_DCN=3Dy > # CONFIG_DRM_AMD_DC_HDCP is not set > -# CONFIG_DRM_AMD_SECURE_DISPLAY is not set > # end of Display Engine Configuration >=20 > # CONFIG_HSA_AMD is not set > @@ -5371,7 +5348,6 @@ CONFIG_SND_DEBUG=3Dy > # CONFIG_SND_DEBUG_VERBOSE is not set > CONFIG_SND_PCM_XRUN_DEBUG=3Dy > # CONFIG_SND_CTL_VALIDATION is not set > -# CONFIG_SND_JACK_INJECTION_DEBUG is not set > CONFIG_SND_VMASTER=3Dy > CONFIG_SND_DMA_SGBUF=3Dy > CONFIG_SND_CTL_LED=3Dm > @@ -6211,7 +6187,6 @@ CONFIG_DMA_ENGINE_RAID=3Dy > # DMABUF options > # > CONFIG_SYNC_FILE=3Dy > -CONFIG_SW_SYNC=3Dy > # CONFIG_UDMABUF is not set > # CONFIG_DMABUF_MOVE_NOTIFY is not set > # CONFIG_DMABUF_DEBUG is not set > @@ -6487,7 +6462,6 @@ CONFIG_IOMMU_SUPPORT=3Dy > CONFIG_IOMMU_IO_PGTABLE=3Dy > # end of Generic IOMMU Pagetable Support >=20 > -# CONFIG_IOMMU_DEBUGFS is not set > CONFIG_IOMMU_DEFAULT_DMA_STRICT=3Dy > # CONFIG_IOMMU_DEFAULT_DMA_LAZY is not set > # CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set > @@ -6633,7 +6607,6 @@ CONFIG_GENERIC_PHY=3Dy > # end of Performance monitor support >=20 > CONFIG_RAS=3Dy > -# CONFIG_RAS_CEC is not set > # CONFIG_USB4 is not set >=20 > # > @@ -6838,7 +6811,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=3Dy > CONFIG_PSTORE_COMPRESS_DEFAULT=3D"deflate" > # CONFIG_PSTORE_CONSOLE is not set > # CONFIG_PSTORE_PMSG is not set > -# CONFIG_PSTORE_FTRACE is not set > # CONFIG_PSTORE_RAM is not set > # CONFIG_PSTORE_BLK is not set > # CONFIG_SYSV_FS is not set > @@ -7369,7 +7341,6 @@ CONFIG_NEED_DMA_MAP_STATE=3Dy > CONFIG_ARCH_DMA_ADDR_T_64BIT=3Dy > CONFIG_SWIOTLB=3Dy > # CONFIG_DMA_API_DEBUG is not set > -# CONFIG_DMA_MAP_BENCHMARK is not set > CONFIG_SGL_ALLOC=3Dy > CONFIG_CHECK_SIGNATURE=3Dy > CONFIG_CPU_RMAP=3Dy > @@ -7443,10 +7414,7 @@ CONFIG_STACK_VALIDATION=3Dy > # Generic Kernel Debugging Instruments > # > # CONFIG_MAGIC_SYSRQ is not set > -CONFIG_DEBUG_FS=3Dy > -CONFIG_DEBUG_FS_ALLOW_ALL=3Dy > -# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set > -# CONFIG_DEBUG_FS_ALLOW_NONE is not set > +# CONFIG_DEBUG_FS is not set > CONFIG_HAVE_ARCH_KGDB=3Dy > # CONFIG_KGDB is not set > CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=3Dy > @@ -7472,7 +7440,6 @@ CONFIG_ARCH_HAS_DEBUG_WX=3Dy > CONFIG_DEBUG_WX=3Dy > CONFIG_GENERIC_PTDUMP=3Dy > CONFIG_PTDUMP_CORE=3Dy > -# CONFIG_PTDUMP_DEBUGFS is not set > # CONFIG_DEBUG_OBJECTS is not set > # CONFIG_SLUB_STATS is not set > CONFIG_HAVE_DEBUG_KMEMLEAK=3Dy > @@ -7665,7 +7632,6 @@ CONFIG_IO_DELAY_0X80=3Dy > # CONFIG_IO_DELAY_0XED is not set > # CONFIG_IO_DELAY_UDELAY is not set > # CONFIG_IO_DELAY_NONE is not set > -# CONFIG_DEBUG_BOOT_PARAMS is not set > # CONFIG_CPA_DEBUG is not set > # CONFIG_DEBUG_ENTRY is not set > # CONFIG_DEBUG_NMI_SELFTEST is not set > @@ -7688,6 +7654,5 @@ CONFIG_CC_HAS_SANCOV_TRACE_PC=3Dy > # CONFIG_RUNTIME_TESTING_MENU is not set > CONFIG_ARCH_USE_MEMTEST=3Dy > # CONFIG_MEMTEST is not set > -# CONFIG_HYPERV_TESTING is not set > # end of Kernel Testing and Coverage > # end of Kernel hacking > --=20 > 2.35.3 --===============1617029112016325300==--