From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 10/11] Kernel: Disable function and stack tracers
Date: Sat, 19 Mar 2022 21:11:06 +0000
Message-ID: <6400eeaa-f3c2-e423-e0f1-c58431f89228@ipfire.org>
In-Reply-To: <771528ff-9bb0-2073-4819-471ab16bb920@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6691056781170117658=="
List-Id: <development.lists.ipfire.org>

--===============6691056781170117658==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

grsecurity recommends to disable this on non-development systems for
reducing attack surface. Since we never debug the kernel that deeply on
a productive system, it makes sense to follow this recommendation.

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 config/kernel/kernel.config.aarch64-ipfire | 13 ++-----------
 config/kernel/kernel.config.armv6l-ipfire  | 13 ++-----------
 config/kernel/kernel.config.riscv64-ipfire | 13 ++-----------
 config/kernel/kernel.config.x86_64-ipfire  | 17 ++---------------
 4 files changed, 8 insertions(+), 48 deletions(-)

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kerne=
l.config.aarch64-ipfire
index 0fcbed4a2..5bd15cc48 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -126,8 +126,6 @@ CONFIG_TREE_RCU=3Dy
 # CONFIG_RCU_EXPERT is not set
 CONFIG_SRCU=3Dy
 CONFIG_TREE_SRCU=3Dy
-CONFIG_TASKS_RCU_GENERIC=3Dy
-CONFIG_TASKS_RUDE_RCU=3Dy
 CONFIG_RCU_STALL_COMMON=3Dy
 CONFIG_RCU_NEED_SEGCBLIST=3Dy
 # end of RCU Subsystem
@@ -7410,7 +7408,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=3Dy
 CONFIG_PSTORE_COMPRESS_DEFAULT=3D"deflate"
 # CONFIG_PSTORE_CONSOLE is not set
 # CONFIG_PSTORE_PMSG is not set
-# CONFIG_PSTORE_FTRACE is not set
 # CONFIG_PSTORE_RAM is not set
 # CONFIG_PSTORE_BLK is not set
 # CONFIG_SYSV_FS is not set
@@ -8166,12 +8163,8 @@ CONFIG_GENERIC_TRACER=3Dy
 CONFIG_TRACING_SUPPORT=3Dy
 CONFIG_FTRACE=3Dy
 # CONFIG_BOOTTIME_TRACING is not set
-CONFIG_FUNCTION_TRACER=3Dy
-CONFIG_FUNCTION_GRAPH_TRACER=3Dy
-CONFIG_DYNAMIC_FTRACE=3Dy
-CONFIG_DYNAMIC_FTRACE_WITH_REGS=3Dy
-CONFIG_FUNCTION_PROFILER=3Dy
-CONFIG_STACK_TRACER=3Dy
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_STACK_TRACER is not set
 # CONFIG_IRQSOFF_TRACER is not set
 CONFIG_SCHED_TRACER=3Dy
 # CONFIG_HWLAT_TRACER is not set
@@ -8186,7 +8179,6 @@ CONFIG_BRANCH_PROFILE_NONE=3Dy
 CONFIG_UPROBE_EVENTS=3Dy
 CONFIG_DYNAMIC_EVENTS=3Dy
 CONFIG_PROBE_EVENTS=3Dy
-CONFIG_FTRACE_MCOUNT_RECORD=3Dy
 CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY=3Dy
 # CONFIG_SYNTH_EVENTS is not set
 # CONFIG_HIST_TRIGGERS is not set
@@ -8194,7 +8186,6 @@ CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY=3Dy
 # CONFIG_TRACEPOINT_BENCHMARK is not set
 CONFIG_RING_BUFFER_BENCHMARK=3Dm
 # CONFIG_TRACE_EVAL_MAP_FILE is not set
-# CONFIG_FTRACE_RECORD_RECURSION is not set
 # CONFIG_FTRACE_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set
diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel=
.config.armv6l-ipfire
index 468c74112..06010f893 100644
--- a/config/kernel/kernel.config.armv6l-ipfire
+++ b/config/kernel/kernel.config.armv6l-ipfire
@@ -133,8 +133,6 @@ CONFIG_TREE_RCU=3Dy
 # CONFIG_RCU_EXPERT is not set
 CONFIG_SRCU=3Dy
 CONFIG_TREE_SRCU=3Dy
-CONFIG_TASKS_RCU_GENERIC=3Dy
-CONFIG_TASKS_RUDE_RCU=3Dy
 CONFIG_RCU_STALL_COMMON=3Dy
 CONFIG_RCU_NEED_SEGCBLIST=3Dy
 # end of RCU Subsystem
@@ -7414,7 +7412,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=3Dy
 CONFIG_PSTORE_COMPRESS_DEFAULT=3D"deflate"
 # CONFIG_PSTORE_CONSOLE is not set
 # CONFIG_PSTORE_PMSG is not set
-# CONFIG_PSTORE_FTRACE is not set
 # CONFIG_PSTORE_RAM is not set
 # CONFIG_PSTORE_BLK is not set
 # CONFIG_SYSV_FS is not set
@@ -8132,12 +8129,8 @@ CONFIG_GENERIC_TRACER=3Dy
 CONFIG_TRACING_SUPPORT=3Dy
 CONFIG_FTRACE=3Dy
 # CONFIG_BOOTTIME_TRACING is not set
-CONFIG_FUNCTION_TRACER=3Dy
-CONFIG_FUNCTION_GRAPH_TRACER=3Dy
-CONFIG_DYNAMIC_FTRACE=3Dy
-CONFIG_DYNAMIC_FTRACE_WITH_REGS=3Dy
-CONFIG_FUNCTION_PROFILER=3Dy
-CONFIG_STACK_TRACER=3Dy
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_STACK_TRACER is not set
 # CONFIG_IRQSOFF_TRACER is not set
 CONFIG_SCHED_TRACER=3Dy
 # CONFIG_HWLAT_TRACER is not set
@@ -8153,7 +8146,6 @@ CONFIG_BRANCH_PROFILE_NONE=3Dy
 CONFIG_UPROBE_EVENTS=3Dy
 CONFIG_DYNAMIC_EVENTS=3Dy
 CONFIG_PROBE_EVENTS=3Dy
-CONFIG_FTRACE_MCOUNT_RECORD=3Dy
 CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT=3Dy
 # CONFIG_SYNTH_EVENTS is not set
 # CONFIG_HIST_TRIGGERS is not set
@@ -8161,7 +8153,6 @@ CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT=3Dy
 # CONFIG_TRACEPOINT_BENCHMARK is not set
 CONFIG_RING_BUFFER_BENCHMARK=3Dm
 # CONFIG_TRACE_EVAL_MAP_FILE is not set
-# CONFIG_FTRACE_RECORD_RECURSION is not set
 # CONFIG_FTRACE_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set
diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kerne=
l.config.riscv64-ipfire
index de975e3f0..6b0aa466f 100644
--- a/config/kernel/kernel.config.riscv64-ipfire
+++ b/config/kernel/kernel.config.riscv64-ipfire
@@ -119,8 +119,6 @@ CONFIG_TREE_RCU=3Dy
 # CONFIG_RCU_EXPERT is not set
 CONFIG_SRCU=3Dy
 CONFIG_TREE_SRCU=3Dy
-CONFIG_TASKS_RCU_GENERIC=3Dy
-CONFIG_TASKS_RUDE_RCU=3Dy
 CONFIG_RCU_STALL_COMMON=3Dy
 CONFIG_RCU_NEED_SEGCBLIST=3Dy
 # end of RCU Subsystem
@@ -6047,7 +6045,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=3Dy
 CONFIG_PSTORE_COMPRESS_DEFAULT=3D"deflate"
 # CONFIG_PSTORE_CONSOLE is not set
 # CONFIG_PSTORE_PMSG is not set
-# CONFIG_PSTORE_FTRACE is not set
 # CONFIG_PSTORE_RAM is not set
 # CONFIG_PSTORE_BLK is not set
 # CONFIG_SYSV_FS is not set
@@ -6754,12 +6751,8 @@ CONFIG_GENERIC_TRACER=3Dy
 CONFIG_TRACING_SUPPORT=3Dy
 CONFIG_FTRACE=3Dy
 # CONFIG_BOOTTIME_TRACING is not set
-CONFIG_FUNCTION_TRACER=3Dy
-CONFIG_FUNCTION_GRAPH_TRACER=3Dy
-CONFIG_DYNAMIC_FTRACE=3Dy
-CONFIG_DYNAMIC_FTRACE_WITH_REGS=3Dy
-CONFIG_FUNCTION_PROFILER=3Dy
-CONFIG_STACK_TRACER=3Dy
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_STACK_TRACER is not set
 # CONFIG_IRQSOFF_TRACER is not set
 CONFIG_SCHED_TRACER=3Dy
 # CONFIG_HWLAT_TRACER is not set
@@ -6774,14 +6767,12 @@ CONFIG_BRANCH_PROFILE_NONE=3Dy
 CONFIG_UPROBE_EVENTS=3Dy
 CONFIG_DYNAMIC_EVENTS=3Dy
 CONFIG_PROBE_EVENTS=3Dy
-CONFIG_FTRACE_MCOUNT_RECORD=3Dy
 CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT=3Dy
 # CONFIG_SYNTH_EVENTS is not set
 # CONFIG_TRACE_EVENT_INJECT is not set
 # CONFIG_TRACEPOINT_BENCHMARK is not set
 CONFIG_RING_BUFFER_BENCHMARK=3Dm
 # CONFIG_TRACE_EVAL_MAP_FILE is not set
-# CONFIG_FTRACE_RECORD_RECURSION is not set
 # CONFIG_FTRACE_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel=
.config.x86_64-ipfire
index 42275d26f..eee5e4a55 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -146,8 +146,6 @@ CONFIG_TREE_RCU=3Dy
 # CONFIG_RCU_EXPERT is not set
 CONFIG_SRCU=3Dy
 CONFIG_TREE_SRCU=3Dy
-CONFIG_TASKS_RCU_GENERIC=3Dy
-CONFIG_TASKS_RUDE_RCU=3Dy
 CONFIG_RCU_STALL_COMMON=3Dy
 CONFIG_RCU_NEED_SEGCBLIST=3Dy
 # end of RCU Subsystem
@@ -476,7 +474,6 @@ CONFIG_LEGACY_VSYSCALL_NONE=3Dy
 # CONFIG_CMDLINE_BOOL is not set
 # CONFIG_MODIFY_LDT_SYSCALL is not set
 CONFIG_HAVE_LIVEPATCH=3Dy
-# CONFIG_LIVEPATCH is not set
 # end of Processor type and features
=20
 CONFIG_ARCH_HAS_ADD_PAGES=3Dy
@@ -6823,7 +6820,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=3Dy
 CONFIG_PSTORE_COMPRESS_DEFAULT=3D"deflate"
 # CONFIG_PSTORE_CONSOLE is not set
 # CONFIG_PSTORE_PMSG is not set
-# CONFIG_PSTORE_FTRACE is not set
 # CONFIG_PSTORE_RAM is not set
 # CONFIG_PSTORE_BLK is not set
 # CONFIG_SYSV_FS is not set
@@ -7604,14 +7600,8 @@ CONFIG_GENERIC_TRACER=3Dy
 CONFIG_TRACING_SUPPORT=3Dy
 CONFIG_FTRACE=3Dy
 # CONFIG_BOOTTIME_TRACING is not set
-CONFIG_FUNCTION_TRACER=3Dy
-CONFIG_FUNCTION_GRAPH_TRACER=3Dy
-CONFIG_DYNAMIC_FTRACE=3Dy
-CONFIG_DYNAMIC_FTRACE_WITH_REGS=3Dy
-CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=3Dy
-CONFIG_DYNAMIC_FTRACE_WITH_ARGS=3Dy
-CONFIG_FUNCTION_PROFILER=3Dy
-CONFIG_STACK_TRACER=3Dy
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_STACK_TRACER is not set
 # CONFIG_IRQSOFF_TRACER is not set
 CONFIG_SCHED_TRACER=3Dy
 # CONFIG_HWLAT_TRACER is not set
@@ -7627,15 +7617,12 @@ CONFIG_BRANCH_PROFILE_NONE=3Dy
 CONFIG_UPROBE_EVENTS=3Dy
 CONFIG_DYNAMIC_EVENTS=3Dy
 CONFIG_PROBE_EVENTS=3Dy
-CONFIG_FTRACE_MCOUNT_RECORD=3Dy
-CONFIG_FTRACE_MCOUNT_USE_CC=3Dy
 # CONFIG_SYNTH_EVENTS is not set
 # CONFIG_HIST_TRIGGERS is not set
 # CONFIG_TRACE_EVENT_INJECT is not set
 # CONFIG_TRACEPOINT_BENCHMARK is not set
 CONFIG_RING_BUFFER_BENCHMARK=3Dm
 # CONFIG_TRACE_EVAL_MAP_FILE is not set
-# CONFIG_FTRACE_RECORD_RECURSION is not set
 # CONFIG_FTRACE_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set
--=20
2.34.1

--===============6691056781170117658==--