From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Possible collateral damage while enabling KFENCE In IPFire 3.x Date: Mon, 26 Dec 2022 12:22:05 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0933775716218265636==" List-Id: --===============0933775716218265636== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael, above all, I hope you are doing well, and have/had some restful days. Working through your changes related to the kernel configuration in IPFire 3.= x, I took the liberty of backporting some of them (whenever it made sense to do = so) - a patchset will be provided in due course, ideally by tomorrow at the lates= t. However, looking at c36f92723a727a1f6366b5d27f5cd2eac106a3cc, the following delta strikes me as implausible to be beneficial for security: > -CONFIG_PAGE_POISONING=3Dy > +# CONFIG_PAGE_POISONING is not set Here, you are _disabling_ page poisoning for all architectures in IPFire 3.x, which I doubt is what you intended. For your reference, the current situation in IPFire 2.x is mixed (as usual - sigh): > $ grep CONFIG_PAGE_POISONING config/kernel/* > config/kernel/kernel.config.aarch64-ipfire:# CONFIG_PAGE_POISONING is not s= et > config/kernel/kernel.config.armv6l-ipfire:# CONFIG_PAGE_POISONING is not set > config/kernel/kernel.config.riscv64-ipfire:CONFIG_PAGE_POISONING=3Dy > config/kernel/kernel.config.x86_64-ipfire:CONFIG_PAGE_POISONING=3Dy Thanks, and best regards, Peter M=C3=BCller --===============0933775716218265636==--