From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [RFC PATCH] kernel: Disable CONFIG_DEBUG_FS Date: Sat, 17 Sep 2022 19:24:46 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5293415582477687048==" List-Id: --===============5293415582477687048== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable According to the kernel's documentation, > debugfs is a virtual file system that kernel developers use to put > debugging files into. Enable this option to be able to read and > write to these files. There is no legitimate reason why one has to do so on an IPFire machine. Further, the vast debugging options (i.e. related to various drivers) have never been enabled, limiting the use of this virtual file system even further. This patch therefore proposes to disable it entirely, since its potential security impact outweights its benefits. Due to operational constraints, changes to ARM kernel configurations will be made if this patch is approved for x86_64. Signed-off-by: Peter M=C3=BCller --- config/kernel/kernel.config.x86_64-ipfire | 45 +++-------------------- 1 file changed, 5 insertions(+), 40 deletions(-) diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel= .config.x86_64-ipfire index aa1e847dd..5dcdc9d7e 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -78,7 +78,6 @@ CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=3Dy CONFIG_GENERIC_IRQ_RESERVATION_MODE=3Dy CONFIG_IRQ_FORCED_THREADING=3Dy CONFIG_SPARSE_IRQ=3Dy -# CONFIG_GENERIC_IRQ_DEBUGFS is not set # end of IRQ subsystem =20 CONFIG_CLOCKSOURCE_WATCHDOG=3Dy @@ -158,7 +157,6 @@ CONFIG_RCU_NEED_SEGCBLIST=3Dy CONFIG_LOG_BUF_SHIFT=3D18 CONFIG_LOG_CPU_MAX_BUF_SHIFT=3D12 CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=3D13 -# CONFIG_PRINTK_INDEX is not set CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=3Dy =20 # @@ -330,7 +328,6 @@ CONFIG_X86_EXTENDED_PLATFORM=3Dy CONFIG_X86_INTEL_LPSS=3Dy CONFIG_X86_AMD_PLATFORM_DEVICE=3Dy CONFIG_IOSF_MBI=3Dy -# CONFIG_IOSF_MBI_DEBUG is not set CONFIG_X86_SUPPORTS_MEMORY_FAILURE=3Dy CONFIG_SCHED_OMIT_FRAME_POINTER=3Dy CONFIG_HYPERVISOR_GUEST=3Dy @@ -348,7 +345,6 @@ CONFIG_XEN_PVHVM=3Dy CONFIG_XEN_PVHVM_SMP=3Dy CONFIG_XEN_PVHVM_GUEST=3Dy CONFIG_XEN_SAVE_RESTORE=3Dy -CONFIG_XEN_DEBUG_FS=3Dy CONFIG_XEN_PVH=3Dy CONFIG_XEN_DOM0=3Dy CONFIG_KVM_GUEST=3Dy @@ -398,7 +394,6 @@ CONFIG_X86_MCELOG_LEGACY=3Dy CONFIG_X86_MCE_INTEL=3Dy CONFIG_X86_MCE_AMD=3Dy CONFIG_X86_MCE_THRESHOLD=3Dy -# CONFIG_X86_MCE_INJECT is not set =20 # # Performance monitoring @@ -421,7 +416,6 @@ CONFIG_X86_MSR=3Dy CONFIG_X86_CPUID=3Dy # CONFIG_X86_5LEVEL is not set CONFIG_X86_DIRECT_GBPAGES=3Dy -# CONFIG_X86_CPA_STATISTICS is not set # CONFIG_AMD_MEM_ENCRYPT is not set # CONFIG_NUMA is not set CONFIG_ARCH_SPARSEMEM_ENABLE=3Dy @@ -543,7 +537,6 @@ CONFIG_ACPI_CONTAINER=3Dy CONFIG_ACPI_HOTPLUG_IOAPIC=3Dy CONFIG_ACPI_SBS=3Dm CONFIG_ACPI_HED=3Dy -# CONFIG_ACPI_CUSTOM_METHOD is not set # CONFIG_ACPI_BGRT is not set # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set CONFIG_ACPI_NFIT=3Dm @@ -554,7 +547,6 @@ CONFIG_ACPI_APEI=3Dy CONFIG_ACPI_APEI_GHES=3Dy CONFIG_ACPI_APEI_PCIEAER=3Dy CONFIG_ACPI_APEI_MEMORY_FAILURE=3Dy -# CONFIG_ACPI_APEI_EINJ is not set # CONFIG_ACPI_APEI_ERST_DEBUG is not set # CONFIG_ACPI_DPTF is not set CONFIG_ACPI_WATCHDOG=3Dy @@ -772,7 +764,6 @@ CONFIG_ARCH_HAS_STRICT_MODULE_RWX=3Dy CONFIG_STRICT_MODULE_RWX=3Dy CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=3Dy CONFIG_ARCH_USE_MEMREMAP_PROT=3Dy -CONFIG_LOCK_EVENT_COUNTS=3Dy CONFIG_ARCH_HAS_MEM_ENCRYPT=3Dy CONFIG_HAVE_STATIC_CALL=3Dy CONFIG_HAVE_STATIC_CALL_INLINE=3Dy @@ -785,7 +776,6 @@ CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=3Dy # # GCOV-based kernel profiling # -# CONFIG_GCOV_KERNEL is not set CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=3Dy # end of GCOV-based kernel profiling =20 @@ -837,8 +827,6 @@ CONFIG_BLK_DEV_THROTTLING=3Dy # CONFIG_BLK_CGROUP_FC_APPID is not set # CONFIG_BLK_CGROUP_IOCOST is not set # CONFIG_BLK_CGROUP_IOPRIO is not set -CONFIG_BLK_DEBUG_FS=3Dy -CONFIG_BLK_DEBUG_FS_ZONED=3Dy # CONFIG_BLK_SED_OPAL is not set CONFIG_BLK_INLINE_ENCRYPTION=3Dy CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=3Dy @@ -971,7 +959,10 @@ CONFIG_VMAP_PFN=3Dy CONFIG_ARCH_USES_HIGH_VMA_FLAGS=3Dy CONFIG_ARCH_HAS_PKEYS=3Dy # CONFIG_PERCPU_STATS is not set -# CONFIG_GUP_TEST is not set + +# +# GUP_TEST needs to have DEBUG_FS enabled +# # CONFIG_READ_ONLY_THP_FOR_FS is not set CONFIG_ARCH_HAS_PTE_SPECIAL=3Dy CONFIG_MAPPING_DIRTY_HELPERS=3Dy @@ -1464,7 +1455,6 @@ CONFIG_ATM_CLIP=3Dm CONFIG_ATM_BR2684=3Dm # CONFIG_ATM_BR2684_IPFILTER is not set CONFIG_L2TP=3Dm -# CONFIG_L2TP_DEBUGFS is not set CONFIG_L2TP_V3=3Dy CONFIG_L2TP_IP=3Dm CONFIG_L2TP_ETH=3Dm @@ -1677,7 +1667,6 @@ CONFIG_CFG80211_EXTRA_REGDB_KEYDIR=3D"" CONFIG_CFG80211_REG_CELLULAR_HINTS=3Dy CONFIG_CFG80211_REG_RELAX_NO_IR=3Dy CONFIG_CFG80211_DEFAULT_PS=3Dy -# CONFIG_CFG80211_DEBUGFS is not set CONFIG_CFG80211_CRDA_SUPPORT=3Dy CONFIG_CFG80211_WEXT=3Dy CONFIG_CFG80211_WEXT_EXPORT=3Dy @@ -1693,7 +1682,6 @@ CONFIG_MAC80211_RC_DEFAULT_MINSTREL=3Dy CONFIG_MAC80211_RC_DEFAULT=3D"minstrel_ht" CONFIG_MAC80211_MESH=3Dy CONFIG_MAC80211_LEDS=3Dy -# CONFIG_MAC80211_DEBUGFS is not set # CONFIG_MAC80211_MESSAGE_TRACING is not set # CONFIG_MAC80211_DEBUG_MENU is not set CONFIG_MAC80211_STA_HASH_MAX_SIZE=3D0 @@ -1867,7 +1855,6 @@ CONFIG_DMA_SHARED_BUFFER=3Dy # Bus devices # CONFIG_MHI_BUS=3Dm -# CONFIG_MHI_BUS_DEBUG is not set # CONFIG_MHI_BUS_PCI_GENERIC is not set # end of Bus devices =20 @@ -2168,7 +2155,6 @@ CONFIG_LIBFCOE=3Dm CONFIG_FCOE=3Dm CONFIG_FCOE_FNIC=3Dm CONFIG_SCSI_SNIC=3Dm -CONFIG_SCSI_SNIC_DEBUG_FS=3Dy CONFIG_SCSI_DMX3191D=3Dm CONFIG_SCSI_FDOMAIN=3Dm CONFIG_SCSI_FDOMAIN_PCI=3Dm @@ -2195,7 +2181,6 @@ CONFIG_SCSI_QLA_ISCSI=3Dm CONFIG_QEDI=3Dm CONFIG_QEDF=3Dm CONFIG_SCSI_LPFC=3Dm -# CONFIG_SCSI_LPFC_DEBUG_FS is not set CONFIG_SCSI_DC395x=3Dm CONFIG_SCSI_AM53C974=3Dm CONFIG_SCSI_WD719X=3Dm @@ -2626,10 +2611,8 @@ CONFIG_NET_VENDOR_LITEX=3Dy CONFIG_NET_VENDOR_MARVELL=3Dy CONFIG_MVMDIO=3Dm CONFIG_SKGE=3Dm -# CONFIG_SKGE_DEBUG is not set CONFIG_SKGE_GENESIS=3Dy CONFIG_SKY2=3Dm -# CONFIG_SKY2_DEBUG is not set CONFIG_PRESTERA=3Dm CONFIG_PRESTERA_PCI=3Dm CONFIG_NET_VENDOR_MELLANOX=3Dy @@ -2955,7 +2938,6 @@ CONFIG_ATH9K_BTCOEX_SUPPORT=3Dy CONFIG_ATH9K=3Dm CONFIG_ATH9K_PCI=3Dy CONFIG_ATH9K_AHB=3Dy -# CONFIG_ATH9K_DEBUGFS is not set CONFIG_ATH9K_DFS_CERTIFIED=3Dy # CONFIG_ATH9K_DYNACK is not set # CONFIG_ATH9K_WOW is not set @@ -2964,7 +2946,6 @@ CONFIG_ATH9K_RFKILL=3Dy CONFIG_ATH9K_PCOEM=3Dy CONFIG_ATH9K_PCI_NO_EEPROM=3Dm CONFIG_ATH9K_HTC=3Dm -# CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_ATH9K_HWRNG=3Dy CONFIG_CARL9170=3Dm CONFIG_CARL9170_LEDS=3Dy @@ -2975,14 +2956,12 @@ CONFIG_AR5523=3Dm CONFIG_WIL6210=3Dm CONFIG_WIL6210_ISR_COR=3Dy CONFIG_WIL6210_TRACING=3Dy -# CONFIG_WIL6210_DEBUGFS is not set CONFIG_ATH10K=3Dm CONFIG_ATH10K_CE=3Dy CONFIG_ATH10K_PCI=3Dm CONFIG_ATH10K_SDIO=3Dm CONFIG_ATH10K_USB=3Dm CONFIG_ATH10K_DEBUG=3Dy -# CONFIG_ATH10K_DEBUGFS is not set # CONFIG_ATH10K_TRACING is not set CONFIG_ATH10K_DFS_CERTIFIED=3Dy CONFIG_WCN36XX=3Dm @@ -3241,7 +3220,6 @@ CONFIG_XEN_NETDEV_BACKEND=3Dm CONFIG_VMXNET3=3Dm CONFIG_FUJITSU_ES=3Dm CONFIG_HYPERV_NET=3Dm -# CONFIG_NETDEVSIM is not set CONFIG_NET_FAILOVER=3Dm # CONFIG_ISDN is not set =20 @@ -5116,7 +5094,6 @@ CONFIG_DRM_AMDGPU=3Dm CONFIG_DRM_AMD_DC=3Dy CONFIG_DRM_AMD_DC_DCN=3Dy # CONFIG_DRM_AMD_DC_HDCP is not set -# CONFIG_DRM_AMD_SECURE_DISPLAY is not set # end of Display Engine Configuration =20 # CONFIG_HSA_AMD is not set @@ -5371,7 +5348,6 @@ CONFIG_SND_DEBUG=3Dy # CONFIG_SND_DEBUG_VERBOSE is not set CONFIG_SND_PCM_XRUN_DEBUG=3Dy # CONFIG_SND_CTL_VALIDATION is not set -# CONFIG_SND_JACK_INJECTION_DEBUG is not set CONFIG_SND_VMASTER=3Dy CONFIG_SND_DMA_SGBUF=3Dy CONFIG_SND_CTL_LED=3Dm @@ -6211,7 +6187,6 @@ CONFIG_DMA_ENGINE_RAID=3Dy # DMABUF options # CONFIG_SYNC_FILE=3Dy -CONFIG_SW_SYNC=3Dy # CONFIG_UDMABUF is not set # CONFIG_DMABUF_MOVE_NOTIFY is not set # CONFIG_DMABUF_DEBUG is not set @@ -6487,7 +6462,6 @@ CONFIG_IOMMU_SUPPORT=3Dy CONFIG_IOMMU_IO_PGTABLE=3Dy # end of Generic IOMMU Pagetable Support =20 -# CONFIG_IOMMU_DEBUGFS is not set CONFIG_IOMMU_DEFAULT_DMA_STRICT=3Dy # CONFIG_IOMMU_DEFAULT_DMA_LAZY is not set # CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set @@ -6633,7 +6607,6 @@ CONFIG_GENERIC_PHY=3Dy # end of Performance monitor support =20 CONFIG_RAS=3Dy -# CONFIG_RAS_CEC is not set # CONFIG_USB4 is not set =20 # @@ -6838,7 +6811,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=3Dy CONFIG_PSTORE_COMPRESS_DEFAULT=3D"deflate" # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_PMSG is not set -# CONFIG_PSTORE_FTRACE is not set # CONFIG_PSTORE_RAM is not set # CONFIG_PSTORE_BLK is not set # CONFIG_SYSV_FS is not set @@ -7369,7 +7341,6 @@ CONFIG_NEED_DMA_MAP_STATE=3Dy CONFIG_ARCH_DMA_ADDR_T_64BIT=3Dy CONFIG_SWIOTLB=3Dy # CONFIG_DMA_API_DEBUG is not set -# CONFIG_DMA_MAP_BENCHMARK is not set CONFIG_SGL_ALLOC=3Dy CONFIG_CHECK_SIGNATURE=3Dy CONFIG_CPU_RMAP=3Dy @@ -7443,10 +7414,7 @@ CONFIG_STACK_VALIDATION=3Dy # Generic Kernel Debugging Instruments # # CONFIG_MAGIC_SYSRQ is not set -CONFIG_DEBUG_FS=3Dy -CONFIG_DEBUG_FS_ALLOW_ALL=3Dy -# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set -# CONFIG_DEBUG_FS_ALLOW_NONE is not set +# CONFIG_DEBUG_FS is not set CONFIG_HAVE_ARCH_KGDB=3Dy # CONFIG_KGDB is not set CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=3Dy @@ -7472,7 +7440,6 @@ CONFIG_ARCH_HAS_DEBUG_WX=3Dy CONFIG_DEBUG_WX=3Dy CONFIG_GENERIC_PTDUMP=3Dy CONFIG_PTDUMP_CORE=3Dy -# CONFIG_PTDUMP_DEBUGFS is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=3Dy @@ -7665,7 +7632,6 @@ CONFIG_IO_DELAY_0X80=3Dy # CONFIG_IO_DELAY_0XED is not set # CONFIG_IO_DELAY_UDELAY is not set # CONFIG_IO_DELAY_NONE is not set -# CONFIG_DEBUG_BOOT_PARAMS is not set # CONFIG_CPA_DEBUG is not set # CONFIG_DEBUG_ENTRY is not set # CONFIG_DEBUG_NMI_SELFTEST is not set @@ -7688,6 +7654,5 @@ CONFIG_CC_HAS_SANCOV_TRACE_PC=3Dy # CONFIG_RUNTIME_TESTING_MENU is not set CONFIG_ARCH_USE_MEMTEST=3Dy # CONFIG_MEMTEST is not set -# CONFIG_HYPERV_TESTING is not set # end of Kernel Testing and Coverage # end of Kernel hacking --=20 2.35.3 --===============5293415582477687048==--