grsecurity recommends to disable this on non-development systems for reducing attack surface. Since we never debug the kernel that deeply on a productive system, it makes sense to follow this recommendation.
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/kernel/kernel.config.aarch64-ipfire | 13 ++----------- config/kernel/kernel.config.armv6l-ipfire | 13 ++----------- config/kernel/kernel.config.riscv64-ipfire | 13 ++----------- config/kernel/kernel.config.x86_64-ipfire | 17 ++--------------- 4 files changed, 8 insertions(+), 48 deletions(-)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 0fcbed4a2..5bd15cc48 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -126,8 +126,6 @@ CONFIG_TREE_RCU=y # CONFIG_RCU_EXPERT is not set CONFIG_SRCU=y CONFIG_TREE_SRCU=y -CONFIG_TASKS_RCU_GENERIC=y -CONFIG_TASKS_RUDE_RCU=y CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y # end of RCU Subsystem @@ -7410,7 +7408,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=y CONFIG_PSTORE_COMPRESS_DEFAULT="deflate" # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_PMSG is not set -# CONFIG_PSTORE_FTRACE is not set # CONFIG_PSTORE_RAM is not set # CONFIG_PSTORE_BLK is not set # CONFIG_SYSV_FS is not set @@ -8166,12 +8163,8 @@ CONFIG_GENERIC_TRACER=y CONFIG_TRACING_SUPPORT=y CONFIG_FTRACE=y # CONFIG_BOOTTIME_TRACING is not set -CONFIG_FUNCTION_TRACER=y -CONFIG_FUNCTION_GRAPH_TRACER=y -CONFIG_DYNAMIC_FTRACE=y -CONFIG_DYNAMIC_FTRACE_WITH_REGS=y -CONFIG_FUNCTION_PROFILER=y -CONFIG_STACK_TRACER=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_STACK_TRACER is not set # CONFIG_IRQSOFF_TRACER is not set CONFIG_SCHED_TRACER=y # CONFIG_HWLAT_TRACER is not set @@ -8186,7 +8179,6 @@ CONFIG_BRANCH_PROFILE_NONE=y CONFIG_UPROBE_EVENTS=y CONFIG_DYNAMIC_EVENTS=y CONFIG_PROBE_EVENTS=y -CONFIG_FTRACE_MCOUNT_RECORD=y CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY=y # CONFIG_SYNTH_EVENTS is not set # CONFIG_HIST_TRIGGERS is not set @@ -8194,7 +8186,6 @@ CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY=y # CONFIG_TRACEPOINT_BENCHMARK is not set CONFIG_RING_BUFFER_BENCHMARK=m # CONFIG_TRACE_EVAL_MAP_FILE is not set -# CONFIG_FTRACE_RECORD_RECURSION is not set # CONFIG_FTRACE_STARTUP_TEST is not set # CONFIG_RING_BUFFER_STARTUP_TEST is not set # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire index 468c74112..06010f893 100644 --- a/config/kernel/kernel.config.armv6l-ipfire +++ b/config/kernel/kernel.config.armv6l-ipfire @@ -133,8 +133,6 @@ CONFIG_TREE_RCU=y # CONFIG_RCU_EXPERT is not set CONFIG_SRCU=y CONFIG_TREE_SRCU=y -CONFIG_TASKS_RCU_GENERIC=y -CONFIG_TASKS_RUDE_RCU=y CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y # end of RCU Subsystem @@ -7414,7 +7412,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=y CONFIG_PSTORE_COMPRESS_DEFAULT="deflate" # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_PMSG is not set -# CONFIG_PSTORE_FTRACE is not set # CONFIG_PSTORE_RAM is not set # CONFIG_PSTORE_BLK is not set # CONFIG_SYSV_FS is not set @@ -8132,12 +8129,8 @@ CONFIG_GENERIC_TRACER=y CONFIG_TRACING_SUPPORT=y CONFIG_FTRACE=y # CONFIG_BOOTTIME_TRACING is not set -CONFIG_FUNCTION_TRACER=y -CONFIG_FUNCTION_GRAPH_TRACER=y -CONFIG_DYNAMIC_FTRACE=y -CONFIG_DYNAMIC_FTRACE_WITH_REGS=y -CONFIG_FUNCTION_PROFILER=y -CONFIG_STACK_TRACER=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_STACK_TRACER is not set # CONFIG_IRQSOFF_TRACER is not set CONFIG_SCHED_TRACER=y # CONFIG_HWLAT_TRACER is not set @@ -8153,7 +8146,6 @@ CONFIG_BRANCH_PROFILE_NONE=y CONFIG_UPROBE_EVENTS=y CONFIG_DYNAMIC_EVENTS=y CONFIG_PROBE_EVENTS=y -CONFIG_FTRACE_MCOUNT_RECORD=y CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT=y # CONFIG_SYNTH_EVENTS is not set # CONFIG_HIST_TRIGGERS is not set @@ -8161,7 +8153,6 @@ CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT=y # CONFIG_TRACEPOINT_BENCHMARK is not set CONFIG_RING_BUFFER_BENCHMARK=m # CONFIG_TRACE_EVAL_MAP_FILE is not set -# CONFIG_FTRACE_RECORD_RECURSION is not set # CONFIG_FTRACE_STARTUP_TEST is not set # CONFIG_RING_BUFFER_STARTUP_TEST is not set # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire index de975e3f0..6b0aa466f 100644 --- a/config/kernel/kernel.config.riscv64-ipfire +++ b/config/kernel/kernel.config.riscv64-ipfire @@ -119,8 +119,6 @@ CONFIG_TREE_RCU=y # CONFIG_RCU_EXPERT is not set CONFIG_SRCU=y CONFIG_TREE_SRCU=y -CONFIG_TASKS_RCU_GENERIC=y -CONFIG_TASKS_RUDE_RCU=y CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y # end of RCU Subsystem @@ -6047,7 +6045,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=y CONFIG_PSTORE_COMPRESS_DEFAULT="deflate" # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_PMSG is not set -# CONFIG_PSTORE_FTRACE is not set # CONFIG_PSTORE_RAM is not set # CONFIG_PSTORE_BLK is not set # CONFIG_SYSV_FS is not set @@ -6754,12 +6751,8 @@ CONFIG_GENERIC_TRACER=y CONFIG_TRACING_SUPPORT=y CONFIG_FTRACE=y # CONFIG_BOOTTIME_TRACING is not set -CONFIG_FUNCTION_TRACER=y -CONFIG_FUNCTION_GRAPH_TRACER=y -CONFIG_DYNAMIC_FTRACE=y -CONFIG_DYNAMIC_FTRACE_WITH_REGS=y -CONFIG_FUNCTION_PROFILER=y -CONFIG_STACK_TRACER=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_STACK_TRACER is not set # CONFIG_IRQSOFF_TRACER is not set CONFIG_SCHED_TRACER=y # CONFIG_HWLAT_TRACER is not set @@ -6774,14 +6767,12 @@ CONFIG_BRANCH_PROFILE_NONE=y CONFIG_UPROBE_EVENTS=y CONFIG_DYNAMIC_EVENTS=y CONFIG_PROBE_EVENTS=y -CONFIG_FTRACE_MCOUNT_RECORD=y CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT=y # CONFIG_SYNTH_EVENTS is not set # CONFIG_TRACE_EVENT_INJECT is not set # CONFIG_TRACEPOINT_BENCHMARK is not set CONFIG_RING_BUFFER_BENCHMARK=m # CONFIG_TRACE_EVAL_MAP_FILE is not set -# CONFIG_FTRACE_RECORD_RECURSION is not set # CONFIG_FTRACE_STARTUP_TEST is not set # CONFIG_RING_BUFFER_STARTUP_TEST is not set # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 42275d26f..eee5e4a55 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -146,8 +146,6 @@ CONFIG_TREE_RCU=y # CONFIG_RCU_EXPERT is not set CONFIG_SRCU=y CONFIG_TREE_SRCU=y -CONFIG_TASKS_RCU_GENERIC=y -CONFIG_TASKS_RUDE_RCU=y CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y # end of RCU Subsystem @@ -476,7 +474,6 @@ CONFIG_LEGACY_VSYSCALL_NONE=y # CONFIG_CMDLINE_BOOL is not set # CONFIG_MODIFY_LDT_SYSCALL is not set CONFIG_HAVE_LIVEPATCH=y -# CONFIG_LIVEPATCH is not set # end of Processor type and features
CONFIG_ARCH_HAS_ADD_PAGES=y @@ -6823,7 +6820,6 @@ CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=y CONFIG_PSTORE_COMPRESS_DEFAULT="deflate" # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_PMSG is not set -# CONFIG_PSTORE_FTRACE is not set # CONFIG_PSTORE_RAM is not set # CONFIG_PSTORE_BLK is not set # CONFIG_SYSV_FS is not set @@ -7604,14 +7600,8 @@ CONFIG_GENERIC_TRACER=y CONFIG_TRACING_SUPPORT=y CONFIG_FTRACE=y # CONFIG_BOOTTIME_TRACING is not set -CONFIG_FUNCTION_TRACER=y -CONFIG_FUNCTION_GRAPH_TRACER=y -CONFIG_DYNAMIC_FTRACE=y -CONFIG_DYNAMIC_FTRACE_WITH_REGS=y -CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y -CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y -CONFIG_FUNCTION_PROFILER=y -CONFIG_STACK_TRACER=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_STACK_TRACER is not set # CONFIG_IRQSOFF_TRACER is not set CONFIG_SCHED_TRACER=y # CONFIG_HWLAT_TRACER is not set @@ -7627,15 +7617,12 @@ CONFIG_BRANCH_PROFILE_NONE=y CONFIG_UPROBE_EVENTS=y CONFIG_DYNAMIC_EVENTS=y CONFIG_PROBE_EVENTS=y -CONFIG_FTRACE_MCOUNT_RECORD=y -CONFIG_FTRACE_MCOUNT_USE_CC=y # CONFIG_SYNTH_EVENTS is not set # CONFIG_HIST_TRIGGERS is not set # CONFIG_TRACE_EVENT_INJECT is not set # CONFIG_TRACEPOINT_BENCHMARK is not set CONFIG_RING_BUFFER_BENCHMARK=m # CONFIG_TRACE_EVAL_MAP_FILE is not set -# CONFIG_FTRACE_RECORD_RECURSION is not set # CONFIG_FTRACE_STARTUP_TEST is not set # CONFIG_RING_BUFFER_STARTUP_TEST is not set # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set