hardening: Enable KCFI and some other options - wireguard-linux

diff options

author	Kees Cook <keescook@chromium.org>	2024-05-01 12:37:12 -0700
committer	Kees Cook <keescook@chromium.org>	2024-05-01 12:38:14 -0700
commit	a284e43852380ab71eeb996389e01992d74a8dde (patch)
tree	d6e06644741e293066c71501f65c8b96dc73a7b6 /tools/perf/scripts/python/call-graph-from-postgresql.py
parent	lkdtm: Disable CFI checking for perms functions (diff)
download	wireguard-linux-a284e43852380ab71eeb996389e01992d74a8dde.tar.xz wireguard-linux-a284e43852380ab71eeb996389e01992d74a8dde.zip

hardening: Enable KCFI and some other options

Add some stuff that got missed along the way: - CONFIG_UNWIND_PATCH_PAC_INTO_SCS=y so SCS vs PAC is hardware selectable. - CONFIG_X86_KERNEL_IBT=y while a default, just be sure. - CONFIG_CFI_CLANG=y globally. - CONFIG_PAGE_TABLE_CHECK=y for userspace mapping sanity. Reviewed-by: Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/r/20240501193709.make.982-kees@kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>

Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-postgresql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: