lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH+2xPCmZNW0ct8XoBmAnd0QK53guv2e4HLn40NvWrEA7pj3qw@mail.gmail.com>
Date:   Fri, 12 Feb 2021 16:33:59 +0100
From:   Bruno Thomsen <bruno.thomsen@...il.com>
To:     linux-usb@...r.kernel.org,
        "moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE" 
        <linux-arm-kernel@...ts.infradead.org>,
        open list <linux-kernel@...r.kernel.org>
Cc:     Bruno Thomsen <bth@...strup.com>,
        Lars Alex Pedersen <laa@...strup.com>,
        Bruno Thomsen <bruno.thomsen@...il.com>
Subject: usb: cdc-acm: BUG kmalloc-128 Poison overwritten

Hi,

I have been experience random kernel oops in the cdc-acm driver on
imx7 (arm arch). Normally it happens during the first 1-3min runtime
after power-on. Below oops is from 5.8.17 mainline kernel with an
extra patch back-ported in an attempt to fix it:
38203b8385 ("usb: cdc-acm: fix cooldown mechanism")

Output from kconfig_hardened_check in version 2020-10-30-g2f8e7a4dc57a
has been included below oops as it might be related to the hardened kernel.

Currently I cannot update to latest mainline kernel as our board
isn't able to boot due to SPI errors on ecspi4 in versions 5.9-5.11rc6.
I am trying to bisect that issue, but I can still apply test patches if
anyone has an idea to why this is happening.

[   55.065305] 8<--- cut here ---
[   55.068392] Unable to handle kernel paging request at virtual
address 6b6b6c03
[   55.075624] pgd = be866494
[   55.078335] [6b6b6c03] *pgd=00000000
[   55.081924] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[   55.087238] Modules linked in: ppp_async crc_ccitt ppp_generic slhc
xt_TCPMSS xt_tcpmss xt_hl nf_log_ipv6 nf_log_ipv4 nf_log_common
xt_policy xt_limit xt_conntrack xt_tcpudp xt_pkttype ip6table_mangle
iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
iptable_mangle ip6table_filter ip6_tables iptable_filter ip_tables
des_generic md5 sch_fq_codel cdc_mbim cdc_wdm cdc_ncm usbnet mii
cdc_acm usb_storage ip_tunnel xfrm_user xfrm6_tunnel tunnel6
xfrm4_tunnel tunnel4 esp6 esp4 ah6 ah4 xfrm_algo xt_LOG xt_LED
xt_comment x_tables ipv6
[   55.134954] CPU: 0 PID: 82 Comm: kworker/0:2 Tainted: G
   T 5.8.17 #1
[   55.142526] Hardware name: Freescale i.MX7 Dual (Device Tree)
[   55.148304] Workqueue: events acm_softint [cdc_acm]
[   55.153196] PC is at kobject_get+0x10/0xa4
[   55.157302] LR is at usb_get_dev+0x14/0x1c
[   55.161402] pc : [<8047c06c>]    lr : [<80560448>]    psr: 20000193
[   55.167671] sp : bca39ea8  ip : 00007374  fp : bf6cbd80
[   55.172899] r10: 00000000  r9 : bdd92284  r8 : bdd92008
[   55.178128] r7 : 6b6b6b6b  r6 : fffffffe  r5 : 60000113  r4 : 6b6b6be3
[   55.184658] r3 : 6b6b6b6b  r2 : 00000111  r1 : 00000000  r0 : 6b6b6be3
[   55.191191] Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM
Segment none
[   55.198417] Control: 10c5387d  Table: bcf0c06a  DAC: 00000051
[   55.204168] Process kworker/0:2 (pid: 82, stack limit = 0x9bdd2a89)
[   55.210439] Stack: (0xbca39ea8 to 0xbca3a000)
[   55.214805] 9ea0:                   bf6cbd80 80769a50 6b6b6b6b
80560448 bdeb0500 8056bfe8
[   55.222991] 9ec0: 00000002 b76da000 00000000 bdeb0500 bdd92448
bca38000 bdeb0510 8056d69c
[   55.231177] 9ee0: bca38000 00000000 80c050fc 00000000 bca39f44
09d42015 00000000 00000001
[   55.239363] 9f00: bdd92448 bdd92438 bdd92000 7f1158c4 bdd92448
bca2ee00 bf6cbd80 bf6cef00
[   55.247549] 9f20: 00000000 00000000 00000000 801412d8 bf6cbd98
80c03d00 bca2ee00 bf6cbd80
[   55.255735] 9f40: bca2ee14 bf6cbd98 80c03d00 00000008 bca38000
80141568 00000000 80c446ae
[   55.263921] 9f60: 00000000 bc9ed880 bc9f0700 bca38000 bc117eb4
80141524 bca2ee00 bc9ed8a4
[   55.272107] 9f80: 00000000 80147cc8 00000000 bc9f0700 80147b84
00000000 00000000 00000000
[   55.280292] 9fa0: 00000000 00000000 00000000 80100148 00000000
00000000 00000000 00000000
[   55.288477] 9fc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
[   55.296662] 9fe0: 00000000 00000000 00000000 00000000 00000013
00000000 00000000 00000000
[   55.304860] [<8047c06c>] (kobject_get) from [<80560448>]
(usb_get_dev+0x14/0x1c)
[   55.312271] [<80560448>] (usb_get_dev) from [<8056bfe8>]
(usb_hcd_unlink_urb+0x50/0xd8)
[   55.320286] [<8056bfe8>] (usb_hcd_unlink_urb) from [<8056d69c>]
(usb_kill_urb.part.0+0x44/0xd0)
[   55.329004] [<8056d69c>] (usb_kill_urb.part.0) from [<7f1158c4>]
(acm_softint+0x4c/0x10c [cdc_acm])
[   55.338082] [<7f1158c4>] (acm_softint [cdc_acm]) from [<801412d8>]
(process_one_work+0x19c/0x3e8)
[   55.346969] [<801412d8>] (process_one_work) from [<80141568>]
(worker_thread+0x44/0x4dc)
[   55.355072] [<80141568>] (worker_thread) from [<80147cc8>]
(kthread+0x144/0x180)
[   55.362481] [<80147cc8>] (kthread) from [<80100148>]
(ret_from_fork+0x14/0x2c)
[   55.369706] Exception stack(0xbca39fb0 to 0xbca39ff8)
[   55.374764] 9fa0:                                     00000000
00000000 00000000 00000000
[   55.382949] 9fc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
[   55.391133] 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   55.397757] Code: e92d4010 e2504000 e24dd008 0a00000e (e5d43020)
[   55.403857] ---[ end trace 1ec2a82c3635d550 ]---
[   55.408479] note: kworker/0:2[82] exited with preempt_count 1
[   60.237377] =============================================================================
[   60.245593] BUG kmalloc-128 (Tainted: G      D         T): Poison overwritten
[   60.252737] -----------------------------------------------------------------------------
[   60.252737]
[   60.262402] INFO: 0xa0093f52-0xa0093f52 @offset=1296. First byte
0x6c instead of 0x6b
[   60.270249] INFO: Allocated in usb_alloc_urb+0x24/0x58 age=1380 cpu=0 pid=82
[   60.277326] INFO: Freed in acm_disconnect+0x124/0x194 [cdc_acm]
age=521 cpu=0 pid=1566
[   60.285250] INFO: Slab 0xccf60d34 objects=21 used=21 fp=0x00000000
flags=0x10200
[   60.292651] INFO: Object 0xf99f52f8 @offset=1280 fp=0x2bebcd84
[   60.292651]
[   60.299970] Redzone d4df7357: bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb  ................
[   60.308673] Redzone 4d860a97: bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb  ................
[   60.317376] Redzone baac8314: bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb  ................
[   60.326079] Redzone 96f8eac1: bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb  ................
[   60.334782] Redzone ec38f6ed: bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb  ................
[   60.343484] Redzone b3fb9a18: bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb  ................
[   60.352187] Redzone 74064318: bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb  ................
[   60.360890] Redzone 2dff267e: bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb  ................
[   60.369593] Object f99f52f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b  kkkkkkkkkkkkkkkk
[   60.378209] Object a0093f52: 6c 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b  lkkkkkkkkkkkkkkk
[   60.386825] Object b7794eec: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b  kkkkkkkkkkkkkkkk
[   60.395441] Object 0b027fa1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b  kkkkkkkkkkkkkkkk
[   60.404057] Object 61e1d5ae: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b  kkkkkkkkkkkkkkkk
[   60.412673] Object cabf4fee: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b  kkkkkkkkkkkkkkkk
[   60.421289] Object fd09753d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b  kkkkkkkkkkkkkkkk
[   60.429905] Object a9fe4019: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b a5  kkkkkkkkkkkkkkk.
[   60.438521] Redzone 6e67d9d1: bb bb bb bb
           ....
[   60.446182] Padding 57758010: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
[   60.454885] Padding a6aa7e4a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
[   60.463588] Padding d58391c3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
[   60.472291] Padding cf07eeb7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
[   60.480994] Padding ead255cb: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
[   60.489697] Padding c6e3c745: 5a 5a 5a 5a 5a 5a 5a 5a
           ZZZZZZZZ
[   60.497709] CPU: 0 PID: 1 Comm: systemd Tainted: G    B D         T 5.8.17 #1
[   60.504846] Hardware name: Freescale i.MX7 Dual (Device Tree)
[   60.510619] [<8010eb74>] (unwind_backtrace) from [<8010b5c8>]
(show_stack+0x10/0x14)
[   60.518379] [<8010b5c8>] (show_stack) from [<804765ec>]
(dump_stack+0x8c/0xa0)
[   60.525617] [<804765ec>] (dump_stack) from [<8026b508>]
(check_bytes_and_report+0xcc/0xe8)
[   60.533895] [<8026b508>] (check_bytes_and_report) from [<8026cde8>]
(check_object+0x248/0x2ac)
[   60.542519] [<8026cde8>] (check_object) from [<8026de04>]
(alloc_debug_processing+0xc4/0x188)
[   60.551055] [<8026de04>] (alloc_debug_processing) from [<8026e4fc>]
(___slab_alloc.constprop.0+0x634/0x6dc)
[   60.560808] [<8026e4fc>] (___slab_alloc.constprop.0) from
[<8026e5e4>] (__slab_alloc.constprop.0+0x40/0x48)
[   60.570560] [<8026e5e4>] (__slab_alloc.constprop.0) from
[<8026ed14>] (kmem_cache_alloc+0x1a8/0x290)
[   60.579704] [<8026ed14>] (kmem_cache_alloc) from [<801dc7c8>]
(push_stack+0x2c/0xf0)
[   60.587459] [<801dc7c8>] (push_stack) from [<801e3b34>]
(check_cond_jmp_op+0xf0/0x780)
[   60.595388] [<801e3b34>] (check_cond_jmp_op) from [<801e8094>]
(do_check+0xcac/0x1220)
[   60.603315] [<801e8094>] (do_check) from [<801e8848>]
(do_check_common+0x240/0x300)
[   60.610983] [<801e8848>] (do_check_common) from [<801e9c90>]
(bpf_check+0x1388/0x154c)
[   60.618913] [<801e9c90>] (bpf_check) from [<801d55c4>]
(bpf_prog_load+0x664/0x9d4)
[   60.626496] [<801d55c4>] (bpf_prog_load) from [<801d62b0>]
(__do_sys_bpf+0x3e8/0x1840)
[   60.634426] [<801d62b0>] (__do_sys_bpf) from [<80100060>]
(ret_fast_syscall+0x0/0x54)
[   60.642260] Exception stack(0xbc101fa8 to 0xbc101ff0)
[   60.647320] 1fa0:                   00000000 0000000f 00000005
7e9004e8 00000070 00000000
[   60.655507] 1fc0: 00000000 0000000f 0000003a 00000182 072ddbc0
0000003a 0000000f 07281b38
[   60.663689] 1fe0: 7e9004e0 7e9004d0 70799fdb 70611692
[   60.668750] FIX kmalloc-128: Restoring 0xa0093f52-0xa0093f52=0x6b
[   60.668750]
[   60.676323] FIX kmalloc-128: Marking all objects used


-----------------------------------8<-------------------------------------------------------

[+] Config file to check: configs/platform-v7a/tqma7/kernelconfig
[+] Detected architecture: ARM
[+] Detected kernel version: 5.8
=========================================================================================================================
option name                                  | desired val | decision
|       reason       |   check result
=========================================================================================================================
CONFIG_BUG                                   |      y      |defconfig
|  self_protection   |   OK
CONFIG_SLUB_DEBUG                            |      y      |defconfig
|  self_protection   |   OK
CONFIG_GCC_PLUGINS                           |      y      |defconfig
|  self_protection   |   OK
CONFIG_STACKPROTECTOR_STRONG                 |      y      |defconfig
|  self_protection   |   OK
CONFIG_STRICT_KERNEL_RWX                     |      y      |defconfig
|  self_protection   |   OK
CONFIG_STRICT_MODULE_RWX                     |      y      |defconfig
|  self_protection   |   OK
CONFIG_REFCOUNT_FULL                         |      y      |defconfig
|  self_protection   |   OK: version >= 5.5
CONFIG_IOMMU_SUPPORT                         |      y      |defconfig
|  self_protection   |   FAIL: "is not set"
CONFIG_CPU_SW_DOMAIN_PAN                     |      y      |defconfig
|  self_protection   |   OK
CONFIG_STACKPROTECTOR_PER_TASK               |      y      |defconfig
|  self_protection   |   OK
CONFIG_HARDEN_BRANCH_PREDICTOR               |      y      |defconfig
|  self_protection   |   OK
CONFIG_BUG_ON_DATA_CORRUPTION                |      y      |   kspp
|  self_protection   |   OK
CONFIG_DEBUG_WX                              |      y      |   kspp
|  self_protection   |   OK
CONFIG_SCHED_STACK_END_CHECK                 |      y      |   kspp
|  self_protection   |   OK
CONFIG_SLAB_FREELIST_HARDENED                |      y      |   kspp
|  self_protection   |   OK
CONFIG_SLAB_FREELIST_RANDOM                  |      y      |   kspp
|  self_protection   |   OK
CONFIG_SHUFFLE_PAGE_ALLOCATOR                |      y      |   kspp
|  self_protection   |   OK
CONFIG_FORTIFY_SOURCE                        |      y      |   kspp
|  self_protection   |   OK
CONFIG_DEBUG_LIST                            |      y      |   kspp
|  self_protection   |   OK
CONFIG_DEBUG_SG                              |      y      |   kspp
|  self_protection   |   OK
CONFIG_DEBUG_CREDENTIALS                     |      y      |   kspp
|  self_protection   |   OK
CONFIG_DEBUG_NOTIFIERS                       |      y      |   kspp
|  self_protection   |   OK
CONFIG_INIT_ON_ALLOC_DEFAULT_ON              |      y      |   kspp
|  self_protection   |   OK
CONFIG_GCC_PLUGIN_LATENT_ENTROPY             |      y      |   kspp
|  self_protection   |   OK
CONFIG_GCC_PLUGIN_RANDSTRUCT                 |      y      |   kspp
|  self_protection   |   OK
CONFIG_HARDENED_USERCOPY                     |      y      |   kspp
|  self_protection   |   OK
CONFIG_HARDENED_USERCOPY_FALLBACK            | is not set  |   kspp
|  self_protection   |   OK
CONFIG_MODULE_SIG                            |      y      |   kspp
|  self_protection   |   FAIL: "is not set"
CONFIG_MODULE_SIG_ALL                        |      y      |   kspp
|  self_protection   |   FAIL: not found
CONFIG_MODULE_SIG_SHA512                     |      y      |   kspp
|  self_protection   |   FAIL: not found
CONFIG_MODULE_SIG_FORCE                      |      y      |   kspp
|  self_protection   |   FAIL: not found
CONFIG_INIT_STACK_ALL_ZERO                   |      y      |   kspp
|  self_protection   |   FAIL: not found
CONFIG_INIT_ON_FREE_DEFAULT_ON               |      y      |   kspp
|  self_protection   |   FAIL: "is not set"
CONFIG_SYN_COOKIES                           |      y      |   kspp
|  self_protection   |   OK
CONFIG_DEFAULT_MMAP_MIN_ADDR                 |    32768    |   kspp
|  self_protection   |   OK
CONFIG_SECURITY_DMESG_RESTRICT               |      y      |  clipos
|  self_protection   |   OK
CONFIG_DEBUG_VIRTUAL                         |      y      |  clipos
|  self_protection   |   OK
CONFIG_STATIC_USERMODEHELPER                 |      y      |  clipos
|  self_protection   |   FAIL: "is not set"
CONFIG_EFI_DISABLE_PCI_DMA                   |      y      |  clipos
|  self_protection   |   FAIL: not found
CONFIG_SLAB_MERGE_DEFAULT                    | is not set  |  clipos
|  self_protection   |   OK
CONFIG_RANDOM_TRUST_BOOTLOADER               | is not set  |  clipos
|  self_protection   |   OK
CONFIG_RANDOM_TRUST_CPU                      | is not set  |  clipos
|  self_protection   |   OK: not found
CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE     | is not set  |  clipos
|  self_protection   |   OK
CONFIG_UBSAN_BOUNDS                          |      y      |    my
|  self_protection   |   FAIL: CONFIG_UBSAN_TRAP not "y"
CONFIG_SLUB_DEBUG_ON                         |      y      |    my
|  self_protection   |   OK
CONFIG_RESET_ATTACK_MITIGATION               |      y      |    my
|  self_protection   |   FAIL: not found
CONFIG_SECURITY                              |      y      |   kspp
|  security_policy   |   OK
CONFIG_SECURITY_YAMA                         |      y      |   kspp
|  security_policy   |   OK
CONFIG_SECURITY_WRITABLE_HOOKS               | is not set  |    my
|  security_policy   |   OK: not found
CONFIG_SECURITY_LOCKDOWN_LSM                 |      y      |  clipos
|  security_policy   |   FAIL: "is not set"
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY           |      y      |  clipos
|  security_policy   |   FAIL: not found
CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY|      y      |  clipos
|  security_policy   |   FAIL: not found
CONFIG_SECURITY_SAFESETID                    |      y      |    my
|  security_policy   |   FAIL: "is not set"
CONFIG_SECURITY_LOADPIN                      |      y      |    my
|  security_policy   |   FAIL: "is not set"
CONFIG_SECURITY_LOADPIN_ENFORCE              |      y      |    my
|  security_policy   |   FAIL: CONFIG_SECURITY_LOADPIN not "y"
CONFIG_SECCOMP                               |      y      |defconfig
| cut_attack_surface |   OK
CONFIG_SECCOMP_FILTER                        |      y      |defconfig
| cut_attack_surface |   OK
CONFIG_ACPI_CUSTOM_METHOD                    | is not set  |   kspp
| cut_attack_surface |   OK: not found
CONFIG_COMPAT_BRK                            | is not set  |   kspp
| cut_attack_surface |   OK
CONFIG_DEVKMEM                               | is not set  |   kspp
| cut_attack_surface |   OK
CONFIG_COMPAT_VDSO                           | is not set  |   kspp
| cut_attack_surface |   OK: not found
CONFIG_BINFMT_MISC                           | is not set  |   kspp
| cut_attack_surface |   OK
CONFIG_INET_DIAG                             | is not set  |   kspp
| cut_attack_surface |   OK
CONFIG_KEXEC                                 | is not set  |   kspp
| cut_attack_surface |   OK: not found
CONFIG_PROC_KCORE                            | is not set  |   kspp
| cut_attack_surface |   OK: not found
CONFIG_LEGACY_PTYS                           | is not set  |   kspp
| cut_attack_surface |   OK
CONFIG_HIBERNATION                           | is not set  |   kspp
| cut_attack_surface |   OK: not found
CONFIG_IA32_EMULATION                        | is not set  |   kspp
| cut_attack_surface |   OK: not found
CONFIG_X86_X32                               | is not set  |   kspp
| cut_attack_surface |   OK: not found
CONFIG_MODIFY_LDT_SYSCALL                    | is not set  |   kspp
| cut_attack_surface |   OK: not found
CONFIG_OABI_COMPAT                           | is not set  |   kspp
| cut_attack_surface |   OK
CONFIG_MODULES                               | is not set  |   kspp
| cut_attack_surface |   FAIL: "y"
CONFIG_DEVMEM                                | is not set  |   kspp
| cut_attack_surface |   OK
CONFIG_IO_STRICT_DEVMEM                      |      y      |   kspp
| cut_attack_surface |   OK: CONFIG_DEVMEM "is not set"
CONFIG_STRICT_DEVMEM                         |      y      |   kspp
| cut_attack_surface |   OK: CONFIG_DEVMEM "is not set"
CONFIG_ZSMALLOC_STAT                         | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_PAGE_OWNER                            | is not set
|grsecurity| cut_attack_surface |   OK
CONFIG_DEBUG_KMEMLEAK                        | is not set
|grsecurity| cut_attack_surface |   OK
CONFIG_BINFMT_AOUT                           | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_KPROBES                               | is not set
|grsecurity| cut_attack_surface |   OK
CONFIG_UPROBES                               | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_GENERIC_TRACER                        | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_PROC_VMCORE                           | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_PROC_PAGE_MONITOR                     | is not set
|grsecurity| cut_attack_surface |   FAIL: "y"
CONFIG_USELIB                                | is not set
|grsecurity| cut_attack_surface |   OK
CONFIG_CHECKPOINT_RESTORE                    | is not set
|grsecurity| cut_attack_surface |   FAIL: "y"
CONFIG_USERFAULTFD                           | is not set
|grsecurity| cut_attack_surface |   OK
CONFIG_HWPOISON_INJECT                       | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_MEM_SOFT_DIRTY                        | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_DEVPORT                               | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_DEBUG_FS                              | is not set
|grsecurity| cut_attack_surface |   FAIL: "y"
CONFIG_NOTIFIER_ERROR_INJECTION              | is not set
|grsecurity| cut_attack_surface |   OK
CONFIG_X86_PTDUMP                            | is not set
|grsecurity| cut_attack_surface |   OK: not found
CONFIG_DRM_LEGACY                            | is not set
|maintainer| cut_attack_surface |   OK: not found
CONFIG_FB                                    | is not set
|maintainer| cut_attack_surface |   OK
CONFIG_VT                                    | is not set
|maintainer| cut_attack_surface |   FAIL: "y"
CONFIG_AIO                                   | is not set
|grapheneos| cut_attack_surface |   FAIL: "y"
CONFIG_STAGING                               | is not set  |  clipos
| cut_attack_surface |   OK
CONFIG_KSM                                   | is not set  |  clipos
| cut_attack_surface |   OK
CONFIG_KALLSYMS                              | is not set  |  clipos
| cut_attack_surface |   FAIL: "y"
CONFIG_X86_VSYSCALL_EMULATION                | is not set  |  clipos
| cut_attack_surface |   OK: not found
CONFIG_MAGIC_SYSRQ                           | is not set  |  clipos
| cut_attack_surface |   OK
CONFIG_KEXEC_FILE                            | is not set  |  clipos
| cut_attack_surface |   OK: not found
CONFIG_USER_NS                               | is not set  |  clipos
| cut_attack_surface |   FAIL: "y"
CONFIG_X86_MSR                               | is not set  |  clipos
| cut_attack_surface |   OK: not found
CONFIG_X86_CPUID                             | is not set  |  clipos
| cut_attack_surface |   OK: not found
CONFIG_IO_URING                              | is not set  |  clipos
| cut_attack_surface |   FAIL: "y"
CONFIG_X86_IOPL_IOPERM                       | is not set  |  clipos
| cut_attack_surface |   OK: not found
CONFIG_ACPI_TABLE_UPGRADE                    | is not set  |  clipos
| cut_attack_surface |   OK: not found
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS              | is not set  |  clipos
| cut_attack_surface |   OK: not found
CONFIG_LDISC_AUTOLOAD                        | is not set  |  clipos
| cut_attack_surface |   OK
CONFIG_EFI_TEST                              | is not set  | lockdown
| cut_attack_surface |   OK: not found
CONFIG_BPF_SYSCALL                           | is not set  | lockdown
| cut_attack_surface |   FAIL: "y"
CONFIG_MMIOTRACE_TEST                        | is not set  | lockdown
| cut_attack_surface |   OK: not found
CONFIG_TRIM_UNUSED_KSYMS                     |      y      |    my
| cut_attack_surface |   FAIL: "is not set"
CONFIG_MMIOTRACE                             | is not set  |    my
| cut_attack_surface |   OK: not found
CONFIG_LIVEPATCH                             | is not set  |    my
| cut_attack_surface |   OK: not found
CONFIG_IP_DCCP                               | is not set  |    my
| cut_attack_surface |   OK
CONFIG_IP_SCTP                               | is not set  |    my
| cut_attack_surface |   OK
CONFIG_FTRACE                                | is not set  |    my
| cut_attack_surface |   OK
CONFIG_VIDEO_VIVID                           | is not set  |    my
| cut_attack_surface |   OK: not found
CONFIG_INPUT_EVBUG                           | is not set  |    my
| cut_attack_surface |   OK
CONFIG_INTEGRITY                             |      y      |    my
|userspace_hardening |   FAIL: "is not set"
CONFIG_VMSPLIT_3G                            |      y      |defconfig
|userspace_hardening |   FAIL: "is not set"
CONFIG_ARCH_MMAP_RND_BITS                    |     16      |    my
|userspace_hardening |   FAIL: "15"

[+] Config check is finished: 'OK' - 94 / 'FAIL' - 31

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ