[ubuntu-hardened] APPLIED/Cmnt[I]: [PATCH 0/4] Various config tweaks
Kees Cook
keescook at chromium.org
Fri Aug 20 15:17:29 UTC 2021
On Fri, Aug 20, 2021, 1:25 AM Andrea Righi <andrea.righi at canonical.com>
wrote:
> On Fri, Aug 20, 2021 at 12:09:58AM -0700, Kees Cook wrote:
> > From: Kees Cook <kees at ubuntu.com>
> >
> > Hi!
> >
> > It's been a while. :) Hopefully I've got the right format for these.
> > These are based on impish/master-next. The first three should be easy.
> > The last one probably needs to be double-checked -- there might be some
> > hidden things that trip over CONFIG_UBSAN_BOUNDS, but having it in place
> > should catch the whole class of fixed-buffer-size index overflows.
> >
> > Thanks!
> >
> > -Kees
>
> All these changes look sane to me. I had to do few minor adjustments to
> "UBUNTU: [Config] Enable CONFIG_UBSAN_BOUNDS", in particular:
>
> - CONFIG_UBSAN_SANITIZE_ALL can't be enabled on armhf, simply because
> the arch doesn't support it (so I just disabled it for armhf)
>
> - updated annotations to match 'n' vs '-' (option disabled vs option
> not available)
>
> With these minor changes: applied to impish:linux 5.13.
>
Awesome; thanks! Hopefully UBSAN_BOUNDS won't melt anything. :)
-Kees
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20210820/f93afe2b/attachment.html>
More information about the ubuntu-hardened
mailing list