From: Herton R. Krzesinski <herton(a)redhat.com>
redhat: switch the vsyscall config to CONFIG_LEGACY_VSYSCALL_XONLY=y
Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1876977
As discussed upstream eg. at
https://lore.kernel.org/linux-api/87h7bzjaer.fsf@oldenburg.str.redhat.com/T/
and pointed on the bug's description above, VSYSCALL_XONLY is more
secure while still maintaining useful backward compatibility.
We also plan to do this change on the RHEL side with a centos-stream-9
change, so the change here covers both Fedora and RHEL/CentOS.
v2: move the CONFIG_LEGACY_VSYSCALL* files to the x86 directory, as they
are x86 only settings, as reported/suggested by Waiman Long.
Signed-off-by: Herton R. Krzesinski <herton(a)redhat.com>
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_LEGACY_VSYSCALL_EMULATE=y
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_LEGACY_VSYSCALL_XONLY is not set
diff --git a/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_EMULATE
b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_EMULATE
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_EMULATE
@@ -0,0 +1 @@
+# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_NONE
b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_NONE
rename from redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_NONE
rename to redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_NONE
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_NONE
+++ b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_NONE
diff --git a/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_XONLY
b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_XONLY
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/configs/common/generic/x86/CONFIG_LEGACY_VSYSCALL_XONLY
@@ -0,0 +1 @@
+CONFIG_LEGACY_VSYSCALL_XONLY=y
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1531