Only enable CONFIG_DEBUG_NOTIFIERS on kernels <=4.9

OnePlus 9 failed boot kernel log points to this. GrapheneOS noted this as an inherent issue on the Pixel 4 and 5 too. Signed-off-by: Tad <tad@spotco.us>
2024-06-28 23:52:19 +00:00 · 2022-08-25 15:03:59 -04:00 · 2022-08-25 15:03:59 -04:00 · c97f8a1b6a
commit c97f8a1b6a
parent 4bfedbc42d
1 changed files with 6 additions and 2 deletions
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@ -772,9 +772,13 @@ hardenDefconfig() {

 	#Enable supported options
 	#Linux <3.0
-	declare -a optionsYes=("BUG" "DEBUG_CREDENTIALS" "DEBUG_KERNEL" "DEBUG_LIST" "DEBUG_NOTIFIERS" "DEBUG_RODATA" "DEBUG_SET_MODULE_RONX" "DEBUG_VIRTUAL" "IPV6_PRIVACY" "SECCOMP" "SECURITY" "SECURITY_DMESG_RESTRICT" "STRICT_DEVMEM" "SYN_COOKIES");
+	declare -a optionsYes=("BUG" "DEBUG_CREDENTIALS" "DEBUG_KERNEL" "DEBUG_LIST" "DEBUG_RODATA" "DEBUG_SET_MODULE_RONX" "DEBUG_VIRTUAL" "IPV6_PRIVACY" "SECCOMP" "SECURITY" "SECURITY_DMESG_RESTRICT" "STRICT_DEVMEM" "SYN_COOKIES");
 	#optionsYes+=("DEBUG_SG"); #bootloops - https://patchwork.kernel.org/patch/8989981

+	if [[ $kernelVersion == "3."* ]] || [[ $kernelVersion == "4.4"* ]] || [[ $kernelVersion == "4.9"* ]]; then
+		optionsYes+=("DEBUG_NOTIFIERS"); #(https://github.com/GrapheneOS/os-issue-tracker/issues/681)
+	fi;
+
 	#Linux 3.4
 	optionsYes+=("SECURITY_YAMA");

@ -880,7 +884,7 @@ hardenDefconfig() {

 	#GrapheneOS Patches
 	optionsYes+=("PAGE_SANITIZE" "PAGE_SANITIZE_VERIFY" "SLAB_HARDENED" "SLAB_SANITIZE" "SLAB_SANITIZE_VERIFY");
-	#Disabled: SLAB_CANARY (breakage?)
+	#Disabled: SLAB_CANARY (https://github.com/GrapheneOS/os-issue-tracker/issues/124)

 	#out of tree or renamed or removed ?
 	optionsYes+=("KAISER" "KGSL_PER_PROCESS_PAGE_TABLE" "MMC_SECDISCARD" "SECURITY_PERF_EVENTS_RESTRICT" "SLUB_HARDENED" "STRICT_MEMORY_RWX");