UBUNTU: Ubuntu-5.15.0-39.42

[mirror_ubuntu-jammy-kernel.git] / security / Kconfig

diff --git a/security/Kconfig b/security/Kconfig
index 0ced7fd33e4d0d4bc5acf2570f95ff88c3562d17..34b4a9007a0948ffa9289fba8345e2f1fbcdfca5 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -19,6 +19,15 @@ config SECURITY_DMESG_RESTRICT
 
          If you are unsure how to answer this question, answer N.
 
+config SECURITY_PERF_EVENTS_RESTRICT
+       bool "Restrict unprivileged use of performance events"
+       depends on PERF_EVENTS
+       help
+         If you say Y here, the kernel.perf_event_paranoid sysctl
+         will be set to 3 by default, and no unprivileged use of the
+         perf_event_open syscall will be permitted unless it is
+         changed.
+
 config SECURITY
        bool "Enable different security models"
        depends on SYSFS
@@ -191,6 +200,9 @@ config HARDENED_USERCOPY_PAGESPAN
 config FORTIFY_SOURCE
        bool "Harden common str/mem functions against buffer overflows"
        depends on ARCH_HAS_FORTIFY_SOURCE
+       # https://bugs.llvm.org/show_bug.cgi?id=50322
+       # https://bugs.llvm.org/show_bug.cgi?id=41459
+       depends on !CC_IS_CLANG
        help
          Detect overflows of buffers in common string and memory functions
          where the compiler can determine and validate the buffer sizes.