linux: Disable DRM_LEGACY, NOUVEAU_LEGACY_CTX_SUPPORT

This currently gets enabled as generate-config.pl will enable all the
drivers below it as modules.

Is “not set” in [Arch][1], [Debian][2], [Fedora][3]. See also [summary
of setting from various distros in April 2020][4].

Recommended disabled by [CLIP OS][5] and per current [Kernel config
description][6]:

> bool "Enable legacy drivers (DANGEROUS)"
> Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous
> APIs to user-space, which can be used to circumvent access
> restrictions and other security measures. For backwards compatibility
> those drivers are still available, but their use is highly
> inadvisable and might harm your system.
>
> You are recommended to use the safe modeset-only drivers instead, and
> perform 3D emulation in user-space.
>
> Unless you have strong reasons to go rogue, say "N".

Also disable NOUVEAU_LEGACY_CTX_SUPPORT, as this does `select
DRM_LEGACY`. Per Kernel config docs:

>There was a version of the nouveau DDX that relied on legacy
> ctx ioctls not erroring out. But that was back in time a long
> ways, so offer a way to disable it now. For uapi compat with
> old nouveau ddx this should be on by default, but modern distros
> should consider turning it off.

and the [commit][7]:

> These driver functions contain several bugs and security holes. This
> change makes these functions optional can be turned on by a setting,
> they are turned off by default for modeset driver with the exception of
> the nouvea driver that may require them with an old version of libdrm.

Referenced earlier commit elaborates that

> libdrm_nouveau before 2.4.33 used contexts

Since nixpkgs here has a much newer version (2.4.33 is from March 2012),
should not be a concern.

NOUVEAU_LEGACY_CTX_SUPPORT is also “not set” in the linked Arch, Debian,
& Fedora configs.

[1]: https://github.com/archlinux/svntogit-packages/blob/66d72ee54afc604391b618fc3eecc43f29e479e8/trunk/config#L6637
[2]: https://salsa.debian.org/kernel-team/linux/-/blob/07731f5956cf29876a7abc13f4ecbdf4d9459592/debian/config/config#L713
[3]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_1528
[4]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38#issuecomment-608639217
[5]: https://docs.clip-os.org/clipos/kernel.html#configuration
[6]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/Kconfig#n421
[7]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7

0 files changed, 0 insertions, 0 deletions