git.openwrt.org Git - openwrt/staging/xback.git/commit

author	Hauke Mehrtens <hauke@hauke-m.de>
	Sat, 17 Aug 2024 13:12:31 +0000 (15:12 +0200)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Tue, 20 Aug 2024 22:21:05 +0000 (00:21 +0200)
commit	a2662309aae1655966d7d8f31b71ddc6edbede87
tree	22e1598ec182016ebeb25da1102351b91ac3ae7e	tree \| snapshot
parent	fd6ce0dea95272eec20eb222b08c7e685827caee	commit \| diff

kernel: Enable CONFIG_ARM64_PAN to restrict kernel access to user space memory

Enable the CONFIG_ARM64_PAN kernel security option, which leverages the
ARMv8.1 Privileged Access Never (PAN) extension to prevent the kernel
from directly accessing user space memory.

Instead, copy_to_user and similar functions must be used for data
transfer between kernel and user space. This feature is automatically
disabled at runtime on CPUs without PAN support, making it a no-op in
those cases.

Link: https://github.com/openwrt/openwrt/pull/16189
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

target/linux/armsr/armv8/config-6.6		diff \| blob \| history
target/linux/bcm27xx/bcm2710/config-6.6		diff \| blob \| history
target/linux/bcm27xx/bcm2711/config-6.6		diff \| blob \| history
target/linux/bcm27xx/bcm2712/config-6.6		diff \| blob \| history
target/linux/generic/config-5.15		diff \| blob \| history
target/linux/generic/config-6.1		diff \| blob \| history
target/linux/generic/config-6.6		diff \| blob \| history
target/linux/layerscape/armv8_64b/config-6.1		diff \| blob \| history
target/linux/layerscape/armv8_64b/config-6.6		diff \| blob \| history
target/linux/rockchip/armv8/config-6.6		diff \| blob \| history