From: Hauke Mehrtens Date: Sat, 22 Apr 2023 17:52:22 +0000 (+0200) Subject: kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=ca5555d27e6c62229a3f17d7ac2158d3c24b6af9;p=openwrt%2Fstaging%2Fblocktrron.git kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN This activates the CONFIG_ARM64_SW_TTBR0_PAN option for all arm64 kernels by default. The CONFIG_ARM64_SW_TTBR0_PAN option prevents the kernel form accessing user space memory directly. This makes it harder to exploit the kernel. This is activated by default and was already activate on all other arm64 targets before. Signed-off-by: Hauke Mehrtens --- diff --git a/target/linux/mediatek/filogic/config-5.15 b/target/linux/mediatek/filogic/config-5.15 index 5f924065a4..883e194be4 100644 --- a/target/linux/mediatek/filogic/config-5.15 +++ b/target/linux/mediatek/filogic/config-5.15 @@ -24,7 +24,6 @@ CONFIG_ARM64_MODULE_PLTS=y CONFIG_ARM64_PAGE_SHIFT=12 CONFIG_ARM64_PA_BITS=48 CONFIG_ARM64_PA_BITS_48=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/mediatek/mt7622/config-5.15 b/target/linux/mediatek/mt7622/config-5.15 index 14a0bec31a..5224e1c808 100644 --- a/target/linux/mediatek/mt7622/config-5.15 +++ b/target/linux/mediatek/mt7622/config-5.15 @@ -26,7 +26,6 @@ CONFIG_ARM64_MODULE_PLTS=y CONFIG_ARM64_PAGE_SHIFT=12 CONFIG_ARM64_PA_BITS=48 CONFIG_ARM64_PA_BITS_48=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/rockchip/armv8/config-5.10 b/target/linux/rockchip/armv8/config-5.10 index 220b0ec198..794283fcd9 100644 --- a/target/linux/rockchip/armv8/config-5.10 +++ b/target/linux/rockchip/armv8/config-5.10 @@ -36,7 +36,6 @@ CONFIG_ARM64_PA_BITS_48=y CONFIG_ARM64_PTR_AUTH=y CONFIG_ARM64_RAS_EXTN=y CONFIG_ARM64_SVE=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_UAO=y CONFIG_ARM64_VA_BITS=48 diff --git a/target/linux/rockchip/armv8/config-5.15 b/target/linux/rockchip/armv8/config-5.15 index d6377f905f..dc1fbb3d54 100644 --- a/target/linux/rockchip/armv8/config-5.15 +++ b/target/linux/rockchip/armv8/config-5.15 @@ -40,7 +40,6 @@ CONFIG_ARM64_PTR_AUTH=y CONFIG_ARM64_PTR_AUTH_KERNEL=y CONFIG_ARM64_RAS_EXTN=y CONFIG_ARM64_SVE=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_VA_BITS=48 # CONFIG_ARM64_VA_BITS_39 is not set