From ca5555d27e6c62229a3f17d7ac2158d3c24b6af9 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 22 Apr 2023 19:52:22 +0200 Subject: [PATCH] kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN This activates the CONFIG_ARM64_SW_TTBR0_PAN option for all arm64 kernels by default. The CONFIG_ARM64_SW_TTBR0_PAN option prevents the kernel form accessing user space memory directly. This makes it harder to exploit the kernel. This is activated by default and was already activate on all other arm64 targets before. Signed-off-by: Hauke Mehrtens --- target/linux/mediatek/filogic/config-5.15 | 1 - target/linux/mediatek/mt7622/config-5.15 | 1 - target/linux/rockchip/armv8/config-5.10 | 1 - target/linux/rockchip/armv8/config-5.15 | 1 - 4 files changed, 4 deletions(-) diff --git a/target/linux/mediatek/filogic/config-5.15 b/target/linux/mediatek/filogic/config-5.15 index 5f924065a4d9..883e194be439 100644 --- a/target/linux/mediatek/filogic/config-5.15 +++ b/target/linux/mediatek/filogic/config-5.15 @@ -24,7 +24,6 @@ CONFIG_ARM64_MODULE_PLTS=y CONFIG_ARM64_PAGE_SHIFT=12 CONFIG_ARM64_PA_BITS=48 CONFIG_ARM64_PA_BITS_48=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/mediatek/mt7622/config-5.15 b/target/linux/mediatek/mt7622/config-5.15 index 14a0bec31a54..5224e1c8088a 100644 --- a/target/linux/mediatek/mt7622/config-5.15 +++ b/target/linux/mediatek/mt7622/config-5.15 @@ -26,7 +26,6 @@ CONFIG_ARM64_MODULE_PLTS=y CONFIG_ARM64_PAGE_SHIFT=12 CONFIG_ARM64_PA_BITS=48 CONFIG_ARM64_PA_BITS_48=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/rockchip/armv8/config-5.10 b/target/linux/rockchip/armv8/config-5.10 index 220b0ec198ef..794283fcd964 100644 --- a/target/linux/rockchip/armv8/config-5.10 +++ b/target/linux/rockchip/armv8/config-5.10 @@ -36,7 +36,6 @@ CONFIG_ARM64_PA_BITS_48=y CONFIG_ARM64_PTR_AUTH=y CONFIG_ARM64_RAS_EXTN=y CONFIG_ARM64_SVE=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_UAO=y CONFIG_ARM64_VA_BITS=48 diff --git a/target/linux/rockchip/armv8/config-5.15 b/target/linux/rockchip/armv8/config-5.15 index d6377f905f0a..dc1fbb3d5459 100644 --- a/target/linux/rockchip/armv8/config-5.15 +++ b/target/linux/rockchip/armv8/config-5.15 @@ -40,7 +40,6 @@ CONFIG_ARM64_PTR_AUTH=y CONFIG_ARM64_PTR_AUTH_KERNEL=y CONFIG_ARM64_RAS_EXTN=y CONFIG_ARM64_SVE=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_VA_BITS=48 # CONFIG_ARM64_VA_BITS_39 is not set -- 2.30.2