From 32eb66881c7f71004d35e904f89651e6a2d64214 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 7 Apr 2019 18:06:34 +0200 Subject: [PATCH] kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN This activates "Emulate Privileged Access Never using TTBR0_EL1 switching" on ARM64. This should prevent the kernel from reading code from user space in kernel context. Signed-off-by: Hauke Mehrtens --- target/linux/armvirt/64/config-default | 1 - target/linux/brcm2708/bcm2710/config-4.14 | 1 - target/linux/generic/config-4.14 | 1 + target/linux/generic/config-4.19 | 1 + target/linux/layerscape/armv8_64b/config-4.14 | 1 - target/linux/mediatek/mt7622/config-4.14 | 1 - target/linux/mvebu/cortexa53/config-default | 1 - target/linux/mvebu/cortexa72/config-default | 1 - target/linux/octeontx/config-4.14 | 1 - target/linux/sunxi/cortexa53/config-4.14 | 1 - target/linux/sunxi/cortexa53/config-4.19 | 1 - 11 files changed, 2 insertions(+), 9 deletions(-) diff --git a/target/linux/armvirt/64/config-default b/target/linux/armvirt/64/config-default index e5c05b3160..23d038cbb6 100644 --- a/target/linux/armvirt/64/config-default +++ b/target/linux/armvirt/64/config-default @@ -43,7 +43,6 @@ CONFIG_ARM64_PAN=y # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_UAO=y CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/brcm2708/bcm2710/config-4.14 b/target/linux/brcm2708/bcm2710/config-4.14 index 9faf7f762a..00e3c0c2e5 100644 --- a/target/linux/brcm2708/bcm2710/config-4.14 +++ b/target/linux/brcm2708/bcm2710/config-4.14 @@ -60,7 +60,6 @@ CONFIG_ARM64_PAN=y # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_UAO=y CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 4154314951..d74b01f86d 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -285,6 +285,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 # CONFIG_ARM64_ERRATUM_845719 is not set # CONFIG_ARM64_ERRATUM_858921 is not set # CONFIG_ARM64_RELOC_TEST is not set +CONFIG_ARM64_SW_TTBR0_PAN=y # CONFIG_ARM_APPENDED_DTB is not set # CONFIG_ARM_ARCH_TIMER is not set # CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index 48d0094bb4..4d76038996 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -296,6 +296,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 # CONFIG_ARM64_ERRATUM_858921 is not set # CONFIG_ARM64_RAS_EXTN is not set # CONFIG_ARM64_RELOC_TEST is not set +CONFIG_ARM64_SW_TTBR0_PAN=y # CONFIG_ARM_APPENDED_DTB is not set # CONFIG_ARM_ARCH_TIMER is not set # CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set diff --git a/target/linux/layerscape/armv8_64b/config-4.14 b/target/linux/layerscape/armv8_64b/config-4.14 index 782da4e3fb..b925c3c03e 100644 --- a/target/linux/layerscape/armv8_64b/config-4.14 +++ b/target/linux/layerscape/armv8_64b/config-4.14 @@ -65,7 +65,6 @@ CONFIG_ARM64_PAN=y # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_UAO=y CONFIG_ARM64_VA_BITS=48 # CONFIG_ARM64_VA_BITS_39 is not set diff --git a/target/linux/mediatek/mt7622/config-4.14 b/target/linux/mediatek/mt7622/config-4.14 index 86951e198a..58ab6642fc 100644 --- a/target/linux/mediatek/mt7622/config-4.14 +++ b/target/linux/mediatek/mt7622/config-4.14 @@ -53,7 +53,6 @@ CONFIG_ARM64_PAN=y # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_UAO=y CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/mvebu/cortexa53/config-default b/target/linux/mvebu/cortexa53/config-default index 674a294460..b0dd2ee39e 100644 --- a/target/linux/mvebu/cortexa53/config-default +++ b/target/linux/mvebu/cortexa53/config-default @@ -37,7 +37,6 @@ CONFIG_ARM64_PAGE_SHIFT=12 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set # CONFIG_ARM64_UAO is not set CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/mvebu/cortexa72/config-default b/target/linux/mvebu/cortexa72/config-default index 61c3998bb1..8598471f4c 100644 --- a/target/linux/mvebu/cortexa72/config-default +++ b/target/linux/mvebu/cortexa72/config-default @@ -37,7 +37,6 @@ CONFIG_ARM64_PAGE_SHIFT=12 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set # CONFIG_ARM64_UAO is not set CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/octeontx/config-4.14 b/target/linux/octeontx/config-4.14 index 09d22d517f..8925ead14d 100644 --- a/target/linux/octeontx/config-4.14 +++ b/target/linux/octeontx/config-4.14 @@ -55,7 +55,6 @@ CONFIG_ARM64_PAN=y # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_UAO=y CONFIG_ARM64_VA_BITS=48 # CONFIG_ARM64_VA_BITS_39 is not set diff --git a/target/linux/sunxi/cortexa53/config-4.14 b/target/linux/sunxi/cortexa53/config-4.14 index b46c4aa414..adb71fca7e 100644 --- a/target/linux/sunxi/cortexa53/config-4.14 +++ b/target/linux/sunxi/cortexa53/config-4.14 @@ -35,7 +35,6 @@ CONFIG_ARM64_PAGE_SHIFT=12 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set # CONFIG_ARM64_UAO is not set CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y diff --git a/target/linux/sunxi/cortexa53/config-4.19 b/target/linux/sunxi/cortexa53/config-4.19 index a35c84b905..2f79acdbc8 100644 --- a/target/linux/sunxi/cortexa53/config-4.19 +++ b/target/linux/sunxi/cortexa53/config-4.19 @@ -37,7 +37,6 @@ CONFIG_ARM64_PA_BITS_48=y # CONFIG_ARM64_PTDUMP_DEBUGFS is not set # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set CONFIG_ARM64_SSBD=y -# CONFIG_ARM64_SW_TTBR0_PAN is not set # CONFIG_ARM64_UAO is not set CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y -- 2.25.1