Message ID | 20190221222557.28581-2-po-hsu.lin@canonical.com |
---|---|
State | New |
Headers | show |
Series | [C/linux-azure,D/linux-azure,SRU,1/1] UBUNTU: [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO | expand |
On 2/21/19 11:25 PM, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1812624 > > Enable these options to match config setting in the generic kernels and > the requirement from the security team. > > Note that this should not have performance impact as this will need to > be enabled with page_poison=1 kernel boot option. > > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> > --- > debian.azure/config/config.common.ubuntu | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/debian.azure/config/config.common.ubuntu b/debian.azure/config/config.common.ubuntu > index cb039d4..0030581 100644 > --- a/debian.azure/config/config.common.ubuntu > +++ b/debian.azure/config/config.common.ubuntu > @@ -3355,7 +3355,9 @@ CONFIG_PADATA=y > CONFIG_PAGE_COUNTER=y > # CONFIG_PAGE_EXTENSION is not set > # CONFIG_PAGE_OWNER is not set > -# CONFIG_PAGE_POISONING is not set > +CONFIG_PAGE_POISONING=y > +CONFIG_PAGE_POISONING_NO_SANITY=y > +CONFIG_PAGE_POISONING_ZERO=y > CONFIG_PAGE_POOL=y > CONFIG_PAGE_TABLE_ISOLATION=y > # CONFIG_PANASONIC_LAPTOP is not set It makes sense to me to carry these config options from the main kernel. Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
From the Azure perspective since poisoning still requires a parameter to be passed on the kernel boot line, we're okay with enabling these. Acked-by: Joshua R. Poulson <jrp@pun.org> On Tue, Feb 26, 2019 at 7:18 AM Kleber Souza <kleber.souza@canonical.com> wrote: > > On 2/21/19 11:25 PM, Po-Hsu Lin wrote: > > BugLink: https://bugs.launchpad.net/bugs/1812624 > > > > Enable these options to match config setting in the generic kernels and > > the requirement from the security team. > > > > Note that this should not have performance impact as this will need to > > be enabled with page_poison=1 kernel boot option. > > > > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> > > --- > > debian.azure/config/config.common.ubuntu | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/debian.azure/config/config.common.ubuntu b/debian.azure/config/config.common.ubuntu > > index cb039d4..0030581 100644 > > --- a/debian.azure/config/config.common.ubuntu > > +++ b/debian.azure/config/config.common.ubuntu > > @@ -3355,7 +3355,9 @@ CONFIG_PADATA=y > > CONFIG_PAGE_COUNTER=y > > # CONFIG_PAGE_EXTENSION is not set > > # CONFIG_PAGE_OWNER is not set > > -# CONFIG_PAGE_POISONING is not set > > +CONFIG_PAGE_POISONING=y > > +CONFIG_PAGE_POISONING_NO_SANITY=y > > +CONFIG_PAGE_POISONING_ZERO=y > > CONFIG_PAGE_POOL=y > > CONFIG_PAGE_TABLE_ISOLATION=y > > # CONFIG_PANASONIC_LAPTOP is not set > > It makes sense to me to carry these config options from the main kernel. > > > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/debian.azure/config/config.common.ubuntu b/debian.azure/config/config.common.ubuntu index cb039d4..0030581 100644 --- a/debian.azure/config/config.common.ubuntu +++ b/debian.azure/config/config.common.ubuntu @@ -3355,7 +3355,9 @@ CONFIG_PADATA=y CONFIG_PAGE_COUNTER=y # CONFIG_PAGE_EXTENSION is not set # CONFIG_PAGE_OWNER is not set -# CONFIG_PAGE_POISONING is not set +CONFIG_PAGE_POISONING=y +CONFIG_PAGE_POISONING_NO_SANITY=y +CONFIG_PAGE_POISONING_ZERO=y CONFIG_PAGE_POOL=y CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_PANASONIC_LAPTOP is not set
BugLink: https://bugs.launchpad.net/bugs/1812624 Enable these options to match config setting in the generic kernels and the requirement from the security team. Note that this should not have performance impact as this will need to be enabled with page_poison=1 kernel boot option. Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> --- debian.azure/config/config.common.ubuntu | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)