| Message ID | 20190220162853.30105-2-po-hsu.lin@canonical.com |
|---|---|
| State | New |
| Headers | show |
On 20.02.19 17:28, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1812624 > > Enable these options to match config setting in the generic kernels and > the requirement from the security team. > > Note that this should not have performance impact as this will need to > be enabled with "page_poison=1" kernel boot option. > > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> > --- Applied to cosmic/linux-kvm/master-next. Thanks. -Stefan > debian.kvm/config/config.common.ubuntu | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu > index 681f52c..a56ba04 100644 > --- a/debian.kvm/config/config.common.ubuntu > +++ b/debian.kvm/config/config.common.ubuntu > @@ -1737,7 +1737,9 @@ CONFIG_PACKET=y > CONFIG_PAGE_COUNTER=y > # CONFIG_PAGE_EXTENSION is not set > # CONFIG_PAGE_OWNER is not set > -# CONFIG_PAGE_POISONING is not set > +CONFIG_PAGE_POISONING=y > +CONFIG_PAGE_POISONING_NO_SANITY=y > +CONFIG_PAGE_POISONING_ZERO=y > CONFIG_PAGE_TABLE_ISOLATION=y > # CONFIG_PANIC_ON_OOPS is not set > CONFIG_PANIC_ON_OOPS_VALUE=0 >
diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu index 681f52c..a56ba04 100644 --- a/debian.kvm/config/config.common.ubuntu +++ b/debian.kvm/config/config.common.ubuntu @@ -1737,7 +1737,9 @@ CONFIG_PACKET=y CONFIG_PAGE_COUNTER=y # CONFIG_PAGE_EXTENSION is not set # CONFIG_PAGE_OWNER is not set -# CONFIG_PAGE_POISONING is not set +CONFIG_PAGE_POISONING=y +CONFIG_PAGE_POISONING_NO_SANITY=y +CONFIG_PAGE_POISONING_ZERO=y CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_PANIC_ON_OOPS is not set CONFIG_PANIC_ON_OOPS_VALUE=0
BugLink: https://bugs.launchpad.net/bugs/1812624 Enable these options to match config setting in the generic kernels and the requirement from the security team. Note that this should not have performance impact as this will need to be enabled with "page_poison=1" kernel boot option. Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> --- debian.kvm/config/config.common.ubuntu | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)