@@ -505,7 +505,7 @@ CONFIG_X86_PPRO_FENCE=y
# CONFIG_X86_REBOOTFIXUPS is not set
CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
CONFIG_X86_RESERVE_LOW=64
-# CONFIG_X86_SMAP is not set
+CONFIG_X86_SMAP=y
# CONFIG_X86_SPEEDSTEP_CENTRINO is not set
# CONFIG_X86_SPEEDSTEP_ICH is not set
# CONFIG_X86_SPEEDSTEP_LIB is not set
@@ -484,7 +484,7 @@ CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_X86_REBOOTFIXUPS is not set
CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
CONFIG_X86_RESERVE_LOW=64
-# CONFIG_X86_SMAP is not set
+CONFIG_X86_SMAP=y
# CONFIG_X86_SPEEDSTEP_CENTRINO is not set
# CONFIG_X86_SPEEDSTEP_ICH is not set
# CONFIG_X86_SPEEDSTEP_SMI is not set
This activates "Supervisor Mode Access Prevention". modern CPUs will prevent the kernel code from accessing any data from the userspace without the usage of copy_to_user() or copy_from_user() Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> --- target/linux/x86/config-4.14 | 2 +- target/linux/x86/config-4.19 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)