diff mbox series

[D/linux-kvm,SRU,1/1] UBUNTU: [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO

Message ID 20190611071914.14761-2-po-hsu.lin@canonical.com
State New
Headers show
Series enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO | expand

Commit Message

Po-Hsu Lin June 11, 2019, 7:19 a.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/1812624

Enable these options to match config setting in the generic kernels and
the requirement from the security team.

Note that this should not have performance impact as this will need to
be enabled with "page_poison=1" kernel boot option.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
---
 debian.kvm/config/config.common.ubuntu | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Colin Ian King June 11, 2019, 8:32 a.m. UTC | #1 
On 11/06/2019 08:19, Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1812624
> 
> Enable these options to match config setting in the generic kernels and
> the requirement from the security team.
> 
> Note that this should not have performance impact as this will need to
> be enabled with "page_poison=1" kernel boot option.
> 
> Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
> ---
>  debian.kvm/config/config.common.ubuntu | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
> index 681f52c..a56ba04 100644
> --- a/debian.kvm/config/config.common.ubuntu
> +++ b/debian.kvm/config/config.common.ubuntu
> @@ -1737,7 +1737,9 @@ CONFIG_PACKET=y
>  CONFIG_PAGE_COUNTER=y
>  # CONFIG_PAGE_EXTENSION is not set
>  # CONFIG_PAGE_OWNER is not set
> -# CONFIG_PAGE_POISONING is not set
> +CONFIG_PAGE_POISONING=y
> +CONFIG_PAGE_POISONING_NO_SANITY=y
> +CONFIG_PAGE_POISONING_ZERO=y
>  CONFIG_PAGE_TABLE_ISOLATION=y
>  # CONFIG_PANIC_ON_OOPS is not set
>  CONFIG_PANIC_ON_OOPS_VALUE=0
> 

Looks reasonable to me.

Acked-by: Colin Ian King <colin.king@canonical.com>
Connor Kuehl June 21, 2019, 5:27 p.m. UTC | #2 
On 6/11/19 12:19 AM, Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1812624
> 
> Enable these options to match config setting in the generic kernels and
> the requirement from the security team.
> 
> Note that this should not have performance impact as this will need to
> be enabled with "page_poison=1" kernel boot option.
> 
> Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>

Acked-by: Connor Kuehl <connor.kuehl@canonical.com>

> ---
>  debian.kvm/config/config.common.ubuntu | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
> index 681f52c..a56ba04 100644
> --- a/debian.kvm/config/config.common.ubuntu
> +++ b/debian.kvm/config/config.common.ubuntu
> @@ -1737,7 +1737,9 @@ CONFIG_PACKET=y
>  CONFIG_PAGE_COUNTER=y
>  # CONFIG_PAGE_EXTENSION is not set
>  # CONFIG_PAGE_OWNER is not set
> -# CONFIG_PAGE_POISONING is not set
> +CONFIG_PAGE_POISONING=y
> +CONFIG_PAGE_POISONING_NO_SANITY=y
> +CONFIG_PAGE_POISONING_ZERO=y
>  CONFIG_PAGE_TABLE_ISOLATION=y
>  # CONFIG_PANIC_ON_OOPS is not set
>  CONFIG_PANIC_ON_OOPS_VALUE=0
>
diff mbox series

Patch

diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
index 681f52c..a56ba04 100644
--- a/debian.kvm/config/config.common.ubuntu
+++ b/debian.kvm/config/config.common.ubuntu
@@ -1737,7 +1737,9 @@  CONFIG_PACKET=y
 CONFIG_PAGE_COUNTER=y
 # CONFIG_PAGE_EXTENSION is not set
 # CONFIG_PAGE_OWNER is not set
-# CONFIG_PAGE_POISONING is not set
+CONFIG_PAGE_POISONING=y
+CONFIG_PAGE_POISONING_NO_SANITY=y
+CONFIG_PAGE_POISONING_ZERO=y
 CONFIG_PAGE_TABLE_ISOLATION=y
 # CONFIG_PANIC_ON_OOPS is not set
 CONFIG_PANIC_ON_OOPS_VALUE=0