Message ID | 20190611071914.14761-2-po-hsu.lin@canonical.com |
---|---|
State | New |
Headers | show |
Series | enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO | expand |
On 11/06/2019 08:19, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1812624 > > Enable these options to match config setting in the generic kernels and > the requirement from the security team. > > Note that this should not have performance impact as this will need to > be enabled with "page_poison=1" kernel boot option. > > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> > --- > debian.kvm/config/config.common.ubuntu | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu > index 681f52c..a56ba04 100644 > --- a/debian.kvm/config/config.common.ubuntu > +++ b/debian.kvm/config/config.common.ubuntu > @@ -1737,7 +1737,9 @@ CONFIG_PACKET=y > CONFIG_PAGE_COUNTER=y > # CONFIG_PAGE_EXTENSION is not set > # CONFIG_PAGE_OWNER is not set > -# CONFIG_PAGE_POISONING is not set > +CONFIG_PAGE_POISONING=y > +CONFIG_PAGE_POISONING_NO_SANITY=y > +CONFIG_PAGE_POISONING_ZERO=y > CONFIG_PAGE_TABLE_ISOLATION=y > # CONFIG_PANIC_ON_OOPS is not set > CONFIG_PANIC_ON_OOPS_VALUE=0 > Looks reasonable to me. Acked-by: Colin Ian King <colin.king@canonical.com>
On 6/11/19 12:19 AM, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1812624 > > Enable these options to match config setting in the generic kernels and > the requirement from the security team. > > Note that this should not have performance impact as this will need to > be enabled with "page_poison=1" kernel boot option. > > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by: Connor Kuehl <connor.kuehl@canonical.com> > --- > debian.kvm/config/config.common.ubuntu | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu > index 681f52c..a56ba04 100644 > --- a/debian.kvm/config/config.common.ubuntu > +++ b/debian.kvm/config/config.common.ubuntu > @@ -1737,7 +1737,9 @@ CONFIG_PACKET=y > CONFIG_PAGE_COUNTER=y > # CONFIG_PAGE_EXTENSION is not set > # CONFIG_PAGE_OWNER is not set > -# CONFIG_PAGE_POISONING is not set > +CONFIG_PAGE_POISONING=y > +CONFIG_PAGE_POISONING_NO_SANITY=y > +CONFIG_PAGE_POISONING_ZERO=y > CONFIG_PAGE_TABLE_ISOLATION=y > # CONFIG_PANIC_ON_OOPS is not set > CONFIG_PANIC_ON_OOPS_VALUE=0 >
diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu index 681f52c..a56ba04 100644 --- a/debian.kvm/config/config.common.ubuntu +++ b/debian.kvm/config/config.common.ubuntu @@ -1737,7 +1737,9 @@ CONFIG_PACKET=y CONFIG_PAGE_COUNTER=y # CONFIG_PAGE_EXTENSION is not set # CONFIG_PAGE_OWNER is not set -# CONFIG_PAGE_POISONING is not set +CONFIG_PAGE_POISONING=y +CONFIG_PAGE_POISONING_NO_SANITY=y +CONFIG_PAGE_POISONING_ZERO=y CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_PANIC_ON_OOPS is not set CONFIG_PANIC_ON_OOPS_VALUE=0
BugLink: https://bugs.launchpad.net/bugs/1812624 Enable these options to match config setting in the generic kernels and the requirement from the security team. Note that this should not have performance impact as this will need to be enabled with "page_poison=1" kernel boot option. Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> --- debian.kvm/config/config.common.ubuntu | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)