@@ -43,7 +43,6 @@ CONFIG_ARM64_PAN=y
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
CONFIG_ARM64_UAO=y
CONFIG_ARM64_VA_BITS=39
CONFIG_ARM64_VA_BITS_39=y
@@ -60,7 +60,6 @@ CONFIG_ARM64_PAN=y
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
CONFIG_ARM64_UAO=y
CONFIG_ARM64_VA_BITS=39
CONFIG_ARM64_VA_BITS_39=y
@@ -285,6 +285,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
# CONFIG_ARM64_ERRATUM_845719 is not set
# CONFIG_ARM64_ERRATUM_858921 is not set
# CONFIG_ARM64_RELOC_TEST is not set
+CONFIG_ARM64_SW_TTBR0_PAN=y
# CONFIG_ARM_APPENDED_DTB is not set
# CONFIG_ARM_ARCH_TIMER is not set
# CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set
@@ -296,6 +296,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
# CONFIG_ARM64_ERRATUM_858921 is not set
# CONFIG_ARM64_RAS_EXTN is not set
# CONFIG_ARM64_RELOC_TEST is not set
+CONFIG_ARM64_SW_TTBR0_PAN=y
# CONFIG_ARM_APPENDED_DTB is not set
# CONFIG_ARM_ARCH_TIMER is not set
# CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set
@@ -65,7 +65,6 @@ CONFIG_ARM64_PAN=y
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
CONFIG_ARM64_UAO=y
CONFIG_ARM64_VA_BITS=48
# CONFIG_ARM64_VA_BITS_39 is not set
@@ -53,7 +53,6 @@ CONFIG_ARM64_PAN=y
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
CONFIG_ARM64_UAO=y
CONFIG_ARM64_VA_BITS=39
CONFIG_ARM64_VA_BITS_39=y
@@ -37,7 +37,6 @@ CONFIG_ARM64_PAGE_SHIFT=12
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
# CONFIG_ARM64_UAO is not set
CONFIG_ARM64_VA_BITS=39
CONFIG_ARM64_VA_BITS_39=y
@@ -37,7 +37,6 @@ CONFIG_ARM64_PAGE_SHIFT=12
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
# CONFIG_ARM64_UAO is not set
CONFIG_ARM64_VA_BITS=39
CONFIG_ARM64_VA_BITS_39=y
@@ -55,7 +55,6 @@ CONFIG_ARM64_PAN=y
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
CONFIG_ARM64_UAO=y
CONFIG_ARM64_VA_BITS=48
# CONFIG_ARM64_VA_BITS_39 is not set
@@ -35,7 +35,6 @@ CONFIG_ARM64_PAGE_SHIFT=12
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
# CONFIG_ARM64_UAO is not set
CONFIG_ARM64_VA_BITS=39
CONFIG_ARM64_VA_BITS_39=y
@@ -37,7 +37,6 @@ CONFIG_ARM64_PA_BITS_48=y
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
# CONFIG_ARM64_UAO is not set
CONFIG_ARM64_VA_BITS=39
CONFIG_ARM64_VA_BITS_39=y
This activates "Emulate Privileged Access Never using TTBR0_EL1 switching" on ARM64. This should prevent the kernel from reading code from user space in kernel context. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> --- target/linux/armvirt/64/config-default | 1 - target/linux/brcm2708/bcm2710/config-4.14 | 1 - target/linux/generic/config-4.14 | 1 + target/linux/generic/config-4.19 | 1 + target/linux/layerscape/armv8_64b/config-4.14 | 1 - target/linux/mediatek/mt7622/config-4.14 | 1 - target/linux/mvebu/cortexa53/config-default | 1 - target/linux/mvebu/cortexa72/config-default | 1 - target/linux/octeontx/config-4.14 | 1 - target/linux/sunxi/cortexa53/config-4.14 | 1 - target/linux/sunxi/cortexa53/config-4.19 | 1 - 11 files changed, 2 insertions(+), 9 deletions(-)