From 32eb66881c7f71004d35e904f89651e6a2d64214 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 7 Apr 2019 18:06:34 +0200
Subject: kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN

This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.

This should prevent the kernel from reading code from user space in
kernel context.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 target/linux/generic/config-4.14 | 1 +
 1 file changed, 1 insertion(+)

(limited to 'target/linux/generic/config-4.14')

diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
index 4154314951..d74b01f86d 100644
--- a/target/linux/generic/config-4.14
+++ b/target/linux/generic/config-4.14
@@ -285,6 +285,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
 # CONFIG_ARM64_ERRATUM_845719 is not set
 # CONFIG_ARM64_ERRATUM_858921 is not set
 # CONFIG_ARM64_RELOC_TEST is not set
+CONFIG_ARM64_SW_TTBR0_PAN=y
 # CONFIG_ARM_APPENDED_DTB is not set
 # CONFIG_ARM_ARCH_TIMER is not set
 # CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set
-- 
cgit v1.2.3