diff mbox series

[v2,4/8] config: android-recommended: enable CONFIG_CPU_SW_DOMAIN_PAN

Message ID 1496925556-19417-5-git-send-email-amit.pundir@linaro.org
State New
Headers show
Series kernel/configs: Android config fragment updates | expand

Commit Message

Amit Pundir June 8, 2017, 12:39 p.m. UTC 
From: Sami Tolvanen <samitolvanen@google.com>


Enable CPU domain PAN to ensure that normal kernel accesses are
unable to access userspace addresses.

Reviewed-at: https://android-review.googlesource.com/#/c/334035/

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

[AmitP: cherry-picked this change from Android common kernel, updated
        the commit message and re-placed the CONFIG_STRICT_KERNEL_RWX
        config in sorted order]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

---
 kernel/configs/android-recommended.config | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
2.7.4
diff mbox series

Patch

diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index a02c447769f7..946fb92418f7 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -14,7 +14,7 @@  CONFIG_BLK_DEV_RAM=y
 CONFIG_BLK_DEV_RAM_SIZE=8192
 CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_COMPACTION=y
-CONFIG_STRICT_KERNEL_RWX=y
+CONFIG_CPU_SW_DOMAIN_PAN=y
 CONFIG_DM_CRYPT=y
 CONFIG_DM_UEVENT=y
 CONFIG_DM_VERITY=y
@@ -107,6 +107,7 @@  CONFIG_SCHEDSTATS=y
 CONFIG_SMARTJOYPLUS_FF=y
 CONFIG_SND=y
 CONFIG_SOUND=y
+CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_SUSPEND_TIME=y
 CONFIG_TABLET_USB_ACECAD=y
 CONFIG_TABLET_USB_AIPTEK=y