]>
Commit | Line | Data |
---|---|---|
035dbe67 FG |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Thomas Gleixner <tglx@linutronix.de> | |
3 | Date: Wed, 3 Jan 2018 15:18:44 +0100 | |
4 | Subject: [PATCH] x86/pti: Enable PTI by default | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | This really want's to be enabled by default. Users who know what they are | |
12 | doing can disable it either in the config or on the kernel command line. | |
13 | ||
14 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
15 | Cc: stable@vger.kernel.org | |
16 | (cherry picked from commit 87faa0d9b43b4755ff6963a22d1fd1bee1aa3b39) | |
17 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
18 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
19 | (cherry picked from commit 436cdbfed2112bea7943f4a0f6dfabf54088c8c6) | |
20 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
21 | --- | |
22 | security/Kconfig | 1 + | |
23 | 1 file changed, 1 insertion(+) | |
24 | ||
25 | diff --git a/security/Kconfig b/security/Kconfig | |
26 | index 91cb8f611a0d..529dccc22ce5 100644 | |
27 | --- a/security/Kconfig | |
28 | +++ b/security/Kconfig | |
29 | @@ -98,6 +98,7 @@ config SECURITY_NETWORK | |
30 | ||
31 | config PAGE_TABLE_ISOLATION | |
32 | bool "Remove the kernel mapping in user mode" | |
33 | + default y | |
34 | depends on X86_64 && !UML | |
35 | help | |
36 | This feature reduces the number of hardware side channels by | |
37 | -- | |
38 | 2.14.2 | |
39 |