x86/pti: Enable PTI by default

CVE-2017-5754

This really want's to be enabled by default. Users who know what they are
doing can disable it either in the config or on the kernel command line.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
(cherry picked from commit 87faa0d9b43b4755ff6963a22d1fd1bee1aa3b39)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

diff --git a/security/Kconfig b/security/Kconfig
index 91cb8f611a0d1861e99fe12e69879291f8e1e4a7..529dccc22ce57a4479c261f202099a2942139948 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -98,6 +98,7 @@ config SECURITY_NETWORK
 
 config PAGE_TABLE_ISOLATION
        bool "Remove the kernel mapping in user mode"
+       default y
        depends on X86_64 && !UML
        help
          This feature reduces the number of hardware side channels by