patches/kernel/0300-x86-pti-Enable-PTI-by-default.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Thomas Gleixner <tglx@linutronix.de>
   3 Date: Wed, 3 Jan 2018 15:18:44 +0100
   4 Subject: [PATCH] x86/pti: Enable PTI by default
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 CVE-2017-5754
  10
  11 This really want's to be enabled by default. Users who know what they are
  12 doing can disable it either in the config or on the kernel command line.
  13
  14 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  15 Cc: stable@vger.kernel.org
  16 (cherry picked from commit 87faa0d9b43b4755ff6963a22d1fd1bee1aa3b39)
  17 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  18 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  19 (cherry picked from commit 436cdbfed2112bea7943f4a0f6dfabf54088c8c6)
  20 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  21 ---
  22  security/Kconfig | 1 +
  23  1 file changed, 1 insertion(+)
  24
  25 diff --git a/security/Kconfig b/security/Kconfig
  26 index 91cb8f611a0d..529dccc22ce5 100644
  27 --- a/security/Kconfig
  28 +++ b/security/Kconfig
  29 @@ -98,6 +98,7 @@ config SECURITY_NETWORK
  30
  31  config PAGE_TABLE_ISOLATION
  32         bool "Remove the kernel mapping in user mode"
  33 +       default y
  34         depends on X86_64 && !UML
  35         help
  36           This feature reduces the number of hardware side channels by
  37 --
  38 2.14.2
  39