projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f51b17c)
x86: Enable KASLR by default
authorIngo Molnar <mingo@kernel.org>
Tue, 18 Apr 2017 09:08:12 +0000 (11:08 +0200)
committerIngo Molnar <mingo@kernel.org>
Tue, 18 Apr 2017 09:48:13 +0000 (11:48 +0200)
KASLR is mature (and important) enough to be enabled by default on x86.

Also enable it by default in the defconfigs.

Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: dan.j.williams@intel.com
Cc: dave.jiang@intel.com
Cc: dyoung@redhat.com
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
arch/x86/Kconfig patch | blob | blame | history
arch/x86/configs/i386_defconfig patch | blob | blame | history
arch/x86/configs/x86_64_defconfig patch | blob | blame | history

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index cc98d5a294eee25c56209d92e38bdb08f379780d..dc12dddb40b2e199c77ed589329ecdd86f902185 100644 (file)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1966,7 +1966,7 @@ config RELOCATABLE
 config RANDOMIZE_BASE
        bool "Randomize the address of the kernel image (KASLR)"
        depends on RELOCATABLE
-       default n
+       default y
        ---help---
          In support of Kernel Address Space Layout Randomization (KASLR),
          this randomizes the physical address at which the kernel image
@@ -1996,7 +1996,7 @@ config RANDOMIZE_BASE
          theoretically possible, but the implementations are further
          limited due to memory layouts.
 
-         If unsure, say N.
+         If unsure, say Y.
 
 # Relocation on x86 needs some additional build support
 config X86_NEED_RELOCS
@@ -2045,7 +2045,7 @@ config RANDOMIZE_MEMORY
           configuration have in average 30,000 different possible virtual
           addresses for each memory section.
 
-          If unsure, say N.
+          If unsure, say Y.
 
 config RANDOMIZE_MEMORY_PHYSICAL_PADDING
        hex "Physical memory mapping padding" if EXPERT
diff --git a/arch/x86/configs/i386_defconfig b/arch/x86/configs/i386_defconfig
index 5fa6ee2c2dde05d153f5ad3ae66438330f085999..6cf79e1a68301794f35977bf03ea190cc3caa2fd 100644 (file)
--- a/arch/x86/configs/i386_defconfig
+++ b/arch/x86/configs/i386_defconfig
@@ -57,6 +57,8 @@ CONFIG_EFI=y
 CONFIG_HZ_1000=y
 CONFIG_KEXEC=y
 CONFIG_CRASH_DUMP=y
+CONFIG_RANDOMIZE_BASE=y
+CONFIG_RANDOMIZE_MEMORY=y
 # CONFIG_COMPAT_VDSO is not set
 CONFIG_HIBERNATION=y
 CONFIG_PM_DEBUG=y
diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
index 7ef4a099defcda7f2d4e70fb7b3edec77361f2ec..8a9521b6a5376c7bd6c72af53e12477abe99ccea 100644 (file)
--- a/arch/x86/configs/x86_64_defconfig
+++ b/arch/x86/configs/x86_64_defconfig
@@ -55,6 +55,8 @@ CONFIG_EFI=y
 CONFIG_HZ_1000=y
 CONFIG_KEXEC=y
 CONFIG_CRASH_DUMP=y
+CONFIG_RANDOMIZE_BASE=y
+CONFIG_RANDOMIZE_MEMORY=y
 # CONFIG_COMPAT_VDSO is not set
 CONFIG_HIBERNATION=y
 CONFIG_PM_DEBUG=y