diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0009-kaiser-KAISER-depends-on-SMP.patch')
| -rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0009-kaiser-KAISER-depends-on-SMP.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0009-kaiser-KAISER-depends-on-SMP.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0009-kaiser-KAISER-depends-on-SMP.patch new file mode 100644 index 00000000..2bdab698 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0009-kaiser-KAISER-depends-on-SMP.patch @@ -0,0 +1,56 @@ +From 8b458f1e8f957c6bdf2674f65ac76234ef8bb018 Mon Sep 17 00:00:00 2001 +From: Hugh Dickins <hughd@google.com> +Date: Wed, 13 Sep 2017 14:03:10 -0700 +Subject: [PATCH 009/102] kaiser: KAISER depends on SMP + +It is absurd that KAISER should depend on SMP, but apparently nobody +has tried a UP build before: which breaks on implicit declaration of +function 'per_cpu_offset' in arch/x86/mm/kaiser.c. + +Now, you would expect that to be trivially fixed up; but looking at +the System.map when that block is #ifdef'ed out of kaiser_init(), +I see that in a UP build __per_cpu_user_mapped_end is precisely at +__per_cpu_user_mapped_start, and the items carefully gathered into +that section for user-mapping on SMP, dispersed elsewhere on UP. + +So, some other kind of section assignment will be needed on UP, +but implementing that is not a priority: just make KAISER depend +on SMP for now. + +Also inserted a blank line before the option, tidied up the +brief Kconfig help message, and added an "If unsure, Y". + +Signed-off-by: Hugh Dickins <hughd@google.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + security/Kconfig | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/security/Kconfig b/security/Kconfig +index 334d2e8..dc78671 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -30,14 +30,16 @@ config SECURITY + model will be used. + + If you are unsure how to answer this question, answer N. ++ + config KAISER + bool "Remove the kernel mapping in user mode" + default y +- depends on X86_64 +- depends on !PARAVIRT ++ depends on X86_64 && SMP && !PARAVIRT + help +- This enforces a strict kernel and user space isolation in order to close +- hardware side channels on kernel address information. ++ This enforces a strict kernel and user space isolation, in order ++ to close hardware side channels on kernel address information. ++ ++ If you are unsure how to answer this question, answer Y. + + config KAISER_REAL_SWITCH + bool "KAISER: actually switch page tables" +-- +2.7.4 + |