diff options
Diffstat (limited to 'arch/arm/Kconfig')
| -rw-r--r-- | arch/arm/Kconfig | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 767a988966b1..912136fad9e3 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1667,6 +1667,21 @@ config HIGHPTE bool "Allocate 2nd-level pagetables from highmem" depends on HIGHMEM +config CPU_SW_DOMAIN_PAN + bool "Enable use of CPU domains to implement privileged no-access" + depends on MMU && !ARM_LPAE + default y + help + Increase kernel security by ensuring that normal kernel accesses + are unable to access userspace addresses. This can help prevent + use-after-free bugs becoming an exploitable privilege escalation + by ensuring that magic values (such as LIST_POISON) will always + fault when dereferenced. + + CPUs with low-vector mappings use a best-efforts implementation. + Their lower 1MB needs to remain accessible for the vectors, but + the remainder of userspace will become appropriately inaccessible. + config HW_PERF_EVENTS bool "Enable hardware performance counter support for perf events" depends on PERF_EVENTS |