Commit-ID: 6807c84652b0b7e2e198e50a9ad47ef41b236e59 Gitweb: http://git.kernel.org/tip/6807c84652b0b7e2e198e50a9ad47ef41b236e59 Author: Ingo Molnar <mingo@xxxxxxxxxx> AuthorDate: Tue, 18 Apr 2017 11:08:12 +0200 Committer: Ingo Molnar <mingo@xxxxxxxxxx> CommitDate: Tue, 18 Apr 2017 11:48:13 +0200 x86: Enable KASLR by default KASLR is mature (and important) enough to be enabled by default on x86. Also enable it by default in the defconfigs. Acked-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: Baoquan He <bhe@xxxxxxxxxx> Cc: Borislav Petkov <bp@xxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> Cc: Yinghai Lu <yinghai@xxxxxxxxxx> Cc: dan.j.williams@xxxxxxxxx Cc: dave.jiang@xxxxxxxxx Cc: dyoung@xxxxxxxxxx Cc: "H. Peter Anvin" <hpa@xxxxxxxxx> Cc: linux-kernel@xxxxxxxxxxxxxxx Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx> --- arch/x86/Kconfig | 6 +++--- arch/x86/configs/i386_defconfig | 2 ++ arch/x86/configs/x86_64_defconfig | 2 ++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index cc98d5a..dc12ddd 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1966,7 +1966,7 @@ config RELOCATABLE config RANDOMIZE_BASE bool "Randomize the address of the kernel image (KASLR)" depends on RELOCATABLE - default n + default y ---help--- In support of Kernel Address Space Layout Randomization (KASLR), this randomizes the physical address at which the kernel image @@ -1996,7 +1996,7 @@ config RANDOMIZE_BASE theoretically possible, but the implementations are further limited due to memory layouts. - If unsure, say N. + If unsure, say Y. # Relocation on x86 needs some additional build support config X86_NEED_RELOCS @@ -2045,7 +2045,7 @@ config RANDOMIZE_MEMORY configuration have in average 30,000 different possible virtual addresses for each memory section. - If unsure, say N. + If unsure, say Y. config RANDOMIZE_MEMORY_PHYSICAL_PADDING hex "Physical memory mapping padding" if EXPERT diff --git a/arch/x86/configs/i386_defconfig b/arch/x86/configs/i386_defconfig index 5fa6ee2..6cf79e1 100644 --- a/arch/x86/configs/i386_defconfig +++ b/arch/x86/configs/i386_defconfig @@ -57,6 +57,8 @@ CONFIG_EFI=y CONFIG_HZ_1000=y CONFIG_KEXEC=y CONFIG_CRASH_DUMP=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_MEMORY=y # CONFIG_COMPAT_VDSO is not set CONFIG_HIBERNATION=y CONFIG_PM_DEBUG=y diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig index 7ef4a09..8a9521b 100644 --- a/arch/x86/configs/x86_64_defconfig +++ b/arch/x86/configs/x86_64_defconfig @@ -55,6 +55,8 @@ CONFIG_EFI=y CONFIG_HZ_1000=y CONFIG_KEXEC=y CONFIG_CRASH_DUMP=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_MEMORY=y # CONFIG_COMPAT_VDSO is not set CONFIG_HIBERNATION=y CONFIG_PM_DEBUG=y -- To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
|