config: android-recommended: enable CONFIG_CPU_SW_DOMAIN_PAN

Enable CPU domain PAN to ensure that normal kernel accesses are unable to access userspace addresses. Reviewed-at: https://android-review.googlesource.com/#/c/334035/ Signed-off-by: Sami Tolvanen <samitolvanen@google.com> [AmitP: cherry-picked this change from Android common kernel, updated the commit message and re-placed the CONFIG_STRICT_KERNEL_RWX config in sorted order] Signed-off-by: Amit Pundir <amit.pundir@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Sami Tolvanen <samitolvanen@google.com> 2017-06-08 15:39:12 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-06-09 12:47:38 +0300
commit: fb0b1538983c1cf7d2a2242b332a34a953753624 (patch)
tree: a6991723275ba5b97725a01168cde8080503b336 /kernel
parent: c1ebc2febdb85a73a4f91a9b9eaab6387619eaa6 (diff)
download: linux-fb0b1538983c1cf7d2a2242b332a34a953753624.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index a02c447769f7..946fb92418f7 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -14,7 +14,7 @@ CONFIG_BLK_DEV_RAM=y
 CONFIG_BLK_DEV_RAM_SIZE=8192
 CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_COMPACTION=y
-CONFIG_STRICT_KERNEL_RWX=y
+CONFIG_CPU_SW_DOMAIN_PAN=y
 CONFIG_DM_CRYPT=y
 CONFIG_DM_UEVENT=y
 CONFIG_DM_VERITY=y
@@ -107,6 +107,7 @@ CONFIG_SCHEDSTATS=y
 CONFIG_SMARTJOYPLUS_FF=y
 CONFIG_SND=y
 CONFIG_SOUND=y
+CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_SUSPEND_TIME=y
 CONFIG_TABLET_USB_ACECAD=y
 CONFIG_TABLET_USB_AIPTEK=y
author	Sami Tolvanen <samitolvanen@google.com>	2017-06-08 15:39:12 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-06-09 12:47:38 +0300
commit	fb0b1538983c1cf7d2a2242b332a34a953753624 (patch)
tree	a6991723275ba5b97725a01168cde8080503b336 /kernel
parent	c1ebc2febdb85a73a4f91a9b9eaab6387619eaa6 (diff)
download	linux-fb0b1538983c1cf7d2a2242b332a34a953753624.tar.xz