提交 6807c846 编写于 作者: I Ingo Molnar

x86: Enable KASLR by default

KASLR is mature (and important) enough to be enabled by default on x86.

Also enable it by default in the defconfigs.
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: dan.j.williams@intel.com
Cc: dave.jiang@intel.com
Cc: dyoung@redhat.com
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: NIngo Molnar <mingo@kernel.org>
上级 f51b17c8
...@@ -1966,7 +1966,7 @@ config RELOCATABLE ...@@ -1966,7 +1966,7 @@ config RELOCATABLE
config RANDOMIZE_BASE config RANDOMIZE_BASE
bool "Randomize the address of the kernel image (KASLR)" bool "Randomize the address of the kernel image (KASLR)"
depends on RELOCATABLE depends on RELOCATABLE
default n default y
---help--- ---help---
In support of Kernel Address Space Layout Randomization (KASLR), In support of Kernel Address Space Layout Randomization (KASLR),
this randomizes the physical address at which the kernel image this randomizes the physical address at which the kernel image
...@@ -1996,7 +1996,7 @@ config RANDOMIZE_BASE ...@@ -1996,7 +1996,7 @@ config RANDOMIZE_BASE
theoretically possible, but the implementations are further theoretically possible, but the implementations are further
limited due to memory layouts. limited due to memory layouts.
If unsure, say N. If unsure, say Y.
# Relocation on x86 needs some additional build support # Relocation on x86 needs some additional build support
config X86_NEED_RELOCS config X86_NEED_RELOCS
...@@ -2045,7 +2045,7 @@ config RANDOMIZE_MEMORY ...@@ -2045,7 +2045,7 @@ config RANDOMIZE_MEMORY
configuration have in average 30,000 different possible virtual configuration have in average 30,000 different possible virtual
addresses for each memory section. addresses for each memory section.
If unsure, say N. If unsure, say Y.
config RANDOMIZE_MEMORY_PHYSICAL_PADDING config RANDOMIZE_MEMORY_PHYSICAL_PADDING
hex "Physical memory mapping padding" if EXPERT hex "Physical memory mapping padding" if EXPERT
......
...@@ -57,6 +57,8 @@ CONFIG_EFI=y ...@@ -57,6 +57,8 @@ CONFIG_EFI=y
CONFIG_HZ_1000=y CONFIG_HZ_1000=y
CONFIG_KEXEC=y CONFIG_KEXEC=y
CONFIG_CRASH_DUMP=y CONFIG_CRASH_DUMP=y
CONFIG_RANDOMIZE_BASE=y
CONFIG_RANDOMIZE_MEMORY=y
# CONFIG_COMPAT_VDSO is not set # CONFIG_COMPAT_VDSO is not set
CONFIG_HIBERNATION=y CONFIG_HIBERNATION=y
CONFIG_PM_DEBUG=y CONFIG_PM_DEBUG=y
......
...@@ -55,6 +55,8 @@ CONFIG_EFI=y ...@@ -55,6 +55,8 @@ CONFIG_EFI=y
CONFIG_HZ_1000=y CONFIG_HZ_1000=y
CONFIG_KEXEC=y CONFIG_KEXEC=y
CONFIG_CRASH_DUMP=y CONFIG_CRASH_DUMP=y
CONFIG_RANDOMIZE_BASE=y
CONFIG_RANDOMIZE_MEMORY=y
# CONFIG_COMPAT_VDSO is not set # CONFIG_COMPAT_VDSO is not set
CONFIG_HIBERNATION=y CONFIG_HIBERNATION=y
CONFIG_PM_DEBUG=y CONFIG_PM_DEBUG=y
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册