x86: Enable KASLR by default
KASLR is mature (and important) enough to be enabled by default on x86. Also enable it by default in the defconfigs. Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: Baoquan He <bhe@redhat.com> Cc: Borislav Petkov <bp@suse.de> Cc: Kees Cook <keescook@chromium.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Yinghai Lu <yinghai@kernel.org> Cc: dan.j.williams@intel.com Cc: dave.jiang@intel.com Cc: dyoung@redhat.com Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
This commit is contained in:
parent
f51b17c8d9
commit
6807c84652
@ -1966,7 +1966,7 @@ config RELOCATABLE
|
||||
config RANDOMIZE_BASE
|
||||
bool "Randomize the address of the kernel image (KASLR)"
|
||||
depends on RELOCATABLE
|
||||
default n
|
||||
default y
|
||||
---help---
|
||||
In support of Kernel Address Space Layout Randomization (KASLR),
|
||||
this randomizes the physical address at which the kernel image
|
||||
@ -1996,7 +1996,7 @@ config RANDOMIZE_BASE
|
||||
theoretically possible, but the implementations are further
|
||||
limited due to memory layouts.
|
||||
|
||||
If unsure, say N.
|
||||
If unsure, say Y.
|
||||
|
||||
# Relocation on x86 needs some additional build support
|
||||
config X86_NEED_RELOCS
|
||||
@ -2045,7 +2045,7 @@ config RANDOMIZE_MEMORY
|
||||
configuration have in average 30,000 different possible virtual
|
||||
addresses for each memory section.
|
||||
|
||||
If unsure, say N.
|
||||
If unsure, say Y.
|
||||
|
||||
config RANDOMIZE_MEMORY_PHYSICAL_PADDING
|
||||
hex "Physical memory mapping padding" if EXPERT
|
||||
|
@ -57,6 +57,8 @@ CONFIG_EFI=y
|
||||
CONFIG_HZ_1000=y
|
||||
CONFIG_KEXEC=y
|
||||
CONFIG_CRASH_DUMP=y
|
||||
CONFIG_RANDOMIZE_BASE=y
|
||||
CONFIG_RANDOMIZE_MEMORY=y
|
||||
# CONFIG_COMPAT_VDSO is not set
|
||||
CONFIG_HIBERNATION=y
|
||||
CONFIG_PM_DEBUG=y
|
||||
|
@ -55,6 +55,8 @@ CONFIG_EFI=y
|
||||
CONFIG_HZ_1000=y
|
||||
CONFIG_KEXEC=y
|
||||
CONFIG_CRASH_DUMP=y
|
||||
CONFIG_RANDOMIZE_BASE=y
|
||||
CONFIG_RANDOMIZE_MEMORY=y
|
||||
# CONFIG_COMPAT_VDSO is not set
|
||||
CONFIG_HIBERNATION=y
|
||||
CONFIG_PM_DEBUG=y
|
||||
|
Loading…
Reference in New Issue
Block a user