From ca5555d27e6c62229a3f17d7ac2158d3c24b6af9 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sat, 22 Apr 2023 19:52:22 +0200
Subject: [PATCH] kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN

This activates the CONFIG_ARM64_SW_TTBR0_PAN option for all arm64
kernels by default.

The CONFIG_ARM64_SW_TTBR0_PAN option prevents the kernel form accessing
user space memory directly. This makes it harder to exploit the kernel.

This is activated by default and was already activate on all other arm64
targets before.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 target/linux/mediatek/filogic/config-5.15 | 1 -
 target/linux/mediatek/mt7622/config-5.15  | 1 -
 target/linux/rockchip/armv8/config-5.10   | 1 -
 target/linux/rockchip/armv8/config-5.15   | 1 -
 4 files changed, 4 deletions(-)

diff --git a/target/linux/mediatek/filogic/config-5.15 b/target/linux/mediatek/filogic/config-5.15
index 5f924065a4..883e194be4 100644
--- a/target/linux/mediatek/filogic/config-5.15
+++ b/target/linux/mediatek/filogic/config-5.15
@@ -24,7 +24,6 @@ CONFIG_ARM64_MODULE_PLTS=y
 CONFIG_ARM64_PAGE_SHIFT=12
 CONFIG_ARM64_PA_BITS=48
 CONFIG_ARM64_PA_BITS_48=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_TAGGED_ADDR_ABI=y
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y
diff --git a/target/linux/mediatek/mt7622/config-5.15 b/target/linux/mediatek/mt7622/config-5.15
index 14a0bec31a..5224e1c808 100644
--- a/target/linux/mediatek/mt7622/config-5.15
+++ b/target/linux/mediatek/mt7622/config-5.15
@@ -26,7 +26,6 @@ CONFIG_ARM64_MODULE_PLTS=y
 CONFIG_ARM64_PAGE_SHIFT=12
 CONFIG_ARM64_PA_BITS=48
 CONFIG_ARM64_PA_BITS_48=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_TAGGED_ADDR_ABI=y
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y
diff --git a/target/linux/rockchip/armv8/config-5.10 b/target/linux/rockchip/armv8/config-5.10
index 220b0ec198..794283fcd9 100644
--- a/target/linux/rockchip/armv8/config-5.10
+++ b/target/linux/rockchip/armv8/config-5.10
@@ -36,7 +36,6 @@ CONFIG_ARM64_PA_BITS_48=y
 CONFIG_ARM64_PTR_AUTH=y
 CONFIG_ARM64_RAS_EXTN=y
 CONFIG_ARM64_SVE=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_TAGGED_ADDR_ABI=y
 CONFIG_ARM64_UAO=y
 CONFIG_ARM64_VA_BITS=48
diff --git a/target/linux/rockchip/armv8/config-5.15 b/target/linux/rockchip/armv8/config-5.15
index d6377f905f..dc1fbb3d54 100644
--- a/target/linux/rockchip/armv8/config-5.15
+++ b/target/linux/rockchip/armv8/config-5.15
@@ -40,7 +40,6 @@ CONFIG_ARM64_PTR_AUTH=y
 CONFIG_ARM64_PTR_AUTH_KERNEL=y
 CONFIG_ARM64_RAS_EXTN=y
 CONFIG_ARM64_SVE=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_TAGGED_ADDR_ABI=y
 CONFIG_ARM64_VA_BITS=48
 # CONFIG_ARM64_VA_BITS_39 is not set
-- 
2.30.2