kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN

This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.

This should prevent the kernel from reading code from user space in
kernel context.

Signed-off-by: Hauke Mehrtens <[email protected]>

target/linux/armvirt/64/config-default

@@ -43,7 +43,6 @@ CONFIG_ARM64_PAN=y
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_UAO=y
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y

target/linux/brcm2708/bcm2710/config-4.14

@@ -60,7 +60,6 @@ CONFIG_ARM64_PAN=y
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_UAO=y
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y

target/linux/generic/config-4.14

@@ -285,6 +285,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
 # CONFIG_ARM64_ERRATUM_845719 is not set
 # CONFIG_ARM64_ERRATUM_858921 is not set
 # CONFIG_ARM64_RELOC_TEST is not set
+CONFIG_ARM64_SW_TTBR0_PAN=y
 # CONFIG_ARM_APPENDED_DTB is not set
 # CONFIG_ARM_ARCH_TIMER is not set
 # CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set

target/linux/generic/config-4.19

@@ -296,6 +296,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
 # CONFIG_ARM64_ERRATUM_858921 is not set
 # CONFIG_ARM64_RAS_EXTN is not set
 # CONFIG_ARM64_RELOC_TEST is not set
+CONFIG_ARM64_SW_TTBR0_PAN=y
 # CONFIG_ARM_APPENDED_DTB is not set
 # CONFIG_ARM_ARCH_TIMER is not set
 # CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set

target/linux/layerscape/armv8_64b/config-4.14

@@ -65,7 +65,6 @@ CONFIG_ARM64_PAN=y
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_UAO=y
 CONFIG_ARM64_VA_BITS=48
 # CONFIG_ARM64_VA_BITS_39 is not set

target/linux/mediatek/mt7622/config-4.14

@@ -53,7 +53,6 @@ CONFIG_ARM64_PAN=y
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_UAO=y
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y

target/linux/mvebu/cortexa53/config-default

@@ -37,7 +37,6 @@ CONFIG_ARM64_PAGE_SHIFT=12
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 # CONFIG_ARM64_UAO is not set
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y

target/linux/mvebu/cortexa72/config-default

@@ -37,7 +37,6 @@ CONFIG_ARM64_PAGE_SHIFT=12
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 # CONFIG_ARM64_UAO is not set
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y

target/linux/octeontx/config-4.14

@@ -55,7 +55,6 @@ CONFIG_ARM64_PAN=y
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 CONFIG_ARM64_UAO=y
 CONFIG_ARM64_VA_BITS=48
 # CONFIG_ARM64_VA_BITS_39 is not set

target/linux/sunxi/cortexa53/config-4.14

@@ -35,7 +35,6 @@ CONFIG_ARM64_PAGE_SHIFT=12
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 # CONFIG_ARM64_UAO is not set
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y

target/linux/sunxi/cortexa53/config-4.19

@@ -37,7 +37,6 @@ CONFIG_ARM64_PA_BITS_48=y
 # CONFIG_ARM64_PTDUMP_DEBUGFS is not set
 # CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
 CONFIG_ARM64_SSBD=y
-# CONFIG_ARM64_SW_TTBR0_PAN is not set
 # CONFIG_ARM64_UAO is not set
 CONFIG_ARM64_VA_BITS=39
 CONFIG_ARM64_VA_BITS_39=y