arch: arm64: enable CONFIG_UNMAP_KERNEL_AT_EL0

Set CONFIG_UNMAP_KERNEL_AT_EL0=y.

This patch enables KPTI - Kernel Page Table Isolation on Android. This
feature is required for all devices shipping with Android P, regardless
of the susceptibility of the device to speculative side channel attacks.

Bug 2417100

Change-Id: I6dc1dbdae8bf9bc4bcdb3f546c7287ccfe412184
Signed-off-by: Mustafa Yigit Bilgen <mbilgen@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1924004
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>

diff --git a/arch/arm64/configs/tegra_android_defconfig b/arch/arm64/configs/tegra_android_defconfig
index 6a798a02cbc2a81e360680ad950fd2b8aa479601..31847e82fa3ead56e6a7820d5cdd9392f39780eb 100644 (file)
--- a/arch/arm64/configs/tegra_android_defconfig
+++ b/arch/arm64/configs/tegra_android_defconfig
@@ -62,7 +62,7 @@ CONFIG_ZONE_DEVICE=y
 CONFIG_DEVICE_PRIVATE=y
 CONFIG_SECCOMP=y
 CONFIG_KEXEC=y
-# CONFIG_UNMAP_KERNEL_AT_EL0 is not set
+CONFIG_UNMAP_KERNEL_AT_EL0=y
 CONFIG_ARMV8_DEPRECATED=y
 CONFIG_SWP_EMULATION=y
 CONFIG_CP15_BARRIER_EMULATION=y