This activates "Supervisor Mode Access Prevention". modern CPUs will
prevent the kernel code from accessing any data from the userspace
without the usage of copy_to_user() or copy_from_user()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_BINFMT_MISC allows it to add support for new executable formats
to the kernel from user space, the kernel will then detect for example a
java binary and call the java execution program automatically. I am not
aware that this feature is used in OpenWrt and this could be used to
exploit something. Deactivate it for all targets for now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds initial support for kernel 4.19 to the x86 target.
The patches and the kernel configurations were copied from kernel 4.14
and then refreshed.
The legacy and the genode target will not support PAE any more because
they use a CPU type which does not support PAE, the generic sub target
still supports PAE.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>