From afdfa5021caf77ae2b83a5f61c66d8babe27c858 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 3 Apr 2023 07:45:05 +0200
Subject: dashboard/config/linux: enable Intel CET+LAM

Technologies we want to use and test if available.
---
 dashboard/config/linux/bits/subsystems.yml            | 2 ++
 dashboard/config/linux/upstream-apparmor-kasan.config | 4 ++--
 dashboard/config/linux/upstream-selinux-kasan.config  | 4 ++--
 dashboard/config/linux/upstream-smack-kasan.config    | 4 ++--
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/dashboard/config/linux/bits/subsystems.yml b/dashboard/config/linux/bits/subsystems.yml
index edc89b950..5f5a756f0 100644
--- a/dashboard/config/linux/bits/subsystems.yml
+++ b/dashboard/config/linux/bits/subsystems.yml
@@ -26,6 +26,8 @@ config:
  - NUMA_EMU: [x86_64]
  - NUMA_BALANCING: [-arm]
  - NUMA_BALANCING_DEFAULT_ENABLED: [-arm]
+ - ADDRESS_MASKING: [x86_64, linux-next]
+ - X86_USER_SHADOW_STACK: [x86_64, linux-next]
  # KMSAN disables HYPERVISOR_GUEST which is required to enable this.
  - X86_X2APIC: [x86_64, -kmsan]
  - CGROUPS
diff --git a/dashboard/config/linux/upstream-apparmor-kasan.config b/dashboard/config/linux/upstream-apparmor-kasan.config
index 5b0cf9a57..97572c62d 100644
--- a/dashboard/config/linux/upstream-apparmor-kasan.config
+++ b/dashboard/config/linux/upstream-apparmor-kasan.config
@@ -457,7 +457,7 @@ CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_INTEL_TSX_MODE_ON=y
 # CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
 CONFIG_X86_SGX=y
-# CONFIG_X86_USER_SHADOW_STACK is not set
+CONFIG_X86_USER_SHADOW_STACK=y
 # CONFIG_EFI is not set
 CONFIG_HZ_100=y
 # CONFIG_HZ_250 is not set
@@ -472,7 +472,7 @@ CONFIG_CRASH_DUMP=y
 CONFIG_PHYSICAL_START=0x1000000
 # CONFIG_RELOCATABLE is not set
 CONFIG_PHYSICAL_ALIGN=0x200000
-# CONFIG_ADDRESS_MASKING is not set
+CONFIG_ADDRESS_MASKING=y
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
diff --git a/dashboard/config/linux/upstream-selinux-kasan.config b/dashboard/config/linux/upstream-selinux-kasan.config
index 4b31c425e..9e1a0ed73 100644
--- a/dashboard/config/linux/upstream-selinux-kasan.config
+++ b/dashboard/config/linux/upstream-selinux-kasan.config
@@ -454,7 +454,7 @@ CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_INTEL_TSX_MODE_ON=y
 # CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
 CONFIG_X86_SGX=y
-# CONFIG_X86_USER_SHADOW_STACK is not set
+CONFIG_X86_USER_SHADOW_STACK=y
 # CONFIG_EFI is not set
 CONFIG_HZ_100=y
 # CONFIG_HZ_250 is not set
@@ -469,7 +469,7 @@ CONFIG_CRASH_DUMP=y
 CONFIG_PHYSICAL_START=0x1000000
 # CONFIG_RELOCATABLE is not set
 CONFIG_PHYSICAL_ALIGN=0x200000
-# CONFIG_ADDRESS_MASKING is not set
+CONFIG_ADDRESS_MASKING=y
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
diff --git a/dashboard/config/linux/upstream-smack-kasan.config b/dashboard/config/linux/upstream-smack-kasan.config
index 0176b9e04..43e1b6a90 100644
--- a/dashboard/config/linux/upstream-smack-kasan.config
+++ b/dashboard/config/linux/upstream-smack-kasan.config
@@ -459,7 +459,7 @@ CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_INTEL_TSX_MODE_ON=y
 # CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
 CONFIG_X86_SGX=y
-# CONFIG_X86_USER_SHADOW_STACK is not set
+CONFIG_X86_USER_SHADOW_STACK=y
 # CONFIG_EFI is not set
 CONFIG_HZ_100=y
 # CONFIG_HZ_250 is not set
@@ -474,7 +474,7 @@ CONFIG_CRASH_DUMP=y
 CONFIG_PHYSICAL_START=0x1000000
 # CONFIG_RELOCATABLE is not set
 CONFIG_PHYSICAL_ALIGN=0x200000
-# CONFIG_ADDRESS_MASKING is not set
+CONFIG_ADDRESS_MASKING=y
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
-- 
cgit mrf-deployment