From 1e9b769d65a76788dafe357bf632957be1343f01 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Mon, 19 Feb 2018 14:23:31 +0000
Subject: [PATCH] kernel: Enable KAISER and Hardened Branch predictor for arm64

These are part of the Meltdown/Spectre mitigations for arm64
now available for 4.14 and 4.15

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 kernel/config-4.14.x-aarch64 | 3 +++
 kernel/config-4.15.x-aarch64 | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/kernel/config-4.14.x-aarch64 b/kernel/config-4.14.x-aarch64
index 6f2f5f759..a9b739ce5 100644
--- a/kernel/config-4.14.x-aarch64
+++ b/kernel/config-4.14.x-aarch64
@@ -495,6 +495,7 @@ CONFIG_CAVIUM_ERRATUM_30115=y
 CONFIG_QCOM_FALKOR_ERRATUM_1003=y
 CONFIG_QCOM_FALKOR_ERRATUM_1009=y
 CONFIG_QCOM_QDF2400_ERRATUM_0065=y
+CONFIG_QCOM_FALKOR_ERRATUM_E1041=y
 CONFIG_ARM64_4K_PAGES=y
 # CONFIG_ARM64_16K_PAGES is not set
 # CONFIG_ARM64_64K_PAGES is not set
@@ -570,6 +571,8 @@ CONFIG_PARAVIRT=y
 CONFIG_XEN_DOM0=y
 CONFIG_XEN=y
 CONFIG_FORCE_MAX_ZONEORDER=11
+CONFIG_UNMAP_KERNEL_AT_EL0=y
+CONFIG_HARDEN_BRANCH_PREDICTOR=y
 # CONFIG_ARM64_SW_TTBR0_PAN is not set
 
 #
diff --git a/kernel/config-4.15.x-aarch64 b/kernel/config-4.15.x-aarch64
index fbe3c3a7e..5c22ed146 100644
--- a/kernel/config-4.15.x-aarch64
+++ b/kernel/config-4.15.x-aarch64
@@ -581,6 +581,8 @@ CONFIG_PARAVIRT=y
 CONFIG_XEN_DOM0=y
 CONFIG_XEN=y
 CONFIG_FORCE_MAX_ZONEORDER=11
+CONFIG_UNMAP_KERNEL_AT_EL0=y
+CONFIG_HARDEN_BRANCH_PREDICTOR=y
 # CONFIG_ARM64_SW_TTBR0_PAN is not set
 
 #