From 516b11d262711f7b6403c899f18b6ed2cf45062f Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Fri, 18 Aug 2017 14:53:36 +0100
Subject: [PATCH] kernel: Set DEFAULT_MMAP_MIN_ADDR to 65536/32768

This is a recommended security measure to protect the low portion
of virtual memory. On x86_64 the recommended value is 65536 while
for arm it shouldn't be higher than 32768.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 kernel/kernel_config-4.9.x         | 2 +-
 kernel/kernel_config-4.9.x-aarch64 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/kernel_config-4.9.x b/kernel/kernel_config-4.9.x
index e5991b2ed..f45f46507 100644
--- a/kernel/kernel_config-4.9.x
+++ b/kernel/kernel_config-4.9.x
@@ -514,7 +514,7 @@ CONFIG_BOUNCE=y
 CONFIG_VIRT_TO_BUS=y
 CONFIG_MMU_NOTIFIER=y
 CONFIG_KSM=y
-CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 CONFIG_TRANSPARENT_HUGEPAGE=y
 CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
 # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
diff --git a/kernel/kernel_config-4.9.x-aarch64 b/kernel/kernel_config-4.9.x-aarch64
index fe1d7eaee..d1e5c574e 100644
--- a/kernel/kernel_config-4.9.x-aarch64
+++ b/kernel/kernel_config-4.9.x-aarch64
@@ -479,7 +479,7 @@ CONFIG_PHYS_ADDR_T_64BIT=y
 CONFIG_BOUNCE=y
 CONFIG_MMU_NOTIFIER=y
 CONFIG_KSM=y
-CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+CONFIG_DEFAULT_MMAP_MIN_ADDR=32768
 CONFIG_TRANSPARENT_HUGEPAGE=y
 CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
 # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set