main/linux-vanilla: Update 4.9.73 --> 4.9.75 (Fix for Meltdown)

This commit updates to kernel version 4.9.75 and enables
CONFIG_PAGE_TABLE_ISOLATION for x86, x86_64 and aarch64. For all
other architectures, CONFIG_PAGE_TABLE_ISOLATION is disabled.

CONFIG_PAGE_TABLE_ISOLATION mitigates the Meltdown security flaw
almost all Intel CPUs and some ARM CPUs are suspect to [1,2].
(This patch does not solve the Spectre security threat [2], which
affects also non-Intel CPUs [3].)

I believe this commit will cause some discussion, especially the
following points seem worth discussing:

 a) CONFIG_PAGE_TABLE_ISOLATION has a performance impact on
    syscalls, which can slow down specific applications
    significantly. AMD users might benefit from a kernel without
    KPTI (unless Meltdown turns out to affect them as well)
 b) Is disabling this feature a reasonable choice for CPU
    architectures different from x86, x86_64 and aarch64?

[1]: https://meltdownattack.com/#faq-systems-meltdown
[2]: http://kroah.com/log/blog/2018/01/06/meltdown-status/
[3]: https://meltdownattack.com/#faq-systems-spectre

1 files changed, 1 insertions, 0 deletions

diff --git a/main/linux-vanilla/config-vanilla.x86_64 b/main/linux-vanilla/config-vanilla.x86_64
index 5154e33298..ff573f97f6 100644
--- a/main/linux-vanilla/config-vanilla.x86_64
+++ b/main/linux-vanilla/config-vanilla.x86_64
@@ -6701,6 +6701,7 @@ CONFIG_ENCRYPTED_KEYS=m
 CONFIG_KEY_DH_OPERATIONS=y
 # CONFIG_SECURITY_DMESG_RESTRICT is not set
 CONFIG_SECURITY=y
+CONFIG_PAGE_TABLE_ISOLATION=y
 CONFIG_SECURITYFS=y
 # CONFIG_SECURITY_NETWORK is not set
 # CONFIG_SECURITY_PATH is not set