Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 332e0288 authored by Will Deacon's avatar Will Deacon Committed by Greg Kroah-Hartman
Browse files

arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 




Commit 084eb77cd3a8 upstream.

Add a Kconfig entry to control use of the entry trampoline, which allows
us to unmap the kernel whilst running in userspace and improve the
robustness of KASLR.

Reviewed-by: default avatarMark Rutland <mark.rutland@arm.com>
Tested-by: default avatarLaura Abbott <labbott@redhat.com>
Tested-by: default avatarShanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 68a65ce7

arch/arm64/Kconfig

+13 −0
Original line number Original line Diff line number Diff line
@@ -806,6 +806,19 @@ config FORCE_MAX_ZONEORDER 
	  However for 4K, we choose a higher default value, 11 as opposed to 10, giving us

	  However for 4K, we choose a higher default value, 11 as opposed to 10, giving us

	  4M allocations matching the default size used by generic code.

	  4M allocations matching the default size used by generic code.





config UNMAP_KERNEL_AT_EL0

	bool "Unmap kernel when running in userspace (aka \"KAISER\")"

	default y

	help

	  Some attacks against KASLR make use of the timing difference between

	  a permission fault which could arise from a page table entry that is

	  present in the TLB, and a translation fault which always requires a

	  page table walk. This option defends against these attacks by unmapping

	  the kernel whilst running in userspace, therefore forcing translation

	  faults for all of kernel space.



	  If unsure, say Y.



menuconfig ARMV8_DEPRECATED

menuconfig ARMV8_DEPRECATED

	bool "Emulate deprecated/obsolete ARMv8 instructions"

	bool "Emulate deprecated/obsolete ARMv8 instructions"

	depends on COMPAT

	depends on COMPAT