Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c75b5858 authored by Will Deacon's avatar Will Deacon Committed by Gerrit - the friendly Code Review server
Browse files

arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry 



Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's
actually more useful as a mitigation against speculation attacks that
can leak arbitrary kernel data to userspace through speculation.

Reword the Kconfig help message to reflect this, and make the option
depend on EXPERT so that it is on by default for the majority of users.

Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
Change-Id: I2056d452aa0015384a5b09a67b0a22e548b42e1e
Git-Commit: 2897537b
Git-repo: git://android.googlesource.com/kernel/common.git


[vinmenon@codeaurora.org: trivial merge conflicts]
Signed-off-by: default avatarVinayak Menon <vinmenon@codeaurora.org>
parent f42c3641

arch/arm64/Kconfig

+6 −7
Original line number Diff line number Diff line
@@ -802,15 +802,14 @@ config FORCE_MAX_ZONEORDER 
	default "11"



config UNMAP_KERNEL_AT_EL0

	bool "Unmap kernel when running in userspace (aka \"KAISER\")"

	bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT

	default y

	help

	  Some attacks against KASLR make use of the timing difference between

	  a permission fault which could arise from a page table entry that is

	  present in the TLB, and a translation fault which always requires a

	  page table walk. This option defends against these attacks by unmapping

	  the kernel whilst running in userspace, therefore forcing translation

	  faults for all of kernel space.

	  Speculation attacks against some high-performance processors can

	  be used to bypass MMU permission checks and leak kernel data to

	  userspace. This can be defended against by unmapping the kernel

	  when running in userspace, mapping it back in on exception entry

	  via a trampoline page in the vector table.



	  If unsure, say Y.