summaryrefslogtreecommitdiffstats
path: root/arch/arm64/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'arch/arm64/Kconfig')
-rw-r--r--arch/arm64/Kconfig13
1 files changed, 6 insertions, 7 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 9b1330806f39..cb7a70e686cb 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -863,15 +863,14 @@ config FORCE_MAX_ZONEORDER
4M allocations matching the default size used by generic code.
config UNMAP_KERNEL_AT_EL0
- bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+ bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
default y
help
- Some attacks against KASLR make use of the timing difference between
- a permission fault which could arise from a page table entry that is
- present in the TLB, and a translation fault which always requires a
- page table walk. This option defends against these attacks by unmapping
- the kernel whilst running in userspace, therefore forcing translation
- faults for all of kernel space.
+ Speculation attacks against some high-performance processors can
+ be used to bypass MMU permission checks and leak kernel data to
+ userspace. This can be defended against by unmapping the kernel
+ when running in userspace, mapping it back in on exception entry
+ via a trampoline page in the vector table.
If unsure, say Y.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-12 04:42:37 +0000