arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry

Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
author: Will Deacon <will.deacon@arm.com> 2017-11-14 11:19:39 -0500
committer: Catalin Marinas <catalin.marinas@arm.com> 2018-01-08 13:43:33 -0500
commit: 0617052ddde355ee663b2f048e67dd381e5ebd6a (patch)
tree: 4797bee1203ae87241f138a43396a90a73a27102 /arch/arm64/Kconfig
parent: be04a6d1126b02c6a28741155b899d648739fc5b (diff)
1 files changed, 6 insertions, 7 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 9b1330806f39..cb7a70e686cb 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -863,15 +863,14 @@ config FORCE_MAX_ZONEORDER
          4M allocations matching the default size used by generic code.
 config UNMAP_KERNEL_AT_EL0
-        bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+        bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
        default y
        help
-          Some attacks against KASLR make use of the timing difference between
+          Speculation attacks against some high-performance processors can
-          a permission fault which could arise from a page table entry that is
+          be used to bypass MMU permission checks and leak kernel data to
-          present in the TLB, and a translation fault which always requires a
+          userspace. This can be defended against by unmapping the kernel
-          page table walk. This option defends against these attacks by unmapping
+          when running in userspace, mapping it back in on exception entry
-          the kernel whilst running in userspace, therefore forcing translation
+          via a trampoline page in the vector table.
-          faults for all of kernel space.
          If unsure, say Y.
author	Will Deacon <will.deacon@arm.com>	2017-11-14 11:19:39 -0500
committer	Catalin Marinas <catalin.marinas@arm.com>	2018-01-08 13:43:33 -0500
commit	0617052ddde355ee663b2f048e67dd381e5ebd6a (patch)
tree	4797bee1203ae87241f138a43396a90a73a27102 /arch/arm64/Kconfig
parent	be04a6d1126b02c6a28741155b899d648739fc5b (diff)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 9b1330806f39..cb7a70e686cb 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig
@@ -863,15 +863,14 @@ config FORCE_MAX_ZONEORDER
863	4M allocations matching the default size used by generic code.	863	4M allocations matching the default size used by generic code.
864		864
865	config UNMAP_KERNEL_AT_EL0	865	config UNMAP_KERNEL_AT_EL0
866	bool "Unmap kernel when running in userspace (aka \"KAISER\")"	866	bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
867	default y	867	default y
868	help	868	help
869	Some attacks against KASLR make use of the timing difference between	869	Speculation attacks against some high-performance processors can
870	a permission fault which could arise from a page table entry that is	870	be used to bypass MMU permission checks and leak kernel data to
871	present in the TLB, and a translation fault which always requires a	871	userspace. This can be defended against by unmapping the kernel
872	page table walk. This option defends against these attacks by unmapping	872	when running in userspace, mapping it back in on exception entry
873	the kernel whilst running in userspace, therefore forcing translation	873	via a trampoline page in the vector table.
874	faults for all of kernel space.
875		874
876	If unsure, say Y.	875	If unsure, say Y.
877		876