1 files changed, 10 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index e8e449444e65..a623d13bf288 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -54,6 +54,16 @@ config SECURITY_NETWORK
          implement socket and networking access controls.
          If you are unsure how to answer this question, answer N.
+config PAGE_TABLE_ISOLATION
+        bool "Remove the kernel mapping in user mode"
+        depends on X86_64 && !UML
+        help
+          This feature reduces the number of hardware side channels by
+          ensuring that the majority of kernel addresses are not mapped
+          into userspace.
+          See Documentation/x86/pagetable-isolation.txt for more details.
 config SECURITY_INFINIBAND
        bool "Infiniband Security Hooks"
        depends on SECURITY && INFINIBAND

diff --git a/security/Kconfig b/security/Kconfig index e8e449444e65..a623d13bf288 100644 --- a/security/Kconfig +++ b/security/Kconfig
@@ -54,6 +54,16 @@ config SECURITY_NETWORK
54	implement socket and networking access controls.	54	implement socket and networking access controls.
55	If you are unsure how to answer this question, answer N.	55	If you are unsure how to answer this question, answer N.
56		56
		57	config PAGE_TABLE_ISOLATION
		58	bool "Remove the kernel mapping in user mode"
		59	depends on X86_64 && !UML
		60	help
		61	This feature reduces the number of hardware side channels by
		62	ensuring that the majority of kernel addresses are not mapped
		63	into userspace.
		64
		65	See Documentation/x86/pagetable-isolation.txt for more details.
		66
57	config SECURITY_INFINIBAND	67	config SECURITY_INFINIBAND
58	bool "Infiniband Security Hooks"	68	bool "Infiniband Security Hooks"
59	depends on SECURITY && INFINIBAND	69	depends on SECURITY && INFINIBAND