arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry

[mirror_ubuntu-artful-kernel.git] / arch / arm64 / Kconfig

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index ba455f9572ddb590a30381986d1dbed9a8908e56..4ac42caa0e2b6ec5ae6c127e2ced330a7607e52b 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -798,15 +798,14 @@ config FORCE_MAX_ZONEORDER
          4M allocations matching the default size used by generic code.
 
 config UNMAP_KERNEL_AT_EL0
-       bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+       bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
        default y
        help
-         Some attacks against KASLR make use of the timing difference between
-         a permission fault which could arise from a page table entry that is
-         present in the TLB, and a translation fault which always requires a
-         page table walk. This option defends against these attacks by unmapping
-         the kernel whilst running in userspace, therefore forcing translation
-         faults for all of kernel space.
+         Speculation attacks against some high-performance processors can
+         be used to bypass MMU permission checks and leak kernel data to
+         userspace. This can be defended against by unmapping the kernel
+         when running in userspace, mapping it back in on exception entry
+         via a trampoline page in the vector table.
 
          If unsure, say Y.