arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry

author Will Deacon <will.deacon@arm.com>

Tue, 14 Nov 2017 16:19:39 +0000 (16:19 +0000)

committer Kleber Sacilotto de Souza <kleber.souza@canonical.com>

Mon, 5 Feb 2018 17:23:02 +0000 (18:23 +0100)
author Will Deacon <will.deacon@arm.com>
Tue, 14 Nov 2017 16:19:39 +0000 (16:19 +0000)
committer Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Mon, 5 Feb 2018 17:23:02 +0000 (18:23 +0100)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig

index ba455f9572ddb590a30381986d1dbed9a8908e56..4ac42caa0e2b6ec5ae6c127e2ced330a7607e52b 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -798,15 +798,14 @@ config FORCE_MAX_ZONEORDER
           4M allocations matching the default size used by generic code.
  
  config UNMAP_KERNEL_AT_EL0
-       bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+       bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
         default y
         help
-         Some attacks against KASLR make use of the timing difference between
-         a permission fault which could arise from a page table entry that is
-         present in the TLB, and a translation fault which always requires a
-         page table walk. This option defends against these attacks by unmapping
-         the kernel whilst running in userspace, therefore forcing translation
-         faults for all of kernel space.
+         Speculation attacks against some high-performance processors can
+         be used to bypass MMU permission checks and leak kernel data to
+         userspace. This can be defended against by unmapping the kernel
+         when running in userspace, mapping it back in on exception entry
+         via a trampoline page in the vector table.
  
           If unsure, say Y.
author	Will Deacon <will.deacon@arm.com>
	Tue, 14 Nov 2017 16:19:39 +0000 (16:19 +0000)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Mon, 5 Feb 2018 17:23:02 +0000 (18:23 +0100)