arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry

author Will Deacon <will.deacon@arm.com>

Tue, 14 Nov 2017 16:19:39 +0000 (16:19 +0000)

committer Seth Forshee <seth.forshee@canonical.com>

Thu, 22 Feb 2018 14:15:46 +0000 (08:15 -0600)
author Will Deacon <will.deacon@arm.com>
Tue, 14 Nov 2017 16:19:39 +0000 (16:19 +0000)
committer Seth Forshee <seth.forshee@canonical.com>
Thu, 22 Feb 2018 14:15:46 +0000 (08:15 -0600)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig

index 24f0f84a784585b3101709537bbd878c375e3577..846ac1812d3c7d2122881bfcfe536dcdb4f6d666 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -845,15 +845,14 @@ config FORCE_MAX_ZONEORDER
           4M allocations matching the default size used by generic code.
  
  config UNMAP_KERNEL_AT_EL0
-       bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+       bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
         default y
         help
-         Some attacks against KASLR make use of the timing difference between
-         a permission fault which could arise from a page table entry that is
-         present in the TLB, and a translation fault which always requires a
-         page table walk. This option defends against these attacks by unmapping
-         the kernel whilst running in userspace, therefore forcing translation
-         faults for all of kernel space.
+         Speculation attacks against some high-performance processors can
+         be used to bypass MMU permission checks and leak kernel data to
+         userspace. This can be defended against by unmapping the kernel
+         when running in userspace, mapping it back in on exception entry
+         via a trampoline page in the vector table.
  
           If unsure, say Y.
author	Will Deacon <will.deacon@arm.com>
	Tue, 14 Nov 2017 16:19:39 +0000 (16:19 +0000)
committer	Seth Forshee <seth.forshee@canonical.com>
	Thu, 22 Feb 2018 14:15:46 +0000 (08:15 -0600)