arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry

author Will Deacon <will.deacon@arm.com>

Tue, 3 Apr 2018 11:09:13 +0000 (12:09 +0100)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 8 Apr 2018 10:12:54 +0000 (12:12 +0200)
author Will Deacon <will.deacon@arm.com>
Tue, 3 Apr 2018 11:09:13 +0000 (12:09 +0100)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 8 Apr 2018 10:12:54 +0000 (12:12 +0200)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig

index 6b6e9f89e40a753a77074f087a62c01c97db6e29..c8471cf46cbb5f2afd000220f0eb31c11c82cc2f 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -734,15 +734,14 @@ config FORCE_MAX_ZONEORDER
           4M allocations matching the default size used by generic code.
  
  config UNMAP_KERNEL_AT_EL0
-       bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+       bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
         default y
         help
-         Some attacks against KASLR make use of the timing difference between
-         a permission fault which could arise from a page table entry that is
-         present in the TLB, and a translation fault which always requires a
-         page table walk. This option defends against these attacks by unmapping
-         the kernel whilst running in userspace, therefore forcing translation
-         faults for all of kernel space.
+         Speculation attacks against some high-performance processors can
+         be used to bypass MMU permission checks and leak kernel data to
+         userspace. This can be defended against by unmapping the kernel
+         when running in userspace, mapping it back in on exception entry
+         via a trampoline page in the vector table.
  
           If unsure, say Y.
author	Will Deacon <will.deacon@arm.com>
	Tue, 3 Apr 2018 11:09:13 +0000 (12:09 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 8 Apr 2018 10:12:54 +0000 (12:12 +0200)