From: Hugh Dickins hughd@google.com
It is absurd that KAISER should depend on SMP, but apparently nobody has tried a UP build before: which breaks on implicit declaration of function 'per_cpu_offset' in arch/x86/mm/kaiser.c.
Now, you would expect that to be trivially fixed up; but looking at the System.map when that block is #ifdef'ed out of kaiser_init(), I see that in a UP build __per_cpu_user_mapped_end is precisely at __per_cpu_user_mapped_start, and the items carefully gathered into that section for user-mapping on SMP, dispersed elsewhere on UP.
So, some other kind of section assignment will be needed on UP, but implementing that is not a priority: just make KAISER depend on SMP for now.
Also inserted a blank line before the option, tidied up the brief Kconfig help message, and added an "If unsure, Y".
Signed-off-by: Hugh Dickins hughd@google.com Acked-by: Jiri Kosina jkosina@suse.cz Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org (cherry picked from commit d94df20135ccfdfb77b1479c501564e9b4ab5bc9) Signed-off-by: Pavel Tatashin pasha.tatashin@oracle.com --- security/Kconfig | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/security/Kconfig b/security/Kconfig index cdad6dd3693a..5f4b656bfa4c 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -30,14 +30,16 @@ config SECURITY model will be used.
If you are unsure how to answer this question, answer N. + config KAISER bool "Remove the kernel mapping in user mode" default y - depends on X86_64 - depends on !PARAVIRT + depends on X86_64 && SMP && !PARAVIRT help - This enforces a strict kernel and user space isolation in order to close - hardware side channels on kernel address information. + This enforces a strict kernel and user space isolation, in order + to close hardware side channels on kernel address information. + + If you are unsure how to answer this question, answer Y.
config KAISER_REAL_SWITCH bool "KAISER: actually switch page tables"