On Thu, Jan 04, 2018 at 03:08:26PM +0000, Will Deacon wrote: > Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's > actually more useful as a mitigation against speculation attacks that > can leak arbitrary kernel data to userspace through speculation. > > Reword the Kconfig help message to reflect this, and make the option > depend on EXPERT so that it is on by default for the majority of users. > > Signed-off-by: Will Deacon <[email protected]>
Why is this not reusing the PAGE_TABLE_ISOLATION setting in security/Kconfig ?
