On Mon, Jan 08, 2018 at 05:32:27PM +0000, Will Deacon wrote: > Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's > actually more useful as a mitigation against speculation attacks that > can leak arbitrary kernel data to userspace through speculation. > > Reword the Kconfig help message to reflect this, and make the option > depend on EXPERT so that it is on by default for the majority of users.
I still haven't heard an anwer on why this isn't using CONFIG_PAGE_TABLE_ISOLATION but instead reinvents its own symbol.
