CONFIG_UNMAP_KERNEL_AT_EL0: Unmap kernel when running in userspace (KPTI)

General informations

The Linux kernel configuration item CONFIG_UNMAP_KERNEL_AT_EL0 has multiple definitions:

Unmap kernel when running in userspace (KPTI) found in arch/arm64/Kconfig

The configuration item CONFIG_UNMAP_KERNEL_AT_EL0:

• prompt: Unmap kernel when running in userspace (KPTI)
• type: bool
• depends on: CONFIG_EXPERT
• defined in arch/arm64/Kconfig
• found in Linux kernels: 6.8, 6.9-rc+HEAD

Help text

Speculation attacks against some high-performance processors can be used to bypass MMU permission checks and leak kernel data to userspace. This can be defended against by unmapping the kernel when running in userspace, mapping it back in on exception entry via a trampoline page in the vector table.

If unsure, say Y.

Unmap kernel when running in userspace (aka 'KAISER') found in arch/arm64/Kconfig

The configuration item CONFIG_UNMAP_KERNEL_AT_EL0:

• prompt: Unmap kernel when running in userspace (aka 'KAISER')
• type: bool
• depends on: CONFIG_EXPERT
• defined in arch/arm64/Kconfig
• found in Linux kernels: 4.16–4.20, 5.0–5.19, 6.0–6.7

Help text

Speculation attacks against some high-performance processors can be used to bypass MMU permission checks and leak kernel data to userspace. This can be defended against by unmapping the kernel when running in userspace, mapping it back in on exception entry via a trampoline page in the vector table.

If unsure, say Y.

Hardware

LKDDb

Raw data from LKDDb:

• (none)

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

• Linux kernel
• Linux Kernel Driver DataBase (LKDDb)

Automatic links from Google (and ads)

Custom Search

Popular queries: