Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752691AbeACUPI (ORCPT + 1 other); Wed, 3 Jan 2018 15:15:08 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:35120 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752645AbeACUPG (ORCPT ); Wed, 3 Jan 2018 15:15:06 -0500 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hugh Dickins Subject: [PATCH 4.9 09/39] kaiser: KAISER depends on SMP Date: Wed, 3 Jan 2018 21:11:23 +0100 Message-Id: <20180103195104.458818514@linuxfoundation.org> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180103195104.066528044@linuxfoundation.org> References: <20180103195104.066528044@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Hugh Dickins It is absurd that KAISER should depend on SMP, but apparently nobody has tried a UP build before: which breaks on implicit declaration of function 'per_cpu_offset' in arch/x86/mm/kaiser.c. Now, you would expect that to be trivially fixed up; but looking at the System.map when that block is #ifdef'ed out of kaiser_init(), I see that in a UP build __per_cpu_user_mapped_end is precisely at __per_cpu_user_mapped_start, and the items carefully gathered into that section for user-mapping on SMP, dispersed elsewhere on UP. So, some other kind of section assignment will be needed on UP, but implementing that is not a priority: just make KAISER depend on SMP for now. Also inserted a blank line before the option, tidied up the brief Kconfig help message, and added an "If unsure, Y". Signed-off-by: Hugh Dickins Signed-off-by: Greg Kroah-Hartman --- security/Kconfig | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/security/Kconfig +++ b/security/Kconfig @@ -30,14 +30,16 @@ config SECURITY model will be used. If you are unsure how to answer this question, answer N. + config KAISER bool "Remove the kernel mapping in user mode" default y - depends on X86_64 - depends on !PARAVIRT + depends on X86_64 && SMP && !PARAVIRT help - This enforces a strict kernel and user space isolation in order to close - hardware side channels on kernel address information. + This enforces a strict kernel and user space isolation, in order + to close hardware side channels on kernel address information. + + If you are unsure how to answer this question, answer Y. config KAISER_REAL_SWITCH bool "KAISER: actually switch page tables"