On Fri, Jan 10, 2025 at 06:40:28PM +0000, Brendan Jackman wrote:
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7b9a7e8f39acc8e9aeb7d4213e87d71047865f5c..5a50582eb210e9d1309856a737d32b76fa1bfc85 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2519,6 +2519,20 @@ config MITIGATION_PAGE_TABLE_ISOLATION
See Documentation/arch/x86/pti.rst for more details.
+config MITIGATION_ADDRESS_SPACE_ISOLATION
+ bool "Allow code to run with a reduced kernel address space"
+ default n
+ depends on X86_64 && !PARAVIRT && !UML
+ help
+ This feature provides the ability to run some kernel code
s/This feature provide/Provide/
+ with a reduced kernel address space. This can be used to
+ mitigate some speculative execution attacks.
+
+ The !PARAVIRT dependency is only because of lack of testing; in theory
+ the code is written to work under paravirtualization. In practice
+ there are likely to be unhandled cases, in particular concerning TLB
+ flushes.
Right, this paragraph should be under the "---" line too until PARAVIRT gets
tested, ofc.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
