On 11/26/2017 03:14 PM, Thomas Gleixner wrote: > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -56,7 +56,7 @@ config SECURITY_NETWORK > > config KAISER > bool "Remove the kernel mapping in user mode" > - depends on X86_64 && SMP && !PARAVIRT > + depends on X86_64 && SMP && !PARAVIRT && JUMP_LABEL > help > This feature reduces the number of hardware side channels by > ensuring that the majority of kernel addresses are not mapped One of the reasons for doing the runtime-disable was to get rid of the !PARAVIRT dependency. I can add a follow-on here that will act as if we did "nokaiser" whenever Xen is in play so we can remove this dependency. I just hope Xen is detectable early enough to do the static patching. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
