On Fri, Jan 10, 2025 at 06:40:28PM +0000, Brendan Jackman wrote:
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 7b9a7e8f39acc8e9aeb7d4213e87d71047865f5c..5a50582eb210e9d1309856a737d32b76fa1bfc85 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -2519,6 +2519,20 @@ config MITIGATION_PAGE_TABLE_ISOLATION
>
> See Documentation/arch/x86/pti.rst for more details.
>
> +config MITIGATION_ADDRESS_SPACE_ISOLATION
> + bool "Allow code to run with a reduced kernel address space"
> + default n
> + depends on X86_64 && !PARAVIRT && !UML
> + help
> + This feature provides the ability to run some kernel code
s/This feature provide/Provide/
> + with a reduced kernel address space. This can be used to
> + mitigate some speculative execution attacks.
> +
> + The !PARAVIRT dependency is only because of lack of testing; in theory
> + the code is written to work under paravirtualization. In practice
> + there are likely to be unhandled cases, in particular concerning TLB
> + flushes.
Right, this paragraph should be under the "---" line too until PARAVIRT gets
tested, ofc.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
