kaiser: merged update

Merged fixes and cleanups, rebased to 4.4.89 tree (no 5-level paging). Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Hugh Dickins <hughd@google.com> Acked-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Dave Hansen <dave.hansen@linux.intel.com> 2017-08-30 16:23:00 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-01-05 15:44:23 +0100
commit: bed9bb7f3e6d4045013d2bb9e4004896de57f02b (patch)
tree: 25284cd383867826b0303949ed3bd1ecdee87a68 /security
parent: 8a43ddfb93a0c6ae1a6e1f5c25705ec5d1843c40 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index cb2a9bcff063..45cdb0098f38 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -32,12 +32,17 @@ config SECURITY
 	  If you are unsure how to answer this question, answer N.
 config KAISER
 	bool "Remove the kernel mapping in user mode"
+	default y
 	depends on X86_64
 	depends on !PARAVIRT
 	help
 	  This enforces a strict kernel and user space isolation in order to close
 	  hardware side channels on kernel address information.
 
+config KAISER_REAL_SWITCH
+	bool "KAISER: actually switch page tables"
+	default y
+
 config SECURITYFS
 	bool "Enable the securityfs filesystem"
 	help
author	Dave Hansen <dave.hansen@linux.intel.com>	2017-08-30 16:23:00 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-01-05 15:44:23 +0100
commit	bed9bb7f3e6d4045013d2bb9e4004896de57f02b (patch)
tree	25284cd383867826b0303949ed3bd1ecdee87a68 /security
parent	8a43ddfb93a0c6ae1a6e1f5c25705ec5d1843c40 (diff)