path: root/security/Kconfig
diff options
authorJoerg Roedel <>2018-09-14 12:59:14 +0200
committerThomas Gleixner <>2018-09-14 17:08:45 +0200
commit61a6bd83abf2f14b2a917b6a0279c88d299267af (patch)
tree14cade8f610c1fb68b6dba04e5c7e5de16651368 /security/Kconfig
parentcf40361ede6cf9dc09349e4c049dc0d166ca2d8b (diff)
Revert "x86/mm/legacy: Populate the user page-table with user pgd's"
This reverts commit 1f40a46cf47c12d93a5ad9dccd82bd36ff8f956a. It turned out that this patch is not sufficient to enable PTI on 32 bit systems with legacy 2-level page-tables. In this paging mode the huge-page PTEs are in the top-level page-table directory, where also the mirroring to the user-space page-table happens. So every huge PTE exits twice, in the kernel and in the user page-table. That means that accessed/dirty bits need to be fetched from two PTEs in this mode to be safe, but this is not trivial to implement because it needs changes to generic code just for the sake of enabling PTI with 32-bit legacy paging. As all systems that need PTI should support PAE anyway, remove support for PTI when 32-bit legacy paging is used. Fixes: 7757d607c6b3 ('x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32') Reported-by: Meelis Roos <> Signed-off-by: Joerg Roedel <> Signed-off-by: Thomas Gleixner <> Cc: Cc: Cc: Linus Torvalds <> Cc: Andy Lutomirski <> Cc: Dave Hansen <> Cc: Borislav Petkov <> Cc: Andrea Arcangeli <> Link:
Diffstat (limited to 'security/Kconfig')
1 files changed, 1 insertions, 1 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 27d8b2688f75..d9aa521b5206 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -57,7 +57,7 @@ config SECURITY_NETWORK
bool "Remove the kernel mapping in user mode"
default y
- depends on X86 && !UML
+ depends on (X86_64 || X86_PAE) && !UML
This feature reduces the number of hardware side channels by
ensuring that the majority of kernel addresses are not mapped