release/4.8.27/kaiser-kaiser-depends-on-smp.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-4.8 - Git at Google

 From foo@baz Wed Jan  3 20:37:21 CET 2018
 From: Hugh Dickins <hughd@google.com>
 Date: Wed, 13 Sep 2017 14:03:10 -0700
 Subject: kaiser: KAISER depends on SMP

 From: Hugh Dickins <hughd@google.com>


 It is absurd that KAISER should depend on SMP, but apparently nobody
 has tried a UP build before: which breaks on implicit declaration of
 function 'per_cpu_offset' in arch/x86/mm/kaiser.c.

 Now, you would expect that to be trivially fixed up; but looking at
 the System.map when that block is #ifdef'ed out of kaiser_init(),
 I see that in a UP build __per_cpu_user_mapped_end is precisely at
 __per_cpu_user_mapped_start, and the items carefully gathered into
 that section for user-mapping on SMP, dispersed elsewhere on UP.

 So, some other kind of section assignment will be needed on UP,
 but implementing that is not a priority: just make KAISER depend
 on SMP for now.

 Also inserted a blank line before the option, tidied up the
 brief Kconfig help message, and added an "If unsure, Y".

 Signed-off-by: Hugh Dickins <hughd@google.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  security/Kconfig |   10 ++++++----
  1 file changed, 6 insertions(+), 4 deletions(-)

 --- a/security/Kconfig
 +++ b/security/Kconfig
 @@ -30,14 +30,16 @@ config SECURITY
  	  model will be used.

  	  If you are unsure how to answer this question, answer N.
 +
  config KAISER
  	bool "Remove the kernel mapping in user mode"
  	default y
 -	depends on X86_64
 -	depends on !PARAVIRT
 +	depends on X86_64 && SMP && !PARAVIRT
  	help
 -	  This enforces a strict kernel and user space isolation in order to close
 -	  hardware side channels on kernel address information.
 +	  This enforces a strict kernel and user space isolation, in order
 +	  to close hardware side channels on kernel address information.
 +
 +	  If you are unsure how to answer this question, answer Y.

  config KAISER_REAL_SWITCH
  	bool "KAISER: actually switch page tables"
	From foo@baz Wed Jan 3 20:37:21 CET 2018
	From: Hugh Dickins <hughd@google.com>
	Date: Wed, 13 Sep 2017 14:03:10 -0700
	Subject: kaiser: KAISER depends on SMP

	From: Hugh Dickins <hughd@google.com>


	It is absurd that KAISER should depend on SMP, but apparently nobody
	has tried a UP build before: which breaks on implicit declaration of
	function 'per_cpu_offset' in arch/x86/mm/kaiser.c.

	Now, you would expect that to be trivially fixed up; but looking at
	the System.map when that block is #ifdef'ed out of kaiser_init(),
	I see that in a UP build __per_cpu_user_mapped_end is precisely at
	__per_cpu_user_mapped_start, and the items carefully gathered into
	that section for user-mapping on SMP, dispersed elsewhere on UP.

	So, some other kind of section assignment will be needed on UP,
	but implementing that is not a priority: just make KAISER depend
	on SMP for now.

	Also inserted a blank line before the option, tidied up the
	brief Kconfig help message, and added an "If unsure, Y".

	Signed-off-by: Hugh Dickins <hughd@google.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	security/Kconfig \| 10 ++++++----
	1 file changed, 6 insertions(+), 4 deletions(-)

	--- a/security/Kconfig
	+++ b/security/Kconfig
	@@ -30,14 +30,16 @@ config SECURITY
	model will be used.

	If you are unsure how to answer this question, answer N.
	+
	config KAISER
	bool "Remove the kernel mapping in user mode"
	default y
	- depends on X86_64
	- depends on !PARAVIRT
	+ depends on X86_64 && SMP && !PARAVIRT
	help
	- This enforces a strict kernel and user space isolation in order to close
	- hardware side channels on kernel address information.
	+ This enforces a strict kernel and user space isolation, in order
	+ to close hardware side channels on kernel address information.
	+
	+ If you are unsure how to answer this question, answer Y.

	config KAISER_REAL_SWITCH
	bool "KAISER: actually switch page tables"