> > On systems that are not vulnerable to variant 3, this is an unnecessary > > overhead. > > KASLR can be bypassed on CPUs that are not vulnerable to variant 3 simply > by timing how long accesses to kernel addresses from EL0 take -- please read > the original KAISER paper for details about that attack on x86. kpti > mitigates that. If you don't care about KASLR, don't enable it (arguably > it's useless without kpti).
KASLR is primarily of value for remote protection. Alan
