From: Alex Shi <alex.shi@linaro.org>
To: Marc Zyngier <marc.zyngier@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Catalin Marinas <catalin.marinas@arm.com>,
stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Cc: Alex Shi <alex.shi@linaro.org>
Subject: [PATCH 17/29] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
Date: Wed, 28 Feb 2018 11:56:39 +0800 [thread overview]
Message-ID: <1519790211-16582-18-git-send-email-alex.shi@linaro.org> (raw)
In-Reply-To: <1519790211-16582-1-git-send-email-alex.shi@linaro.org>
From: Will Deacon <will.deacon@arm.com>
commit 084eb77cd3a8 upstream.
Add a Kconfig entry to control use of the entry trampoline, which allows
us to unmap the kernel whilst running in userspace and improve the
robustness of KASLR.
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Laura Abbott <labbott@redhat.com>
Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Alex Shi <alex.shi@linaro.org>
---
arch/arm64/Kconfig | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 7769c2e..6b6e9f8 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -733,6 +733,19 @@ config FORCE_MAX_ZONEORDER
However for 4K, we choose a higher default value, 11 as opposed to 10, giving us
4M allocations matching the default size used by generic code.
+config UNMAP_KERNEL_AT_EL0
+ bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+ default y
+ help
+ Some attacks against KASLR make use of the timing difference between
+ a permission fault which could arise from a page table entry that is
+ present in the TLB, and a translation fault which always requires a
+ page table walk. This option defends against these attacks by unmapping
+ the kernel whilst running in userspace, therefore forcing translation
+ faults for all of kernel space.
+
+ If unsure, say Y.
+
menuconfig ARMV8_DEPRECATED
bool "Emulate deprecated/obsolete ARMv8 instructions"
depends on COMPAT
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: alex.shi@linaro.org (Alex Shi)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 17/29] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
Date: Wed, 28 Feb 2018 11:56:39 +0800 [thread overview]
Message-ID: <1519790211-16582-18-git-send-email-alex.shi@linaro.org> (raw)
In-Reply-To: <1519790211-16582-1-git-send-email-alex.shi@linaro.org>
From: Will Deacon <will.deacon@arm.com>
commit 084eb77cd3a8 upstream.
Add a Kconfig entry to control use of the entry trampoline, which allows
us to unmap the kernel whilst running in userspace and improve the
robustness of KASLR.
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Laura Abbott <labbott@redhat.com>
Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Alex Shi <alex.shi@linaro.org>
---
arch/arm64/Kconfig | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 7769c2e..6b6e9f8 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -733,6 +733,19 @@ config FORCE_MAX_ZONEORDER
However for 4K, we choose a higher default value, 11 as opposed to 10, giving us
4M allocations matching the default size used by generic code.
+config UNMAP_KERNEL_AT_EL0
+ bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+ default y
+ help
+ Some attacks against KASLR make use of the timing difference between
+ a permission fault which could arise from a page table entry that is
+ present in the TLB, and a translation fault which always requires a
+ page table walk. This option defends against these attacks by unmapping
+ the kernel whilst running in userspace, therefore forcing translation
+ faults for all of kernel space.
+
+ If unsure, say Y.
+
menuconfig ARMV8_DEPRECATED
bool "Emulate deprecated/obsolete ARMv8 instructions"
depends on COMPAT
--
2.7.4
next prev parent reply other threads:[~2018-02-28 3:59 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-28 3:56 [PATCH 0/29] arm meltdown fix backporting review for lts 4.9 Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 01/29] arm64: mm: Use non-global mappings for kernel space Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 12:08 ` Greg KH
2018-02-28 12:08 ` Greg KH
2018-03-01 11:53 ` Alex Shi
2018-03-01 11:53 ` Alex Shi
2018-02-28 3:56 ` [PATCH 02/29] arm64: mm: Move ASID from TTBR0 to TTBR1 Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 03/29] arm64: mm: Allocate ASIDs in pairs Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 04/29] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 05/29] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 06/29] arm64: factor out entry stack manipulation Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 07/29] arm64: entry.S: move SError handling into a C function for future expansion Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 08/29] module: extend 'rodata=off' boot cmdline parameter to module mappings Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 09/29] arm64: entry: Add exception trampoline page for exceptions from EL0 Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 10/29] arm64: mm: Map entry trampoline into trampoline and kernel page tables Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 11/29] arm64: entry: Explicitly pass exception level to kernel_ventry macro Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 12/29] arm64: entry: Hook up entry trampoline to exception vectors Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 13/29] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 14/29] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 15/29] arm64: kaslr: Put kernel vectors address in separate data page Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 16/29] arm64: use RET instruction for exiting the trampoline Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` Alex Shi [this message]
2018-02-28 3:56 ` [PATCH 17/29] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 Alex Shi
2018-02-28 3:56 ` [PATCH 18/29] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 19/29] arm64: Take into account ID_AA64PFR0_EL1.CSV3 Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 20/29] arm64: Allow checking of a CPU-local erratum Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 21/29] arm64: capabilities: Handle duplicate entries for a capability Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 22/29] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 23/29] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 24/29] arm64: Turn on KPTI only on CPUs that need it Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 25/29] arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 26/29] arm64: kpti: Add ->enable callback to remap swapper using nG mappings Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 27/29] arm64: Force KPTI to be disabled on Cavium ThunderX Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 28/29] arm64: entry: Reword comment about post_ttbr_update_workaround Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 3:56 ` [PATCH 29/29] arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives Alex Shi
2018-02-28 3:56 ` Alex Shi
2018-02-28 4:02 ` [PATCH 0/29] arm meltdown fix backporting review for lts 4.9 Alex Shi
2018-02-28 4:02 ` Alex Shi
2018-03-01 15:24 ` Greg KH
2018-03-01 15:24 ` Greg KH
2018-03-02 9:14 ` Alex Shi
2018-03-02 9:14 ` Alex Shi
2018-03-02 10:32 ` Marc Zyngier
2018-03-02 10:32 ` Marc Zyngier
2018-03-02 16:54 ` Greg KH
2018-03-02 16:54 ` Greg KH
2018-03-05 12:46 ` Mark Brown
2018-03-05 12:46 ` Mark Brown
2018-03-05 13:08 ` Greg KH
2018-03-05 13:08 ` Greg KH
2018-03-06 14:26 ` Mark Brown
2018-03-06 14:26 ` Mark Brown
2018-03-06 17:25 ` Greg KH
2018-03-06 17:25 ` Greg KH
2018-03-06 21:31 ` Mark Brown
2018-03-06 21:31 ` Mark Brown
2018-03-13 10:03 ` Greg KH
2018-03-13 10:03 ` Greg KH
2018-03-07 4:43 ` Alex Shi
2018-03-07 4:43 ` Alex Shi
2018-03-07 3:27 ` Alex Shi
2018-03-07 3:27 ` Alex Shi
2018-03-07 18:24 ` Ard Biesheuvel
2018-03-07 18:24 ` Ard Biesheuvel
2018-03-13 10:04 ` Greg KH
2018-03-13 10:04 ` Greg KH
2018-03-13 10:13 ` Ard Biesheuvel
2018-03-13 10:13 ` Ard Biesheuvel
2018-03-13 10:38 ` Greg KH
2018-03-13 10:38 ` Greg KH
2018-03-13 13:01 ` Ard Biesheuvel
2018-03-13 13:01 ` Ard Biesheuvel
2018-03-13 13:25 ` Greg KH
2018-03-13 13:25 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1519790211-16582-18-git-send-email-alex.shi@linaro.org \
--to=alex.shi@linaro.org \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=stable@vger.kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.