From patchwork Thu Jan 4 15:08:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 123434 Delivered-To: patch@linaro.org Received: by 10.80.135.92 with SMTP id 28csp6820264edv; Thu, 4 Jan 2018 07:10:05 -0800 (PST) X-Google-Smtp-Source: ACJfBotbqlckS3gRgu11qKF9eLWCeCFzW+16FUsZJqkhKjLfQD3w65/D3bvKtR+rmIBdACTC9Y+8 X-Received: by 10.99.121.207 with SMTP id u198mr4354042pgc.32.1515078605353; Thu, 04 Jan 2018 07:10:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515078605; cv=none; d=google.com; s=arc-20160816; b=IodOJmNJPCSow94cnqQHAX+A1a5V8NRW8b2qGb3b3XDa9tMBDU0I2kITKAZQljP0z+ XzsV6PdMqTQJsuLq2ag6ciJrM7PkIBd+swS9U1O/A8jdZDeYES6ShrDgRnZXMsxRw5jB 5l4HAd4cnpv/zmGyYIzaXTdCCOcJ12nh2xg+jp5YWFGFqpC+xyRvVFbdQvn0aEWY6Jf/ 93Gan+nkN/naz2e/chRbQjdnl2ZdbZQdnrOYjMw/nH6zka3E0sS+aAMdn8TaCqn4f6hp VgbWtc8NxYZaevj0iWE8/01oIjUE1IA6cnRafN+C3CBIAUXQIL8exKFqC/iac3WSxCiO tLFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=fyr47MyjiLpFN9wd4C3cjBopnAx0Q8tHK0n2/CJh4PE=; b=yebH9oW6K0AvF4dhNy0R1xCbNPfdrip9eT9h+t+45tk/hl+uLqbj8c5DzHdwUvW2e1 MRHXIE7j9T94NQQZtmmkbFwQiacEOBng29mCy26K40xuLWj8iBQo5WAob2DqYWspLzO6 AqNrz3/vS/etEimedbXjt2Eu+U1KerrKdM8NMpC4pBPH0XtHTmgWxw4kliAChIVZ7cvP xVEh2Zd1jZ9qgCrq5cE3eqPDlx5OJ5lHrBjoQOFGjZyhAjDN8UBbFn8Sv0iB2HvqN+XI nKPAPMpQQw8YvnrfqvD8KIYCQ8IxIdwb5xe7ixvMuo70odNdzv+3cG/BOi+gFxBKoDlx b5bg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o61si2399653pld.181.2018.01.04.07.10.05; Thu, 04 Jan 2018 07:10:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932079AbeADPIr (ORCPT + 22 others); Thu, 4 Jan 2018 10:08:47 -0500 Received: from foss.arm.com ([217.140.101.70]:33790 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753368AbeADPIk (ORCPT ); Thu, 4 Jan 2018 10:08:40 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8CB9A15AD; Thu, 4 Jan 2018 07:08:40 -0800 (PST) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 5EBDF3F77C; Thu, 4 Jan 2018 07:08:40 -0800 (PST) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 852641AE0E43; Thu, 4 Jan 2018 15:08:40 +0000 (GMT) From: Will Deacon To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, lorenzo.pieralisi@arm.com, christoffer.dall@linaro.org, linux-kernel@vger.kernel.org, Will Deacon Subject: [PATCH 02/11] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Date: Thu, 4 Jan 2018 15:08:26 +0000 Message-Id: <1515078515-13723-3-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1515078515-13723-1-git-send-email-will.deacon@arm.com> References: <1515078515-13723-1-git-send-email-will.deacon@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) -- 2.1.4 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 3af1657fcac3..efaaa3a66b95 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -834,15 +834,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y.