From patchwork Wed Feb 28 03:56:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Shi X-Patchwork-Id: 129901 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp568599lja; Tue, 27 Feb 2018 19:59:48 -0800 (PST) X-Google-Smtp-Source: AH8x225WCcq1L3xpgeIfDGbvvsl4bsrxe6e/1RmoBTmCVc6Tt6XoPzzxQAQ5YrE08cl6lDyQjxfU X-Received: by 10.99.113.75 with SMTP id b11mr13321153pgn.271.1519790388382; Tue, 27 Feb 2018 19:59:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519790388; cv=none; d=google.com; s=arc-20160816; b=UBvKTiUmqPIDLGvMYxam+VmIq+hplq1kDGQDBGQDWBtdl1gBpHt3oPxVW6YR0jVJLO DWMMNnQIlcmWSOCM6rlx4G2CGx5Y7yi3ZUWllRujA01Fx86JpNNTRjmuOpJHdEoEQEoI 7KSBe/BTnt3Po9nryn/x+BP3NzaPAxy+t5BY4lFbwUHhktNc7vlnicE2SvgCB3Sq4Pce 2Ht0t8zpQhIJuzgCnii3gjb165WRIDU8Fikhrzv6Kjt8z/cFPcEB2YD1mkCs6joKr1fI cnF/56GY/xp+UywPDmKJPRtVy/tdlkF5UlrQqomqclb7o9/GtyLBwfXxx1h4ckA5i9Hi zLVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=95Iv0nJp083o8oUFCW7XEWIw7Oc3xuvo6wFQkXWVNj4=; b=WA35VI1coVVjZ1m30P3TW6MMVLRivw3K5slAs/Z9uGO1C6RZ8sdViv5GMFXakxcUFj d0LD7pQVj3wJs/tEpkbqP03FwrGReOmyP3ynTmUUcMrlbjmYh8zV2FqxL/guKx+dSdWE WsONEzelIeMl17uo/grm23MMn05B+vXHKIFbjz4dm17yduxUVcifETBn4Lo6eX86ogKi I996bWn+8JHNcTDWCG5Au/kynD9jorQgpa7XVWbGKtByxDcNeZTwWXSN7bQr2MR/v1uK FslsR4djqxfFPikowS7VTSMt9iuk7nYSSGEw7iMa154SfBwacTK/hL1uYrUqaVtO1xwA m2hQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dnHsb0lk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q25si464141pge.457.2018.02.27.19.59.48; Tue, 27 Feb 2018 19:59:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dnHsb0lk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932190AbeB1D7o (ORCPT + 28 others); Tue, 27 Feb 2018 22:59:44 -0500 Received: from mail-pl0-f68.google.com ([209.85.160.68]:46265 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932151AbeB1D7h (ORCPT ); Tue, 27 Feb 2018 22:59:37 -0500 Received: by mail-pl0-f68.google.com with SMTP id y8-v6so760662pll.13 for ; Tue, 27 Feb 2018 19:59:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=95Iv0nJp083o8oUFCW7XEWIw7Oc3xuvo6wFQkXWVNj4=; b=dnHsb0lkyUAzCef0hhzZgt+tMQS2Wkc6UzQyLyPDkjmwGFPyA3FjnmeApi342yzp+W sb3C0gPIn+IcLSeyYfvSv99FPlms/Yr5yq6KpZgXTVVeN4olcrFgKoABaA4jyBlWd0uh FfmLGE3SCuzwfHiJUM6ar39xKpXq4OQjuh77s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=95Iv0nJp083o8oUFCW7XEWIw7Oc3xuvo6wFQkXWVNj4=; b=Gui/w+Og6HQS2HWwHNoz4k82ydEIqkdM43Sjo04krKJNfScwQdPlk1ojxKl81528re p73tUNGNrsy1RB1/RAMgD25AzQe6CchxWVsQRMXcwGYCG5JKSPbTj5+cHUa6oawGM5RV VtYO3ythuEprT+zknjJbdpcYrGxwNmA/aGSKa+9kxtTKEC1CBarvFQlrD6IQHcENdhBG U1vBqxavZMvgn8ZI0Gd8HnAIkAgfI8neAXZWq8JJDlA2MNY68+xvx5h1naGa6mtFF0Cf /x3cA7qWOamXfiw0lOmfB/cajaSIQfDTbJbFiT1q3cyu4ZKJU0G+zemqAZQ8Ag9n/TD8 553Q== X-Gm-Message-State: APf1xPAJS9bIk2MncKWdvWRElkTRQPX5FBgZgS4CNTta0ibYtV5IFMOV IIVeBmur/of6tfHvkXKbHiPJ1w== X-Received: by 2002:a17:902:f81:: with SMTP id 1-v6mr16025516plz.265.1519790377200; Tue, 27 Feb 2018 19:59:37 -0800 (PST) Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82]) by smtp.gmail.com with ESMTPSA id q17sm739911pgt.7.2018.02.27.19.59.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 27 Feb 2018 19:59:36 -0800 (PST) From: Alex Shi To: Marc Zyngier , Will Deacon , Ard Biesheuvel , Catalin Marinas , stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Alex Shi Subject: [PATCH 17/29] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 Date: Wed, 28 Feb 2018 11:56:39 +0800 Message-Id: <1519790211-16582-18-git-send-email-alex.shi@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519790211-16582-1-git-send-email-alex.shi@linaro.org> References: <1519790211-16582-1-git-send-email-alex.shi@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Will Deacon commit 084eb77cd3a8 upstream. Add a Kconfig entry to control use of the entry trampoline, which allows us to unmap the kernel whilst running in userspace and improve the robustness of KASLR. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi --- arch/arm64/Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) -- 2.7.4 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 7769c2e..6b6e9f8 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -733,6 +733,19 @@ config FORCE_MAX_ZONEORDER However for 4K, we choose a higher default value, 11 as opposed to 10, giving us 4M allocations matching the default size used by generic code. +config UNMAP_KERNEL_AT_EL0 + bool "Unmap kernel when running in userspace (aka \"KAISER\")" + default y + help + Some attacks against KASLR make use of the timing difference between + a permission fault which could arise from a page table entry that is + present in the TLB, and a translation fault which always requires a + page table walk. This option defends against these attacks by unmapping + the kernel whilst running in userspace, therefore forcing translation + faults for all of kernel space. + + If unsure, say Y. + menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT