From patchwork Wed Feb 28 03:56:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Shi X-Patchwork-Id: 129902 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp568641lja; Tue, 27 Feb 2018 19:59:51 -0800 (PST) X-Google-Smtp-Source: AH8x224okyEseDf1mhKps+rYhmKCXomQAKbxr51kOwQEtGiTmWvIsc1lTofaHb9sLdT5NLmHpIZP X-Received: by 2002:a17:902:63:: with SMTP id 90-v6mr16277597pla.125.1519790391335; Tue, 27 Feb 2018 19:59:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519790391; cv=none; d=google.com; s=arc-20160816; b=LnO6A8lFQ+qWzlVfQpeCE5v89OmyyyGKaVvON69IB3bCQ9UcKAWc1I8ogLgPZZcj2f GAJ/jy6W5KE0x5SnTdWWdr8/W/2JvHTkjTXvl2Li3Z3kGIjs45daWdYyvK9kixlnNZZg +cSSHYy41savbumXxP6oYC37r62y3o5IB+oznWuYKYHmGf2cSC9+Cx0OWf0MU1t+asjy C40YBjJK6rzhjQMvm+ux9wLr48glEVyZvT+UK6eVL7i36k1jXnCOe5FUj9xu0f4/zD2Q D7tnYVqcNB1RrXW6tcruozF1HaHqAqH661BLl/ldjsl2GS6N1YCX0etpYIMLQFhQXgYV KF8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=3X/tJlgDOIhzeNz+KgV3mfSlCMlc7iRs7Xo6UX1dC64=; b=XEYzh5sbmwo1mirOrxvjHJhkRahzQ0mMUfRjF/lMLExzPwSDu2jZEnFLWzWow9HaD1 G4GGbq339KP9Fz+/T56jDwhHoXyNfQ4ssJJOL6ricRnk6M4q4YavEsUaWu3WaP5PmYrZ 2hY6HGDAwOYVnff2TfcW4yI4LL/aOUkynY341jwPH5ZJwggTW+DcdCfkXiV7k2Yo9O73 /0ZMsSZBvbu6RGoFIZQy41hcC7USLtpzoPyKhfbl9Ncw4nvtOR+kTSuyp0Mwb1+HgdSV 8uMjHhGDZ14UschlI3lXHBgaT4/H+AQtBJ/yfGZzWbJpQzp0+3mmeOSH1QDF4Ij2eAqs JM7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XU8+JuQA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q25si464141pge.457.2018.02.27.19.59.50; Tue, 27 Feb 2018 19:59:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XU8+JuQA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932210AbeB1D7r (ORCPT + 28 others); Tue, 27 Feb 2018 22:59:47 -0500 Received: from mail-pl0-f68.google.com ([209.85.160.68]:42771 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932151AbeB1D7p (ORCPT ); Tue, 27 Feb 2018 22:59:45 -0500 Received: by mail-pl0-f68.google.com with SMTP id 93-v6so769290plc.9 for ; Tue, 27 Feb 2018 19:59:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3X/tJlgDOIhzeNz+KgV3mfSlCMlc7iRs7Xo6UX1dC64=; b=XU8+JuQAhG632Xltrlwg6usmgZ3qVBV7cZP/Q3GPXP9wf2L1IzqpYeyS/rqr4IGR40 pE+zuKxp3sEsEctkCqk2eeMNIJipCzVdp86uAYRxM2yhDWMH/O1VJ2wmMlRO9I9BJbMQ DW6E3JVPaD/+JkhXNU66tXl4xGv1+b7Xv6xks= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3X/tJlgDOIhzeNz+KgV3mfSlCMlc7iRs7Xo6UX1dC64=; b=kNPOsZLfpKaBTmf35tLtBBi6DdM5gXyiPcDOshkPn/S9KhbT8eF0q1SCpD92rMm5dN vxOR5KW2iPRTo2+Erh/gm+QQuefWsXaDreFH/1tcUJs+ISIjUi2KT29npmoVJZDQY2pz SJ1pDOmcxf3S9ZMJRJgRcSWpoZy8dIkk2LYpX35d4oB4Wz3AUnkc7CIjv4vr7rj9RHba lGaLGTq+YbTBMSWQ2SQc/MOsWKy2hGuI7PSUPnBDB70CfpCZma709K3kDVS0PWYBVNEP rGGcKMD2Eeed13LEgGRixW4ZB9xQpf3ToXyp1reM5GW1JaZLYB0aOQ2SxI4/bI1AnBv+ z0Cw== X-Gm-Message-State: APf1xPD24+NYteaRYQngD0WeuseAd/LzMDmYISK+c1t7SX+l+gRYbWkt vFEi9kvJ24ztxatxpzWWltUTmg== X-Received: by 2002:a17:902:6b83:: with SMTP id p3-v6mr16327926plk.18.1519790384963; Tue, 27 Feb 2018 19:59:44 -0800 (PST) Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82]) by smtp.gmail.com with ESMTPSA id q17sm739911pgt.7.2018.02.27.19.59.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 27 Feb 2018 19:59:44 -0800 (PST) From: Alex Shi To: Marc Zyngier , Will Deacon , Ard Biesheuvel , Catalin Marinas , stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Alex Shi Subject: [PATCH 18/29] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Date: Wed, 28 Feb 2018 11:56:40 +0800 Message-Id: <1519790211-16582-19-git-send-email-alex.shi@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519790211-16582-1-git-send-email-alex.shi@linaro.org> References: <1519790211-16582-1-git-send-email-alex.shi@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Will Deacon commit 0617052ddde3 upstream. Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) -- 2.7.4 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 6b6e9f8..c8471cf 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -734,15 +734,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y.