From patchwork Tue Apr 3 11:09:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132724 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666207ljb; Tue, 3 Apr 2018 04:10:24 -0700 (PDT) X-Google-Smtp-Source: AIpwx48q07ZDHe+Ya3f1edjwA+xYbRv8zX9W/Joa7H3JAefzJXEkzgtYjFUFyQ4vYYNGj0BxsgF0 X-Received: by 10.101.69.4 with SMTP id n4mr8964618pgq.101.1522753824061; Tue, 03 Apr 2018 04:10:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753824; cv=none; d=google.com; s=arc-20160816; b=QpLiePLliRDOmHZcb7yyDfBjSbeonpPLSWgIeCZ1cguGhobS9rJpJcTAQI/3Am9+eK HForaE39EUHyhTlqyhqfaRV6Ooj0gFouyIqfY/slP0vJALJ6V+Qcip0zTVpKzyz8n0s8 cQL2ZHuPdW/rhHpQu/5wpX2a0TaANvSywvZrFbIX9nkWC9IrpnFRjy0dqUNbgcDkDazE 6cJnLEFHBQxZSkrHMm6l70glFHCIxzZC6TGbwZmEt6YKywNrn9LJRFiFezoe3t/PYwv8 afBZs5SOzrTSDlLlPsN4X//xtO1/9olHsNjpCY6KNixW3uuoD42vXPihH5HJXzcTjiFe Ooow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=x07lGMQeBgSVfgYlYVfMVy6GREMPF2+70e8QxcXlUfI=; b=WcaGzeuqUu+k7S0NzOlUOeUf6ggf6TTETF6kbXKRgf7Faxe2PKKslkWRAzZ20TnmDD x1wx329yGdiR7GIf6lT8alU69jil9YGkfBxPHR16cT2VdWIb7RwPN0hu4piZMqT27xzd 44O3456bvjPN77rr6JvmS5h0H8Vv1SRgQBPsShv1f0F2PwTITHJveq18snuQlvSCekEi Yfbofl/pxEj7ReVc09xXyxHIvYixbXLUtYpGlKslKf/sA8DQxnDu7IK3vGVeqCzpKtTe jydRSOjQ3xuvtH99Y+gI1Bt/OiBftQmBRKC16Lg+DVX5p1wG7bysm6aqXgTUtFxlPxQg +dOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.23; Tue, 03 Apr 2018 04:10:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755402AbeDCLKV (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:21 -0400 Received: from foss.arm.com ([217.140.101.70]:59376 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755308AbeDCLKU (ORCPT ); Tue, 3 Apr 2018 07:10:20 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E69DD1435; Tue, 3 Apr 2018 04:10:19 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B61DD3F587; Tue, 3 Apr 2018 04:10:18 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 17/27] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Date: Tue, 3 Apr 2018 12:09:13 +0100 Message-Id: <20180403110923.43575-18-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 0617052ddde3 upstream. Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) -- 2.11.0 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 6b6e9f89e40a..c8471cf46cbb 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -734,15 +734,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y.