| Message ID | 1512059986-21325-18-git-send-email-will.deacon@arm.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | arm64: Unmap the kernel whilst running in userspace (KAISER) | expand |
Hi Will, On Thu, Nov 30, 2017 at 5:39 PM, Will Deacon <will.deacon@arm.com> wrote: > Add a Kconfig entry to control use of the entry trampoline, which allows > us to unmap the kernel whilst running in userspace and improve the > robustness of KASLR. > > Signed-off-by: Will Deacon <will.deacon@arm.com> This is now commit 084eb77cd3a81134 in arm64/for-next/core. > --- > arch/arm64/Kconfig | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index fdcc7b9bb15d..3af1657fcac3 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -833,6 +833,19 @@ config FORCE_MAX_ZONEORDER > However for 4K, we choose a higher default value, 11 as opposed to 10, giving us > 4M allocations matching the default size used by generic code. > > +config UNMAP_KERNEL_AT_EL0 > + bool "Unmap kernel when running in userspace (aka \"KAISER\")" But I believe this is no longer called KAISER? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
On Tue, Dec 12, 2017 at 09:44:09AM +0100, Geert Uytterhoeven wrote: > Hi Will, > > On Thu, Nov 30, 2017 at 5:39 PM, Will Deacon <will.deacon@arm.com> wrote: > > Add a Kconfig entry to control use of the entry trampoline, which allows > > us to unmap the kernel whilst running in userspace and improve the > > robustness of KASLR. > > > > Signed-off-by: Will Deacon <will.deacon@arm.com> > > This is now commit 084eb77cd3a81134 in arm64/for-next/core. > > > --- > > arch/arm64/Kconfig | 13 +++++++++++++ > > 1 file changed, 13 insertions(+) > > > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > > index fdcc7b9bb15d..3af1657fcac3 100644 > > --- a/arch/arm64/Kconfig > > +++ b/arch/arm64/Kconfig > > @@ -833,6 +833,19 @@ config FORCE_MAX_ZONEORDER > > However for 4K, we choose a higher default value, 11 as opposed to 10, giving us > > 4M allocations matching the default size used by generic code. > > > > +config UNMAP_KERNEL_AT_EL0 > > + bool "Unmap kernel when running in userspace (aka \"KAISER\")" > > But I believe this is no longer called KAISER? That's right, but KAISER is the original name in the paper and so I figured it was worth mentioning just here to help people identify what this feature is. The command line option is "kpti" to align with x86. Will
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index fdcc7b9bb15d..3af1657fcac3 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -833,6 +833,19 @@ config FORCE_MAX_ZONEORDER However for 4K, we choose a higher default value, 11 as opposed to 10, giving us 4M allocations matching the default size used by generic code. +config UNMAP_KERNEL_AT_EL0 + bool "Unmap kernel when running in userspace (aka \"KAISER\")" + default y + help + Some attacks against KASLR make use of the timing difference between + a permission fault which could arise from a page table entry that is + present in the TLB, and a translation fault which always requires a + page table walk. This option defends against these attacks by unmapping + the kernel whilst running in userspace, therefore forcing translation + faults for all of kernel space. + + If unsure, say Y. + menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT
Add a Kconfig entry to control use of the entry trampoline, which allows us to unmap the kernel whilst running in userspace and improve the robustness of KASLR. Signed-off-by: Will Deacon <will.deacon@arm.com> --- arch/arm64/Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) -- 2.1.4