From patchwork Mon Jan 8 17:32:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 123753 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp3001951qgn; Mon, 8 Jan 2018 09:33:29 -0800 (PST) X-Google-Smtp-Source: ACJfBotg66TNMPprGU6A1Uc4ijZaP2KRLfhG5Aeph5BIigOo4/c29IeVzL+lo4Xr1vbODXXh18xb X-Received: by 10.101.102.67 with SMTP id z3mr10055048pgv.326.1515432808929; Mon, 08 Jan 2018 09:33:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515432808; cv=none; d=google.com; s=arc-20160816; b=QSbGfUHM4jKvxzhDI+0olbu7kyjo7hm8uWIPIUFZ4Rghiy4Qatsr6zAaxEX0j2fYpb yoWQl+Ngzbx50HNN+6Hmtq0Oiwhk+nuwJQ1nxGhmvkMF3KgSVyLB1awhzhhdHrMuhPLs S07aexYzGYIlS4AB6dSIQ6YnZQwpnDqs8QJ5WvhucVac0V5hY5d38zDkGZGC7jz5xjBs 513+Q5/LbPqgXYUsv0O6HFIpf+KvwiebU/mGJr4/Ufj3tHVtVQy2uBKD2O7GHYcOfC+R bsDRQ8sS0B78o2hdN9CaDPUscG3O5dEYehaWdARRN7DLrNxAWvCxs73wBFjtHRRkEOpU IfvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=fyr47MyjiLpFN9wd4C3cjBopnAx0Q8tHK0n2/CJh4PE=; b=oKqN4dNfvoifIizVlyJ2bvTOQU7zWjKEyoWt8O873FHcXueyiZZmZ2fzpakpqNUKFV VyFjEtJXzi/rsVc17HVRkmlb1DzEaG6H7KeapZWUmEgSW+7kD724SDZhtAB0Oxqy6uE6 asGYqwaKHVSQCkpU+JSZIe2qZ+3ve2nFYchP/Z3Eq69jr7LyTQ0p4MaJL6Vaj+BTgfy5 fRoVvLZoiJvpZieIbZKINqej6dQXiZ/13C0ov0x0K6aa7+k5yCmUfdxOrNFsCcPET45N 0RwEwV8YRFIZH4oYogYx2Tbt1VCqh5iypliHcQ4MxacwzeWgYqNBlVHMqBSexqZWhAi0 3DmA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 20si8671772pft.356.2018.01.08.09.33.28; Mon, 08 Jan 2018 09:33:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754368AbeAHRco (ORCPT + 28 others); Mon, 8 Jan 2018 12:32:44 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42850 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754290AbeAHRcj (ORCPT ); Mon, 8 Jan 2018 12:32:39 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4DD3915AD; Mon, 8 Jan 2018 09:32:39 -0800 (PST) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 1FA5F3F5C1; Mon, 8 Jan 2018 09:32:39 -0800 (PST) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 0DA791AE180B; Mon, 8 Jan 2018 17:32:41 +0000 (GMT) From: Will Deacon To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, lorenzo.pieralisi@arm.com, christoffer.dall@linaro.org, linux-kernel@vger.kernel.org, shankerd@codeaurora.org, jnair@caviumnetworks.com, Will Deacon Subject: [PATCH v3 02/13] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Date: Mon, 8 Jan 2018 17:32:27 +0000 Message-Id: <1515432758-26440-3-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1515432758-26440-1-git-send-email-will.deacon@arm.com> References: <1515432758-26440-1-git-send-email-will.deacon@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) -- 2.1.4 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 3af1657fcac3..efaaa3a66b95 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -834,15 +834,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y.