| Message ID | 1516364568-95577-2-git-send-email-jnair@caviumnetworks.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Jan 19, 2018 at 04:22:48AM -0800, Jayachandran C wrote: > Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in > unmap_kernel_at_el0(). These CPUs are not vulnerable to > CVE-2017-5754 and do not need KPTI when KASLR is off. > > Signed-off-by: Jayachandran C <jnair@caviumnetworks.com> > --- > arch/arm64/kernel/cpufeature.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > index 647d44b..fb698ca 100644 > --- a/arch/arm64/kernel/cpufeature.c > +++ b/arch/arm64/kernel/cpufeature.c > @@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, > if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) > return true; > > + /* Don't force KPTI for CPUs that are not vulnerable */ > + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { > + case MIDR_CAVIUM_THUNDERX2: > + case MIDR_BRCM_VULCAN: > + return false; > + } > + > /* Defer to CPU feature registers */ > return !cpuid_feature_extract_unsigned_field(pfr0, > ID_AA64PFR0_CSV3_SHIFT); We'll need to re-jig this to work properly with big/little because this is only called once, but that's ok for now: Acked-by: Will Deacon <will.deacon@arm.com> Suzuki has a series reworking much of the cpufeatures code so that we can do this properly for 4.17. Will
On 22 January 2018 at 11:41, Will Deacon <will.deacon@arm.com> wrote: > On Fri, Jan 19, 2018 at 04:22:48AM -0800, Jayachandran C wrote: >> Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in >> unmap_kernel_at_el0(). These CPUs are not vulnerable to >> CVE-2017-5754 and do not need KPTI when KASLR is off. >> >> Signed-off-by: Jayachandran C <jnair@caviumnetworks.com> >> --- >> arch/arm64/kernel/cpufeature.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c >> index 647d44b..fb698ca 100644 >> --- a/arch/arm64/kernel/cpufeature.c >> +++ b/arch/arm64/kernel/cpufeature.c >> @@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, >> if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) >> return true; >> >> + /* Don't force KPTI for CPUs that are not vulnerable */ >> + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { >> + case MIDR_CAVIUM_THUNDERX2: >> + case MIDR_BRCM_VULCAN: >> + return false; >> + } >> + >> /* Defer to CPU feature registers */ >> return !cpuid_feature_extract_unsigned_field(pfr0, >> ID_AA64PFR0_CSV3_SHIFT); > > We'll need to re-jig this to work properly with big/little because this is > only called once, but that's ok for now: > > Acked-by: Will Deacon <will.deacon@arm.com> > > Suzuki has a series reworking much of the cpufeatures code so that we can > do this properly for 4.17. > If we start adding opt outs here, we should at least include A53, and probably replace >> if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) >> return true; with >> if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && kaslr_offset() > 0) >> return true; so that adding 'nokaslr' to the command line also disables KPTI.
On Mon, Jan 22, 2018 at 11:51:34AM +0000, Ard Biesheuvel wrote: > On 22 January 2018 at 11:41, Will Deacon <will.deacon@arm.com> wrote: > > On Fri, Jan 19, 2018 at 04:22:48AM -0800, Jayachandran C wrote: > >> Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in > >> unmap_kernel_at_el0(). These CPUs are not vulnerable to > >> CVE-2017-5754 and do not need KPTI when KASLR is off. > >> > >> Signed-off-by: Jayachandran C <jnair@caviumnetworks.com> > >> --- > >> arch/arm64/kernel/cpufeature.c | 7 +++++++ > >> 1 file changed, 7 insertions(+) > >> > >> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > >> index 647d44b..fb698ca 100644 > >> --- a/arch/arm64/kernel/cpufeature.c > >> +++ b/arch/arm64/kernel/cpufeature.c > >> @@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, > >> if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) > >> return true; > >> > >> + /* Don't force KPTI for CPUs that are not vulnerable */ > >> + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { > >> + case MIDR_CAVIUM_THUNDERX2: > >> + case MIDR_BRCM_VULCAN: > >> + return false; > >> + } > >> + > >> /* Defer to CPU feature registers */ > >> return !cpuid_feature_extract_unsigned_field(pfr0, > >> ID_AA64PFR0_CSV3_SHIFT); > > > > We'll need to re-jig this to work properly with big/little because this is > > only called once, but that's ok for now: > > > > Acked-by: Will Deacon <will.deacon@arm.com> > > > > Suzuki has a series reworking much of the cpufeatures code so that we can > > do this properly for 4.17. > > > > If we start adding opt outs here, we should at least include A53, and > probably replace > > >> if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) > >> return true; > > with > > >> if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && kaslr_offset() > 0) > >> return true; > > so that adding 'nokaslr' to the command line also disables KPTI. Yup, I was going to do this once we have the new cpufeatures code from Suzuki and can safely whitelist cores that can appear in big/little configurations. Will
On 01/22/2018 06:41 AM, Will Deacon wrote: > On Fri, Jan 19, 2018 at 04:22:48AM -0800, Jayachandran C wrote: >> Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in >> unmap_kernel_at_el0(). These CPUs are not vulnerable to >> CVE-2017-5754 and do not need KPTI when KASLR is off. >> >> Signed-off-by: Jayachandran C <jnair@caviumnetworks.com> >> --- >> arch/arm64/kernel/cpufeature.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c >> index 647d44b..fb698ca 100644 >> --- a/arch/arm64/kernel/cpufeature.c >> +++ b/arch/arm64/kernel/cpufeature.c >> @@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, >> if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) >> return true; >> >> + /* Don't force KPTI for CPUs that are not vulnerable */ >> + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { >> + case MIDR_CAVIUM_THUNDERX2: >> + case MIDR_BRCM_VULCAN: >> + return false; >> + } >> + >> /* Defer to CPU feature registers */ >> return !cpuid_feature_extract_unsigned_field(pfr0, >> ID_AA64PFR0_CSV3_SHIFT); > > We'll need to re-jig this to work properly with big/little because this is > only called once, but that's ok for now: > > Acked-by: Will Deacon <will.deacon@arm.com> > > Suzuki has a series reworking much of the cpufeatures code so that we can > do this properly for 4.17. Thanks, much appreciated. Jon.
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 647d44b..fb698ca 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; + /* Don't force KPTI for CPUs that are not vulnerable */ + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { + case MIDR_CAVIUM_THUNDERX2: + case MIDR_BRCM_VULCAN: + return false; + } + /* Defer to CPU feature registers */ return !cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV3_SHIFT);
Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in unmap_kernel_at_el0(). These CPUs are not vulnerable to CVE-2017-5754 and do not need KPTI when KASLR is off. Signed-off-by: Jayachandran C <jnair@caviumnetworks.com> --- arch/arm64/kernel/cpufeature.c | 7 +++++++ 1 file changed, 7 insertions(+)