From patchwork Wed Feb 28 03:56:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Shi X-Patchwork-Id: 10246749 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 499A360362 for ; Wed, 28 Feb 2018 04:06:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3842828CD9 for ; Wed, 28 Feb 2018 04:06:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2C6A628CE0; Wed, 28 Feb 2018 04:06:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 958A428CD9 for ; Wed, 28 Feb 2018 04:06:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=sMsu3+uQPo4OUh4q4TW+ptbxUjRlJi2SfUs9pAGNwRo=; b=GJ6CHoln3L/ENMxvvIi0p9Qeul 31iXq9VbZiHv5BAMLzvLChgyYMEn1VDm1OEraD7jjFDQ0sEBnyxiRgiVBLdBgQAgkL5tPeksXJGZ6 Ev8B7h6Z7XTMoVD3n4pqmTJZOdBDYSRnHPNgz0L5sj8T6prWYifbDMSAuzZ+UyAAtMUqxZSuj6LoX x4N2igvETEhIhmsSEOhmoPaPz5sn78OhyW/CLfychQNQz+GfoxPDNZbHGSI+akpXNEPbAsiXaWqxD Rpvgrd2gbFeo/J6WN0ueFPsA0gCBzqQZ8B8AKF77jCgpEzBz0XcXg3S1RLUUmw6ACQXdV3iK8Ce2o XV7O/INA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1eqt0p-0005hB-RR; Wed, 28 Feb 2018 04:06:39 +0000 Received: from mail-pl0-x241.google.com ([2607:f8b0:400e:c01::241]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1eqsuJ-0007pM-SJ for linux-arm-kernel@lists.infradead.org; Wed, 28 Feb 2018 04:00:47 +0000 Received: by mail-pl0-x241.google.com with SMTP id 61-v6so779766plf.3 for ; Tue, 27 Feb 2018 19:59:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3X/tJlgDOIhzeNz+KgV3mfSlCMlc7iRs7Xo6UX1dC64=; b=XU8+JuQAhG632Xltrlwg6usmgZ3qVBV7cZP/Q3GPXP9wf2L1IzqpYeyS/rqr4IGR40 pE+zuKxp3sEsEctkCqk2eeMNIJipCzVdp86uAYRxM2yhDWMH/O1VJ2wmMlRO9I9BJbMQ DW6E3JVPaD/+JkhXNU66tXl4xGv1+b7Xv6xks= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3X/tJlgDOIhzeNz+KgV3mfSlCMlc7iRs7Xo6UX1dC64=; b=q8onO5hAucGhAwtqSNSd864Igc3n8+6S96ZRH/BOib5VFRwUT4WGiUVI4QzbqCLush BmCXfEmfGaADuvDJZIRzj/kGRkKrAN58UI/OWDArYEqyUj5RNJZz2sKf0IYn5+90cvlk jX+ttW4tqjt3rwl835SZOtzvB4YKk5ti4vG83kNQ/t17wiCrwdrzMUpn+Gv6kR+s2I0z h4vk1gw6mDvwbTYnbtO7zEU80v9g8YESKl6nvG0CCzCEx/NexXwclGlDzOjW4uzFPVXO Zwve4YHhqnbL2XYfj4EogjtpFsDZJocZD+QCu7oNSLt0ahxR60ssHrWuYQs1o/ucHWTL 4XmQ== X-Gm-Message-State: APf1xPDAI+8cOqHv6YN0wOGRsYG4qUE+J6aLc1i8y3bhFOvjWsYRXq2X DQ+joi0FYOQuPf3A2/DKTma87g== X-Google-Smtp-Source: AH8x227ORuRdm1BL9hYBKN8EEFVfY4NUvLq8A2XWlQ6V20reOPLF+NPzAQA9Kp6PZKn/r/U2FfRMLA== X-Received: by 2002:a17:902:6b83:: with SMTP id p3-v6mr16327926plk.18.1519790384963; Tue, 27 Feb 2018 19:59:44 -0800 (PST) Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82]) by smtp.gmail.com with ESMTPSA id q17sm739911pgt.7.2018.02.27.19.59.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 27 Feb 2018 19:59:44 -0800 (PST) From: Alex Shi To: Marc Zyngier , Will Deacon , Ard Biesheuvel , Catalin Marinas , stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH 18/29] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Date: Wed, 28 Feb 2018 11:56:40 +0800 Message-Id: <1519790211-16582-19-git-send-email-alex.shi@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519790211-16582-1-git-send-email-alex.shi@linaro.org> References: <1519790211-16582-1-git-send-email-alex.shi@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180227_195956_935101_EA890C22 X-CRM114-Status: GOOD ( 15.36 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alex Shi MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Will Deacon commit 0617052ddde3 upstream. Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 6b6e9f8..c8471cf 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -734,15 +734,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y.