Received: by 10.223.185.116 with SMTP id b49csp2321607wrg; Thu, 15 Feb 2018 09:48:59 -0800 (PST) X-Google-Smtp-Source: AH8x2242ai5Ard0WherWhf4Cu0bNrQaoLWlXmCEBNjFCK7x4fcDHj0wbc0uplofo7M0vd8PygvUF X-Received: by 10.99.135.65 with SMTP id i62mr2815996pge.331.1518716939004; Thu, 15 Feb 2018 09:48:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518716938; cv=none; d=google.com; s=arc-20160816; b=M5hylMpgFSlitMy3VFSjQYc4ENRnAnPqtq3DD2CiOKYhwHTU/qgTGYF255P3m3BQ/p Ttd9PgVtaQrYHf//AG9wVcGCBMmWvzl8pMfPa5x1S4C00S2Oc+ah1tIBnQVezWyXm47c 5QqEq1K1ufKESemR6Dt/iZahk0H06S6kyppH99VjgdWiSLkgmCRkkwxwV8Rfm9lVKHGB huq8tQhrI90LByxX2w6atNjZpldJOjKZXoMULvrxBhjx0tAMZ45GmUDQfkdc/osufaOS A+vQYPdjLGAaYxicvtvAR8Wn1n4UzYaeoTJNlROb7tngN5INrc02V6UaymLoCQQ83pVM JmLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=YjszP90imBsNwQVO+UmldSkkJVrSGXwbvLVkQ2VoOeY=; b=fdxKs6UyUw7s1GS1S8CW0v487iLG2wx3RWG4ktzqOZa/KeqvfU0UUVSYMZtFVm1MPr cU3tGLq4stV2r8kzYXQ3zmoEgdDga6nZ41dwVq9v3AHc51L0exRZrRmio+T4Ffn06X/t U1EODA0IZGBdyzQJzsl21WPLPi9QhaiHjn/ep/wJMX3jQVdKz7rEWNbXB3SUx2w+6aA8 K0QV/2eQ2kZmibW7ighr4t+j5byUhRY+YhNDUjlAceFGEqA8NQtEtQQu5KSDw+mDEr3D 7Hq9bbywxpavxUJDBQYms9JbM8u9dV3O55TEm6KLchHJh60eIV/A8FkFMhg7VXEnleob EVTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o184si1689169pga.245.2018.02.15.09.48.43; Thu, 15 Feb 2018 09:48:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1164398AbeBOPbW (ORCPT + 99 others); Thu, 15 Feb 2018 10:31:22 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:55454 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1164304AbeBOPbS (ORCPT ); Thu, 15 Feb 2018 10:31:18 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 5E0F4516; Thu, 15 Feb 2018 15:31:17 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Rutland , Laura Abbott , Shanker Donthineni , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.14 039/195] [Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 Date: Thu, 15 Feb 2018 16:15:30 +0100 Message-Id: <20180215151707.693049610@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180215151705.738773577@linuxfoundation.org> References: <20180215151705.738773577@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Will Deacon Commit ea1e3de85e94 upstream. Allow explicit disabling of the entry trampoline on the kernel command line (kpti=off) by adding a fake CPU feature (ARM64_UNMAP_KERNEL_AT_EL0) that can be used to toggle the alternative sequences in our entry code and avoid use of the trampoline altogether if desired. This also allows us to make use of a static key in arm64_kernel_unmapped_at_el0(). Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/mmu.h | 3 +- arch/arm64/kernel/cpufeature.c | 41 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 9 ++++---- 4 files changed, 50 insertions(+), 6 deletions(-) --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -40,7 +40,8 @@ #define ARM64_WORKAROUND_858921 19 #define ARM64_WORKAROUND_CAVIUM_30115 20 #define ARM64_HAS_DCPOP 21 +#define ARM64_UNMAP_KERNEL_AT_EL0 23 -#define ARM64_NCAPS 22 +#define ARM64_NCAPS 24 #endif /* __ASM_CPUCAPS_H */ --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -36,7 +36,8 @@ typedef struct { static inline bool arm64_kernel_unmapped_at_el0(void) { - return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && + cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0); } extern void paging_init(void); --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -796,6 +796,40 @@ static bool has_no_fpsimd(const struct a ID_AA64PFR0_FP_SHIFT) < 0; } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + /* Forced on command line? */ + if (__kpti_forced) { + pr_info_once("kernel page table isolation forced %s by command line option\n", + __kpti_forced > 0 ? "ON" : "OFF"); + return __kpti_forced > 0; + } + + /* Useful for KASLR robustness */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) + return true; + + return false; +} + +static int __init parse_kpti(char *str) +{ + bool enabled; + int ret = strtobool(str, &enabled); + + if (ret) + return ret; + + __kpti_forced = enabled ? 1 : -1; + return 0; +} +__setup("kpti=", parse_kpti); +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -882,6 +916,13 @@ static const struct arm64_cpu_capabiliti .def_scope = SCOPE_SYSTEM, .matches = hyp_offset_low, }, +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + { + .capability = ARM64_UNMAP_KERNEL_AT_EL0, + .def_scope = SCOPE_SYSTEM, + .matches = unmap_kernel_at_el0, + }, +#endif { /* FP/SIMD is not implemented */ .capability = ARM64_HAS_NO_FPSIMD, --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -74,6 +74,7 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +alternative_if ARM64_UNMAP_KERNEL_AT_EL0 .if \el == 0 .if \regsize == 64 mrs x30, tpidrro_el0 @@ -82,6 +83,7 @@ mov x30, xzr .endif .endif +alternative_else_nop_endif #endif sub sp, sp, #S_FRAME_SIZE @@ -321,10 +323,9 @@ alternative_else_nop_endif ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp -#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 - eret -#else .if \el == 0 +alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 bne 4f msr far_el1, x30 tramp_alias x30, tramp_exit_native @@ -332,10 +333,10 @@ alternative_else_nop_endif 4: tramp_alias x30, tramp_exit_compat br x30 +#endif .else eret .endif -#endif .endm .macro irq_stack_entry