Received: by 10.223.185.116 with SMTP id b49csp5727874wrg;
        Tue, 27 Feb 2018 20:01:21 -0800 (PST)
X-Google-Smtp-Source: AH8x224K3Ns0HNcDefjCocZdi/gIF3TcbB/CeKyd3K1ZkY10avOE3PzS6EMaBbjtOhEVox6JFgRN
X-Received: by 10.99.132.74 with SMTP id k71mr12830677pgd.4.1519790481768;
        Tue, 27 Feb 2018 20:01:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519790481; cv=none;
        d=google.com; s=arc-20160816;
        b=o91IBBDnqpBHDgj+y1d6Xm1Mpp7icB14u1qXpMbbmTiRMIb5S9kcfdbq3pFPBCHtD0
         /KsdFTRAIbUaf5F4seZXpmMakJdmxEZlPls85pX1oRAeKL+BN9nFPFz+6IzDW9ODN7bH
         9YjN2+WREt4vzfx+yZuf1xE/NKgp3HwKFsyY4UAJCZyi7QIqUaWRMB6A7yA68l5JjcT7
         jecvT1B6EAHMWmZlH2CwdT7LJ1v2x6pfxgpm0O1pd/wSD+TdBNDc9xoqr9Me8OlkYgCJ
         iEqLJ4NxQT6QZBSn1qqnooBgJffV8J3ueN1H2yFOscnl6yLXwJiyly6uQx93zH+ZR0ID
         TTvA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature:arc-authentication-results;
        bh=3X/tJlgDOIhzeNz+KgV3mfSlCMlc7iRs7Xo6UX1dC64=;
        b=XEYzh5sbmwo1mirOrxvjHJhkRahzQ0mMUfRjF/lMLExzPwSDu2jZEnFLWzWow9HaD1
         G4GGbq339KP9Fz+/T56jDwhHoXyNfQ4ssJJOL6ricRnk6M4q4YavEsUaWu3WaP5PmYrZ
         2hY6HGDAwOYVnff2TfcW4yI4LL/aOUkynY341jwPH5ZJwggTW+DcdCfkXiV7k2Yo9O73
         /0ZMsSZBvbu6RGoFIZQy41hcC7USLtpzoPyKhfbl9Ncw4nvtOR+kTSuyp0Mwb1+HgdSV
         8uMjHhGDZ14UschlI3lXHBgaT4/H+AQtBJ/yfGZzWbJpQzp0+3mmeOSH1QDF4Ij2eAqs
         JM7g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=XU8+JuQA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w27si554999pfl.142.2018.02.27.20.01.07;
        Tue, 27 Feb 2018 20:01:21 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=XU8+JuQA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932207AbeB1D7r (ORCPT <rfc822;414256we@gmail.com> + 99 others);
        Tue, 27 Feb 2018 22:59:47 -0500
Received: from mail-pl0-f68.google.com ([209.85.160.68]:42771 "EHLO
        mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932151AbeB1D7p (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Feb 2018 22:59:45 -0500
Received: by mail-pl0-f68.google.com with SMTP id 93-v6so769290plc.9
        for <linux-kernel@vger.kernel.org>; Tue, 27 Feb 2018 19:59:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=3X/tJlgDOIhzeNz+KgV3mfSlCMlc7iRs7Xo6UX1dC64=;
        b=XU8+JuQAhG632Xltrlwg6usmgZ3qVBV7cZP/Q3GPXP9wf2L1IzqpYeyS/rqr4IGR40
         pE+zuKxp3sEsEctkCqk2eeMNIJipCzVdp86uAYRxM2yhDWMH/O1VJ2wmMlRO9I9BJbMQ
         DW6E3JVPaD/+JkhXNU66tXl4xGv1+b7Xv6xks=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=3X/tJlgDOIhzeNz+KgV3mfSlCMlc7iRs7Xo6UX1dC64=;
        b=kNPOsZLfpKaBTmf35tLtBBi6DdM5gXyiPcDOshkPn/S9KhbT8eF0q1SCpD92rMm5dN
         vxOR5KW2iPRTo2+Erh/gm+QQuefWsXaDreFH/1tcUJs+ISIjUi2KT29npmoVJZDQY2pz
         SJ1pDOmcxf3S9ZMJRJgRcSWpoZy8dIkk2LYpX35d4oB4Wz3AUnkc7CIjv4vr7rj9RHba
         lGaLGTq+YbTBMSWQ2SQc/MOsWKy2hGuI7PSUPnBDB70CfpCZma709K3kDVS0PWYBVNEP
         rGGcKMD2Eeed13LEgGRixW4ZB9xQpf3ToXyp1reM5GW1JaZLYB0aOQ2SxI4/bI1AnBv+
         z0Cw==
X-Gm-Message-State: APf1xPD24+NYteaRYQngD0WeuseAd/LzMDmYISK+c1t7SX+l+gRYbWkt
        vFEi9kvJ24ztxatxpzWWltUTmg==
X-Received: by 2002:a17:902:6b83:: with SMTP id p3-v6mr16327926plk.18.1519790384963;
        Tue, 27 Feb 2018 19:59:44 -0800 (PST)
Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82])
        by smtp.gmail.com with ESMTPSA id q17sm739911pgt.7.2018.02.27.19.59.37
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Tue, 27 Feb 2018 19:59:44 -0800 (PST)
From:   Alex Shi <alex.shi@linaro.org>
To:     Marc Zyngier <marc.zyngier@arm.com>,
        Will Deacon <will.deacon@arm.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Catalin Marinas <catalin.marinas@arm.com>,
        stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
        linux-kernel@vger.kernel.org
Cc:     Alex Shi <alex.shi@linaro.org>
Subject: [PATCH 18/29] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
Date:   Wed, 28 Feb 2018 11:56:40 +0800
Message-Id: <1519790211-16582-19-git-send-email-alex.shi@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1519790211-16582-1-git-send-email-alex.shi@linaro.org>
References: <1519790211-16582-1-git-send-email-alex.shi@linaro.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Will Deacon <will.deacon@arm.com>

commit 0617052ddde3 upstream.

Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's
actually more useful as a mitigation against speculation attacks that
can leak arbitrary kernel data to userspace through speculation.

Reword the Kconfig help message to reflect this, and make the option
depend on EXPERT so that it is on by default for the majority of users.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Alex Shi <alex.shi@linaro.org>
---
 arch/arm64/Kconfig | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 6b6e9f8..c8471cf 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -734,15 +734,14 @@ config FORCE_MAX_ZONEORDER
 	  4M allocations matching the default size used by generic code.
 
 config UNMAP_KERNEL_AT_EL0
-	bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+	bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
 	default y
 	help
-	  Some attacks against KASLR make use of the timing difference between
-	  a permission fault which could arise from a page table entry that is
-	  present in the TLB, and a translation fault which always requires a
-	  page table walk. This option defends against these attacks by unmapping
-	  the kernel whilst running in userspace, therefore forcing translation
-	  faults for all of kernel space.
+	  Speculation attacks against some high-performance processors can
+	  be used to bypass MMU permission checks and leak kernel data to
+	  userspace. This can be defended against by unmapping the kernel
+	  when running in userspace, mapping it back in on exception entry
+	  via a trampoline page in the vector table.
 
 	  If unsure, say Y.
 
-- 
2.7.4