Received: by 10.213.65.68 with SMTP id h4csp708175imn; Fri, 6 Apr 2018 07:37:20 -0700 (PDT) X-Google-Smtp-Source: AIpwx48gLNIvqzHff0xEfPjLh2MI8ZBOpOyPRNfgLbGdbQ4bebFxElr6W9j9C/7rTTUhao3eXN35 X-Received: by 10.99.109.136 with SMTP id i130mr18063752pgc.380.1523025440380; Fri, 06 Apr 2018 07:37:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523025440; cv=none; d=google.com; s=arc-20160816; b=JYcKvI2BWf/F45W/5c97ZDLL7mn3FVR7W6Wq0ZPuCwfyOKIgr2yg6hIim/J/CKDcSA QNRDcfwUAF3BXM5PgvoiGKbzRbZUyGhps4lqm+Ou3PUTHcS8lqL5kWoS1bMdZH77u8li TaTdt8iVasz3yJzoOzuxInRTv9kV66b8rlB74SYfJmctXD2MslStDC8OIS0J5oR/R7jp ou425jupdXPGUGreBUOu+NP1bKevzKAdsEPWkoCN/5o7L/18Vzvo34Et2Ti0qnMa6G9s vC7QnrBu2DIjh0S8x+jN6wK9FtJiKk+KWouwKV3LFWIncKbPSLmI3d2T+MTumoKqXvD6 pdpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=eXmmJwNuyQUSHopUOQxeMh/dyNX4kOGghxe1EybGIaM=; b=RibsvE5rl0NMhxRsLVDabu7Hwtg2g6WgU/kD3L7Eo6BWQQqDJXFP1ps3/bBVf8i5T5 IWqbq9a2qxa2Gkgnskf/UiikDuTKJIxUEUoUuJvsuv3RnQupTKjY2nEiZbLjFIBDeRWY 3HpR5blAPC/Tos/TYalpWZob0cWLC056qXCo77tHShItyMgfkxxVn72uIy2G6FZ8u8H6 GFSAPshx9kMRJQe9FunKVaSDp6RYTWyjY4Nr6TzMLmowa6PHba2dbA0FTNsSxdmHFWUq +1w5qN8u7vp+1ut5zcwj2bAuuuDp6D4rxjOL7Qp6pjXM4kho13p6u9T4u7IyeqlTvmAS UW/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a18si1336450pgd.330.2018.04.06.07.37.06; Fri, 06 Apr 2018 07:37:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756083AbeDFNfl (ORCPT + 99 others); Fri, 6 Apr 2018 09:35:41 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:58898 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755789AbeDFNfj (ORCPT ); Fri, 6 Apr 2018 09:35:39 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 05106DC0; Fri, 6 Apr 2018 13:35:38 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Will Deacon , Catalin Marinas , Greg Hackmann , Alex Shi , Mark Rutland Subject: [PATCH 4.9 066/102] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Date: Fri, 6 Apr 2018 15:23:47 +0200 Message-Id: <20180406084340.808351201@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180406084331.507038179@linuxfoundation.org> References: <20180406084331.507038179@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Will Deacon commit 0617052ddde3 upstream. Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] Tested-by: Will Deacon Tested-by: Greg Hackmann Signed-off-by: Greg Kroah-Hartman --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -734,15 +734,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y.