Loading arch/arm64/Kconfig +12 −0 Original line number Diff line number Diff line Loading @@ -794,6 +794,18 @@ config HARDEN_BRANCH_PREDICTOR If unsure, say Y. config UNMAP_KERNEL_AT_EL0 bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help Speculation attacks against some high-performance processors can be used to bypass MMU permission checks and leak kernel data to userspace. This can be defended against by unmapping the kernel when running in userspace, mapping it back in on exception entry via a trampoline page in the vector table. If unsure, say Y. menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Loading arch/arm64/include/asm/cpufeature.h +2 −1 Original line number Diff line number Diff line Loading @@ -35,9 +35,10 @@ #define ARM64_ALT_PAN_NOT_UAO 10 #define ARM64_WORKAROUND_CAVIUM_27456 11 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_HAS_VIRT_HOST_EXTN 12 #define ARM64_HARDEN_BRANCH_PREDICTOR 13 #define ARM64_NCAPS 14 #define ARM64_NCAPS 24 #ifndef __ASSEMBLY__ Loading arch/arm64/include/asm/fixmap.h +5 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,11 @@ enum fixed_addresses { FIX_PMD, FIX_PUD, FIX_PGD, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_fixed_addresses }; Loading arch/arm64/include/asm/kernel-pgtable.h +10 −2 Original line number Diff line number Diff line Loading @@ -78,8 +78,16 @@ /* * Initial memory map attributes. */ #define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 #define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) #define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) #else #define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS #define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS #endif #if ARM64_SWAPPER_USES_SECTION_MAPS #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) Loading arch/arm64/include/asm/mmu.h +12 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,11 @@ #ifndef __ASM_MMU_H #define __ASM_MMU_H #define USER_ASID_FLAG (UL(1) << 48) #define TTBR_ASID_MASK (UL(0xffff) << 48) #ifndef __ASSEMBLY__ #include <linux/smp.h> #include <asm/cpufeature.h> Loading Loading @@ -70,6 +75,12 @@ static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) static inline void arm64_apply_bp_hardening(void) { } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ static inline bool arm64_kernel_unmapped_at_el0(void) { return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0); } extern void paging_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); extern void init_mem_pgprot(void); Loading @@ -78,4 +89,5 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys, pgprot_t prot); extern void *fixmap_remap_fdt(phys_addr_t dt_phys); #endif /* !__ASSEMBLY__ */ #endif Loading
arch/arm64/Kconfig +12 −0 Original line number Diff line number Diff line Loading @@ -794,6 +794,18 @@ config HARDEN_BRANCH_PREDICTOR If unsure, say Y. config UNMAP_KERNEL_AT_EL0 bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help Speculation attacks against some high-performance processors can be used to bypass MMU permission checks and leak kernel data to userspace. This can be defended against by unmapping the kernel when running in userspace, mapping it back in on exception entry via a trampoline page in the vector table. If unsure, say Y. menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Loading
arch/arm64/include/asm/cpufeature.h +2 −1 Original line number Diff line number Diff line Loading @@ -35,9 +35,10 @@ #define ARM64_ALT_PAN_NOT_UAO 10 #define ARM64_WORKAROUND_CAVIUM_27456 11 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_HAS_VIRT_HOST_EXTN 12 #define ARM64_HARDEN_BRANCH_PREDICTOR 13 #define ARM64_NCAPS 14 #define ARM64_NCAPS 24 #ifndef __ASSEMBLY__ Loading
arch/arm64/include/asm/fixmap.h +5 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,11 @@ enum fixed_addresses { FIX_PMD, FIX_PUD, FIX_PGD, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_fixed_addresses }; Loading
arch/arm64/include/asm/kernel-pgtable.h +10 −2 Original line number Diff line number Diff line Loading @@ -78,8 +78,16 @@ /* * Initial memory map attributes. */ #define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 #define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) #define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) #else #define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS #define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS #endif #if ARM64_SWAPPER_USES_SECTION_MAPS #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) Loading
arch/arm64/include/asm/mmu.h +12 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,11 @@ #ifndef __ASM_MMU_H #define __ASM_MMU_H #define USER_ASID_FLAG (UL(1) << 48) #define TTBR_ASID_MASK (UL(0xffff) << 48) #ifndef __ASSEMBLY__ #include <linux/smp.h> #include <asm/cpufeature.h> Loading Loading @@ -70,6 +75,12 @@ static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) static inline void arm64_apply_bp_hardening(void) { } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ static inline bool arm64_kernel_unmapped_at_el0(void) { return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0); } extern void paging_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); extern void init_mem_pgprot(void); Loading @@ -78,4 +89,5 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys, pgprot_t prot); extern void *fixmap_remap_fdt(phys_addr_t dt_phys); #endif /* !__ASSEMBLY__ */ #endif
