Commit 3ec3abcb authored Nov 14, 2017 by Will Deacon Committed by Greg Kroah-Hartman Jan 05, 2018

FROMLIST: arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0



Add a Kconfig entry to control use of the entry trampoline, which allows
us to unmap the kernel whilst running in userspace and improve the
robustness of KASLR.

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Laura Abbott <labbott@redhat.com>
Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
(cherry picked from git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git


 commit 084eb77cd3a81134d02500977dc0ecc9277dc97d)

Change-Id: Iac41787b660dde902f32325afd2f454da600b60d
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

parent 2b4c5c1f

arch/arm64/Kconfig

+13 −0

Original line number	Diff line number	Diff line
		@@ -527,6 +527,19 @@ config FORCE_MAX_ZONEORDER
		default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE)
		default "11"

		config UNMAP_KERNEL_AT_EL0
		bool "Unmap kernel when running in userspace (aka \"KAISER\")"
		default y
		help
		Some attacks against KASLR make use of the timing difference between
		a permission fault which could arise from a page table entry that is
		present in the TLB, and a translation fault which always requires a
		page table walk. This option defends against these attacks by unmapping
		the kernel whilst running in userspace, therefore forcing translation
		faults for all of kernel space.

		If unsure, say Y.

		menuconfig ARMV8_DEPRECATED
		bool "Emulate deprecated/obsolete ARMv8 instructions"
		depends on COMPAT