Loading arch/arm64/Kconfig +12 −0 Original line number Diff line number Diff line Loading @@ -801,6 +801,18 @@ config FORCE_MAX_ZONEORDER default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE) default "11" config UNMAP_KERNEL_AT_EL0 bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help Speculation attacks against some high-performance processors can be used to bypass MMU permission checks and leak kernel data to userspace. This can be defended against by unmapping the kernel when running in userspace, mapping it back in on exception entry via a trampoline page in the vector table. If unsure, say Y. menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Loading arch/arm64/include/asm/assembler.h +20 −0 Original line number Diff line number Diff line Loading @@ -321,4 +321,24 @@ lr .req x30 // link register mrs \rd, sp_el0 .endm /* * mov_q - move an immediate constant into a 64-bit register using * between 2 and 4 movz/movk instructions (depending on the * magnitude and sign of the operand) */ .macro mov_q, reg, val .if (((\val) >> 31) == 0 || ((\val) >> 31) == 0x1ffffffff) movz \reg, :abs_g1_s:\val .else .if (((\val) >> 47) == 0 || ((\val) >> 47) == 0x1ffff) movz \reg, :abs_g2_s:\val .else movz \reg, :abs_g3:\val movk \reg, :abs_g2_nc:\val .endif movk \reg, :abs_g1_nc:\val .endif movk \reg, :abs_g0_nc:\val .endm #endif /* __ASM_ASSEMBLER_H */ arch/arm64/include/asm/cpufeature.h +2 −1 Original line number Diff line number Diff line Loading @@ -29,8 +29,9 @@ #define ARM64_HAS_PAN 4 #define ARM64_HAS_UAO 5 #define ARM64_ALT_PAN_NOT_UAO 6 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_NCAPS 7 #define ARM64_NCAPS 24 #ifndef __ASSEMBLY__ Loading arch/arm64/include/asm/fixmap.h +5 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,11 @@ enum fixed_addresses { FIX_HOLE, FIX_EARLYCON_MEM_BASE, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_permanent_fixed_addresses, /* Loading arch/arm64/include/asm/kernel-pgtable.h +10 −2 Original line number Diff line number Diff line Loading @@ -61,8 +61,16 @@ /* * Initial memory map attributes. */ #define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 #define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) #define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) #else #define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS #define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS #endif #ifdef CONFIG_ARM64_64K_PAGES #define SWAPPER_MM_MMUFLAGS (PTE_ATTRINDX(MT_NORMAL) | SWAPPER_PTE_FLAGS) Loading Loading
arch/arm64/Kconfig +12 −0 Original line number Diff line number Diff line Loading @@ -801,6 +801,18 @@ config FORCE_MAX_ZONEORDER default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE) default "11" config UNMAP_KERNEL_AT_EL0 bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help Speculation attacks against some high-performance processors can be used to bypass MMU permission checks and leak kernel data to userspace. This can be defended against by unmapping the kernel when running in userspace, mapping it back in on exception entry via a trampoline page in the vector table. If unsure, say Y. menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Loading
arch/arm64/include/asm/assembler.h +20 −0 Original line number Diff line number Diff line Loading @@ -321,4 +321,24 @@ lr .req x30 // link register mrs \rd, sp_el0 .endm /* * mov_q - move an immediate constant into a 64-bit register using * between 2 and 4 movz/movk instructions (depending on the * magnitude and sign of the operand) */ .macro mov_q, reg, val .if (((\val) >> 31) == 0 || ((\val) >> 31) == 0x1ffffffff) movz \reg, :abs_g1_s:\val .else .if (((\val) >> 47) == 0 || ((\val) >> 47) == 0x1ffff) movz \reg, :abs_g2_s:\val .else movz \reg, :abs_g3:\val movk \reg, :abs_g2_nc:\val .endif movk \reg, :abs_g1_nc:\val .endif movk \reg, :abs_g0_nc:\val .endm #endif /* __ASM_ASSEMBLER_H */
arch/arm64/include/asm/cpufeature.h +2 −1 Original line number Diff line number Diff line Loading @@ -29,8 +29,9 @@ #define ARM64_HAS_PAN 4 #define ARM64_HAS_UAO 5 #define ARM64_ALT_PAN_NOT_UAO 6 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_NCAPS 7 #define ARM64_NCAPS 24 #ifndef __ASSEMBLY__ Loading
arch/arm64/include/asm/fixmap.h +5 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,11 @@ enum fixed_addresses { FIX_HOLE, FIX_EARLYCON_MEM_BASE, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_permanent_fixed_addresses, /* Loading
arch/arm64/include/asm/kernel-pgtable.h +10 −2 Original line number Diff line number Diff line Loading @@ -61,8 +61,16 @@ /* * Initial memory map attributes. */ #define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 #define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) #define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) #else #define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS #define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS #endif #ifdef CONFIG_ARM64_64K_PAGES #define SWAPPER_MM_MMUFLAGS (PTE_ATTRINDX(MT_NORMAL) | SWAPPER_PTE_FLAGS) Loading
