• Ard Biesheuvel's avatar
    arm64: Enable data independent timing (DIT) in the kernel · 01ab991f
    Ard Biesheuvel authored
    The ARM architecture revision v8.4 introduces a data independent timing
    control (DIT) which can be set at any exception level, and instructs the
    CPU to avoid optimizations that may result in a correlation between the
    execution time of certain instructions and the value of the data they
    operate on.
    
    The DIT bit is part of PSTATE, and is therefore context switched as
    usual, given that it becomes part of the saved program state (SPSR) when
    taking an exception. We have also defined a hwcap for DIT, and so user
    space can discover already whether or nor DIT is available. This means
    that, as far as user space is concerned, DIT is wired up and fully
    functional.
    
    In the kernel, however, we never bothered with DIT: we disable at it
    boot (i.e., INIT_PSTATE_EL1 has DIT cleared) and ignore the fact that we
    might run with DIT enabled if user space happened to set it.
    
    Currently, we have no idea whether or not running privileged code with
    DIT disabled on a CPU that implements support for it may result in a
    side channel that exposes privileged data to unprivileged user space
    processes, so let's be cautious and just enable DIT while running in the
    kernel if supported by all CPUs.
    
    Cc: Catalin Marinas <catalin.marinas@arm.com>
    Cc: Will Deacon <will@kernel.org>
    Cc: Mark Rutland <mark.rutland@arm.com>
    Cc: Marc Zyngier <maz@kernel.org>
    Cc: Eric Biggers <ebiggers@kernel.org>
    Cc: Jason A. Donenfeld <Jason@zx2c4.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
    Cc: Adam Langley <agl@google.com>
    Link: https://lore.kernel.org/all/YwgCrqutxmX0W72r@gmail.com/Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
    Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
    Link: https://lore.kernel.org/r/20221107172400.1851434-1-ardb@kernel.org
    [will: Removed cpu_has_dit() as per Mark's suggestion on the list]
    Signed-off-by: default avatarWill Deacon <will@kernel.org>
    01ab991f
cpucaps 1.55 KB