• Mark Brown's avatar
    arm64: Add initial support for E0PD · 3e6c69a0
    Mark Brown authored
    Kernel Page Table Isolation (KPTI) is used to mitigate some speculation
    based security issues by ensuring that the kernel is not mapped when
    userspace is running but this approach is expensive and is incompatible
    with SPE.  E0PD, introduced in the ARMv8.5 extensions, provides an
    alternative to this which ensures that accesses from userspace to the
    kernel's half of the memory map to always fault with constant time,
    preventing timing attacks without requiring constant unmapping and
    remapping or preventing legitimate accesses.
    
    Currently this feature will only be enabled if all CPUs in the system
    support E0PD, if some CPUs do not support the feature at boot time then
    the feature will not be enabled and in the unlikely event that a late
    CPU is the first CPU to lack the feature then we will reject that CPU.
    
    This initial patch does not yet integrate with KPTI, this will be dealt
    with in followup patches.  Ideally we could ensure that by default we
    don't use KPTI on CPUs where E0PD is present.
    Signed-off-by: default avatarMark Brown <broonie@kernel.org>
    Reviewed-by: default avatarSuzuki K Poulose <suzuki.poulose@arm.com>
    [will: Fixed typo in Kconfig text]
    Signed-off-by: default avatarWill Deacon <will@kernel.org>
    3e6c69a0
Kconfig 56.4 KB