| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1516364568-95577-2-git-send-email-jnair@caviumnetworks.com>
Date: Fri, 19 Jan 2018 04:22:48 -0800
From: Jayachandran C <jnair@...iumnetworks.com>
To: Will Deacon <will.deacon@....com>, Jon Masters <jcm@...masters.org>
Cc: marc.zyngier@....com, linux-arm-kernel@...ts.infradead.org,
lorenzo.pieralisi@....com, ard.biesheuvel@...aro.org,
catalin.marinas@....com, linux-kernel@...r.kernel.org,
labbott@...hat.com, christoffer.dall@...aro.org,
Jayachandran C <jnair@...iumnetworks.com>
Subject: [PATCH v3 2/2] arm64: Turn on KPTI only on CPUs that need it
Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in
unmap_kernel_at_el0(). These CPUs are not vulnerable to
CVE-2017-5754 and do not need KPTI when KASLR is off.
Signed-off-by: Jayachandran C <jnair@...iumnetworks.com>
---
arch/arm64/kernel/cpufeature.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 647d44b..fb698ca 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
return true;
+ /* Don't force KPTI for CPUs that are not vulnerable */
+ switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) {
+ case MIDR_CAVIUM_THUNDERX2:
+ case MIDR_BRCM_VULCAN:
+ return false;
+ }
+
/* Defer to CPU feature registers */
return !cpuid_feature_extract_unsigned_field(pfr0,
ID_AA64PFR0_CSV3_SHIFT);
--
2.7.4
Powered by blists - more mailing lists