| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250924-b4-asi-page-alloc-v1-1-2d861768041f@google.com> Date: Wed, 24 Sep 2025 14:59:36 +0000 From: Brendan Jackman <jackmanb@...gle.com> To: jackmanb@...gle.com, Andy Lutomirski <luto@...nel.org>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, Suren Baghdasaryan <surenb@...gle.com>, Michal Hocko <mhocko@...e.com>, Johannes Weiner <hannes@...xchg.org>, Zi Yan <ziy@...dia.com>, Axel Rasmussen <axelrasmussen@...gle.com>, Yuanchu Xie <yuanchu@...gle.com>, Roman Gushchin <roman.gushchin@...ux.dev> Cc: peterz@...radead.org, bp@...en8.de, dave.hansen@...ux.intel.com, mingo@...hat.com, tglx@...utronix.de, akpm@...ux-foundation.org, david@...hat.com, derkling@...gle.com, junaids@...gle.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org, reijiw@...gle.com, rientjes@...gle.com, rppt@...nel.org, vbabka@...e.cz, x86@...nel.org, yosry.ahmed@...ux.dev Subject: [PATCH 01/21] x86/mm/asi: Add CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION This long awkward name is for consistency with CONFIG_MITIGATION_PAGE_TABLE_ISOLATION. In the short term, there isn't much arch code. In the medium term, it will mostly be x86 code. So, put the code where it will need to go instead of just having to move it soon. In the long term, it should probably include other archs too, so things should be as arch-specific as necessary, but not more so. Follow the proposal by Mike Rapoport[0]: a generic header includes NOP stubs for ASI definitions. If CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION is defined then the asm/ tree must have asi.h, and that gets included instead of the stubs. Signed-off-by: Brendan Jackman <jackmanb@...gle.com> --- arch/Kconfig | 13 +++++++++++++ arch/x86/Kconfig | 1 + arch/x86/include/asm/asi.h | 5 +++++ include/linux/asi.h | 10 ++++++++++ 4 files changed, 29 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index bae871976d36f7b6b2af0be40a067ca2b3fd3d14..ad99637630406e5a484173f5207bbd5a64b2bf1f 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -17,6 +17,19 @@ config CPU_MITIGATIONS def_bool y endif +config ARCH_HAS_MITIGATION_ADDRESS_SPACE_ISOLATION + bool + +config MITIGATION_ADDRESS_SPACE_ISOLATION + bool "Allow code to run with a reduced kernel address space" + default n + depends on ARCH_HAS_MITIGATION_ADDRESS_SPACE_ISOLATION + help + This feature provides the ability to run some kernel code + with a reduced kernel address space. This can be used to + mitigate some speculative execution attacks. + + ASI is not yet ready for use. # # Selected by architectures that need custom DMA operations for e.g. legacy # IOMMUs not handled by dma-iommu. Drivers must never select this symbol. diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1fd698311bc1dba134a8e14dd551d2390e752cda..cb874c3857cf443c6235e05bc3f070b0ea2686f0 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -38,6 +38,7 @@ config X86_64 select ZONE_DMA32 select EXECMEM if DYNAMIC_FTRACE select ACPI_MRRM if ACPI + select ARCH_HAS_MITIGATION_ADDRESS_SPACE_ISOLATION config FORCE_DYNAMIC_FTRACE def_bool y diff --git a/arch/x86/include/asm/asi.h b/arch/x86/include/asm/asi.h new file mode 100644 index 0000000000000000000000000000000000000000..53acdf22fe33efc6ccedbae52b262a904868459a --- /dev/null +++ b/arch/x86/include/asm/asi.h @@ -0,0 +1,5 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_X86_ASI_H +#define _ASM_X86_ASI_H + +#endif /* _ASM_X86_ASI_H */ diff --git a/include/linux/asi.h b/include/linux/asi.h new file mode 100644 index 0000000000000000000000000000000000000000..ef640c8e79369a9ada2881067f0c1d78093293f7 --- /dev/null +++ b/include/linux/asi.h @@ -0,0 +1,10 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _INCLUDE_ASI_H +#define _INCLUDE_ASI_H + +#ifdef CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION +#include <asm/asi.h> +#else + +#endif /* CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION */ +#endif /* _INCLUDE_ASI_H */ -- 2.50.1
Powered by blists - more mailing lists