diff options
author | Suzuki K Poulose <suzuki.poulose@arm.com> | 2018-03-26 15:12:40 +0100 |
---|---|---|
committer | Will Deacon <will.deacon@arm.com> | 2018-03-26 18:01:40 +0100 |
commit | d3aec8a28be3b88bf75442e7c24fd9da8d69a6df (patch) | |
tree | 14768c5c5b61bf2d7d78140c46a30580547323ad /arch/alpha/kernel/core_cia.c | |
parent | 5c137714dd8cae464dbd5f028c07af149e6d09fc (diff) | |
download | blackbird-op-linux-d3aec8a28be3b88bf75442e7c24fd9da8d69a6df.tar.gz blackbird-op-linux-d3aec8a28be3b88bf75442e7c24fd9da8d69a6df.zip |
arm64: capabilities: Restrict KPTI detection to boot-time CPUs
KPTI is treated as a system wide feature and is only detected if all
the CPUs in the sysetm needs the defense, unless it is forced via kernel
command line. This leaves a system with a mix of CPUs with and without
the defense vulnerable. Also, if a late CPU needs KPTI but KPTI was not
activated at boot time, the CPU is currently allowed to boot, which is a
potential security vulnerability.
This patch ensures that the KPTI is turned on if at least one CPU detects
the capability (i.e, change scope to SCOPE_LOCAL_CPU). Also rejetcs a late
CPU, if it requires the defense, when the system hasn't enabled it,
Cc: Will Deacon <will.deacon@arm.com>
Reviewed-by: Dave Martin <dave.martin@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Diffstat (limited to 'arch/alpha/kernel/core_cia.c')
0 files changed, 0 insertions, 0 deletions