review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Suzuki K Poulose <suzuki.poulose@arm.com>
	Mon, 26 Mar 2018 14:12:40 +0000 (15:12 +0100)
committer	Will Deacon <will.deacon@arm.com>
	Mon, 26 Mar 2018 17:01:40 +0000 (18:01 +0100)
commit	d3aec8a28be3b88bf75442e7c24fd9da8d69a6df
tree	14768c5c5b61bf2d7d78140c46a30580547323ad	tree \| snapshot
parent	5c137714dd8cae464dbd5f028c07af149e6d09fc	commit \| diff

arm64: capabilities: Restrict KPTI detection to boot-time CPUs

KPTI is treated as a system wide feature and is only detected if all
the CPUs in the sysetm needs the defense, unless it is forced via kernel
command line. This leaves a system with a mix of CPUs with and without
the defense vulnerable. Also, if a late CPU needs KPTI but KPTI was not
activated at boot time, the CPU is currently allowed to boot, which is a
potential security vulnerability.
This patch ensures that the KPTI is turned on if at least one CPU detects
the capability (i.e, change scope to SCOPE_LOCAL_CPU). Also rejetcs a late
CPU, if it requires the defense, when the system hasn't enabled it,

Cc: Will Deacon <will.deacon@arm.com>
Reviewed-by: Dave Martin <dave.martin@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>

arch/arm64/include/asm/cpufeature.h		diff \| blob \| history
arch/arm64/kernel/cpufeature.c		diff \| blob \| history