Re: [PATCH 10/16] arm64: Make KPTI strict CPU local feature
From: Suzuki K Poulose
Date: Fri Jan 26 2018 - 10:47:07 EST
On 26/01/18 12:25, Dave Martin wrote:
On Tue, Jan 23, 2018 at 12:28:03PM +0000, Suzuki K Poulose wrote:
KPTI capability is a security feature which should be enabled
when at least one CPU on the system needs it. Any late CPU
which needs the kernel support, should be prevented from
booting (and thus making the system unsecure) if the feature
was not already enabled.
Is there an actual change to behaviour here?
Yes, we now prevent any new CPU from booting if it *matches* the capability,
which we didn't do earlier.
It's not very obvious from the commit message, or the patch when read in
isolation.
I will fix the commit message to indicate the current behavior. How about :
"KPTI is treated as a system wide feature, where we enable the feature
when all the CPUs on the system suffers from the security vulnerability,
unless it is enabled via kernel command line. Also, we ignore a late CPU
which might need the defense if the KPTI is not enabled, making the system
insecure. This is not sufficient, as
we should enable the defense when at least one CPU needs it. Also, if
it is not enabled at boot-time, we can no longer enable it when a late
CPU turns up. This patch makes sure that the KPTI is checked on all CPUs
and use it when at least one needs it. Also reject any CPU that needs it,
which turns up late if the KPTI is not already enabled."
Cheers
Suzuki