[RFC,3/4] arm64: kpti: use nG mappings from the outset if kpti is force enabled

Commit Message

Ard Biesheuvel Dec. 13, 2018, 5:20 p.m. UTC

Instead of relying on a slow asm routine executing from the idmap to
change all global mappings into non-global ones, just apply non-global
mappings from the outset if KPTI is going to be enabled regardless of
CPU capabilities (i.e, when running with KASLR enabled)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/kernel/cpufeature.c | 3 ++-
 arch/arm64/mm/mmu.c            | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

Patch

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index ecd8c65dd2d7..11ef6aadeb0c 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -965,6 +965,8 @@  static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
 	return !has_cpuid_feature(entry, scope);
 }
 
+bool kpti_applied = false;
+
 static void
 kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
 {
@@ -972,7 +974,6 @@  kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
 	extern kpti_remap_fn idmap_kpti_install_ng_mappings;
 	kpti_remap_fn *remap_fn;
 
-	static bool kpti_applied = false;
 	int cpu = smp_processor_id();
 
 	if (kpti_applied)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index d1d6601b385d..ab70834b45b8 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -648,6 +648,15 @@  static void __init map_kernel(pgd_t *pgdp)
 void __init paging_init(void)
 {
 	pgd_t *pgdp = pgd_set_fixmap(__pa_symbol(swapper_pg_dir));
+	bool kpti_enabled;
+
+	/* create nG mappings if KPTI is enabled regardless of CPU features */
+	if (kpti_is_forced(&kpti_enabled) && kpti_enabled) {
+		extern bool kpti_applied;
+
+		cpus_set_cap(ARM64_UNMAP_KERNEL_AT_EL0);
+		kpti_applied = true;
+	}
 
 	map_kernel(pgdp);
 	map_mem(pgdp);