git.baikalelectronics.ru Git - kernel.git/commit

author	Kristina Martsenko <kristina.martsenko@arm.com>
	Wed, 22 Jun 2022 11:54:24 +0000 (12:54 +0100)
committer	Will Deacon <will@kernel.org>
	Thu, 23 Jun 2022 17:40:38 +0000 (18:40 +0100)
commit	be7ccac1c8cce5c8b8dd3f0467b0ce8ee4af382a
tree	77bf81560d0a7adc014b955afbdbda72c395434f	tree \| snapshot
parent	08aafa0d475a08e31a13403e9df41c7179f4bdcd	commit \| diff

arm64: trap implementation defined functionality in userspace

The Arm v8.8 extension adds a new control FEAT_TIDCP1 that allows the
kernel to disable all implementation-defined system registers and
instructions in userspace. This can improve robustness against covert
channels between processes, for example in cases where the firmware or
hardware didn't disable that functionality by default.

The kernel does not currently support any implementation-defined
features, as there are no hwcaps for any such features, so disable all
imp-def features unconditionally. Any use of imp-def instructions will
result in a SIGILL being delivered to the process (same as for undefined
instructions).

Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Link: https://lore.kernel.org/r/20220622115424.683520-1-kristina.martsenko@arm.com
Signed-off-by: Will Deacon <will@kernel.org>

arch/arm64/include/asm/sysreg.h		diff \| blob \| history
arch/arm64/kernel/cpufeature.c		diff \| blob \| history
arch/arm64/tools/cpucaps		diff \| blob \| history