diff options
| author | Suzuki K Poulose <[email protected]> | 2018-03-26 15:12:40 +0100 |
|---|---|---|
| committer | Will Deacon <[email protected]> | 2018-03-26 18:01:40 +0100 |
| commit | d3aec8a28be3b88bf75442e7c24fd9da8d69a6df (patch) | |
| tree | 14768c5c5b61bf2d7d78140c46a30580547323ad /tools/perf/scripts/python/export-to-postgresql.py | |
| parent | 5c137714dd8cae464dbd5f028c07af149e6d09fc (diff) | |
arm64: capabilities: Restrict KPTI detection to boot-time CPUs
KPTI is treated as a system wide feature and is only detected if all
the CPUs in the sysetm needs the defense, unless it is forced via kernel
command line. This leaves a system with a mix of CPUs with and without
the defense vulnerable. Also, if a late CPU needs KPTI but KPTI was not
activated at boot time, the CPU is currently allowed to boot, which is a
potential security vulnerability.
This patch ensures that the KPTI is turned on if at least one CPU detects
the capability (i.e, change scope to SCOPE_LOCAL_CPU). Also rejetcs a late
CPU, if it requires the defense, when the system hasn't enabled it,
Cc: Will Deacon <[email protected]>
Reviewed-by: Dave Martin <[email protected]>
Signed-off-by: Suzuki K Poulose <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')
0 files changed, 0 insertions, 0 deletions