看完这篇文章,可以知道AARCH64平台修复meltdown漏洞的KPTI补丁的基本原理。此文很难很分裂,需要具备大量背景知识,慎重阅读。
看不懂也没有关系,记住最后三张页表的结论即可。
一个patch是 “arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0”,此patch前后2次修正,地址如下:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=084eb77cd3a81134d02500977dc0ecc9277dc97d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0617052ddde355ee663b2f048e67dd381e5ebd6a
它其实是,使能了一个从EL1的kernel返回EL0的时候,把kernel unmap掉的功能,这样让user不可见内核:
+config UNMAP_KERNEL_AT_EL0
+bool "Unmap kernel when running in userspace (aka \"KAISER\")"
+default y
+help
+ Some attacks against KASLR make use of the timing difference between
+ a permission fault which could arise from a page table entry that is
+ present in the TLB, and a translation fault which always requir