From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754239AbeAJT3v (ORCPT + 1 other); Wed, 10 Jan 2018 14:29:51 -0500 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:39497 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754203AbeAJT3t (ORCPT ); Wed, 10 Jan 2018 14:29:49 -0500 From: Willy Tarreau To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Willy Tarreau , Andy Lutomirski , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , Linus Torvalds , Peter Zijlstra , Thomas Gleixner , Josh Poimboeuf , "H. Peter Anvin" , Kees Cook Subject: [RFC PATCH v3 3/8] x86/pti: create the pti_adjust sysctl Date: Wed, 10 Jan 2018 20:28:15 +0100 Message-Id: <1515612500-14505-4-git-send-email-w@1wt.eu> X-Mailer: git-send-email 2.8.0.rc2.1.gbe9624a In-Reply-To: <1515612500-14505-1-git-send-email-w@1wt.eu> References: <1515612500-14505-1-git-send-email-w@1wt.eu> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: This sysctl supports a value from -1 to 1 which will let the administrator decide whether or not to adjust the PTI behaviour per process. Signed-off-by: Willy Tarreau Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Dave Hansen Cc: Ingo Molnar Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Josh Poimboeuf Cc: "H. Peter Anvin" Cc: Kees Cook --- arch/x86/include/asm/pti.h | 5 +++++ arch/x86/mm/pti.c | 19 +++++++++++++++++++ kernel/sysctl.c | 12 ++++++++++++ 3 files changed, 36 insertions(+) diff --git a/arch/x86/include/asm/pti.h b/arch/x86/include/asm/pti.h index 0b5ef05..cc8e0d0e 100644 --- a/arch/x86/include/asm/pti.h +++ b/arch/x86/include/asm/pti.h @@ -6,6 +6,11 @@ #ifdef CONFIG_PAGE_TABLE_ISOLATION extern void pti_init(void); extern void pti_check_boottime_disable(void); +# ifdef CONFIG_PER_PROCESS_PTI +extern int pti_adjust; +int pti_adjust_sysctl_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos); +# endif #else static inline void pti_check_boottime_disable(void) { } #endif diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 43d4a4a..8166686f 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -54,6 +54,10 @@ #define __GFP_NOTRACK 0 #endif +# ifdef CONFIG_PER_PROCESS_PTI +int pti_adjust; +#endif + static void __init pti_print_if_insecure(const char *reason) { if (boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) @@ -371,6 +375,21 @@ static void __init pti_clone_entry_text(void) _PAGE_RW | _PAGE_GLOBAL); } +#ifdef CONFIG_PER_PROCESS_PTI +/* + * sysctl handler for pti_adjust which decides whether or not to accept a + * change to the value. 0 and 1 may be interchanged, but -1 is definitive. + */ +int pti_adjust_sysctl_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) +{ + if (write && (!capable(CAP_SYS_RAWIO) || pti_adjust == -1)) + return -EPERM; + + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); +} +#endif + /* * Initialize kernel page table isolation */ diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 557d467..a37a5e1 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -1572,6 +1573,17 @@ static int sysrq_sysctl_handler(struct ctl_table *table, int write, .proc_handler = numa_zonelist_order_handler, }, #endif +#ifdef CONFIG_PER_PROCESS_PTI + { + .procname = "pti_adjust", + .data = &pti_adjust, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = pti_adjust_sysctl_handler, + .extra1 = &neg_one, + .extra2 = &one, + }, +#endif #if (defined(CONFIG_X86_32) && !defined(CONFIG_UML))|| \ (defined(CONFIG_SUPERH) && defined(CONFIG_VSYSCALL)) { -- 1.7.12.1