* [PATCH v2] arm64: Make kpti command line options x86 compatible
@ 2018-11-13 15:29 Alexander Graf
2018-11-15 15:47 ` Will Deacon
0 siblings, 1 reply; 3+ messages in thread
From: Alexander Graf @ 2018-11-13 15:29 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-kernel, linux-doc, Catalin Marinas, Will Deacon,
Richard Brown, Matthias Brugger
I've already stumbled over 2 cases where people got confused about how to
disable kpti on AArch64. In both cases, they used existing x86_64 options
and just applied that to an AArch64 system, expecting it to work.
I think it makes a lot of sense to have compatible kernel command line
parameters whenever we can have them be compatible.
So this patch adds the pti= and no_pti kernel command line options, mapping
them into the existing kpti= command line framework. It preserves the old
syntax to maintain compatibility with older command lines.
While at it, the patch also marks the respective options as dual-arch.
Reported-by: Richard Brown <rbrown@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- Actually make it compile. Sorry for the sloppy v1.
---
Documentation/admin-guide/kernel-parameters.txt | 6 +++---
arch/arm64/kernel/cpufeature.c | 20 +++++++++++++++++++-
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 81d1d5a74728..4a1c6bcfcdb5 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3522,8 +3522,8 @@
pt. [PARIDE]
See Documentation/blockdev/paride.txt.
- pti= [X86_64] Control Page Table Isolation of user and
- kernel address spaces. Disabling this feature
+ pti= [X86_64,ARM64] Control Page Table Isolation of user
+ and kernel address spaces. Disabling this feature
removes hardening, but improves performance of
system calls and interrupts.
@@ -3534,7 +3534,7 @@
Not specifying this option is equivalent to pti=auto.
- nopti [X86_64]
+ nopti [X86_64,ARM64]
Equivalent to pti=off
pty.legacy_count=
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index af50064dea51..a67b4b563a7c 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -978,13 +978,31 @@ static int __init parse_kpti(char *str)
bool enabled;
int ret = strtobool(str, &enabled);
- if (ret)
+ if (ret) {
+ if (!strncmp(str, "auto", 4)) {
+ __kpti_forced = 0;
+ return 0;
+ }
return ret;
+ }
__kpti_forced = enabled ? 1 : -1;
return 0;
}
early_param("kpti", parse_kpti);
+
+static int __init parse_pti(char *str)
+{
+ return parse_kpti(str);
+}
+early_param("pti", parse_pti);
+
+static int __init parse_no_pti(char *p)
+{
+ __kpti_forced = -1;
+ return 0;
+}
+early_param("nopti", parse_no_pti);
#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
#ifdef CONFIG_ARM64_HW_AFDBM
--
2.12.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] arm64: Make kpti command line options x86 compatible
2018-11-13 15:29 [PATCH v2] arm64: Make kpti command line options x86 compatible Alexander Graf
@ 2018-11-15 15:47 ` Will Deacon
2018-11-15 16:49 ` Alexander Graf
0 siblings, 1 reply; 3+ messages in thread
From: Will Deacon @ 2018-11-15 15:47 UTC (permalink / raw)
To: Alexander Graf
Cc: linux-arm-kernel, linux-kernel, linux-doc, Catalin Marinas,
Richard Brown, Matthias Brugger
On Tue, Nov 13, 2018 at 04:29:06PM +0100, Alexander Graf wrote:
> I've already stumbled over 2 cases where people got confused about how to
> disable kpti on AArch64. In both cases, they used existing x86_64 options
> and just applied that to an AArch64 system, expecting it to work.
>
> I think it makes a lot of sense to have compatible kernel command line
> parameters whenever we can have them be compatible.
>
> So this patch adds the pti= and no_pti kernel command line options, mapping
> them into the existing kpti= command line framework. It preserves the old
> syntax to maintain compatibility with older command lines.
>
> While at it, the patch also marks the respective options as dual-arch.
>
> Reported-by: Richard Brown <rbrown@suse.de>
> Signed-off-by: Alexander Graf <agraf@suse.de>
>
> ---
>
> v1 -> v2:
>
> - Actually make it compile. Sorry for the sloppy v1.
> ---
> Documentation/admin-guide/kernel-parameters.txt | 6 +++---
> arch/arm64/kernel/cpufeature.c | 20 +++++++++++++++++++-
> 2 files changed, 22 insertions(+), 4 deletions(-)
This patch doesn't help though, right, because kpti= has already been
included with backports etc so the ship has sailed? Yeah, it's not ideal,
but we went over this before:
http://lists.infradead.org/pipermail/linux-arm-kernel/2018-August/598395.html
The thing we really need is the sysfs interface hooking up so you can easily
check the state of the mitigation. Still waiting for a follow-up on that ;)
http://lists.infradead.org/pipermail/linux-arm-kernel/2018-September/603412.html
Will
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] arm64: Make kpti command line options x86 compatible
2018-11-15 15:47 ` Will Deacon
@ 2018-11-15 16:49 ` Alexander Graf
0 siblings, 0 replies; 3+ messages in thread
From: Alexander Graf @ 2018-11-15 16:49 UTC (permalink / raw)
To: Will Deacon
Cc: linux-arm-kernel, linux-kernel, linux-doc, Catalin Marinas,
Richard Brown, Matthias Brugger, yousaf.kaukab
> Am 15.11.2018 um 16:47 schrieb Will Deacon <will.deacon@arm.com>:
>
>> On Tue, Nov 13, 2018 at 04:29:06PM +0100, Alexander Graf wrote:
>> I've already stumbled over 2 cases where people got confused about how to
>> disable kpti on AArch64. In both cases, they used existing x86_64 options
>> and just applied that to an AArch64 system, expecting it to work.
>>
>> I think it makes a lot of sense to have compatible kernel command line
>> parameters whenever we can have them be compatible.
>>
>> So this patch adds the pti= and no_pti kernel command line options, mapping
>> them into the existing kpti= command line framework. It preserves the old
>> syntax to maintain compatibility with older command lines.
>>
>> While at it, the patch also marks the respective options as dual-arch.
>>
>> Reported-by: Richard Brown <rbrown@suse.de>
>> Signed-off-by: Alexander Graf <agraf@suse.de>
>>
>> ---
>>
>> v1 -> v2:
>>
>> - Actually make it compile. Sorry for the sloppy v1.
>> ---
>> Documentation/admin-guide/kernel-parameters.txt | 6 +++---
>> arch/arm64/kernel/cpufeature.c | 20 +++++++++++++++++++-
>> 2 files changed, 22 insertions(+), 4 deletions(-)
>
> This patch doesn't help though, right, because kpti= has already been
> included with backports etc so the ship has sailed?
Not necessarily. We can always mark this as stable and have distros pull it in. Consistency is definitely useful for everyone.
> Yeah, it's not ideal,
> but we went over this before:
>
> http://lists.infradead.org/pipermail/linux-arm-kernel/2018-August/598395.html
Ah, I mist havd missed that. But if you already have 2 people sending very similar patches, there is probably something to it :).
>
> The thing we really need is the sysfs interface hooking up so you can easily
> check the state of the mitigation. Still waiting for a follow-up on that ;)
>
> http://lists.infradead.org/pipermail/linux-arm-kernel/2018-September/603412.html
That one is very much needed as well, yes.
Alex
>
> Will
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-11-15 16:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-13 15:29 [PATCH v2] arm64: Make kpti command line options x86 compatible Alexander Graf
2018-11-15 15:47 ` Will Deacon
2018-11-15 16:49 ` Alexander Graf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).