x86/pti: Add pti= cmdline option and documentation
diff mbox series

Message ID 20171212133952.10177-1-bp@alien8.de
State New, archived
Headers show
Series
  • x86/pti: Add pti= cmdline option and documentation
Related show

Commit Message

Borislav Petkov Dec. 12, 2017, 1:39 p.m. UTC
From: Borislav Petkov <bp@suse.de>

Keep the "nopti" for traditional reasons.

Requested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirsky <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: keescook@google.com
Cc: hughd@google.com
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: aliguori@amazon.com
Cc: Will Deacon <will.deacon@arm.com>
Cc: daniel.gruss@iaik.tugraz.at
---
 Documentation/admin-guide/kernel-parameters.txt |  6 ++++++
 arch/x86/mm/pti.c                               | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)

Comments

Juergen Gross Dec. 12, 2017, 1:46 p.m. UTC | #1
On 12/12/17 14:39, Borislav Petkov wrote:
> From: Borislav Petkov <bp@suse.de>
> 
> Keep the "nopti" for traditional reasons.
> 
> Requested-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Borislav Petkov <bp@suse.de>

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen
Will Deacon Dec. 12, 2017, 2:28 p.m. UTC | #2
Hi Borislav, [+ tglx]

On Tue, Dec 12, 2017 at 02:39:52PM +0100, Borislav Petkov wrote:
> From: Borislav Petkov <bp@suse.de>
> 
> Keep the "nopti" for traditional reasons.
> 
> Requested-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Borislav Petkov <bp@suse.de>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Andy Lutomirsky <luto@kernel.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Dave Hansen <dave.hansen@intel.com>
> Cc: Greg KH <gregkh@linuxfoundation.org>
> Cc: keescook@google.com
> Cc: hughd@google.com
> Cc: Brian Gerst <brgerst@gmail.com>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> Cc: Denys Vlasenko <dvlasenk@redhat.com>
> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> Cc: Juergen Gross <jgross@suse.com>
> Cc: David Laight <David.Laight@aculab.com>
> Cc: Eduardo Valentin <eduval@amazon.com>
> Cc: aliguori@amazon.com
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: daniel.gruss@iaik.tugraz.at
> ---
>  Documentation/admin-guide/kernel-parameters.txt |  6 ++++++
>  arch/x86/mm/pti.c                               | 18 ++++++++++++++++++
>  2 files changed, 24 insertions(+)

On arm64, I've gone for kpti=. I'm happy to change this to align with x86,
but the patches are queued now so I don't want to keep changing it.

Is "pti=" definitely what you're going for on x86?

Will
Will Deacon Dec. 14, 2017, 3:18 p.m. UTC | #3
On Tue, Dec 12, 2017 at 02:28:56PM +0000, Will Deacon wrote:
> On Tue, Dec 12, 2017 at 02:39:52PM +0100, Borislav Petkov wrote:
> > From: Borislav Petkov <bp@suse.de>
> > 
> > Keep the "nopti" for traditional reasons.
> > 
> > Requested-by: Linus Torvalds <torvalds@linux-foundation.org>
> > Signed-off-by: Borislav Petkov <bp@suse.de>
> > Cc: Linus Torvalds <torvalds@linux-foundation.org>
> > Cc: Andy Lutomirsky <luto@kernel.org>
> > Cc: Peter Zijlstra <peterz@infradead.org>
> > Cc: Dave Hansen <dave.hansen@intel.com>
> > Cc: Greg KH <gregkh@linuxfoundation.org>
> > Cc: keescook@google.com
> > Cc: hughd@google.com
> > Cc: Brian Gerst <brgerst@gmail.com>
> > Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> > Cc: Denys Vlasenko <dvlasenk@redhat.com>
> > Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> > Cc: Juergen Gross <jgross@suse.com>
> > Cc: David Laight <David.Laight@aculab.com>
> > Cc: Eduardo Valentin <eduval@amazon.com>
> > Cc: aliguori@amazon.com
> > Cc: Will Deacon <will.deacon@arm.com>
> > Cc: daniel.gruss@iaik.tugraz.at
> > ---
> >  Documentation/admin-guide/kernel-parameters.txt |  6 ++++++
> >  arch/x86/mm/pti.c                               | 18 ++++++++++++++++++
> >  2 files changed, 24 insertions(+)
> 
> On arm64, I've gone for kpti=. I'm happy to change this to align with x86,
> but the patches are queued now so I don't want to keep changing it.
> 
> Is "pti=" definitely what you're going for on x86?

It was pointed out to me yesterday that "kpti" can be pronounced "cuppatea",
whereas "pti" doesn't roll off the tongue nearly so easily this side of the
pond.

But I would still like to avoid divergence on the name.

Will
Ingo Molnar Dec. 18, 2017, 12:33 p.m. UTC | #4
* Will Deacon <will.deacon@arm.com> wrote:

> But I would still like to avoid divergence on the name.

Please rename it to 'PTI' to sync the naming with x86.

Thanks,

	Ingo

Patch
diff mbox series

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 5dfd26265484..520fdec15bbb 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3255,6 +3255,12 @@ 
 	pt.		[PARIDE]
 			See Documentation/blockdev/paride.txt.
 
+	pti=		[X86_64]
+			Control user/kernel address space isolation:
+			on - enable
+			off - disable
+			auto - default setting
+
 	pty.legacy_count=
 			[KNL] Number of legacy pty's. Overwrites compiled-in
 			default number.
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index f48645d2f3fd..4afa16b444b2 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -51,15 +51,33 @@ 
 void __init pti_check_boottime_disable(void)
 {
 	bool enable = true;
+	char arg[5];
+
+	if (cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg))) {
+		if (!strncmp(arg, "on", 2))
+			goto enable;
+
+		if (!strncmp(arg, "off", 3)) {
+			pr_info("disabled on command line.\n");
+			return;
+		}
+
+		if (!strncmp(arg, "auto", 4))
+			goto skip;
+	}
 
 	if (cmdline_find_option_bool(boot_command_line, "nopti")) {
 		pr_info("disabled on command line.\n");
 		enable = false;
 	}
+
+skip:
 	if (hypervisor_is_type(X86_HYPER_XEN_PV)) {
 		pr_info("disabled on XEN_PV.\n");
 		enable = false;
 	}
+
+enable:
 	if (enable)
 		setup_force_cpu_bug(X86_BUG_CPU_SECURE_MODE_PTI);
 }