Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

x86/pti: Add the pti= cmdline option and documentation

Keep the "nopti" optional for traditional reasons.

[ tglx: Don't allow force on when running on XEN PV and made 'on'
	printout conditional ]

Requested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirsky <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Link: https://lkml.kernel.org/r/20171212133952.10177-1-bp@alien8.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Borislav Petkov 7 years ago
parent
aa8c6248f8
commit
41f4c20b57
2 changed files with 31 additions and 1 deletions
Split View Show Diff Stats
  1. 6 0
      Documentation/admin-guide/kernel-parameters.txt
  2. 25 1
      arch/x86/mm/pti.c

+ 6 - 0
Documentation/admin-guide/kernel-parameters.txt
View File 

@@ -3255,6 +3255,12 @@
 
 	pt.		[PARIDE]
 
 			See Documentation/blockdev/paride.txt.
 
 
+	pti=		[X86_64]
 
+			Control user/kernel address space isolation:
 
+			on - enable
 
+			off - disable
 
+			auto - default setting
 
+
 
 	pty.legacy_count=
 
 			[KNL] Number of legacy pty's. Overwrites compiled-in
 
 			default number.

+ 25 - 1
arch/x86/mm/pti.c
View File 

@@ -54,21 +54,45 @@ static void __init pti_print_if_insecure(const char *reason)
 
 		pr_info("%s\n", reason);
 
 }
 
 
+static void __init pti_print_if_secure(const char *reason)
 
+{
 
+	if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE))
 
+		pr_info("%s\n", reason);
 
+}
 
+
 
 void __init pti_check_boottime_disable(void)
 
 {
 
+	char arg[5];
 
+	int ret;
 
+
 
 	if (hypervisor_is_type(X86_HYPER_XEN_PV)) {
 
 		pti_print_if_insecure("disabled on XEN PV.");
 
 		return;
 
 	}
 
 
+	ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg));
 
+	if (ret > 0)  {
 
+		if (ret == 3 && !strncmp(arg, "off", 3)) {
 
+			pti_print_if_insecure("disabled on command line.");
 
+			return;
 
+		}
 
+		if (ret == 2 && !strncmp(arg, "on", 2)) {
 
+			pti_print_if_secure("force enabled on command line.");
 
+			goto enable;
 
+		}
 
+		if (ret == 4 && !strncmp(arg, "auto", 4))
 
+			goto autosel;
 
+	}
 
+
 
 	if (cmdline_find_option_bool(boot_command_line, "nopti")) {
 
 		pti_print_if_insecure("disabled on command line.");
 
 		return;
 
 	}
 
 
+autosel:
 
 	if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE))
 
 		return;
 
-
 
+enable:
 
 	setup_force_cpu_cap(X86_FEATURE_PTI);
 
 }