diff mbox series

[v2] arm64: Make kpti command line options x86 compatible

Message ID 20181113152906.55802-1-agraf@suse.de (mailing list archive)
State New, archived
Headers show
Series [v2] arm64: Make kpti command line options x86 compatible | expand

Commit Message

Alexander Graf Nov. 13, 2018, 3:29 p.m. UTC
I've already stumbled over 2 cases where people got confused about how to
disable kpti on AArch64. In both cases, they used existing x86_64 options
and just applied that to an AArch64 system, expecting it to work.

I think it makes a lot of sense to have compatible kernel command line
parameters whenever we can have them be compatible.

So this patch adds the pti= and no_pti kernel command line options, mapping
them into the existing kpti= command line framework. It preserves the old
syntax to maintain compatibility with older command lines.

While at it, the patch also marks the respective options as dual-arch.

Reported-by: Richard Brown <rbrown@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

---

v1 -> v2:

  - Actually make it compile. Sorry for the sloppy v1.
---
 Documentation/admin-guide/kernel-parameters.txt |  6 +++---
 arch/arm64/kernel/cpufeature.c                  | 20 +++++++++++++++++++-
 2 files changed, 22 insertions(+), 4 deletions(-)

Comments

Will Deacon Nov. 15, 2018, 3:47 p.m. UTC | #1
On Tue, Nov 13, 2018 at 04:29:06PM +0100, Alexander Graf wrote:
> I've already stumbled over 2 cases where people got confused about how to
> disable kpti on AArch64. In both cases, they used existing x86_64 options
> and just applied that to an AArch64 system, expecting it to work.
> 
> I think it makes a lot of sense to have compatible kernel command line
> parameters whenever we can have them be compatible.
> 
> So this patch adds the pti= and no_pti kernel command line options, mapping
> them into the existing kpti= command line framework. It preserves the old
> syntax to maintain compatibility with older command lines.
> 
> While at it, the patch also marks the respective options as dual-arch.
> 
> Reported-by: Richard Brown <rbrown@suse.de>
> Signed-off-by: Alexander Graf <agraf@suse.de>
> 
> ---
> 
> v1 -> v2:
> 
>   - Actually make it compile. Sorry for the sloppy v1.
> ---
>  Documentation/admin-guide/kernel-parameters.txt |  6 +++---
>  arch/arm64/kernel/cpufeature.c                  | 20 +++++++++++++++++++-
>  2 files changed, 22 insertions(+), 4 deletions(-)

This patch doesn't help though, right, because kpti= has already been
included with backports etc so the ship has sailed? Yeah, it's not ideal,
but we went over this before:

http://lists.infradead.org/pipermail/linux-arm-kernel/2018-August/598395.html

The thing we really need is the sysfs interface hooking up so you can easily
check the state of the mitigation. Still waiting for a follow-up on that ;)

http://lists.infradead.org/pipermail/linux-arm-kernel/2018-September/603412.html

Will
Alexander Graf Nov. 15, 2018, 4:49 p.m. UTC | #2
> Am 15.11.2018 um 16:47 schrieb Will Deacon <will.deacon@arm.com>:
> 
>> On Tue, Nov 13, 2018 at 04:29:06PM +0100, Alexander Graf wrote:
>> I've already stumbled over 2 cases where people got confused about how to
>> disable kpti on AArch64. In both cases, they used existing x86_64 options
>> and just applied that to an AArch64 system, expecting it to work.
>> 
>> I think it makes a lot of sense to have compatible kernel command line
>> parameters whenever we can have them be compatible.
>> 
>> So this patch adds the pti= and no_pti kernel command line options, mapping
>> them into the existing kpti= command line framework. It preserves the old
>> syntax to maintain compatibility with older command lines.
>> 
>> While at it, the patch also marks the respective options as dual-arch.
>> 
>> Reported-by: Richard Brown <rbrown@suse.de>
>> Signed-off-by: Alexander Graf <agraf@suse.de>
>> 
>> ---
>> 
>> v1 -> v2:
>> 
>>  - Actually make it compile. Sorry for the sloppy v1.
>> ---
>> Documentation/admin-guide/kernel-parameters.txt |  6 +++---
>> arch/arm64/kernel/cpufeature.c                  | 20 +++++++++++++++++++-
>> 2 files changed, 22 insertions(+), 4 deletions(-)
> 
> This patch doesn't help though, right, because kpti= has already been
> included with backports etc so the ship has sailed?

Not necessarily. We can always mark this as stable and have distros pull it in. Consistency is definitely useful for everyone.

> Yeah, it's not ideal,
> but we went over this before:
> 
> http://lists.infradead.org/pipermail/linux-arm-kernel/2018-August/598395.html

Ah, I mist havd missed that. But if you already have 2 people sending very similar patches, there is probably something to it :).

> 
> The thing we really need is the sysfs interface hooking up so you can easily
> check the state of the mitigation. Still waiting for a follow-up on that ;)
> 
> http://lists.infradead.org/pipermail/linux-arm-kernel/2018-September/603412.html

That one is very much needed as well, yes.

Alex

> 
> Will
diff mbox series

Patch

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 81d1d5a74728..4a1c6bcfcdb5 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3522,8 +3522,8 @@ 
 	pt.		[PARIDE]
 			See Documentation/blockdev/paride.txt.
 
-	pti=		[X86_64] Control Page Table Isolation of user and
-			kernel address spaces.  Disabling this feature
+	pti=		[X86_64,ARM64] Control Page Table Isolation of user
+			and kernel address spaces.  Disabling this feature
 			removes hardening, but improves performance of
 			system calls and interrupts.
 
@@ -3534,7 +3534,7 @@ 
 
 			Not specifying this option is equivalent to pti=auto.
 
-	nopti		[X86_64]
+	nopti		[X86_64,ARM64]
 			Equivalent to pti=off
 
 	pty.legacy_count=
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index af50064dea51..a67b4b563a7c 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -978,13 +978,31 @@  static int __init parse_kpti(char *str)
 	bool enabled;
 	int ret = strtobool(str, &enabled);
 
-	if (ret)
+	if (ret) {
+		if (!strncmp(str, "auto", 4)) {
+			__kpti_forced = 0;
+			return 0;
+		}
 		return ret;
+	}
 
 	__kpti_forced = enabled ? 1 : -1;
 	return 0;
 }
 early_param("kpti", parse_kpti);
+
+static int __init parse_pti(char *str)
+{
+	return parse_kpti(str);
+}
+early_param("pti", parse_pti);
+
+static int __init parse_no_pti(char *p)
+{
+	__kpti_forced = -1;
+	return 0;
+}
+early_param("nopti", parse_no_pti);
 #endif	/* CONFIG_UNMAP_KERNEL_AT_EL0 */
 
 #ifdef CONFIG_ARM64_HW_AFDBM