| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171212133952.10177-1-bp@alien8.de>
Date: Tue, 12 Dec 2017 14:39:52 +0100
From: Borislav Petkov <bp@...en8.de>
To: X86 ML <x86@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andy Lutomirsky <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Dave Hansen <dave.hansen@...el.com>,
Greg KH <gregkh@...uxfoundation.org>, keescook@...gle.com,
hughd@...gle.com, Brian Gerst <brgerst@...il.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Denys Vlasenko <dvlasenk@...hat.com>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Juergen Gross <jgross@...e.com>,
David Laight <David.Laight@...lab.com>,
Eduardo Valentin <eduval@...zon.com>, aliguori@...zon.com,
Will Deacon <will.deacon@....com>, daniel.gruss@...k.tugraz.at
Subject: [PATCH] x86/pti: Add pti= cmdline option and documentation
From: Borislav Petkov <bp@...e.de>
Keep the "nopti" for traditional reasons.
Requested-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Borislav Petkov <bp@...e.de>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andy Lutomirsky <luto@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Dave Hansen <dave.hansen@...el.com>
Cc: Greg KH <gregkh@...uxfoundation.org>
Cc: keescook@...gle.com
Cc: hughd@...gle.com
Cc: Brian Gerst <brgerst@...il.com>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Denys Vlasenko <dvlasenk@...hat.com>
Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
Cc: Juergen Gross <jgross@...e.com>
Cc: David Laight <David.Laight@...lab.com>
Cc: Eduardo Valentin <eduval@...zon.com>
Cc: aliguori@...zon.com
Cc: Will Deacon <will.deacon@....com>
Cc: daniel.gruss@...k.tugraz.at
---
Documentation/admin-guide/kernel-parameters.txt | 6 ++++++
arch/x86/mm/pti.c | 18 ++++++++++++++++++
2 files changed, 24 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 5dfd26265484..520fdec15bbb 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3255,6 +3255,12 @@
pt. [PARIDE]
See Documentation/blockdev/paride.txt.
+ pti= [X86_64]
+ Control user/kernel address space isolation:
+ on - enable
+ off - disable
+ auto - default setting
+
pty.legacy_count=
[KNL] Number of legacy pty's. Overwrites compiled-in
default number.
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index f48645d2f3fd..4afa16b444b2 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -51,15 +51,33 @@
void __init pti_check_boottime_disable(void)
{
bool enable = true;
+ char arg[5];
+
+ if (cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg))) {
+ if (!strncmp(arg, "on", 2))
+ goto enable;
+
+ if (!strncmp(arg, "off", 3)) {
+ pr_info("disabled on command line.\n");
+ return;
+ }
+
+ if (!strncmp(arg, "auto", 4))
+ goto skip;
+ }
if (cmdline_find_option_bool(boot_command_line, "nopti")) {
pr_info("disabled on command line.\n");
enable = false;
}
+
+skip:
if (hypervisor_is_type(X86_HYPER_XEN_PV)) {
pr_info("disabled on XEN_PV.\n");
enable = false;
}
+
+enable:
if (enable)
setup_force_cpu_bug(X86_BUG_CPU_SECURE_MODE_PTI);
}
--
2.13.0
Powered by blists - more mailing lists