lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  8 Aug 2023 12:56:15 -0700
From:   Jo Van Bulck <jo.vanbulck@...kuleuven.be>
To:     linux-kernel@...r.kernel.org, dave.hansen@...ux.intel.com,
        luto@...nel.org, peterz@...radead.org, mingo@...hat.com
Cc:     x86@...nel.org, bp@...en8.de, tglx@...utronix.de, hpa@...or.com,
        Jo Van Bulck <jo.vanbulck@...kuleuven.be>
Subject: [PATCH RESEND] x86/pti: Fix kernel warnings for pti= and nopti cmdline options.

Parse the pti= and nopti cmdline options using early_param to fix 'Unknown
kernel command line parameters "nopti", will be passed to user space'
warnings in the kernel log when nopti or pti= are passed to the kernel
cmdline on x86 platforms. Additionally allow the kernel to warn for
malformed pti= options.

Signed-off-by: Jo Van Bulck <jo.vanbulck@...kuleuven.be>
---

Resending this as I haven't heard back yet. I'd be happy to incorporate any
feedback.

Also adding test output before/after patch for reference:

dmesg | grep -e "page tables isolation" -e "Command line" \
             -e "Malformed" -e "Unknown kernel command line parameters" \
             && cat /sys/devices/system/cpu/vulnerabilities/meltdown

Before patch
============

KERNEL_CMDLINE="nopti"
 [    0.000000] Command line: root=/dev/vda console=ttyS0 nopti
 [    0.009875] Kernel/User page tables isolation: disabled on command line.
 [    0.021498] Unknown kernel command line parameters "nopti", will be passed to user space.
 Vulnerable

KERNEL_CMDLINE="pti=off"
 [    0.000000] Command line: root=/dev/vda console=ttyS0 pti=off
 [    0.009564] Kernel/User page tables isolation: disabled on command line.
 [    0.019542] Unknown kernel command line parameters "pti=off", will be passed to user space.
 Vulnerable

KERNEL_CMDLINE="pti=invalid"
 [    0.000000] Command line: root=/dev/vda console=ttyS0 pti=invalid
 [    0.021409] Unknown kernel command line parameters "pti=invalid", will be passed to user space.
 [    0.022411] Kernel/User page tables isolation: enabled
 Mitigation: PTI

After patch
===========

KERNEL_CMDLINE="nopti"
 [    0.000000] Command line: root=/dev/vda console=ttyS0 nopti
 [    0.009775] Kernel/User page tables isolation: disabled on command line.
 Vulnerable

KERNEL_CMDLINE="pti=off"
 [    0.000000] Command line: root=/dev/vda console=ttyS0 pti=off
 [    0.009879] Kernel/User page tables isolation: disabled on command line.
 Vulnerable

KERNEL_CMDLINE="pti=invalid"
 [    0.000000] Command line: root=/dev/vda console=ttyS0 pti=invalid
 [    0.000000] Malformed early option 'pti'
 [    0.020892] Kernel/User page tables isolation: enabled
 Mitigation: PTI


 arch/x86/mm/pti.c | 56 +++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 29 deletions(-)

diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 78414c6d1..ea5841cf9 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -69,6 +69,7 @@ static void __init pti_print_if_secure(const char *reason)
 		pr_info("%s\n", reason);
 }
 
+/* Assume mode is auto unless overridden via cmdline below */
 static enum pti_mode {
 	PTI_AUTO = 0,
 	PTI_FORCE_OFF,
@@ -77,50 +78,47 @@ static enum pti_mode {
 
 void __init pti_check_boottime_disable(void)
 {
-	char arg[5];
-	int ret;
-
-	/* Assume mode is auto unless overridden. */
-	pti_mode = PTI_AUTO;
-
 	if (hypervisor_is_type(X86_HYPER_XEN_PV)) {
 		pti_mode = PTI_FORCE_OFF;
 		pti_print_if_insecure("disabled on XEN PV.");
 		return;
 	}
 
-	ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg));
-	if (ret > 0)  {
-		if (ret == 3 && !strncmp(arg, "off", 3)) {
-			pti_mode = PTI_FORCE_OFF;
-			pti_print_if_insecure("disabled on command line.");
-			return;
-		}
-		if (ret == 2 && !strncmp(arg, "on", 2)) {
-			pti_mode = PTI_FORCE_ON;
-			pti_print_if_secure("force enabled on command line.");
-			goto enable;
-		}
-		if (ret == 4 && !strncmp(arg, "auto", 4)) {
-			pti_mode = PTI_AUTO;
-			goto autosel;
-		}
-	}
-
-	if (cmdline_find_option_bool(boot_command_line, "nopti") ||
-	    cpu_mitigations_off()) {
+	if (pti_mode == PTI_FORCE_OFF || cpu_mitigations_off()) {
 		pti_mode = PTI_FORCE_OFF;
 		pti_print_if_insecure("disabled on command line.");
 		return;
 	}
 
-autosel:
-	if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
+	if (pti_mode == PTI_AUTO && !boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
 		return;
-enable:
+
+	if (pti_mode == PTI_FORCE_ON)
+		pti_print_if_secure("force enabled on command line.");
 	setup_force_cpu_cap(X86_FEATURE_PTI);
 }
 
+static int __init pti_parse_cmdline(char *arg)
+{
+	if (!strcmp(arg, "off"))
+		pti_mode = PTI_FORCE_OFF;
+	else if (!strcmp(arg, "on"))
+		pti_mode = PTI_FORCE_ON;
+	else if (!strcmp(arg, "auto"))
+		pti_mode = PTI_AUTO;
+	else
+		return -EINVAL;
+	return 0;
+}
+early_param("pti", pti_parse_cmdline);
+
+static int __init pti_parse_cmdline_nopti(char *arg)
+{
+	pti_mode = PTI_FORCE_OFF;
+	return 0;
+}
+early_param("nopti", pti_parse_cmdline_nopti);
+
 pgd_t __pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd)
 {
 	/*

base-commit: 1399419a8db7b3d6083b47062358d95dc8ec9663
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ