lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 19 Aug 2023 10:09:20 +0200
From:   Jo Van Bulck <jo.vanbulck@...kuleuven.be>
To:     linux-kernel@...r.kernel.org, dave.hansen@...ux.intel.com,
        luto@...nel.org, peterz@...radead.org, mingo@...hat.com,
        sohil.mehta@...el.com
Cc:     x86@...nel.org, bp@...en8.de, tglx@...utronix.de, hpa@...or.com,
        Jo Van Bulck <jo.vanbulck@...kuleuven.be>
Subject: [PATCH v4 0/1]  x86/pti: Fix kernel warnings for pti= and nopti cmdline options.

Hi,

This is the fourth iteration of a patch to improve the cmdline option parsing
for PTI. This reverts largely back to the first iteration and cleans up the
code to remove any attempts at backwards compatible behavior for clearly
conflicting options when users erroneously combine pti= nopti and
mitigations=off as per Dave's suggestions [1].

[1] https://lore.kernel.org/all/b9bbb279-fa8f-0784-900f-114ce186cbb3@intel.com/

Behavior
--------

For reference, behavior with this patch is now as follows in case of any
conflicting options.

1. Latest in order of nopti pti= takes priority:

KERNEL_CMDLINE="nopti pti=on"
[    0.021779] Kernel/User page tables isolation: enabled
Mitigation: PTI

KERNEL_CMDLINE="pti=on nopti"
[    0.010289] Kernel/User page tables isolation: disabled on command line.
Vulnerable

2. Passing mitigations=off will unconditionally disable PTI:

KERNEL_CMDLINE="mitigations=off pti=on"
[    0.008331] Kernel/User page tables isolation: disabled on command line.
Vulnerable

KERNEL_CMDLINE="pti=on mitigations=off"
[    0.008495] Kernel/User page tables isolation: disabled on command line.
Vulnerable

Changelog
---------

v4
  - Add whitespace (Sohil)
  - Remove goto (Sohil)

v3
  - Revert backwards compatibility ugliness for conflicting options (Dave)

v2
  - Split pti=off and mitigations=off checks (Sohil)
  - Ensure backwards compatibility for conflicting options (Sohil)

Best,
Jo

Jo Van Bulck (1):
  x86/pti: Fix kernel warnings for pti= and nopti cmdline options

 arch/x86/mm/pti.c | 58 +++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 29 deletions(-)

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ