| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250221005345.2156760-17-riel@surriel.com>
Date: Thu, 20 Feb 2025 19:53:15 -0500
From: Rik van Riel <riel@...riel.com>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org,
bp@...en8.de,
peterz@...radead.org,
dave.hansen@...ux.intel.com,
zhengqi.arch@...edance.com,
nadav.amit@...il.com,
thomas.lendacky@....com,
kernel-team@...a.com,
linux-mm@...ck.org,
akpm@...ux-foundation.org,
jackmanb@...gle.com,
jannh@...gle.com,
mhklinux@...look.com,
andrew.cooper3@...rix.com,
Manali.Shukla@....com,
Rik van Riel <riel@...riel.com>
Subject: [PATCH v12 16/16] x86/mm: add noinvlpgb commandline option
Add a "noinvlpgb" commandline option to disable AMD
broadcast TLB flushing at boot time.
Also fix up the "nopcid" boot option to automatically
disable INVLPGB functionality, which relies on processes
to run on globally allocated PCIDs.
Signed-off-by: Rik van Riel <riel@...riel.com>
Suggested-by: Brendan Jackman <jackmanb@...gle.com>
---
.../admin-guide/kernel-parameters.txt | 3 ++
arch/x86/kernel/cpu/common.c | 28 +++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index fb8752b42ec8..91260e1949fb 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4182,6 +4182,8 @@
nomodule Disable module load
+ noinvlpgb [X86-64,EARLY] Disable the INVLPGB cpu feature.
+
nonmi_ipi [X86] Disable using NMI IPIs during panic/reboot to
shutdown the other cpus. Instead use the REBOOT_VECTOR
irq.
@@ -4190,6 +4192,7 @@
pagetables) support.
nopcid [X86-64,EARLY] Disable the PCID cpu feature.
+ This also disables INVLPGB, which relies on PCID.
nopku [X86] Disable Memory Protection Keys CPU feature found
in some Intel CPUs.
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 742bdb0c4846..b1ead1136d5c 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -245,6 +245,33 @@ DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
} };
EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
+#ifdef CONFIG_X86_BROADCAST_TLB_FLUSH
+static void disable_invlpgb(void)
+{
+ /* do not emit a message if the feature is not present */
+ if (!boot_cpu_has(X86_FEATURE_INVLPGB))
+ return;
+
+ setup_clear_cpu_cap(X86_FEATURE_INVLPGB);
+ pr_info("INVLPGB feature disabled\n");
+}
+
+static int __init x86_noinvlpgb_setup(char *s)
+{
+ /* noinvlpgb doesn't accept parameters */
+ if (s)
+ return -EINVAL;
+
+ disable_invlpgb();
+ return 0;
+}
+early_param("noinvlpgb", x86_noinvlpgb_setup);
+#else
+static void disable_invlpgb(void)
+{
+}
+#endif
+
#ifdef CONFIG_X86_64
static int __init x86_nopcid_setup(char *s)
{
@@ -258,6 +285,7 @@ static int __init x86_nopcid_setup(char *s)
setup_clear_cpu_cap(X86_FEATURE_PCID);
pr_info("nopcid: PCID feature disabled\n");
+ disable_invlpgb();
return 0;
}
early_param("nopcid", x86_nopcid_setup);
--
2.47.1
Powered by blists - more mailing lists