Commit 39624872 authored by Borislav Petkov's avatar Borislav Petkov Committed by Kleber Sacilotto de Souza

x86/kaiser: Check boottime cmdline params

AMD (and possibly other vendors) are not affected by the leak
KAISER is protecting against.

Keep the "nopti" for traditional reasons and add pti=<on|off|auto>
like upstream.
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2017-5754
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 93bcea14
...@@ -3062,6 +3062,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted. ...@@ -3062,6 +3062,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
pt. [PARIDE] pt. [PARIDE]
See Documentation/blockdev/paride.txt. See Documentation/blockdev/paride.txt.
pti= [X86_64]
Control KAISER user/kernel address space isolation:
on - enable
off - disable
auto - default setting
pty.legacy_count= pty.legacy_count=
[KNL] Number of legacy pty's. Overwrites compiled-in [KNL] Number of legacy pty's. Overwrites compiled-in
default number. default number.
......
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
#include <asm/pgtable.h> #include <asm/pgtable.h>
#include <asm/pgalloc.h> #include <asm/pgalloc.h>
#include <asm/desc.h> #include <asm/desc.h>
#include <asm/cmdline.h>
int kaiser_enabled __read_mostly = 1; int kaiser_enabled __read_mostly = 1;
EXPORT_SYMBOL(kaiser_enabled); /* for inlined TLB flush functions */ EXPORT_SYMBOL(kaiser_enabled); /* for inlined TLB flush functions */
...@@ -264,6 +265,43 @@ static void __init kaiser_init_all_pgds(void) ...@@ -264,6 +265,43 @@ static void __init kaiser_init_all_pgds(void)
WARN_ON(__ret); \ WARN_ON(__ret); \
} while (0) } while (0)
void __init kaiser_check_boottime_disable(void)
{
bool enable = true;
char arg[5];
int ret;
ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg));
if (ret > 0) {
if (!strncmp(arg, "on", 2))
goto enable;
if (!strncmp(arg, "off", 3))
goto disable;
if (!strncmp(arg, "auto", 4))
goto skip;
}
if (cmdline_find_option_bool(boot_command_line, "nopti"))
goto disable;
skip:
if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
goto disable;
enable:
if (enable)
setup_force_cpu_cap(X86_FEATURE_KAISER);
return;
disable:
pr_info("Kernel/User page tables isolation: disabled\n");
kaiser_enabled = 0;
setup_clear_cpu_cap(X86_FEATURE_KAISER);
}
/* /*
* If anything in here fails, we will likely die on one of the * If anything in here fails, we will likely die on one of the
* first kernel->user transitions and init will die. But, we * first kernel->user transitions and init will die. But, we
...@@ -275,12 +313,10 @@ void __init kaiser_init(void) ...@@ -275,12 +313,10 @@ void __init kaiser_init(void)
{ {
int cpu; int cpu;
if (!kaiser_enabled) { kaiser_check_boottime_disable();
setup_clear_cpu_cap(X86_FEATURE_KAISER);
return;
}
setup_force_cpu_cap(X86_FEATURE_KAISER); if (!kaiser_enabled)
return;
kaiser_init_all_pgds(); kaiser_init_all_pgds();
...@@ -424,16 +460,3 @@ void kaiser_flush_tlb_on_return_to_user(void) ...@@ -424,16 +460,3 @@ void kaiser_flush_tlb_on_return_to_user(void)
X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET); X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
} }
EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user); EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
static int __init x86_nokaiser_setup(char *s)
{
/* nopti doesn't accept parameters */
if (s)
return -EINVAL;
kaiser_enabled = 0;
pr_info("Kernel/User page tables isolation: disabled\n");
return 0;
}
early_param("nopti", x86_nokaiser_setup);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment