Commit 3c7b7b49 authored by Borislav Petkov's avatar Borislav Petkov Committed by Kleber Sacilotto de Souza

x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling

Concentrate it in arch/x86/mm/kaiser.c and use the upstream string "nopti".
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2017-5754
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent c05397ac
...@@ -2531,7 +2531,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. ...@@ -2531,7 +2531,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
nojitter [IA-64] Disables jitter checking for ITC timers. nojitter [IA-64] Disables jitter checking for ITC timers.
nokaiser [X86-64] Disable KAISER isolation of kernel from user. nopti [X86-64] Disable KAISER isolation of kernel from user.
no-kvmclock [X86,KVM] Disable paravirtualized KVM clock driver no-kvmclock [X86,KVM] Disable paravirtualized KVM clock driver
......
...@@ -180,20 +180,6 @@ static int __init x86_sep_setup(char *s) ...@@ -180,20 +180,6 @@ static int __init x86_sep_setup(char *s)
} }
__setup("nosep", x86_sep_setup); __setup("nosep", x86_sep_setup);
static int __init x86_nokaiser_setup(char *s)
{
/* nokaiser doesn't accept parameters */
if (s)
return -EINVAL;
#ifdef CONFIG_KAISER
kaiser_enabled = 0;
setup_clear_cpu_cap(X86_FEATURE_KAISER);
pr_info("nokaiser: KAISER feature disabled\n");
#endif
return 0;
}
early_param("nokaiser", x86_nokaiser_setup);
/* Standard macro to see if a specific flag is changeable */ /* Standard macro to see if a specific flag is changeable */
static inline int flag_is_changeable_p(u32 flag) static inline int flag_is_changeable_p(u32 flag)
{ {
...@@ -730,10 +716,6 @@ void get_cpu_cap(struct cpuinfo_x86 *c) ...@@ -730,10 +716,6 @@ void get_cpu_cap(struct cpuinfo_x86 *c)
c->x86_power = cpuid_edx(0x80000007); c->x86_power = cpuid_edx(0x80000007);
init_scattered_cpuid_features(c); init_scattered_cpuid_features(c);
#ifdef CONFIG_KAISER
if (kaiser_enabled)
set_cpu_cap(c, X86_FEATURE_KAISER);
#endif
} }
static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
......
...@@ -275,8 +275,13 @@ void __init kaiser_init(void) ...@@ -275,8 +275,13 @@ void __init kaiser_init(void)
{ {
int cpu; int cpu;
if (!kaiser_enabled) if (!kaiser_enabled) {
setup_clear_cpu_cap(X86_FEATURE_KAISER);
return; return;
}
setup_force_cpu_cap(X86_FEATURE_KAISER);
kaiser_init_all_pgds(); kaiser_init_all_pgds();
for_each_possible_cpu(cpu) { for_each_possible_cpu(cpu) {
...@@ -419,3 +424,16 @@ void kaiser_flush_tlb_on_return_to_user(void) ...@@ -419,3 +424,16 @@ void kaiser_flush_tlb_on_return_to_user(void)
X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET); X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
} }
EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user); EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
static int __init x86_nokaiser_setup(char *s)
{
/* nopti doesn't accept parameters */
if (s)
return -EINVAL;
kaiser_enabled = 0;
pr_info("Kernel/User page tables isolation: disabled\n");
return 0;
}
early_param("nopti", x86_nokaiser_setup);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment