Commit 8b727881 authored by Jiri Kosina's avatar Jiri Kosina Committed by Kleber Sacilotto de Souza

kaiser: disabled on Xen PV

Kaiser cannot be used on paravirtualized MMUs (namely reading and writing CR3).
This does not work with KAISER as the CR3 switch from and to user space PGD
would require to map the whole XEN_PV machinery into both.

More importantly, enabling KAISER on Xen PV doesn't make too much sense, as PV
guests use distinct %cr3 values for kernel and user already.
Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2017-5754
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 40d95299
...@@ -264,6 +264,9 @@ void __init kaiser_check_boottime_disable(void) ...@@ -264,6 +264,9 @@ void __init kaiser_check_boottime_disable(void)
char arg[5]; char arg[5];
int ret; int ret;
if (boot_cpu_has(X86_FEATURE_XENPV))
goto silent_disable;
ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg)); ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg));
if (ret > 0) { if (ret > 0) {
if (!strncmp(arg, "on", 2)) if (!strncmp(arg, "on", 2))
...@@ -291,6 +294,8 @@ void __init kaiser_check_boottime_disable(void) ...@@ -291,6 +294,8 @@ void __init kaiser_check_boottime_disable(void)
disable: disable:
pr_info("Kernel/User page tables isolation: disabled\n"); pr_info("Kernel/User page tables isolation: disabled\n");
silent_disable:
kaiser_enabled = 0; kaiser_enabled = 0;
setup_clear_cpu_cap(X86_FEATURE_KAISER); setup_clear_cpu_cap(X86_FEATURE_KAISER);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment