diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0029-x86-kaiser-Check-boottime-cmdline-params.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0029-x86-kaiser-Check-boottime-cmdline-params.patch | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0029-x86-kaiser-Check-boottime-cmdline-params.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0029-x86-kaiser-Check-boottime-cmdline-params.patch new file mode 100644 index 00000000..cedcf69a --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0029-x86-kaiser-Check-boottime-cmdline-params.patch @@ -0,0 +1,127 @@ +From 8db17e2fa98e810bbc4f63d4e502caceaf942373 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov <bp@suse.de> +Date: Tue, 2 Jan 2018 14:19:48 +0100 +Subject: [PATCH 029/102] x86/kaiser: Check boottime cmdline params + +AMD (and possibly other vendors) are not affected by the leak +KAISER is protecting against. + +Keep the "nopti" for traditional reasons and add pti=<on|off|auto> +like upstream. + +Signed-off-by: Borislav Petkov <bp@suse.de> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + Documentation/kernel-parameters.txt | 6 ++++ + arch/x86/mm/kaiser.c | 59 ++++++++++++++++++++++++++----------- + 2 files changed, 47 insertions(+), 18 deletions(-) + +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index f5a95f77..9f04c53 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -3317,6 +3317,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + pt. [PARIDE] + See Documentation/blockdev/paride.txt. + ++ pti= [X86_64] ++ Control KAISER user/kernel address space isolation: ++ on - enable ++ off - disable ++ auto - default setting ++ + pty.legacy_count= + [KNL] Number of legacy pty's. Overwrites compiled-in + default number. +diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c +index 87cae72..1840aa0 100644 +--- a/arch/x86/mm/kaiser.c ++++ b/arch/x86/mm/kaiser.c +@@ -15,6 +15,7 @@ + #include <asm/pgtable.h> + #include <asm/pgalloc.h> + #include <asm/desc.h> ++#include <asm/cmdline.h> + + int kaiser_enabled __read_mostly = 1; + EXPORT_SYMBOL(kaiser_enabled); /* for inlined TLB flush functions */ +@@ -263,6 +264,43 @@ static void __init kaiser_init_all_pgds(void) + WARN_ON(__ret); \ + } while (0) + ++void __init kaiser_check_boottime_disable(void) ++{ ++ bool enable = true; ++ char arg[5]; ++ int ret; ++ ++ ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg)); ++ if (ret > 0) { ++ if (!strncmp(arg, "on", 2)) ++ goto enable; ++ ++ if (!strncmp(arg, "off", 3)) ++ goto disable; ++ ++ if (!strncmp(arg, "auto", 4)) ++ goto skip; ++ } ++ ++ if (cmdline_find_option_bool(boot_command_line, "nopti")) ++ goto disable; ++ ++skip: ++ if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) ++ goto disable; ++ ++enable: ++ if (enable) ++ setup_force_cpu_cap(X86_FEATURE_KAISER); ++ ++ return; ++ ++disable: ++ pr_info("Kernel/User page tables isolation: disabled\n"); ++ kaiser_enabled = 0; ++ setup_clear_cpu_cap(X86_FEATURE_KAISER); ++} ++ + /* + * If anything in here fails, we will likely die on one of the + * first kernel->user transitions and init will die. But, we +@@ -274,12 +312,10 @@ void __init kaiser_init(void) + { + int cpu; + +- if (!kaiser_enabled) { +- setup_clear_cpu_cap(X86_FEATURE_KAISER); +- return; +- } ++ kaiser_check_boottime_disable(); + +- setup_force_cpu_cap(X86_FEATURE_KAISER); ++ if (!kaiser_enabled) ++ return; + + kaiser_init_all_pgds(); + +@@ -423,16 +459,3 @@ void kaiser_flush_tlb_on_return_to_user(void) + X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET); + } + EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user); +- +-static int __init x86_nokaiser_setup(char *s) +-{ +- /* nopti doesn't accept parameters */ +- if (s) +- return -EINVAL; +- +- kaiser_enabled = 0; +- pr_info("Kernel/User page tables isolation: disabled\n"); +- +- return 0; +-} +-early_param("nopti", x86_nokaiser_setup); +-- +2.7.4 + |