| Message ID | 20180524190932.32118-2-mlangsdo@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi Mark, On 24/05/18 20:09, Mark Langsdorf wrote: > The x86 kernel and the documentation use 'nopti' as the kernel command > line argument to disable kernel page table isolation, so add nopti to > the arm64 kernel for compatibility. > > Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com> > --- > Documentation/admin-guide/kernel-parameters.txt | 6 +++--- > arch/arm64/kernel/cpufeature.c | 11 ++++++++++- > 2 files changed, 13 insertions(+), 4 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index f2040d4..a987725 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -3342,8 +3342,8 @@ > pt. [PARIDE] > See Documentation/blockdev/paride.txt. > > - pti= [X86_64] Control Page Table Isolation of user and > - kernel address spaces. Disabling this feature > + pti= [X86_64, ARM64] Control Page Table Isolation of user > + and kernel address spaces. Disabling this feature > removes hardening, but improves performance of > system calls and interrupts. ... > > @@ -3354,7 +3354,7 @@ > > Not specifying this option is equivalent to pti=auto. > > - nopti [X86_64] > + nopti [X86_64, ARM64] > Equivalent to pti=off > > pty.legacy_count= > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > index 9d1b06d..7c5d8712 100644 > --- a/arch/arm64/kernel/cpufeature.c > +++ b/arch/arm64/kernel/cpufeature.c > @@ -934,10 +934,19 @@ static int __init parse_kpti(char *str) > if (ret) > return ret; > > - __kpti_forced = enabled ? 1 : -1; > + if (!__kpti_forced) > + __kpti_forced = enabled ? 1 : -1; > return 0; > } > __setup("kpti=", parse_kpti); The arm64 kernel parameter is named "kpti", while the Documentation update above says "pti". We may want to keep both in sync here. > + > +/* for compatibility with documentation and x86 nopti command line arg */ > +static int __init force_nokpti(char *arg) > +{ > + __kpti_forced = -1; > + return 0; > +} > +early_param("nopti", force_nokpti); > #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ > > #ifdef CONFIG_ARM64_HW_AFDBM > Suzuki
On 05/30/2018 03:59 AM, Suzuki K Poulose wrote: > > > Hi Mark, > > On 24/05/18 20:09, Mark Langsdorf wrote: >> The x86 kernel and the documentation use 'nopti' as the kernel command >> line argument to disable kernel page table isolation, so add nopti to >> the arm64 kernel for compatibility. >> >> Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com> >> --- >> Documentation/admin-guide/kernel-parameters.txt | 6 +++--- >> arch/arm64/kernel/cpufeature.c | 11 ++++++++++- >> 2 files changed, 13 insertions(+), 4 deletions(-) >> >> diff --git a/Documentation/admin-guide/kernel-parameters.txt >> b/Documentation/admin-guide/kernel-parameters.txt >> index f2040d4..a987725 100644 >> --- a/Documentation/admin-guide/kernel-parameters.txt >> +++ b/Documentation/admin-guide/kernel-parameters.txt >> @@ -3342,8 +3342,8 @@ >> pt. [PARIDE] >> See Documentation/blockdev/paride.txt. >> - pti= [X86_64] Control Page Table Isolation of user and >> - kernel address spaces. Disabling this feature >> + pti= [X86_64, ARM64] Control Page Table Isolation of user >> + and kernel address spaces. Disabling this feature >> removes hardening, but improves performance of >> system calls and interrupts. > > ... > >> @@ -3354,7 +3354,7 @@ >> Not specifying this option is equivalent to pti=auto. >> - nopti [X86_64] >> + nopti [X86_64, ARM64] >> Equivalent to pti=off >> pty.legacy_count= >> diff --git a/arch/arm64/kernel/cpufeature.c >> b/arch/arm64/kernel/cpufeature.c >> index 9d1b06d..7c5d8712 100644 >> --- a/arch/arm64/kernel/cpufeature.c >> +++ b/arch/arm64/kernel/cpufeature.c >> @@ -934,10 +934,19 @@ static int __init parse_kpti(char *str) >> if (ret) >> return ret; >> - __kpti_forced = enabled ? 1 : -1; >> + if (!__kpti_forced) >> + __kpti_forced = enabled ? 1 : -1; >> return 0; >> } >> __setup("kpti=", parse_kpti); > > The arm64 kernel parameter is named "kpti", while the Documentation > update above says "pti". We may want to keep both in sync here. Good point. I think I will add a new kpti entry for ARM64 in kernel-parameters. Then the docs match the code, instead of trying to match the code to the docs. --Mark Langsdorf
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index f2040d4..a987725 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -3342,8 +3342,8 @@ pt. [PARIDE] See Documentation/blockdev/paride.txt. - pti= [X86_64] Control Page Table Isolation of user and - kernel address spaces. Disabling this feature + pti= [X86_64, ARM64] Control Page Table Isolation of user + and kernel address spaces. Disabling this feature removes hardening, but improves performance of system calls and interrupts. @@ -3354,7 +3354,7 @@ Not specifying this option is equivalent to pti=auto. - nopti [X86_64] + nopti [X86_64, ARM64] Equivalent to pti=off pty.legacy_count= diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 9d1b06d..7c5d8712 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -934,10 +934,19 @@ static int __init parse_kpti(char *str) if (ret) return ret; - __kpti_forced = enabled ? 1 : -1; + if (!__kpti_forced) + __kpti_forced = enabled ? 1 : -1; return 0; } __setup("kpti=", parse_kpti); + +/* for compatibility with documentation and x86 nopti command line arg */ +static int __init force_nokpti(char *arg) +{ + __kpti_forced = -1; + return 0; +} +early_param("nopti", force_nokpti); #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ #ifdef CONFIG_ARM64_HW_AFDBM
The x86 kernel and the documentation use 'nopti' as the kernel command line argument to disable kernel page table isolation, so add nopti to the arm64 kernel for compatibility. Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com> --- Documentation/admin-guide/kernel-parameters.txt | 6 +++--- arch/arm64/kernel/cpufeature.c | 11 ++++++++++- 2 files changed, 13 insertions(+), 4 deletions(-)