[v4,01/12] Documentation: Document arm64 kpti control

Message ID	20190125180711.1970973-2-jeremy.linton@arm.com
State	Accepted
Commit	de19055564c8f8f9d366f8db3395836da0b2176c
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; From: Jeremy Linton <jeremy.linton@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton <jeremy.linton@arm.com>, Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org Subject: [PATCH v4 01/12] Documentation: Document arm64 kpti control Date: Fri, 25 Jan 2019 12:07:00 -0600 Message-Id: <20190125180711.1970973-2-jeremy.linton@arm.com> In-Reply-To: <20190125180711.1970973-1-jeremy.linton@arm.com> References: <20190125180711.1970973-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk
Series	arm64: add system vulnerability sysfs entries \| expand [v4,00/12] arm64: add system vulnerability sysfs entries [v4,01/12] Documentation: Document arm64 kpti control [v4,02/12] arm64: Provide a command line to disable spectre_v2 mitigation [v4,03/12] arm64: Remove the ability to build a kernel without ssbd [v4,04/12] arm64: remove the ability to build a kernel without hardened branch predictors [v4,05/12] arm64: remove the ability to build a kernel without kpti [v4,06/12] arm64: add sysfs vulnerability show for spectre v1 [v4,07/12] arm64: add sysfs vulnerability show for meltdown [v4,08/12] arm64: Advertise mitigation of Spectre-v2, or lack thereof [v4,09/12] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 [v4,10/12] arm64: add sysfs vulnerability show for spectre v2 [v4,11/12] arm64: add sysfs vulnerability show for speculative store bypass [v4,12/12] arm64: enable generic CPU vulnerabilites support

Jeremy Linton Jan. 25, 2019, 6:07 p.m. UTC

For a while Arm64 has been capable of force enabling
or disabling the kpti mitigations. Lets make sure the
documentation reflects that.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

Cc: Jonathan Corbet <corbet@lwn.net>
Cc: linux-doc@vger.kernel.org
---
 Documentation/admin-guide/kernel-parameters.txt | 6 ++++++
 1 file changed, 6 insertions(+)

-- 
2.17.2

Andre Przywara Jan. 30, 2019, 6:02 p.m. UTC | #1

On Fri, 25 Jan 2019 12:07:00 -0600
Jeremy Linton <jeremy.linton@arm.com> wrote:

Hi,

> For a while Arm64 has been capable of force enabling

> or disabling the kpti mitigations. Lets make sure the

> documentation reflects that.

> 

> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

> Cc: Jonathan Corbet <corbet@lwn.net>

> Cc: linux-doc@vger.kernel.org

> ---

>  Documentation/admin-guide/kernel-parameters.txt | 6 ++++++

>  1 file changed, 6 insertions(+)

> 

> diff --git a/Documentation/admin-guide/kernel-parameters.txt

> b/Documentation/admin-guide/kernel-parameters.txt index

> b799bcf67d7b..9475f02c79da 100644 ---

> a/Documentation/admin-guide/kernel-parameters.txt +++

> b/Documentation/admin-guide/kernel-parameters.txt @@ -1982,6 +1982,12

> @@ Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,

>  			the default is off.

>  

> +	kpti=		[ARM64] Control page table isolation of

> user

> +			and kernel address spaces.

> +			Default: enabled on cores which need

> mitigation.


Would this be a good place to mention that we enable it when
CONFIG_RANDOMIZE_BASE is enabled and we have a valid kaslr_offset? I
found this somewhat surprising, also it's unrelated to the
vulnerability.

Cheers,
Andre

> +			0: force disabled

> +			1: force enabled

> +

>  	kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled

> MSRs. Default is 0 (don't ignore, but inject #GP)

>

Andre Przywara Jan. 31, 2019, 5:58 p.m. UTC | #2

On Fri, 25 Jan 2019 12:07:00 -0600
Jeremy Linton <jeremy.linton@arm.com> wrote:

> For a while Arm64 has been capable of force enabling

> or disabling the kpti mitigations. Lets make sure the

> documentation reflects that.

> 

> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

> Cc: Jonathan Corbet <corbet@lwn.net>

> Cc: linux-doc@vger.kernel.org


Reviewed-by: Andre Przywara <andre.przywara@arm.com>


Cheers,
Andre.

> ---

>  Documentation/admin-guide/kernel-parameters.txt | 6 ++++++

>  1 file changed, 6 insertions(+)

> 

> diff --git a/Documentation/admin-guide/kernel-parameters.txt

> b/Documentation/admin-guide/kernel-parameters.txt

> index b799bcf67d7b..9475f02c79da 100644

> --- a/Documentation/admin-guide/kernel-parameters.txt

> +++ b/Documentation/admin-guide/kernel-parameters.txt

> @@ -1982,6 +1982,12 @@

>  			Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,

>  			the default is off.

>  

> +	kpti=		[ARM64] Control page table isolation of user

> +			and kernel address spaces.

> +			Default: enabled on cores which need mitigation.

> +			0: force disabled

> +			1: force enabled

> +

>  	kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled MSRs.

>   			Default is 0 (don't ignore, but inject #GP)

>

Jeremy Linton Feb. 6, 2019, 7:24 p.m. UTC | #3

Hi,


I just realized I replied to this off-list.

On 01/30/2019 12:02 PM, Andre Przywara wrote:
> On Fri, 25 Jan 2019 12:07:00 -0600

> Jeremy Linton <jeremy.linton@arm.com> wrote:

> 

> Hi,

> 

>> For a while Arm64 has been capable of force enabling

>> or disabling the kpti mitigations. Lets make sure the

>> documentation reflects that.

>>

>> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

>> Cc: Jonathan Corbet <corbet@lwn.net>

>> Cc: linux-doc@vger.kernel.org

>> ---

>>   Documentation/admin-guide/kernel-parameters.txt | 6 ++++++

>>   1 file changed, 6 insertions(+)

>>

>> diff --git a/Documentation/admin-guide/kernel-parameters.txt

>> b/Documentation/admin-guide/kernel-parameters.txt index

>> b799bcf67d7b..9475f02c79da 100644 ---

>> a/Documentation/admin-guide/kernel-parameters.txt +++

>> b/Documentation/admin-guide/kernel-parameters.txt @@ -1982,6 +1982,12

>> @@ Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,

>>   			the default is off.

>>   

>> +	kpti=		[ARM64] Control page table isolation of

>> user

>> +			and kernel address spaces.

>> +			Default: enabled on cores which need

>> mitigation.

> 

> Would this be a good place to mention that we enable it when

> CONFIG_RANDOMIZE_BASE is enabled and we have a valid kaslr_offset? I

> found this somewhat surprising, also it's unrelated to the

> vulnerability.


Maybe, but I tend to think since this command line forces it on/off 
regardless of RANDOMIZE_BASE, that a better place to mention that 
RANDOMIZE_BASE forces kpti on is the Kconfig option.

BTW: Thanks for reviewing this.


> 

> Cheers,

> Andre

> 

>> +			0: force disabled

>> +			1: force enabled

>> +

>>   	kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled

>> MSRs. Default is 0 (don't ignore, but inject #GP)

>>   

>

Andre Przywara Feb. 6, 2019, 9:06 p.m. UTC | #4

On 06/02/2019 19:24, Jeremy Linton wrote:
> Hi,

> 

> 

> I just realized I replied to this off-list.

> 

> On 01/30/2019 12:02 PM, Andre Przywara wrote:

>> On Fri, 25 Jan 2019 12:07:00 -0600

>> Jeremy Linton <jeremy.linton@arm.com> wrote:

>>

>> Hi,

>>

>>> For a while Arm64 has been capable of force enabling

>>> or disabling the kpti mitigations. Lets make sure the

>>> documentation reflects that.

>>>

>>> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

>>> Cc: Jonathan Corbet <corbet@lwn.net>

>>> Cc: linux-doc@vger.kernel.org

>>> ---

>>>   Documentation/admin-guide/kernel-parameters.txt | 6 ++++++

>>>   1 file changed, 6 insertions(+)

>>>

>>> diff --git a/Documentation/admin-guide/kernel-parameters.txt

>>> b/Documentation/admin-guide/kernel-parameters.txt index

>>> b799bcf67d7b..9475f02c79da 100644 ---

>>> a/Documentation/admin-guide/kernel-parameters.txt +++

>>> b/Documentation/admin-guide/kernel-parameters.txt @@ -1982,6 +1982,12

>>> @@ Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,

>>>               the default is off.

>>>   +    kpti=        [ARM64] Control page table isolation of

>>> user

>>> +            and kernel address spaces.

>>> +            Default: enabled on cores which need

>>> mitigation.

>>

>> Would this be a good place to mention that we enable it when

>> CONFIG_RANDOMIZE_BASE is enabled and we have a valid kaslr_offset? I

>> found this somewhat surprising, also it's unrelated to the

>> vulnerability.

> 

> Maybe, but I tend to think since this command line forces it on/off

> regardless of RANDOMIZE_BASE, that a better place to mention that

> RANDOMIZE_BASE forces kpti on is the Kconfig option.


True, kpti= takes precedence, in both ways. Disregard my comment then,
this is indeed not the right place to mention RANDOMIZE_BASE.

Cheers,
Andre.

> 

> BTW: Thanks for reviewing this.

> 

> 

>>

>> Cheers,

>> Andre

>>

>>> +            0: force disabled

>>> +            1: force enabled

>>> +

>>>       kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled

>>> MSRs. Default is 0 (don't ignore, but inject #GP)

>>>   

>>

>

Jonathan Corbet Feb. 7, 2019, 12:25 a.m. UTC | #5

On Fri, 25 Jan 2019 12:07:00 -0600
Jeremy Linton <jeremy.linton@arm.com> wrote:

> For a while Arm64 has been capable of force enabling

> or disabling the kpti mitigations. Lets make sure the

> documentation reflects that.

> 

> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

> Cc: Jonathan Corbet <corbet@lwn.net>

> Cc: linux-doc@vger.kernel.org


I've applied this, thanks.

jon

[v4,01/12] Documentation: Document arm64 kpti control

Commit Message

Comments

Patch