diff mbox series

[v4,01/12] Documentation: Document arm64 kpti control

Message ID 20190125180711.1970973-2-jeremy.linton@arm.com
State Accepted
Commit de19055564c8f8f9d366f8db3395836da0b2176c
Headers show
Series arm64: add system vulnerability sysfs entries | expand

Commit Message

Jeremy Linton Jan. 25, 2019, 6:07 p.m. UTC
For a while Arm64 has been capable of force enabling
or disabling the kpti mitigations. Lets make sure the
documentation reflects that.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

Cc: Jonathan Corbet <corbet@lwn.net>
Cc: linux-doc@vger.kernel.org
---
 Documentation/admin-guide/kernel-parameters.txt | 6 ++++++
 1 file changed, 6 insertions(+)

-- 
2.17.2

Comments

Andre Przywara Jan. 30, 2019, 6:02 p.m. UTC | #1
On Fri, 25 Jan 2019 12:07:00 -0600
Jeremy Linton <jeremy.linton@arm.com> wrote:

Hi,

> For a while Arm64 has been capable of force enabling

> or disabling the kpti mitigations. Lets make sure the

> documentation reflects that.

> 

> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

> Cc: Jonathan Corbet <corbet@lwn.net>

> Cc: linux-doc@vger.kernel.org

> ---

>  Documentation/admin-guide/kernel-parameters.txt | 6 ++++++

>  1 file changed, 6 insertions(+)

> 

> diff --git a/Documentation/admin-guide/kernel-parameters.txt

> b/Documentation/admin-guide/kernel-parameters.txt index

> b799bcf67d7b..9475f02c79da 100644 ---

> a/Documentation/admin-guide/kernel-parameters.txt +++

> b/Documentation/admin-guide/kernel-parameters.txt @@ -1982,6 +1982,12

> @@ Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,

>  			the default is off.

>  

> +	kpti=		[ARM64] Control page table isolation of

> user

> +			and kernel address spaces.

> +			Default: enabled on cores which need

> mitigation.


Would this be a good place to mention that we enable it when
CONFIG_RANDOMIZE_BASE is enabled and we have a valid kaslr_offset? I
found this somewhat surprising, also it's unrelated to the
vulnerability.

Cheers,
Andre

> +			0: force disabled

> +			1: force enabled

> +

>  	kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled

> MSRs. Default is 0 (don't ignore, but inject #GP)

>
Andre Przywara Jan. 31, 2019, 5:58 p.m. UTC | #2
On Fri, 25 Jan 2019 12:07:00 -0600
Jeremy Linton <jeremy.linton@arm.com> wrote:

> For a while Arm64 has been capable of force enabling

> or disabling the kpti mitigations. Lets make sure the

> documentation reflects that.

> 

> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

> Cc: Jonathan Corbet <corbet@lwn.net>

> Cc: linux-doc@vger.kernel.org


Reviewed-by: Andre Przywara <andre.przywara@arm.com>


Cheers,
Andre.

> ---

>  Documentation/admin-guide/kernel-parameters.txt | 6 ++++++

>  1 file changed, 6 insertions(+)

> 

> diff --git a/Documentation/admin-guide/kernel-parameters.txt

> b/Documentation/admin-guide/kernel-parameters.txt

> index b799bcf67d7b..9475f02c79da 100644

> --- a/Documentation/admin-guide/kernel-parameters.txt

> +++ b/Documentation/admin-guide/kernel-parameters.txt

> @@ -1982,6 +1982,12 @@

>  			Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,

>  			the default is off.

>  

> +	kpti=		[ARM64] Control page table isolation of user

> +			and kernel address spaces.

> +			Default: enabled on cores which need mitigation.

> +			0: force disabled

> +			1: force enabled

> +

>  	kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled MSRs.

>   			Default is 0 (don't ignore, but inject #GP)

>
Jeremy Linton Feb. 6, 2019, 7:24 p.m. UTC | #3
Hi,


I just realized I replied to this off-list.

On 01/30/2019 12:02 PM, Andre Przywara wrote:
> On Fri, 25 Jan 2019 12:07:00 -0600

> Jeremy Linton <jeremy.linton@arm.com> wrote:

> 

> Hi,

> 

>> For a while Arm64 has been capable of force enabling

>> or disabling the kpti mitigations. Lets make sure the

>> documentation reflects that.

>>

>> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

>> Cc: Jonathan Corbet <corbet@lwn.net>

>> Cc: linux-doc@vger.kernel.org

>> ---

>>   Documentation/admin-guide/kernel-parameters.txt | 6 ++++++

>>   1 file changed, 6 insertions(+)

>>

>> diff --git a/Documentation/admin-guide/kernel-parameters.txt

>> b/Documentation/admin-guide/kernel-parameters.txt index

>> b799bcf67d7b..9475f02c79da 100644 ---

>> a/Documentation/admin-guide/kernel-parameters.txt +++

>> b/Documentation/admin-guide/kernel-parameters.txt @@ -1982,6 +1982,12

>> @@ Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,

>>   			the default is off.

>>   

>> +	kpti=		[ARM64] Control page table isolation of

>> user

>> +			and kernel address spaces.

>> +			Default: enabled on cores which need

>> mitigation.

> 

> Would this be a good place to mention that we enable it when

> CONFIG_RANDOMIZE_BASE is enabled and we have a valid kaslr_offset? I

> found this somewhat surprising, also it's unrelated to the

> vulnerability.


Maybe, but I tend to think since this command line forces it on/off 
regardless of RANDOMIZE_BASE, that a better place to mention that 
RANDOMIZE_BASE forces kpti on is the Kconfig option.

BTW: Thanks for reviewing this.


> 

> Cheers,

> Andre

> 

>> +			0: force disabled

>> +			1: force enabled

>> +

>>   	kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled

>> MSRs. Default is 0 (don't ignore, but inject #GP)

>>   

>
Andre Przywara Feb. 6, 2019, 9:06 p.m. UTC | #4
On 06/02/2019 19:24, Jeremy Linton wrote:
> Hi,

> 

> 

> I just realized I replied to this off-list.

> 

> On 01/30/2019 12:02 PM, Andre Przywara wrote:

>> On Fri, 25 Jan 2019 12:07:00 -0600

>> Jeremy Linton <jeremy.linton@arm.com> wrote:

>>

>> Hi,

>>

>>> For a while Arm64 has been capable of force enabling

>>> or disabling the kpti mitigations. Lets make sure the

>>> documentation reflects that.

>>>

>>> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

>>> Cc: Jonathan Corbet <corbet@lwn.net>

>>> Cc: linux-doc@vger.kernel.org

>>> ---

>>>   Documentation/admin-guide/kernel-parameters.txt | 6 ++++++

>>>   1 file changed, 6 insertions(+)

>>>

>>> diff --git a/Documentation/admin-guide/kernel-parameters.txt

>>> b/Documentation/admin-guide/kernel-parameters.txt index

>>> b799bcf67d7b..9475f02c79da 100644 ---

>>> a/Documentation/admin-guide/kernel-parameters.txt +++

>>> b/Documentation/admin-guide/kernel-parameters.txt @@ -1982,6 +1982,12

>>> @@ Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,

>>>               the default is off.

>>>   +    kpti=        [ARM64] Control page table isolation of

>>> user

>>> +            and kernel address spaces.

>>> +            Default: enabled on cores which need

>>> mitigation.

>>

>> Would this be a good place to mention that we enable it when

>> CONFIG_RANDOMIZE_BASE is enabled and we have a valid kaslr_offset? I

>> found this somewhat surprising, also it's unrelated to the

>> vulnerability.

> 

> Maybe, but I tend to think since this command line forces it on/off

> regardless of RANDOMIZE_BASE, that a better place to mention that

> RANDOMIZE_BASE forces kpti on is the Kconfig option.


True, kpti= takes precedence, in both ways. Disregard my comment then,
this is indeed not the right place to mention RANDOMIZE_BASE.

Cheers,
Andre.

> 

> BTW: Thanks for reviewing this.

> 

> 

>>

>> Cheers,

>> Andre

>>

>>> +            0: force disabled

>>> +            1: force enabled

>>> +

>>>       kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled

>>> MSRs. Default is 0 (don't ignore, but inject #GP)

>>>   

>>

>
Jonathan Corbet Feb. 7, 2019, 12:25 a.m. UTC | #5
On Fri, 25 Jan 2019 12:07:00 -0600
Jeremy Linton <jeremy.linton@arm.com> wrote:

> For a while Arm64 has been capable of force enabling

> or disabling the kpti mitigations. Lets make sure the

> documentation reflects that.

> 

> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

> Cc: Jonathan Corbet <corbet@lwn.net>

> Cc: linux-doc@vger.kernel.org


I've applied this, thanks.

jon
diff mbox series

Patch

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index b799bcf67d7b..9475f02c79da 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1982,6 +1982,12 @@ 
 			Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,
 			the default is off.
 
+	kpti=		[ARM64] Control page table isolation of user
+			and kernel address spaces.
+			Default: enabled on cores which need mitigation.
+			0: force disabled
+			1: force enabled
+
 	kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled MSRs.
 			Default is 0 (don't ignore, but inject #GP)