[PATCH] x86/pti: Add pti= cmdline option and documentation

Tue, 12 Dec 2017 05:41:02 -0800 

From: Borislav Petkov <[email protected]>

Keep the "nopti" for traditional reasons.

Requested-by: Linus Torvalds <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Andy Lutomirsky <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: Greg KH <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: Brian Gerst <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: Boris Ostrovsky <[email protected]>
Cc: Juergen Gross <[email protected]>
Cc: David Laight <[email protected]>
Cc: Eduardo Valentin <[email protected]>
Cc: [email protected]
Cc: Will Deacon <[email protected]>
Cc: [email protected]
---
 Documentation/admin-guide/kernel-parameters.txt |  6 ++++++
 arch/x86/mm/pti.c                               | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt 
b/Documentation/admin-guide/kernel-parameters.txt
index 5dfd26265484..520fdec15bbb 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3255,6 +3255,12 @@
        pt.             [PARIDE]
                        See Documentation/blockdev/paride.txt.
 
+       pti=            [X86_64]
+                       Control user/kernel address space isolation:
+                       on - enable
+                       off - disable
+                       auto - default setting
+
        pty.legacy_count=
                        [KNL] Number of legacy pty's. Overwrites compiled-in
                        default number.
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index f48645d2f3fd..4afa16b444b2 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -51,15 +51,33 @@
 void __init pti_check_boottime_disable(void)
 {
        bool enable = true;
+       char arg[5];
+
+       if (cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg))) {
+               if (!strncmp(arg, "on", 2))
+                       goto enable;
+
+               if (!strncmp(arg, "off", 3)) {
+                       pr_info("disabled on command line.\n");
+                       return;
+               }
+
+               if (!strncmp(arg, "auto", 4))
+                       goto skip;
+       }
 
        if (cmdline_find_option_bool(boot_command_line, "nopti")) {
                pr_info("disabled on command line.\n");
                enable = false;
        }
+
+skip:
        if (hypervisor_is_type(X86_HYPER_XEN_PV)) {
                pr_info("disabled on XEN_PV.\n");
                enable = false;
        }
+
+enable:
        if (enable)
                setup_force_cpu_bug(X86_BUG_CPU_SECURE_MODE_PTI);
 }
-- 
2.13.0

Reply via email to