Thread (9 messages) 9 messages, 3 authors, 2018-05-31
STALE2926d
Revisions (2)
  1. v1 [diff vs current]
  2. v1 current

[PATCH 4/4] arm64: cpufeature: always log KPTI setting on boot

From: Laura Abbott <hidden>
Date: 2018-05-29 21:12:56 

On 05/24/2018 12:09 PM, Mark Langsdorf wrote:
quoted hunk ↗ jump to hunk
Always log KPTI setting at boot time, whether or not KPTI was forced
by a kernel parameter.

Signed-off-by: Mark Langsdorf <redacted>
---
  arch/arm64/kernel/cpufeature.c | 22 +++++++++++++---------
  1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 697a6ef..e50bf3c 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -889,16 +889,20 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
  		__pti_enabled = __kpti_forced > 0;
  		pr_info_once("kernel page table isolation forced %s by %s\n",
  			     __pti_enabled ? "ON" : "OFF", str);
+	} else {
+		/* Useful for KASLR robustness */
+		if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
+			__pti_enabled = true;
+		/* Don't force KPTI for CPUs that are not vulnerable */
+		else if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list))
+			__pti_enabled = false;
+		/* Defer to CPU feature registers */
+		else
+			__pti_enabled = !has_cpuid_feature(entry, scope);
+
+		pr_info_once("kernel page table isolation %s by %s\n",
+			    __pti_enabled ? "ON" : "OFF", str);
I think this needs an update for the default logged, otherwise it
incorrectly states it was set by command line:

# dmesg | grep isolation
[    0.000000] CPU features: kernel page table isolation ON by command line option
[    0.000000] CPU features: detected: Kernel page table isolation (KPTI)
# cat /proc/cmdline
nokaslr slub_debug=- console=ttyAMA0 debug_pagealloc=on earlycon=pl011,0x9000000

  	}
-	/* Useful for KASLR robustness */
-	else if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
-		__pti_enabled = true;
-	/* Don't force KPTI for CPUs that are not vulnerable */
-	else if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list))
-		__pti_enabled = false;
-	/* Defer to CPU feature registers */
-	else
-		__pti_enabled = !has_cpuid_feature(entry, scope);
  
  	return __pti_enabled;
  }
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help