Re: [PATCH v4 01/12] Documentation: Document arm64 kpti control

From: AndrÃ Przywara
Date: Wed Feb 06 2019 - 16:08:24 EST

Next message: Neil Horman: "Re: [PATCH net] sctp: make sctp_setsockopt_events() less strict about the option length"
Previous message: Marcelo Ricardo Leitner: "Re: [PATCH net] sctp: make sctp_setsockopt_events() less strict about the option length"
In reply to: Jeremy Linton: "Re: [PATCH v4 01/12] Documentation: Document arm64 kpti control"
Next in thread: Jonathan Corbet: "Re: [PATCH v4 01/12] Documentation: Document arm64 kpti control"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06/02/2019 19:24, Jeremy Linton wrote:
> Hi,
>
>
> I just realized I replied to this off-list.
>
> On 01/30/2019 12:02 PM, Andre Przywara wrote:
>> On Fri, 25 Jan 2019 12:07:00 -0600
>> Jeremy Linton <jeremy.linton@xxxxxxx> wrote:
>>
>> Hi,
>>
>>> For a while Arm64 has been capable of force enabling
>>> or disabling the kpti mitigations. Lets make sure the
>>> documentation reflects that.
>>>
>>> Signed-off-by: Jeremy Linton <jeremy.linton@xxxxxxx>
>>> Cc: Jonathan Corbet <corbet@xxxxxxx>
>>> Cc: linux-doc@xxxxxxxxxxxxxxx
>>> ---
>>> Â Documentation/admin-guide/kernel-parameters.txt | 6 ++++++
>>> Â 1 file changed, 6 insertions(+)
>>>
>>> diff --git a/Documentation/admin-guide/kernel-parameters.txt
>>> b/Documentation/admin-guide/kernel-parameters.txt index
>>> b799bcf67d7b..9475f02c79da 100644 ---
>>> a/Documentation/admin-guide/kernel-parameters.txt +++
>>> b/Documentation/admin-guide/kernel-parameters.txt @@ -1982,6 +1982,12
>>> @@ Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,
>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂ the default is off.
>>> Â +ÂÂÂ kpti=ÂÂÂÂÂÂÂ [ARM64] Control page table isolation of
>>> user
>>> +ÂÂÂÂÂÂÂÂÂÂÂ and kernel address spaces.
>>> +ÂÂÂÂÂÂÂÂÂÂÂ Default: enabled on cores which need
>>> mitigation.
>>
>> Would this be a good place to mention that we enable it when
>> CONFIG_RANDOMIZE_BASE is enabled and we have a valid kaslr_offset? I
>> found this somewhat surprising, also it's unrelated to the
>> vulnerability.
>
> Maybe, but I tend to think since this command line forces it on/off
> regardless of RANDOMIZE_BASE, that a better place to mention that
> RANDOMIZE_BASE forces kpti on is the Kconfig option.

True, kpti= takes precedence, in both ways. Disregard my comment then,
this is indeed not the right place to mention RANDOMIZE_BASE.

Cheers,
Andre.

>
> BTW: Thanks for reviewing this.
>
>
>>
>> Cheers,
>> Andre
>>
>>> +ÂÂÂÂÂÂÂÂÂÂÂ 0: force disabled
>>> +ÂÂÂÂÂÂÂÂÂÂÂ 1: force enabled
>>> +
>>> ÂÂÂÂÂ kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled
>>> MSRs. Default is 0 (don't ignore, but inject #GP)
>>> Â
>>
>

Next message: Neil Horman: "Re: [PATCH net] sctp: make sctp_setsockopt_events() less strict about the option length"
Previous message: Marcelo Ricardo Leitner: "Re: [PATCH net] sctp: make sctp_setsockopt_events() less strict about the option length"
In reply to: Jeremy Linton: "Re: [PATCH v4 01/12] Documentation: Document arm64 kpti control"
Next in thread: Jonathan Corbet: "Re: [PATCH v4 01/12] Documentation: Document arm64 kpti control"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]