Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 41f4c20b57a4890ea7f56ff8717cc83fefb8d537 / . / arch / x86 / mm / pti.c
blob: a13f6b1098651a2777de81e403ae8e61350df66a [file] [log] [blame]
Thomas Gleixneraa8c6242017-12-04 15:07:36 +0100[diff] [blame]1/*
2 * Copyright(c) 2017 Intel Corporation. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of version 2 of the GNU General Public License as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
12 *
13 * This code is based in part on work published here:
14 *
15 * https://github.com/IAIK/KAISER
16 *
17 * The original work was written by and and signed off by for the Linux
18 * kernel by:
19 *
20 * Signed-off-by: Richard Fellner <richard.fellner@student.tugraz.at>
21 * Signed-off-by: Moritz Lipp <moritz.lipp@iaik.tugraz.at>
22 * Signed-off-by: Daniel Gruss <daniel.gruss@iaik.tugraz.at>
23 * Signed-off-by: Michael Schwarz <michael.schwarz@iaik.tugraz.at>
24 *
25 * Major changes to the original code by: Dave Hansen <dave.hansen@intel.com>
26 * Mostly rewritten by Thomas Gleixner <tglx@linutronix.de> and
27 * Andy Lutomirsky <luto@amacapital.net>
28 */
29#include <linux/kernel.h>
30#include <linux/errno.h>
31#include <linux/string.h>
32#include <linux/types.h>
33#include <linux/bug.h>
34#include <linux/init.h>
35#include <linux/spinlock.h>
36#include <linux/mm.h>
37#include <linux/uaccess.h>
38
39#include <asm/cpufeature.h>
40#include <asm/hypervisor.h>
41#include <asm/cmdline.h>
42#include <asm/pti.h>
43#include <asm/pgtable.h>
44#include <asm/pgalloc.h>
45#include <asm/tlbflush.h>
46#include <asm/desc.h>
47
48#undef pr_fmt
49#define pr_fmt(fmt) "Kernel/User page tables isolation: " fmt
50
51static void __init pti_print_if_insecure(const char *reason)
52{
53 if (boot_cpu_has_bug(X86_BUG_CPU_INSECURE))
54 pr_info("%s\n", reason);
55}
56
Borislav Petkov41f4c202017-12-12 14:39:52 +0100[diff] [blame^]57static void __init pti_print_if_secure(const char *reason)
58{
59 if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE))
60 pr_info("%s\n", reason);
61}
62
Thomas Gleixneraa8c6242017-12-04 15:07:36 +0100[diff] [blame]63void __init pti_check_boottime_disable(void)
64{
Borislav Petkov41f4c202017-12-12 14:39:52 +0100[diff] [blame^]65 char arg[5];
66 int ret;
67
Thomas Gleixneraa8c6242017-12-04 15:07:36 +0100[diff] [blame]68 if (hypervisor_is_type(X86_HYPER_XEN_PV)) {
69 pti_print_if_insecure("disabled on XEN PV.");
70 return;
71 }
72
Borislav Petkov41f4c202017-12-12 14:39:52 +0100[diff] [blame^]73 ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg));
74 if (ret > 0) {
75 if (ret == 3 && !strncmp(arg, "off", 3)) {
76 pti_print_if_insecure("disabled on command line.");
77 return;
78 }
79 if (ret == 2 && !strncmp(arg, "on", 2)) {
80 pti_print_if_secure("force enabled on command line.");
81 goto enable;
82 }
83 if (ret == 4 && !strncmp(arg, "auto", 4))
84 goto autosel;
85 }
86
Thomas Gleixneraa8c6242017-12-04 15:07:36 +0100[diff] [blame]87 if (cmdline_find_option_bool(boot_command_line, "nopti")) {
88 pti_print_if_insecure("disabled on command line.");
89 return;
90 }
91
Borislav Petkov41f4c202017-12-12 14:39:52 +0100[diff] [blame^]92autosel:
Thomas Gleixneraa8c6242017-12-04 15:07:36 +0100[diff] [blame]93 if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE))
94 return;
Borislav Petkov41f4c202017-12-12 14:39:52 +0100[diff] [blame^]95enable:
Thomas Gleixneraa8c6242017-12-04 15:07:36 +0100[diff] [blame]96 setup_force_cpu_cap(X86_FEATURE_PTI);
97}
98
99/*
100 * Initialize kernel page table isolation
101 */
102void __init pti_init(void)
103{
104 if (!static_cpu_has(X86_FEATURE_PTI))
105 return;
106
107 pr_info("enabled\n");
108}