[PATCH v2 0/2] arm64: align KPTI interface with x86

[PATCH v2 0/2] arm64: align KPTI interface with x86

[Mark Langsdorf]

ARM64 supports KPTI, but support isn't documented and KPTI can be enabled
or disabled silently. Also, x86_64 supports the nopti kernel parameter,
but ARM64 doesn't.

Add the nopti argument, update the documentation so that ARM64 as well
as x86 supports nopti, add documentation for the existing kpti parameter,
and revise how kpti is logged.

--Mark Langsdorf

Changes from v1:
- Two patches dealing with debugfs dropped as x86 doesn't have this capability
- Documentation changed so that the existing kpti argument is documented,
  instead of a pti argument similar to what x86 uses but arm64 does not.
- when logging kpti status, made it clear when status is set by default

[PATCH v2 1/2] arm64: capabilities: add nopti command line argument

[Mark Langsdorf]

The x86 kernel and the documentation use 'nopti' as the kernel command
line argument to disable kernel page table isolation, so add nopti to
the arm64 kernel for compatibility.

Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
---
 Documentation/admin-guide/kernel-parameters.txt | 19 +++++++++++++++----
 arch/arm64/kernel/cpufeature.c                  | 11 ++++++++++-
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index f2040d4..cf0c728 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3342,8 +3342,8 @@
 	pt.		[PARIDE]
 			See Documentation/blockdev/paride.txt.
 
-	pti=		[X86_64] Control Page Table Isolation of user and
-			kernel address spaces.  Disabling this feature
+	pti=		[X86_64] Control Page Table Isolation of user
+			and kernel address spaces.  Disabling this feature
 			removes hardening, but improves performance of
 			system calls and interrupts.
 
@@ -3354,8 +3354,19 @@
 
 			Not specifying this option is equivalent to pti=auto.
 
-	nopti		[X86_64]
-			Equivalent to pti=off
+        kpti=           [ARM64] Control Page Table Isolation of user
+                        and kernel address spaces.  Disabling this feature
+                        removes hardening, but improves performance of
+                        system calls and interrupts.
+
+                        on   - unconditionally enable
+                        off  - unconditionally disable
+
+                        Not specifying this option will enable kpti on all
+			systems that support it.
+
+	nopti		[X86_64, ARM64]
+			Equivalent to pti=off on X86_64 or kpti=off on ARM64
 
 	pty.legacy_count=
 			[KNL] Number of legacy pty's. Overwrites compiled-in
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 9d1b06d..7c5d8712 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -934,10 +934,19 @@ static int __init parse_kpti(char *str)
 	if (ret)
 		return ret;
 
-	__kpti_forced = enabled ? 1 : -1;
+	if (!__kpti_forced)
+		__kpti_forced = enabled ? 1 : -1;
 	return 0;
 }
 __setup("kpti=", parse_kpti);
+
+/* for compatibility with documentation and x86 nopti command line arg */
+static int __init force_nokpti(char *arg)
+{
+	__kpti_forced = -1;
+	return 0;
+}
+early_param("nopti", force_nokpti);
 #endif	/* CONFIG_UNMAP_KERNEL_AT_EL0 */
 
 #ifdef CONFIG_ARM64_HW_AFDBM
-- 
2.9.5

[PATCH v2 2/2] arm64: cpufeature: always log KPTI setting on boot

[Mark Langsdorf]

Always log KPTI setting at boot time, whether or not KPTI was forced
by a kernel parameter.

Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
---
 arch/arm64/kernel/cpufeature.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 7c5d8712..2bfbbe4 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -860,6 +860,7 @@ static bool has_cache_dic(const struct arm64_cpu_capabilities *entry,
 
 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
+static bool __pti_enabled;
 
 static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
 				int scope)
@@ -884,21 +885,26 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
 
 	/* Forced? */
 	if (__kpti_forced) {
+		__pti_enabled = __kpti_forced > 0;
 		pr_info_once("kernel page table isolation forced %s by %s\n",
-			     __kpti_forced > 0 ? "ON" : "OFF", str);
-		return __kpti_forced > 0;
-	}
-
-	/* Useful for KASLR robustness */
-	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
-		return true;
+			     __pti_enabled ? "ON" : "OFF", str);
+	} else {
+		str = "default";
+		/* Useful for KASLR robustness */
+		if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
+			__pti_enabled = true;
+		/* Don't force KPTI for CPUs that are not vulnerable */
+		else if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list))
+			__pti_enabled = false;
+		/* Defer to CPU feature registers */
+		else
+			__pti_enabled = !has_cpuid_feature(entry, scope);
 
-	/* Don't force KPTI for CPUs that are not vulnerable */
-	if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list))
-		return false;
+		pr_info_once("kernel page table isolation %s by %s\n",
+			    __pti_enabled ? "ON" : "OFF", str);
+	}
 
-	/* Defer to CPU feature registers */
-	return !has_cpuid_feature(entry, scope);
+	return __pti_enabled;
 }
 
 static void
-- 
2.9.5