Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2724812ybt; Mon, 22 Jun 2020 05:36:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzsRnRFwgWBfEP/76kCIrCEyKM+Hu5U5Lb1wPxqLrX/jFSEeYtRe9aMeYA1p+6bH/4YAiHm X-Received: by 2002:aa7:c80d:: with SMTP id a13mr7024075edt.327.1592829416525; Mon, 22 Jun 2020 05:36:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592829416; cv=none; d=google.com; s=arc-20160816; b=QOdJGCVYogc4CZ6Td8RdBCfz5bkaCIGMlRujDWtZmjbexWlp8TtHc09pXFoc5rQBGc yYCXwwwgl1plum8wv6/ROhaONeTBHQDD2BuUPnkRsr/wUy4CGinZUyC0PCm0wWE2TcZM 2pqiLkDMdRJkYvR7WUm5H9aQnqXXgxRz6YoczT6xe8evbG43Uf0PWjEb+kp8nhS5i9Mw e0TvNWwOBL+kOuL5l7uFJ08FAc8p9a3TylZkbwKjRS8bYLpLL+S5WwnKDnaVmo1m0QCj IR6VCxA14LAsKJbFZXGnZuL7dueu0+LdrkRHjErulbvAJZLbbqtgd0gO5pZROH8jgNCN 2wXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=gimebYsf835I9yoSH6kwFtwfKbdxBXQZyMWI14qlrtw=; b=qU2lywtYelLi4wDBfeszFhkRLAkw/ScfplgjnH2Wg9ZMFui5zSm2jBHHkwjUSGTKvo kh/BKVE3C9sFmpE7me3FSTjYQmb+bqepwrOFur+jwLqn4tmOJdusOnFR22cqbIkWDO9D 3JpTaIatx+425I2t0PCH/ojwBMTD4RB7eCtqTZwmUNhdw3vTHY2Sau3i3Oo0ja2QeSqA viE7eoUtanU46UkoecX3QwPyHuETAqQLJnwSnCk8/nTPHez1a4c5JNg72jMHRDcjdZeA ma0TkTyJV8XUKcjVyLaIJOMJowiPJO2DsCuVzgUMvCUc7M4soYhbn895Sl+si/9vAOMu E0Fw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h12si9019655edz.575.2020.06.22.05.36.33; Mon, 22 Jun 2020 05:36:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728167AbgFVMc1 (ORCPT + 99 others); Mon, 22 Jun 2020 08:32:27 -0400 Received: from foss.arm.com ([217.140.110.172]:50688 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728044AbgFVMc0 (ORCPT ); Mon, 22 Jun 2020 08:32:26 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 657271F1; Mon, 22 Jun 2020 05:32:25 -0700 (PDT) Received: from e107158-lin.cambridge.arm.com (e107158-lin.cambridge.arm.com [10.1.195.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id EF82F3F71E; Mon, 22 Jun 2020 05:32:23 -0700 (PDT) Date: Mon, 22 Jun 2020 13:32:21 +0100 From: Qais Yousef To: Pranith Kumar Cc: James Morris , "Serge E. Hallyn" , Thomas Gleixner , Peter Zijlstra , Ingo Molnar , Paolo Bonzini , Arnd Bergmann , Tyler Hicks , open list , "open list:SECURITY SUBSYSTEM" Subject: Re: [RFC PATCH] security: Add a config option to disable security mitigations Message-ID: <20200622123220.5qdykbd3rtjfsjkq@e107158-lin.cambridge.arm.com> References: <20200618010755.4179-1-bobby.prani@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200618010755.4179-1-bobby.prani@gmail.com> User-Agent: NeoMutt/20171215 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/17/20 18:07, Pranith Kumar wrote: > Instead of having to pass 'mitigations=off' on the kernel command line, > add a config option that has a similar effect. > > Adding this makes it easier to disable mitigations in scenarios where > you cannot modify the command line or are unable to pass a command line > while booting. Better wait to hear from others too, but I think if you want a config, then it better support all possible variations of the option too, not just the 'off' one. > > Signed-off-by: Pranith Kumar > --- > kernel/cpu.c | 2 +- > security/Kconfig | 8 ++++++++ > 2 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/kernel/cpu.c b/kernel/cpu.c > index 6ff2578ecf17..584eb39585d6 100644 > --- a/kernel/cpu.c > +++ b/kernel/cpu.c > @@ -2542,7 +2542,7 @@ early_param("mitigations", mitigations_parse_cmdline); > /* mitigations=off */ > bool cpu_mitigations_off(void) > { > - return cpu_mitigations == CPU_MITIGATIONS_OFF; > + return cpu_mitigations == CPU_MITIGATIONS_OFF || IS_ENABLED(CONFIG_DISABLE_MITIGATIONS); > } So if cmdline asked for this to be auto, but the config is compiled with off then the config always wins according to this. This conflict makes me think this is probably going to be a bad idea because 2 points of control would create a confusion of which one should be honored. You can set the cmdline in the config too, have you tried this? On arm64, I can add additional cmdline paramter in the config Boot options --> Default kernel command string On x86 I found this too Processor type and features --> Built-in kernel command line Beside that, you can always use kexec to boot a new kernel with extra cmdline option The command I used in the past (from memory, so worth double checking) kexec --command-line "$(cat /proc/cmdline) migrations=off" -f Image > EXPORT_SYMBOL_GPL(cpu_mitigations_off); > > diff --git a/security/Kconfig b/security/Kconfig > index cd3cc7da3a55..90b8e9c89a6d 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -65,6 +65,14 @@ config PAGE_TABLE_ISOLATION > > See Documentation/x86/pti.rst for more details. > > +config DISABLE_MITIGATIONS > + bool "Disable kernel security mitigations" > + default n No need for default n in general as it is the default anyway :) HTH. Thanks -- Qais Yousef