From: Brendan Jackman <jackmanb@google.com>
To: jackmanb@google.com, Andy Lutomirski <luto@kernel.org>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>,
Johannes Weiner <hannes@cmpxchg.org>, Zi Yan <ziy@nvidia.com>,
Axel Rasmussen <axelrasmussen@google.com>,
Yuanchu Xie <yuanchu@google.com>,
Roman Gushchin <roman.gushchin@linux.dev>
Cc: peterz@infradead.org, bp@alien8.de, dave.hansen@linux.intel.com,
mingo@redhat.com, tglx@linutronix.de, akpm@linux-foundation.org,
david@redhat.com, derkling@google.com, junaids@google.com,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
reijiw@google.com, rientjes@google.com, rppt@kernel.org,
vbabka@suse.cz, x86@kernel.org,
Yosry Ahmed <yosry.ahmed@linux.dev>
Subject: [PATCH 02/21] x86/mm/asi: add X86_FEATURE_ASI and asi=
Date: Wed, 24 Sep 2025 14:59:37 +0000 [thread overview]
Message-ID: <20250924-b4-asi-page-alloc-v1-2-2d861768041f@google.com> (raw)
In-Reply-To: <20250924-b4-asi-page-alloc-v1-0-2d861768041f@google.com>
Add a CPU feature to enable ASI, and a command-line flag to enable that
feature. At present, the feature doesn't do anything, but adding it
early helps to avoid unnecessary code churn later.
The cmdline arg will eventually need an "auto" behaviour, but since this
would be equivalent to "off", don't define it yet. Just define what's
necessary to be able to test the code.
Co-developed-by: Junaid Shahid <junaids@google.com>
Signed-off-by: Junaid Shahid <junaids@google.com>
Co-developed-by: Yosry Ahmed <yosryahmed@google.com>
Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
Signed-off-by: Brendan Jackman <jackmanb@google.com>
---
Documentation/admin-guide/kernel-parameters.txt | 8 +++++++
arch/x86/include/asm/asi.h | 10 +++++++++
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/mm/Makefile | 1 +
arch/x86/mm/asi.c | 28 +++++++++++++++++++++++++
arch/x86/mm/init.c | 3 +++
include/linux/asi.h | 5 +++++
7 files changed, 56 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 6c42061ca20e581b5192b66c6f25aba38d4f8ff8..9b8330fc1fe31721af39b08b58b729ced78ba803 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5324,6 +5324,14 @@
Not specifying this option is equivalent to pti=auto.
+ asi= [X86-64] Control Address Space Isolation (ASI), a
+ technology for mitigating CPU vulnerabilities. ASI is
+ not yet ready to provide security guarantees but can be
+ enabled for evaluation.
+
+ on - unconditionally enable
+ off - unconditionally disable
+
pty.legacy_count=
[KNL] Number of legacy pty's. Overwrites compiled-in
default number.
diff --git a/arch/x86/include/asm/asi.h b/arch/x86/include/asm/asi.h
index 53acdf22fe33efc6ccedbae52b262a904868459a..32a4c04c4be0f6f425c7cbcff4c58f1827a4b4c4 100644
--- a/arch/x86/include/asm/asi.h
+++ b/arch/x86/include/asm/asi.h
@@ -2,4 +2,14 @@
#ifndef _ASM_X86_ASI_H
#define _ASM_X86_ASI_H
+#include <asm/cpufeature.h>
+
+void asi_check_boottime_disable(void);
+
+/* Helper for generic code. Arch code just uses cpu_feature_enabled(). */
+static inline bool asi_enabled_static(void)
+{
+ return cpu_feature_enabled(X86_FEATURE_ASI);
+}
+
#endif /* _ASM_X86_ASI_H */
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 4091a776e37aaed67ca93b0a0cd23cc25dbc33d4..3eee24a4cabf3b2131c34596236d8bc8eec05b3b 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -499,6 +499,7 @@
#define X86_FEATURE_IBPB_EXIT_TO_USER (21*32+14) /* Use IBPB on exit-to-userspace, see VMSCAPE bug */
#define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */
#define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */
+#define X86_FEATURE_ASI (21*32+17) /* Kernel Address Space Isolation */
/*
* BUG word(s)
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index 5b9908f13dcfd092897f3778ee56ea4d45bdb868..5ecbff70964f61a903ac96cec3736a7cec1221fd 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -52,6 +52,7 @@ obj-$(CONFIG_ACPI_NUMA) += srat.o
obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
obj-$(CONFIG_MITIGATION_PAGE_TABLE_ISOLATION) += pti.o
+obj-$(CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION) += asi.o
obj-$(CONFIG_X86_MEM_ENCRYPT) += mem_encrypt.o
obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_amd.o
diff --git a/arch/x86/mm/asi.c b/arch/x86/mm/asi.c
new file mode 100644
index 0000000000000000000000000000000000000000..8c907f3c84f43f66e412ecbfa99e67390d31a66f
--- /dev/null
+++ b/arch/x86/mm/asi.c
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <linux/asi.h>
+#include <linux/init.h>
+#include <linux/string.h>
+
+#include <asm/cmdline.h>
+#include <asm/cpufeature.h>
+
+void __init asi_check_boottime_disable(void)
+{
+ bool enabled = false;
+ char arg[4];
+ int ret;
+
+ ret = cmdline_find_option(boot_command_line, "asi", arg, sizeof(arg));
+ if (ret == 3 && !strncmp(arg, "off", 3)) {
+ enabled = false;
+ pr_info("ASI explicitly disabled by kernel cmdline.\n");
+ } else if (ret == 2 && !strncmp(arg, "on", 2)) {
+ enabled = true;
+ pr_info("ASI enabled.\n");
+ } else if (ret) {
+ pr_err("Unknown asi= flag '%s', try 'off' or 'on'\n", arg);
+ }
+
+ if (enabled)
+ setup_force_cpu_cap(X86_FEATURE_ASI);
+}
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 8bf6ad4b9400e7a04e9dc4e341e20a4a67ddb7ab..b877a41fc291284eb271ebe764a52730d51da3fc 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <linux/asi.h>
#include <linux/gfp.h>
#include <linux/initrd.h>
#include <linux/ioport.h>
@@ -761,6 +763,7 @@ void __init init_mem_mapping(void)
unsigned long end;
pti_check_boottime_disable();
+ asi_check_boottime_disable();
probe_page_size_mask();
setup_pcid();
diff --git a/include/linux/asi.h b/include/linux/asi.h
index ef640c8e79369a9ada2881067f0c1d78093293f7..1832feb1b14d63f05bbfa3f87dd07753338ed70b 100644
--- a/include/linux/asi.h
+++ b/include/linux/asi.h
@@ -6,5 +6,10 @@
#include <asm/asi.h>
#else
+#include <linux/types.h>
+
+static inline void asi_check_boottime_disable(void) { }
+static inline bool asi_enabled_static(void) { return false; }
+
#endif /* CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION */
#endif /* _INCLUDE_ASI_H */
--
2.50.1
next prev parent reply other threads:[~2025-09-24 15:00 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-24 14:59 [PATCH 00/21] mm: ASI direct map management Brendan Jackman
2025-09-24 14:59 ` [PATCH 01/21] x86/mm/asi: Add CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION Brendan Jackman
2025-10-24 22:37 ` Borislav Petkov
2025-10-24 23:32 ` Brendan Jackman
2025-10-25 9:57 ` Borislav Petkov
2025-09-24 14:59 ` Brendan Jackman [this message]
2025-10-25 10:06 ` [PATCH 02/21] x86/mm/asi: add X86_FEATURE_ASI and asi= Borislav Petkov
2025-10-26 22:24 ` Brendan Jackman
2025-11-10 11:26 ` Borislav Petkov
2025-11-10 12:15 ` Brendan Jackman
2025-09-24 14:59 ` [PATCH 03/21] x86/mm: factor out phys_pgd_init() Brendan Jackman
2025-09-27 19:29 ` kernel test robot
2025-10-01 12:26 ` Brendan Jackman
2025-10-25 11:48 ` Borislav Petkov
2025-10-26 22:29 ` Brendan Jackman
2025-11-10 11:38 ` Borislav Petkov
2025-11-10 12:36 ` Brendan Jackman
2025-09-24 14:59 ` [PATCH 04/21] x86/mm/asi: set up asi_nonsensitive_pgd Brendan Jackman
2025-10-01 20:28 ` Dave Hansen
2025-10-02 14:05 ` Brendan Jackman
2025-10-02 16:14 ` Dave Hansen
2025-10-02 17:19 ` Brendan Jackman
2025-11-12 19:39 ` Dave Hansen
2025-11-11 14:55 ` Borislav Petkov
2025-11-11 17:53 ` Brendan Jackman
2025-09-24 14:59 ` [PATCH 05/21] x86/mm/pat: mirror direct map changes to ASI Brendan Jackman
2025-09-25 13:36 ` kernel test robot
2025-10-01 20:50 ` Dave Hansen
2025-10-02 14:31 ` Brendan Jackman
2025-10-02 16:40 ` Dave Hansen
2025-10-02 17:08 ` Brendan Jackman
2025-09-24 14:59 ` [PATCH 06/21] mm/page_alloc: add __GFP_SENSITIVE and always set it Brendan Jackman
2025-10-01 21:18 ` Dave Hansen
2025-10-02 14:34 ` Brendan Jackman
2025-09-24 14:59 ` [PATCH 07/21] mm: introduce for_each_free_list() Brendan Jackman
2025-09-24 14:59 ` [PATCH 08/21] mm: rejig pageblock mask definitions Brendan Jackman
2025-09-24 14:59 ` [PATCH 09/21] mm/page_alloc: Invert is_check_pages_enabled() check Brendan Jackman
2025-09-24 14:59 ` [PATCH 10/21] mm/page_alloc: remove ifdefs from pindex helpers Brendan Jackman
2025-09-24 14:59 ` [PATCH 11/21] mm: introduce freetype_t Brendan Jackman
2025-09-25 13:15 ` kernel test robot
2025-10-01 21:20 ` Dave Hansen
2025-10-02 14:39 ` Brendan Jackman
2025-09-24 14:59 ` [PATCH 12/21] mm/asi: encode sensitivity in freetypes and pageblocks Brendan Jackman
2025-09-24 14:59 ` [PATCH 13/21] mm/page_alloc_test: unit test pindex helpers Brendan Jackman
2025-09-25 13:36 ` kernel test robot
2025-09-24 14:59 ` [PATCH 14/21] x86/mm/pat: introduce cpa_fault option Brendan Jackman
2025-09-24 14:59 ` [PATCH 15/21] mm/page_alloc: rename ALLOC_NON_BLOCK back to _HARDER Brendan Jackman
2025-09-24 14:59 ` [PATCH 16/21] mm/page_alloc: introduce ALLOC_NOBLOCK Brendan Jackman
2025-09-24 14:59 ` [PATCH 17/21] mm/slub: defer application of gfp_allowed_mask Brendan Jackman
2025-09-24 14:59 ` [PATCH 18/21] mm/asi: support changing pageblock sensitivity Brendan Jackman
2025-09-24 14:59 ` [PATCH 19/21] mm/asi: bad_page() when ASI mappings are wrong Brendan Jackman
2025-09-24 14:59 ` [PATCH 20/21] x86/mm/asi: don't use global pages when ASI enabled Brendan Jackman
2025-09-24 14:59 ` [PATCH 21/21] mm: asi_test: smoke test for [non]sensitive page allocs Brendan Jackman
2025-09-25 17:51 ` [PATCH 00/21] mm: ASI direct map management Brendan Jackman
2025-09-30 19:51 ` Konrad Rzeszutek Wilk
2025-10-01 7:12 ` Brendan Jackman
2025-10-01 19:54 ` Dave Hansen
2025-10-01 20:22 ` Yosry Ahmed
2025-10-01 20:30 ` Dave Hansen
2025-10-02 11:05 ` Brendan Jackman
2025-10-01 20:59 ` Dave Hansen
2025-10-02 7:34 ` David Hildenbrand
2025-10-02 11:23 ` Brendan Jackman
2025-10-02 17:01 ` Dave Hansen
2025-10-02 19:19 ` Brendan Jackman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250924-b4-asi-page-alloc-v1-2-2d861768041f@google.com \
--to=jackmanb@google.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=axelrasmussen@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=derkling@google.com \
--cc=hannes@cmpxchg.org \
--cc=junaids@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=luto@kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=reijiw@google.com \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=rppt@kernel.org \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
--cc=yosry.ahmed@linux.dev \
--cc=yuanchu@google.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox