From: Sean Christopherson <seanjc@google.com>
To: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, Alexander Potapenko <glider@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
"H. Peter Anvin" <hpa@zytor.com>,
kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com
Subject: Re: [PATCH 3/3] x86/kasan: Populate shadow for shared chunk of the CPU entry area
Date: Wed, 9 Nov 2022 18:14:45 +0000 [thread overview]
Message-ID: <Y2vuFY6NOuX7moeT@google.com> (raw)
In-Reply-To: <06debc96-ea5d-df61-3d2e-0d1d723e55b7@gmail.com>
On Tue, Nov 08, 2022, Andrey Ryabinin wrote:
>
> On 11/4/22 21:32, Sean Christopherson wrote:
> > @@ -409,6 +410,15 @@ void __init kasan_init(void)
> > kasan_mem_to_shadow((void *)VMALLOC_END + 1),
> > (void *)shadow_cea_begin);
> >
> > + /*
> > + * Populate the shadow for the shared portion of the CPU entry area.
> > + * Shadows for the per-CPU areas are mapped on-demand, as each CPU's
> > + * area is randomly placed somewhere in the 512GiB range and mapping
> > + * the entire 512GiB range is prohibitively expensive.
> > + */
> > + kasan_populate_shadow(shadow_cea_begin,
> > + shadow_cea_per_cpu_begin, 0);
> > +
>
> I think we can extend the kasan_populate_early_shadow() call above up to
> shadow_cea_per_cpu_begin point, instead of this.
> populate_early_shadow() maps single RO zeroed page. No one should write to the shadow for IDT.
> KASAN only needs writable shadow for linear mapping/stacks/vmalloc/global variables.
Any objection to simply converting this to use kasan_populate_early_shadow(),
i.e. to keeping a separate "populate" call for the CPU entry area? Purely so
that it's more obvious that a small portion of the overall CPU entry area is
mapped during init.
prev parent reply other threads:[~2022-11-09 18:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-04 18:32 [PATCH 0/3] x86/kasan: Populate shadow for read-only IDT mapping Sean Christopherson
2022-11-04 18:32 ` [PATCH 1/3] x86/kasan: Rename local CPU_ENTRY_AREA variables to shorten names Sean Christopherson
2022-11-04 18:32 ` [PATCH 2/3] x86/kasan: Add helpers to align shadow addresses up and down Sean Christopherson
2022-11-04 18:32 ` [PATCH 3/3] x86/kasan: Populate shadow for shared chunk of the CPU entry area Sean Christopherson
2022-11-08 19:55 ` Andrey Ryabinin
2022-11-08 20:03 ` Sean Christopherson
2022-11-08 20:32 ` Andrey Ryabinin
2022-11-09 18:14 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y2vuFY6NOuX7moeT@google.com \
--to=seanjc@google.com \
--cc=andreyknvl@gmail.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=ryabinin.a.a@gmail.com \
--cc=syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com \
--cc=tglx@linutronix.de \
--cc=vincenzo.frascino@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.