From: Dave Hansen <dave.hansen@intel.com>
To: David Woodhouse <dwmw2@infradead.org>,
Nathan Chancellor <nathan@kernel.org>
Cc: "Ning, Hongyu" <hongyu.ning@linux.intel.com>,
kexec@lists.infradead.org, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Kai Huang <kai.huang@intel.com>,
Nikolay Borisov <nik.borisov@suse.com>,
linux-kernel@vger.kernel.org, Simon Horman <horms@kernel.org>,
Dave Young <dyoung@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
jpoimboe@kernel.org, bsz@amazon.de
Subject: Re: [PATCH] x86/kexec: Only write through identity mapping of control page
Date: Thu, 12 Dec 2024 13:43:57 -0800 [thread overview]
Message-ID: <a14ff894-9268-4a62-87bd-3b2553e0bc01@intel.com> (raw)
In-Reply-To: <212CBB8E-CC94-4A56-8399-1419D8F2FA5C@infradead.org>
[-- Attachment #1: Type: text/plain, Size: 1489 bytes --]
On 12/12/24 13:32, David Woodhouse wrote:
> On 12 December 2024 21:18:10 GMT, Dave Hansen <dave.hansen@intel.com> wrote:
>> On 12/12/24 12:11, David Woodhouse wrote:
>>> From: David Woodhouse <dwmw@amazon.co.uk>
>>>
>>> The virtual mapping of the control page may have been _PAGE_GLOBAL and
>>> thus its PTE might not have been flushed on the %cr3 switch and
>>> it might effectively still be read-only. Move the writes to it
>>> down into the identity_mapped() function where the same
>>> %rip-relative addressing will get the new mapping.
>>>
>>> The stack is fine, as that's using the identity mapped address
>>> anyway.
>>
>> Shouldn't we also ensure that Global entries don't bite anyone
>> else? Something like the completely untested attached patch?
> Doesn't hurt, but this is an identity mapping so absolutely
> everything other than this one page is going to be in the low
> (positive) part of the canonical address space, so won't have had
> global pages in the first place will they?
Right, it's generally _not_ a problem. But it _can_ be a surprising
problem which is why we're all looking at it today. ;)
> Probably a kind thing to do for whatever we're passing control to
> though :)
>
> I'll round it up into the tree and send it out with the next batch of
> debug support. Care to give me a SoB for it? You can
> s/CR0_PGE/CR4_PGE/ too if you like but I can do that myself as well.
Here's a fixed one with a changelog and a SoB. Still 100% gloriously
untested though.
[-- Attachment #2: 0001-x86-mm-Ensure-Global-mappings-are-zapped-during-kexe.patch --]
[-- Type: text/x-patch, Size: 1472 bytes --]
From 3513c089e4d281fa932d2b3245443645c1c44c53 Mon Sep 17 00:00:00 2001
From: Dave Hansen <dave.hansen@linux.intel.com>
Date: Thu, 12 Dec 2024 13:35:14 -0800
Subject: [PATCH] x86/mm: Ensure Global mappings are zapped during kexec
The kernel switches to a new set of page tables during kexec. The
global mappings (_PAGE_GLOBAL==1) can remain in the TLB after this
switch. This is generally not a problem because the new page tables
use a different portion of the virtual address space than the normal
kernel mappings.
But there's no good reason to leave the old TLB entries around. They
can cause nothing but trouble. Clear "Page Global Enable"
(X86_CR4_PGE). This, along with the CR3 write ensures that there is
no trace of the old page tables in the TLB, even global entries.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
---
arch/x86/kernel/relocate_kernel_64.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
index e9e88c342f752..87fc788fa67b2 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
@@ -155,6 +155,8 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
*/
andl $(X86_CR4_PAE | X86_CR4_LA57), %r13d
ALTERNATIVE "", __stringify(orl $X86_CR4_MCE, %r13d), X86_FEATURE_TDX_GUEST
+ /* Invalidate Global entries from the TLB: */
+ andq $~(X86_CR4_PGE), %r13d
movq %r13, %cr4
/* Flush the TLB (needed?) */
--
2.34.1
next prev parent reply other threads:[~2024-12-12 21:44 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-05 15:05 [PATCH v5 00/20] x86/kexec: Add exception handling for relocate_kernel and further yak-shaving David Woodhouse
2024-12-05 15:05 ` [PATCH v5 01/20] x86/kexec: Restore GDT on return from preserve_context kexec David Woodhouse
2024-12-05 15:05 ` [PATCH v5 02/20] x86/kexec: Clean up and document register use in relocate_kernel_64.S David Woodhouse
2024-12-05 15:05 ` [PATCH v5 03/20] x86/kexec: Use named labels in swap_pages " David Woodhouse
2024-12-05 15:05 ` [PATCH v5 04/20] x86/kexec: Only swap pages for preserve_context mode David Woodhouse
2024-12-05 15:05 ` [PATCH v5 05/20] x86/kexec: Allocate PGD for x86_64 transition page tables separately David Woodhouse
2024-12-05 15:05 ` [PATCH v5 06/20] x86/kexec: Copy control page into place in machine_kexec_prepare() David Woodhouse
2024-12-05 15:05 ` [PATCH v5 07/20] x86/kexec: Invoke copy of relocate_kernel() instead of the original David Woodhouse
2024-12-14 23:08 ` Nathan Chancellor
2024-12-15 7:19 ` David Woodhouse
2024-12-15 10:09 ` David Woodhouse
2024-12-16 5:49 ` Nathan Chancellor
2024-12-16 8:13 ` David Woodhouse
2024-12-16 12:09 ` David Woodhouse
2024-12-17 12:03 ` David Woodhouse
2024-12-18 9:03 ` Josh Poimboeuf
2024-12-18 9:44 ` David Woodhouse
2024-12-18 21:23 ` Josh Poimboeuf
2024-12-18 22:27 ` David Woodhouse
2024-12-19 0:20 ` Josh Poimboeuf
2024-12-19 10:02 ` David Woodhouse
2024-12-19 22:28 ` Josh Poimboeuf
2024-12-05 15:05 ` [PATCH v5 08/20] x86/kexec: Move relocate_kernel to kernel .data section David Woodhouse
2024-12-05 15:05 ` [PATCH v5 09/20] x86/kexec: Add data section to relocate_kernel David Woodhouse
2024-12-05 15:05 ` [PATCH v5 10/20] x86/kexec: Drop page_list argument from relocate_kernel() David Woodhouse
2024-12-05 15:05 ` [PATCH v5 11/20] x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page David Woodhouse
2024-12-05 15:05 ` [PATCH v5 12/20] x86/kexec: Clean up register usage in relocate_kernel() David Woodhouse
2024-12-05 15:05 ` [PATCH v5 13/20] x86/kexec: Mark relocate_kernel page as ROX instead of RWX David Woodhouse
2024-12-12 1:44 ` Nathan Chancellor
2024-12-12 10:30 ` David Woodhouse
2024-12-12 15:04 ` Nathan Chancellor
2024-12-12 17:00 ` David Woodhouse
2024-12-12 17:42 ` Nathan Chancellor
2024-12-12 19:31 ` David Woodhouse
2024-12-12 20:11 ` [PATCH] x86/kexec: Only write through identity mapping of control page David Woodhouse
2024-12-12 20:31 ` Nathan Chancellor
2024-12-12 21:18 ` Dave Hansen
2024-12-12 21:32 ` David Woodhouse
2024-12-12 21:43 ` Dave Hansen [this message]
2024-12-12 21:59 ` David Woodhouse
2024-12-12 23:08 ` [PATCH] x86/kexec: Disable global pages before writing to " David Woodhouse
2024-12-13 7:51 ` Ning, Hongyu
2024-12-13 6:47 ` [PATCH] x86/kexec: Only write through identity mapping of " Ning, Hongyu
2024-12-12 3:03 ` [PATCH v5 13/20] x86/kexec: Mark relocate_kernel page as ROX instead of RWX Ning, Hongyu
2024-12-12 10:13 ` David Woodhouse
2024-12-13 6:45 ` Ning, Hongyu
2024-12-13 7:01 ` David Woodhouse
2024-12-13 7:41 ` Ning, Hongyu
2024-12-05 15:05 ` [PATCH v5 14/20] x86/kexec: Add CONFIG_KEXEC_DEBUG option David Woodhouse
2024-12-05 15:05 ` [PATCH v5 15/20] x86/kexec: Debugging support: load a GDT David Woodhouse
2024-12-05 15:05 ` [PATCH v5 16/20] x86/kexec: Debugging support: Load an IDT and basic exception entry points David Woodhouse
2024-12-05 15:05 ` [PATCH v5 17/20] x86/kexec: Debugging support: Dump registers on exception David Woodhouse
2024-12-05 15:05 ` [PATCH v5 18/20] x86/kexec: Add 8250 serial port output David Woodhouse
2024-12-05 15:05 ` [PATCH v5 19/20] x86/kexec: Add 8250 MMIO " David Woodhouse
2024-12-05 15:05 ` [PATCH v5 20/20] [DO NOT MERGE] x86/kexec: Add int3 in kexec path for testing David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a14ff894-9268-4a62-87bd-3b2553e0bc01@intel.com \
--to=dave.hansen@intel.com \
--cc=bp@alien8.de \
--cc=bsz@amazon.de \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw2@infradead.org \
--cc=dyoung@redhat.com \
--cc=hongyu.ning@linux.intel.com \
--cc=horms@kernel.org \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=kai.huang@intel.com \
--cc=kexec@lists.infradead.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nathan@kernel.org \
--cc=nik.borisov@suse.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox