From: Kees Cook <kees@kernel.org>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
Jonathan Corbet <corbet@lwn.net>, Ingo Molnar <mingo@kernel.org>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Kai Huang <kai.huang@intel.com>,
Sandipan Das <sandipan.das@amd.com>,
Breno Leitao <leitao@debian.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Alexei Starovoitov <ast@kernel.org>, Hou Tao <houtao1@huawei.com>,
Juergen Gross <jgross@suse.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Eric Biggers <ebiggers@google.com>,
Jason Gunthorpe <jgg@ziepe.ca>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Luis Chamberlain <mcgrof@kernel.org>,
Yuntao Wang <ytcoode@gmail.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Tejun Heo <tj@kernel.org>, Changbin Du <changbin.du@huawei.com>,
Huang Shijie <shijie@os.amperecomputing.com>,
Geert Uytterhoeven <geert+renesas@glider.be>,
Namhyung Kim <namhyung@kernel.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-efi@vger.kernel.org, linux-mm@kvack.org,
"Kirill A. Shutemov" <kas@kernel.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Ard Biesheuvel <ardb@kernel.org>,
"Paul E. McKenney" <paulmck@kernel.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Xiongwei Song <xiongwei.song@windriver.com>,
Xin Li <xin3.li@intel.com>,
"Mike Rapoport (IBM)" <rppt@kernel.org>,
Brijesh Singh <brijesh.singh@amd.com>,
Michael Roth <michael.roth@amd.com>,
Tony Luck <tony.luck@intel.com>,
Alexey Kardashevskiy <aik@amd.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
X86-kernel <x86@kernel.org>
Subject: Re: [PATCHv9 04/16] x86/cpu: Defer CR pinning setup until core initcall
Date: Sat, 2 Aug 2025 11:51:28 -0700 [thread overview]
Message-ID: <202508021149.B4BFF8D1@keescook> (raw)
In-Reply-To: <6e768f25-3a1c-48b9-bc53-56877a556a83@intel.com>
On Thu, Jul 31, 2025 at 05:01:37PM -0700, Dave Hansen wrote:
> On 7/31/25 16:45, Sohil Mehta wrote:
> > On 7/9/2025 10:00 AM, Dave Hansen wrote:
> >> On 7/7/25 01:03, Kirill A. Shutemov wrote:
> >>> Instead of moving setup_cr_pinning() below efi_enter_virtual_mode() in
> >>> arch_cpu_finalize_init(), defer it until core initcall.
> >> What are the side effects of this move? Are there other benefits? What
> >> are the risks?
> >>
> > Picking this up from Kirill.. Reevaluating this, core_initcall() seems
> > too late for setup_cr_pinning().
> >
> > We need to have CR pinning completed, and the associated static key
> > enabled before AP bring up. start_secondary()->cr4_init() depends on the
> > cr_pinning static key to initialize CR4 for APs.
>
> Sure, if you leave cr4_init() completely as-is.
>
> 'cr4_pinned_bits' should be set by the boot CPU. Secondary CPUs should
> also read 'cr4_pinned_bits' when setting up their own cr4's,
> unconditionally, independent of 'cr_pinning'.
>
> The thing I think we should change is the pinning _enforcement_. The
> easiest way to do that is to remove the static_branch_likely() in
> cr4_init() and then delay flipping the static branch until just before
> userspace starts.
Yeah, this is fine from my perspective. The goal with the pinning was
about keeping things safe in the face of an attack from userspace that
managed to get at MSR values and keeping them from being trivially
changed.
--
Kees Cook
next prev parent reply other threads:[~2025-08-02 18:51 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250707080317.3791624-1-kirill.shutemov@linux.intel.com>
[not found] ` <20250707080317.3791624-6-kirill.shutemov@linux.intel.com>
2025-07-09 1:27 ` [PATCHv9 05/16] efi: Disable LASS around set_virtual_address_map() EFI call Sohil Mehta
[not found] ` <20250707080317.3791624-12-kirill.shutemov@linux.intel.com>
2025-07-09 2:40 ` [PATCHv9 11/16] x86/traps: Communicate a LASS violation in #GP message Sohil Mehta
2025-07-09 9:31 ` Kirill A. Shutemov
2025-07-09 9:36 ` Geert Uytterhoeven
2025-07-09 9:51 ` Kirill A. Shutemov
[not found] ` <20250707080317.3791624-13-kirill.shutemov@linux.intel.com>
2025-07-09 4:59 ` [PATCHv9 12/16] x86/traps: Generalize #GP address decode and hint code Sohil Mehta
[not found] ` <20250707080317.3791624-17-kirill.shutemov@linux.intel.com>
2025-07-09 5:31 ` [PATCHv9 16/16] x86: Re-enable Linear Address Masking Sohil Mehta
2025-07-09 11:00 ` Kirill A. Shutemov
2025-07-11 0:42 ` Sohil Mehta
[not found] ` <20250707080317.3791624-5-kirill.shutemov@linux.intel.com>
2025-07-09 1:19 ` [PATCHv9 04/16] x86/cpu: Defer CR pinning setup until core initcall Sohil Mehta
2025-07-09 9:38 ` Kirill A. Shutemov
2025-07-09 17:00 ` Dave Hansen
2025-07-31 23:45 ` Sohil Mehta
2025-08-01 0:01 ` Dave Hansen
2025-08-01 4:43 ` Sohil Mehta
2025-08-01 14:22 ` Dave Hansen
2025-08-02 18:51 ` Kees Cook [this message]
2025-08-04 6:55 ` H. Peter Anvin
[not found] ` <20250707080317.3791624-14-kirill.shutemov@linux.intel.com>
2025-07-09 5:12 ` [PATCHv9 13/16] x86/traps: Handle LASS thrown #SS Sohil Mehta
2025-07-09 10:38 ` Kirill A. Shutemov
2025-07-11 1:22 ` Sohil Mehta
2025-07-11 1:23 ` Sohil Mehta
[not found] ` <20250707080317.3791624-3-kirill.shutemov@linux.intel.com>
2025-07-09 1:08 ` [PATCHv9 02/16] x86/alternatives: Disable LASS when patching kernel alternatives Sohil Mehta
2025-07-09 9:35 ` Kirill A. Shutemov
2025-07-09 16:58 ` Dave Hansen
2025-07-25 2:35 ` Sohil Mehta
2025-07-28 19:11 ` David Laight
2025-07-28 19:28 ` H. Peter Anvin
2025-07-28 19:38 ` David Laight
2025-08-01 0:15 ` Sohil Mehta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202508021149.B4BFF8D1@keescook \
--to=kees@kernel.org \
--cc=acme@redhat.com \
--cc=aik@amd.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=ardb@kernel.org \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=changbin.du@huawei.com \
--cc=christophe.leroy@csgroup.eu \
--cc=corbet@lwn.net \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=ebiggers@google.com \
--cc=geert+renesas@glider.be \
--cc=houtao1@huawei.com \
--cc=hpa@zytor.com \
--cc=jgg@ziepe.ca \
--cc=jgross@suse.com \
--cc=jpoimboe@kernel.org \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=leitao@debian.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@rasmusvillemoes.dk \
--cc=luto@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mhiramat@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=paulmck@kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rppt@kernel.org \
--cc=sandipan.das@amd.com \
--cc=shijie@os.amperecomputing.com \
--cc=sohil.mehta@intel.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=tony.luck@intel.com \
--cc=vegard.nossum@oracle.com \
--cc=x86@kernel.org \
--cc=xin3.li@intel.com \
--cc=xiongwei.song@windriver.com \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).