From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pavel@ucw.cz>
X-Google-Smtp-Source: ACJfBotwwbCbJGP5cMKdlZvMBgGOL0cTeCJ6v87Aty/dujPDutzy81OnoJ2UhMHVRqyLVyVEVMjB
ARC-Seal: i=1; a=rsa-sha256; t=1516366705; cv=none;
        d=google.com; s=arc-20160816;
        b=yJYEtIrD3T6r46gcTYVq9rkGRgZBFLNsbEhpyD9ux5R8hVb7iKrlN+0+k/WOqz2AyB
         y43PHQ+IEg6mvQevp/jvbFNGIqHortfUyfCHK4Vl/qOT0pUE3o74oXhrxfQBZpfuAfDB
         Op65PPKTRX7cpw5bLu7vlNvGiJZGAbaDWAr93AOqqlGOHSsTb/IFvWO5RF1zwpPmhAqg
         BzPyljP/uyfSKNs8OKJ5u6/mGglCRpFxh3OeJUbbu8Xi2jcLf6ixmCDR0OdfpF8fSIcV
         obXVr/0W0KKsKyfbyjv1qlgkNJ2lxBS04V1XxBlWMp3VX5I1S3egSsC1LsL1K8rloeHu
         yehw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :message-id:subject:cc:to:from:date:arc-authentication-results;
        bh=InhNa2XZneyAa+J/WEXGeba5zEU6nStGvhQBDsfmdHA=;
        b=z5GJp7QwEBILaukuJ5xfOXZ6f5xO3jkToQaYBm1dzGOeoH1FHBmYLDbH89EiKCSsGi
         8gLSCJwlGNJsYeULjeJ9yYZL8NcW88m5lyrzpw3OFDVOiJ9FbZZDoPjXPTJmOe2zQPVn
         +0UyIH0LS1Rx3jRZhRqZsmN+U9JidVJzSIMa7cXkI2Xf+vithmIbVP0Kd87EzGovKxef
         Qd/LZkFKt2k8+vSHjq/QNkEfzF2xPpDdBDRBc8wKM9yQO/nmE9+GojYnY5cDfMEiILDC
         kki4HBvNpLl72z+4JJUE1Jx/2H/BptwhyDvypkElk9m8GLcLaEUaSfmCycMytYxNr8De
         wjuQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=neutral (google.com: 195.113.26.193 is neither permitted nor denied by best guess record for domain of pavel@ucw.cz) smtp.mailfrom=pavel@ucw.cz
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 195.113.26.193 is neither permitted nor denied by best guess record for domain of pavel@ucw.cz) smtp.mailfrom=pavel@ucw.cz
Date: Fri, 19 Jan 2018 13:58:20 +0100
From: Pavel Machek <pavel@ucw.cz>
To: Joerg Roedel <jroedel@suse.de>
Cc: Joerg Roedel <joro@8bytes.org>, Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@kernel.org>, "H . Peter Anvin" <hpa@zytor.com>,
	x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@intel.com>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Juergen Gross <jgross@suse.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Borislav Petkov <bp@alien8.de>, Jiri Kosina <jkosina@suse.cz>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Brian Gerst <brgerst@gmail.com>,
	David Laight <David.Laight@aculab.com>,
	Denys Vlasenko <dvlasenk@redhat.com>,
	Eduardo Valentin <eduval@amazon.com>,
	Greg KH <gregkh@linuxfoundation.org>,
	Will Deacon <will.deacon@arm.com>, aliguori@amazon.com,
	daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com,
	Andrea Arcangeli <aarcange@redhat.com>,
	Waiman Long <llong@redhat.com>
Subject: Re: [RFC PATCH 00/16] PTI support for x86-32
Message-ID: <20180119125819.GA17936@amd>
References: <1516120619-1159-1-git-send-email-joro@8bytes.org>
 <20180119105527.GB29725@amd>
 <20180119110726.odea3h3smcjyicnk@suse.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh"
Content-Disposition: inline
In-Reply-To: <20180119110726.odea3h3smcjyicnk@suse.de>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1589767841591470697?=
X-GMAIL-MSGID: =?utf-8?q?1590025734189864315?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>


--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri 2018-01-19 12:07:26, Joerg Roedel wrote:
> Hey Pavel,
>=20
> On Fri, Jan 19, 2018 at 11:55:28AM +0100, Pavel Machek wrote:
> > Thanks for doing the work.
> >=20
> > I tried applying it on top of -next, and that did not succeed. Let me
> > try Linus tree...
>=20
> Thanks for your help with testing this patch-set, but I recommend to
> wait for the next version, as review already found a couple of bugs that
> might crash your system. For example there are NMI cases that might
> crash your machine because the NMI happens in kernel mode before the cr3
> switch. VM86 mode is also definitly broken.

Thanks for heads-up. I guess I can disable NMI avoid VM86.

CONFIG_X86_PTDUMP_CORE should be responsible for boot fail. Disabling
it is not at all easy, as CONFIG_EMBEDDED selects CONFIG_EXPERTS
selects CONFIG_DEBUG_KERNEL selects CONFIG_X86_PTDUMP_CORE. (Crazy, if
you ask me). You may want to test with that enabled. Patch below might
fix it. (Signed-off-by: me).

Tests so far: kernel boots in qemu. Whole system boots on thinkpad
T40p, vulnerabities/meltdown says mitigation: PTI.. so I guess it
works.

Tested-by: me. :-)

Best regards,
								Pavel


diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
index 2a4849e..896b53b 100644
--- a/arch/x86/mm/dump_pagetables.c
+++ b/arch/x86/mm/dump_pagetables.c
@@ -543,7 +543,11 @@ EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level_debugfs);
 static void ptdump_walk_user_pgd_level_checkwx(void)
 {
 #ifdef CONFIG_PAGE_TABLE_ISOLATION
+#ifdef CONFIG_X86_64
 	pgd_t *pgd =3D (pgd_t *) &init_top_pgt;
+#else
+	pgd_t *pgd =3D swapper_pg_dir;
+#endif
=20
 	if (!static_cpu_has(X86_FEATURE_PTI))
 		return;

--=20
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo=
g.html

--NzB8fVQJ5HfG6fxh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlph62sACgkQMOfwapXb+vJiIQCgqBDHc+te64tub1fd2ysUnYzO
zUIAn0KcVe+znFkXmNnlqNlZM3gHxU1P
=TNq4
-----END PGP SIGNATURE-----

--NzB8fVQJ5HfG6fxh--