[PATCH 1/2] x86/build: only align ENTRY_TEXT to PMD_SIZE if necessary

[PATCH 1/2] x86/build: only align ENTRY_TEXT to PMD_SIZE if necessary

[Hamza Mahfooz]

PTI requires the begin and end of ENTRY_TEXT be aligned to PMD_SIZE.
SRSO requires srso_alias_untrain_ret to be 2M aligned. This costs
between 2-4 MiB of RAM (depending on the size of the preceding section).
So, only align when PTI is enabled or SRSO is enabled.

Co-developed-by: Jared White <jaredwhite@microsoft.com>
Signed-off-by: Jared White <jaredwhite@microsoft.com>
Signed-off-by: Hamza Mahfooz <hamzamahfooz@linux.microsoft.com>
---
 arch/x86/kernel/vmlinux.lds.S | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4fa0be732af1..522297cebe7c 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -65,8 +65,13 @@ const_cpu_current_top_of_stack = cpu_current_top_of_stack;
 		__end_rodata_hpage_align = .;			\
 		__end_rodata_aligned = .;
 
+#if defined(CONFIG_MITIGATION_PAGE_TABLE_ISOLATION) || defined(CONFIG_MITIGATION_SRSO)
 #define ALIGN_ENTRY_TEXT_BEGIN	. = ALIGN(PMD_SIZE);
 #define ALIGN_ENTRY_TEXT_END	. = ALIGN(PMD_SIZE);
+#else
+#define ALIGN_ENTRY_TEXT_BEGIN
+#define ALIGN_ENTRY_TEXT_END
+#endif
 
 /*
  * This section contains data which will be mapped as decrypted. Memory
-- 
2.49.0

[PATCH 2/2] x86/mm/64: free the gap between BSS_MAIN and BSS_DECRYPTED

[Hamza Mahfooz]

This region is unused after mark_rodata_ro() and takes up, up to 2 MiB
of memory. So, free it in mark_rodata_ro().

Co-developed-by: Jared White <jaredwhite@microsoft.com>
Signed-off-by: Jared White <jaredwhite@microsoft.com>
Signed-off-by: Hamza Mahfooz <hamzamahfooz@linux.microsoft.com>
---
 arch/x86/include/asm/sections.h | 1 +
 arch/x86/kernel/vmlinux.lds.S   | 2 ++
 arch/x86/mm/init_64.c           | 4 ++++
 3 files changed, 7 insertions(+)

diff --git a/arch/x86/include/asm/sections.h b/arch/x86/include/asm/sections.h
index 30e8ee7006f9..1d6589bc0f68 100644
--- a/arch/x86/include/asm/sections.h
+++ b/arch/x86/include/asm/sections.h
@@ -8,6 +8,7 @@
 extern char __relocate_kernel_start[], __relocate_kernel_end[];
 extern char __brk_base[], __brk_limit[];
 extern char __end_rodata_aligned[];
+extern char __start_bss_decrypted_gap[];
 
 #if defined(CONFIG_X86_64)
 extern char __end_rodata_hpage_align[];
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 522297cebe7c..f74a7a0d7a01 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -82,6 +82,8 @@ const_cpu_current_top_of_stack = cpu_current_top_of_stack;
  * decrypted to avoid exposing more than we wish.
  */
 #define BSS_DECRYPTED						\
+	. = ALIGN(PAGE_SIZE);					\
+	__start_bss_decrypted_gap = .;				\
 	. = ALIGN(PMD_SIZE);					\
 	__start_bss_decrypted = .;				\
 	__pi___start_bss_decrypted = .;				\
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index fdb6cab524f0..ff7ff5c12eb4 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -1385,6 +1385,8 @@ void mark_rodata_ro(void)
 	unsigned long end = (unsigned long)__end_rodata_hpage_align;
 	unsigned long text_end = PFN_ALIGN(_etext);
 	unsigned long rodata_end = PFN_ALIGN(__end_rodata);
+	unsigned long bss_decrypted_gap_start = PFN_ALIGN(__start_bss_decrypted_gap);
+	unsigned long bss_decrypted_gap_stop = PFN_ALIGN(__start_bss_decrypted);
 	unsigned long all_end;
 
 	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
@@ -1422,6 +1424,8 @@ void mark_rodata_ro(void)
 				(void *)text_end, (void *)rodata_start);
 	free_kernel_image_pages("unused kernel image (rodata/data gap)",
 				(void *)rodata_end, (void *)_sdata);
+	free_kernel_image_pages("unused kernel image (bss_decrypted gap)",
+				(void *)bss_decrypted_gap_start, (void *)bss_decrypted_gap_stop);
 }
 
 /*
-- 
2.49.0

Re: [PATCH 1/2] x86/build: only align ENTRY_TEXT to PMD_SIZE if necessary

[Dave Hansen]

On 7/9/25 13:16, Hamza Mahfooz wrote:
> PTI requires the begin and end of ENTRY_TEXT be aligned to PMD_SIZE.
> SRSO requires srso_alias_untrain_ret to be 2M aligned. This costs
> between 2-4 MiB of RAM (depending on the size of the preceding section).
> So, only align when PTI is enabled or SRSO is enabled.

This seems so utterly random.

I don't think I was even aware of the SRSO restriction here. Looking
over it now, I do see the vmlinux.lds.S changes and this does make sense.

But I'm really worried that we've grown more dependencies on this
alignment. Let's say, for instance, that you forgot to address SRSO in
this patch and the mitigation got broken. Would we have ever known?

I'd like to hear a lot more from you about why 2-4 MiB of RAM is
important and what the environment is where you presumably know that
there are no Meltdown or SRSO vulnerable CPUs.

Re: [PATCH 2/2] x86/mm/64: free the gap between BSS_MAIN and BSS_DECRYPTED

[Dave Hansen]

On 7/9/25 13:16, Hamza Mahfooz wrote:
> This region is unused after mark_rodata_ro() and takes up, up to 2 MiB
> of memory. So, free it in mark_rodata_ro().

I assume this was basically just something that got missed when SME/SEV
support showed up. Or was it older than that somehow?

Re: [PATCH 1/2] x86/build: only align ENTRY_TEXT to PMD_SIZE if necessary

[Hamza Mahfooz]

On Thu, Jul 10, 2025 at 06:14:20AM -0700, Dave Hansen wrote:
> On 7/9/25 13:16, Hamza Mahfooz wrote:
> > PTI requires the begin and end of ENTRY_TEXT be aligned to PMD_SIZE.
> > SRSO requires srso_alias_untrain_ret to be 2M aligned. This costs
> > between 2-4 MiB of RAM (depending on the size of the preceding section).
> > So, only align when PTI is enabled or SRSO is enabled.
> 
> This seems so utterly random.
> 
> I don't think I was even aware of the SRSO restriction here. Looking
> over it now, I do see the vmlinux.lds.S changes and this does make sense.
> 
> But I'm really worried that we've grown more dependencies on this
> alignment. Let's say, for instance, that you forgot to address SRSO in
> this patch and the mitigation got broken. Would we have ever known?
> 
> I'd like to hear a lot more from you about why 2-4 MiB of RAM is
> important and what the environment is where you presumably know that
> there are no Meltdown or SRSO vulnerable CPUs.

We are using it to run a stripped down kernel (see [1]) on top of
HyperV for OpenHCL. It is only intended to run OpenVMM ([2]).

1. https://raw.githubusercontent.com/microsoft/OHCL-Linux-Kernel/refs/heads/product/hcl-main/6.12/Microsoft/hcl-x64.config
2. https://github.com/microsoft/OpenVMM

Re: [PATCH 1/2] x86/build: only align ENTRY_TEXT to PMD_SIZE if necessary

[Nikolay Borisov]

On 10.07.25 г. 16:14 ч., Dave Hansen wrote:
> On 7/9/25 13:16, Hamza Mahfooz wrote:
>> PTI requires the begin and end of ENTRY_TEXT be aligned to PMD_SIZE.
>> SRSO requires srso_alias_untrain_ret to be 2M aligned. This costs
>> between 2-4 MiB of RAM (depending on the size of the preceding section).
>> So, only align when PTI is enabled or SRSO is enabled.
> 
> This seems so utterly random.
> 
> I don't think I was even aware of the SRSO restriction here. Looking
> over it now, I do see the vmlinux.lds.S changes and this does make sense.
> 
> But I'm really worried that we've grown more dependencies on this
> alignment. Let's say, for instance, that you forgot to address SRSO in
> this patch and the mitigation got broken. Would we have ever known?

Yes, because there are some ASSERT in the linker file that ensure the 
various SRSO thunks have appropriate alignment.

> 
> I'd like to hear a lot more from you about why 2-4 MiB of RAM is
> important and what the environment is where you presumably know that
> there are no Meltdown or SRSO vulnerable CPUs.
>