lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250506154532.1281909-5-ardb+git@google.com>
Date: Tue,  6 May 2025 17:45:33 +0200
From: Ard Biesheuvel <ardb+git@...gle.com>
To: linux-kernel@...r.kernel.org
Cc: x86@...nel.org, Ard Biesheuvel <ardb@...nel.org>, Ingo Molnar <mingo@...nel.org>, 
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [RFC PATCH 0/3] x86: Robustify pgtable_l5_enabled()

From: Ard Biesheuvel <ardb@...nel.org>

This is a follow-up to the discussion at [0], broken out of that series
so we can progress while the SEV are being reviewed and tested.

The current implementation of pgtable_l5_enabled() is a bit problematic
because it has two implementations, and source files need to opt into
the correct one if they contain code that might be called very early.

pgtable_l5_enabled() is widely used in functions for control flow, but
also hidden in global expressions exposed via all caps macros, which
typically denote true constants, and not expressions that change value
based on whether some global variable is set.

So merge the two definitions into a single one that always produces the
correct value and is as efficient as the runtime one it replace. Then,
set the underlying __pgtable_l5_enabled variable before calling into C
code, so that inconsistencies are no longer possible.

Finally, replace some of these global expressions with an ALTERNATIVE()
based selector that does not use control flow to choose between the
values used for 4-level and 5-level paging.

Build and boot tested using QEMU with LA57 emulation.

[0] https://lore.kernel.org/all/20250504095230.2932860-28-ardb+git@google.com/

Cc: Ingo Molnar <mingo@...nel.org>
cc: Linus Torvalds <torvalds@...ux-foundation.org>

Ard Biesheuvel (3):
  x86/boot: Use a single source of truth for pgtable_l5_enabled()
  x86/boot: Set __pgtable_l5_enabled correctly before calling into C
    code
  x86/boot: Use alternatives based selector for 5-level paging constants

 arch/x86/boot/compressed/head_64.S      |  6 +++
 arch/x86/boot/compressed/misc.h         |  3 --
 arch/x86/boot/compressed/pgtable_64.c   |  6 +--
 arch/x86/boot/compressed/vmlinux.lds.S  |  2 +
 arch/x86/boot/startup/map_kernel.c      |  1 -
 arch/x86/boot/startup/sme.c             |  9 ----
 arch/x86/include/asm/page_64_types.h    |  2 +-
 arch/x86/include/asm/pgtable_64_types.h | 54 +++++++++++++++-----
 arch/x86/kernel/alternative.c           | 12 -----
 arch/x86/kernel/cpu/common.c            |  2 -
 arch/x86/kernel/head64.c                |  5 +-
 arch/x86/kernel/head_64.S               |  7 +++
 arch/x86/mm/kasan_init_64.c             |  3 --
 13 files changed, 61 insertions(+), 51 deletions(-)


base-commit: ed4d95d033e359f9445e85bf5a768a5859a5830b
-- 
2.49.0.987.g0cc8ee98dc-goog


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ