lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cb92cd41-b5bc-4aa1-9cef-f2e73bc05d03@intel.com>
Date: Fri, 17 Oct 2025 12:28:15 -0700
From: Sohil Mehta <sohil.mehta@...el.com>
To: <x86@...nel.org>, Dave Hansen <dave.hansen@...ux.intel.com>, "Thomas
 Gleixner" <tglx@...utronix.de>, Rick Edgecombe <rick.p.edgecombe@...el.com>,
	Kees Cook <kees@...nel.org>
CC: Jonathan Corbet <corbet@....net>, "H . Peter Anvin" <hpa@...or.com>, "Andy
 Lutomirski" <luto@...nel.org>, Josh Poimboeuf <jpoimboe@...nel.org>, "Peter
 Zijlstra" <peterz@...radead.org>, Ard Biesheuvel <ardb@...nel.org>, "Kirill A
 . Shutemov" <kas@...nel.org>, Xin Li <xin@...or.com>, David Woodhouse
	<dwmw@...zon.co.uk>, Sean Christopherson <seanjc@...gle.com>, Vegard Nossum
	<vegard.nossum@...cle.com>, Andrew Cooper <andrew.cooper3@...rix.com>, "David
 Laight" <david.laight.linux@...il.com>, Randy Dunlap <rdunlap@...radead.org>,
	Geert Uytterhoeven <geert@...ux-m68k.org>, Tony Luck <tony.luck@...el.com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	<linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<linux-efi@...r.kernel.org>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov
	<bp@...en8.de>
Subject: Re: [PATCH v10 05/15] x86/cpu: Defer CR pinning enforcement until
 late_initcall()

On 10/6/2025 11:51 PM, Sohil Mehta wrote:
> Save the pinned bits while initializing the boot CPU because they are
> needed later to program the value on APs when they come up.
> 

Because we are deferring CR pinning, there is no need to program the APs
with the pinned bits. The pinned bits would get enabled during AP bring
up like the rest of CR4 features that are not pinned. This patch can be
simplified to:

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 61ab332eaf73..d041f04c1969 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -476,8 +476,6 @@ void cr4_init(void)

        if (boot_cpu_has(X86_FEATURE_PCID))
                cr4 |= X86_CR4_PCIDE;
-       if (static_branch_likely(&cr_pinning))
-               cr4 = (cr4 & ~cr4_pinned_mask) | cr4_pinned_bits;

        __write_cr4(cr4);

@@ -486,15 +484,17 @@ void cr4_init(void)
 }

 /*
- * Once CPU feature detection is finished (and boot params have been
- * parsed), record any of the sensitive CR bits that are set, and
- * enable CR pinning.
+ * Before userspace starts, record any of the sensitive CR bits that
+ * are set, and enable CR pinning.
  */
-static void __init setup_cr_pinning(void)
+static int __init setup_cr_pinning(void)
 {
        cr4_pinned_bits = this_cpu_read(cpu_tlbstate.cr4) & cr4_pinned_mask;
        static_key_enable(&cr_pinning.key);
+
+       return 0;
 }
+late_initcall(setup_cr_pinning);

 static __init int x86_nofsgsbase_setup(char *arg)
 {
@@ -2119,7 +2119,6 @@ static __init void identify_boot_cpu(void)
        enable_sep_cpu();
 #endif
        cpu_detect_tlb(&boot_cpu_data);
-       setup_cr_pinning();

        tsx_init();
        tdx_init();

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ