From: Thomas Gleixner <tglx@linutronix.de> To: Peter Zijlstra <peterz@infradead.org> Cc: LKML <linux-kernel@vger.kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@alien8.de>, Brian Gerst <brgerst@gmail.com>, Denys Vlasenko <dvlasenk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Josh Poimboeuf <jpoimboe@redhat.com>, Linus Torvalds <torvalds@linux-foundation.org>, Rik van Riel <riel@redhat.com>, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, linux-mm@kvack.org, michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at, richard.fellner@student.tugraz.at Subject: Re: [patch V2 5/5] x86/kaiser: Add boottime disable switch Date: Mon, 27 Nov 2017 12:50:45 +0100 (CET) [thread overview] Message-ID: <alpine.DEB.2.20.1711271250001.1799@nanos> (raw) In-Reply-To: <20171127102241.oj225ycxkc7rfvft@hirez.programming.kicks-ass.net> On Mon, 27 Nov 2017, Peter Zijlstra wrote: > On Mon, Nov 27, 2017 at 10:48:46AM +0100, Peter Zijlstra wrote: > > On Mon, Nov 27, 2017 at 12:14:08AM +0100, Thomas Gleixner wrote: > > > KAISER comes with overhead. The most expensive part is the CR3 switching in > > > the entry code. > > > > > > Add a command line parameter which allows to disable KAISER at boot time. > > > > > > Most code pathes simply check a variable, but the entry code uses a static > > > branch. The other code pathes cannot use a static branch because they are > > > used before jump label patching is possible. Not an issue as the code > > > pathes are not so performance sensitive as the entry/exit code. > > > > > > This makes KAISER depend on JUMP_LABEL and on a GCC which supports > > > it, but that's a resonable requirement. > > > > > > The PGD allocation is still 8k when CONFIG_KAISER is enabled. This can be > > > addressed on top of this. > > > > So in patch 15 Andy notes that we should probably also disable the > > SYSCALL trampoline when we disable KAISER. > > > > https://lkml.kernel.org/r/20171124172411.19476-16-mingo@kernel.org > > Could be a simple as this.. but I've not tested. That's only one part of it. I think we need to fiddle with the exit side as well. Thanks, tglx > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index f4f4ab8525bd..1be393a97421 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -1442,7 +1442,10 @@ void syscall_init(void) > (entry_SYSCALL_64_trampoline - _entry_trampoline); > > wrmsr(MSR_STAR, 0, (__USER32_CS << 16) | __KERNEL_CS); > - wrmsrl(MSR_LSTAR, SYSCALL64_entry_trampoline); > + if (kaiser_enabled) > + wrmsrl(MSR_LSTAR, SYSCALL64_entry_trampoline); > + else > + wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64); > > #ifdef CONFIG_IA32_EMULATION > wrmsrl(MSR_CSTAR, (unsigned long)entry_SYSCALL_compat); >
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Gleixner <tglx@linutronix.de> To: Peter Zijlstra <peterz@infradead.org> Cc: LKML <linux-kernel@vger.kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@alien8.de>, Brian Gerst <brgerst@gmail.com>, Denys Vlasenko <dvlasenk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Josh Poimboeuf <jpoimboe@redhat.com>, Linus Torvalds <torvalds@linux-foundation.org>, Rik van Riel <riel@redhat.com>, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, linux-mm@kvack.org, michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at, richard.fellner@student.tugraz.at Subject: Re: [patch V2 5/5] x86/kaiser: Add boottime disable switch Date: Mon, 27 Nov 2017 12:50:45 +0100 (CET) [thread overview] Message-ID: <alpine.DEB.2.20.1711271250001.1799@nanos> (raw) In-Reply-To: <20171127102241.oj225ycxkc7rfvft@hirez.programming.kicks-ass.net> On Mon, 27 Nov 2017, Peter Zijlstra wrote: > On Mon, Nov 27, 2017 at 10:48:46AM +0100, Peter Zijlstra wrote: > > On Mon, Nov 27, 2017 at 12:14:08AM +0100, Thomas Gleixner wrote: > > > KAISER comes with overhead. The most expensive part is the CR3 switching in > > > the entry code. > > > > > > Add a command line parameter which allows to disable KAISER at boot time. > > > > > > Most code pathes simply check a variable, but the entry code uses a static > > > branch. The other code pathes cannot use a static branch because they are > > > used before jump label patching is possible. Not an issue as the code > > > pathes are not so performance sensitive as the entry/exit code. > > > > > > This makes KAISER depend on JUMP_LABEL and on a GCC which supports > > > it, but that's a resonable requirement. > > > > > > The PGD allocation is still 8k when CONFIG_KAISER is enabled. This can be > > > addressed on top of this. > > > > So in patch 15 Andy notes that we should probably also disable the > > SYSCALL trampoline when we disable KAISER. > > > > https://lkml.kernel.org/r/20171124172411.19476-16-mingo@kernel.org > > Could be a simple as this.. but I've not tested. That's only one part of it. I think we need to fiddle with the exit side as well. Thanks, tglx > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index f4f4ab8525bd..1be393a97421 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -1442,7 +1442,10 @@ void syscall_init(void) > (entry_SYSCALL_64_trampoline - _entry_trampoline); > > wrmsr(MSR_STAR, 0, (__USER32_CS << 16) | __KERNEL_CS); > - wrmsrl(MSR_LSTAR, SYSCALL64_entry_trampoline); > + if (kaiser_enabled) > + wrmsrl(MSR_LSTAR, SYSCALL64_entry_trampoline); > + else > + wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64); > > #ifdef CONFIG_IA32_EMULATION > wrmsrl(MSR_CSTAR, (unsigned long)entry_SYSCALL_compat); > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-11-27 11:50 UTC|newest] Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-11-26 23:14 [patch V2 0/5] x86/kaiser: Boot time disabling and debug support Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-26 23:14 ` [patch V2 1/5] x86/kaiser: Respect disabled CPU features Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 9:57 ` Peter Zijlstra 2017-11-27 9:57 ` Peter Zijlstra 2017-11-27 11:47 ` Thomas Gleixner 2017-11-27 11:47 ` Thomas Gleixner 2017-11-27 12:31 ` Brian Gerst 2017-11-27 12:31 ` Brian Gerst 2017-11-27 13:18 ` Thomas Gleixner 2017-11-27 13:18 ` Thomas Gleixner 2017-11-27 18:11 ` Dave Hansen 2017-11-27 18:11 ` Dave Hansen 2017-11-27 18:37 ` Kees Cook 2017-11-27 18:37 ` Kees Cook 2017-11-26 23:14 ` [patch V2 2/5] x86/kaiser: Simplify disabling of global pages Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 11:49 ` Thomas Gleixner 2017-11-27 11:49 ` Thomas Gleixner 2017-11-27 18:15 ` Dave Hansen 2017-11-27 18:15 ` Dave Hansen 2017-11-27 20:28 ` Thomas Gleixner 2017-11-27 20:28 ` Thomas Gleixner 2017-11-26 23:14 ` [patch V2 3/5] x86/dump_pagetables: Check KAISER shadow page table for WX pages Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 18:17 ` Dave Hansen 2017-11-27 18:17 ` Dave Hansen 2017-11-26 23:14 ` [patch V2 4/5] x86/mm/debug_pagetables: Allow dumping current pagetables Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 9:41 ` Peter Zijlstra 2017-11-27 9:41 ` Peter Zijlstra 2017-11-27 10:06 ` [PATCH] vfs: Add PERM_* symbolic helpers for common file mode/permissions Ingo Molnar 2017-11-27 10:06 ` Ingo Molnar 2017-11-27 19:21 ` Linus Torvalds 2017-11-27 19:21 ` Linus Torvalds 2017-11-28 10:54 ` Ingo Molnar 2017-11-28 10:54 ` Ingo Molnar 2017-11-28 11:12 ` Ingo Molnar 2017-11-28 11:12 ` Ingo Molnar 2017-11-29 8:52 ` Michael Ellerman 2017-11-29 8:52 ` Michael Ellerman 2017-11-27 18:18 ` [patch V2 4/5] x86/mm/debug_pagetables: Allow dumping current pagetables Dave Hansen 2017-11-27 18:18 ` Dave Hansen 2017-11-26 23:14 ` [patch V2 5/5] x86/kaiser: Add boottime disable switch Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 9:48 ` Peter Zijlstra 2017-11-27 9:48 ` Peter Zijlstra 2017-11-27 10:22 ` Peter Zijlstra 2017-11-27 10:22 ` Peter Zijlstra 2017-11-27 11:50 ` Thomas Gleixner [this message] 2017-11-27 11:50 ` Thomas Gleixner 2017-11-27 12:49 ` Peter Zijlstra 2017-11-27 12:49 ` Peter Zijlstra 2017-11-27 21:43 ` Peter Zijlstra 2017-11-27 21:43 ` Peter Zijlstra 2017-11-27 18:22 ` Dave Hansen 2017-11-27 18:22 ` Dave Hansen 2017-11-27 19:00 ` Thomas Gleixner 2017-11-27 19:00 ` Thomas Gleixner 2017-11-27 19:18 ` Josh Poimboeuf 2017-11-27 19:18 ` Josh Poimboeuf 2017-11-27 20:47 ` Thomas Gleixner 2017-11-27 20:47 ` Thomas Gleixner
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=alpine.DEB.2.20.1711271250001.1799@nanos \ --to=tglx@linutronix.de \ --cc=bp@alien8.de \ --cc=brgerst@gmail.com \ --cc=daniel.gruss@iaik.tugraz.at \ --cc=dave.hansen@linux.intel.com \ --cc=dvlasenk@redhat.com \ --cc=hpa@zytor.com \ --cc=hughd@google.com \ --cc=jpoimboe@redhat.com \ --cc=keescook@google.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=luto@kernel.org \ --cc=michael.schwarz@iaik.tugraz.at \ --cc=mingo@kernel.org \ --cc=moritz.lipp@iaik.tugraz.at \ --cc=peterz@infradead.org \ --cc=richard.fellner@student.tugraz.at \ --cc=riel@redhat.com \ --cc=torvalds@linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.