Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752511AbeAFRhd (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Sat, 6 Jan 2018 12:37:33 -0500
Received: from mx1.redhat.com ([209.132.183.28]:57600 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750940AbeAFRhc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 6 Jan 2018 12:37:32 -0500
Date: Sat, 6 Jan 2018 18:37:29 +0100
From: Andrea Arcangeli <aarcange@redhat.com>
To: Xishi Qiu <qiuxishi@huawei.com>
Cc: Jiri Kosina <jikos@kernel.org>, dave.hansen@linux.intel.com,
        LKML <linux-kernel@vger.kernel.org>,
        Linux MM <linux-mm@kvack.org>,
        Yisheng Xie <xieyisheng1@huawei.com>,
        "Wangkefeng (Maro)" <wangkefeng.wang@huawei.com>,
        Hanjun Guo <guohanjun@huawei.com>,
        Zhao Hongjiang <zhaohongjiang@huawei.com>
Subject: Re: [RFC] boot failed when enable KAISER/KPTI
Message-ID: <20180106173729.GD25546@redhat.com>
References: <5A4F09B7.8010402@huawei.com>
 <alpine.LRH.2.00.1801051930370.27010@gjva.wvxbf.pm>
 <5A50708A.9010902@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5A50708A.9010902@huawei.com>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Sat, 06 Jan 2018 17:37:32 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

Hello Xishi,

On Sat, Jan 06, 2018 at 02:45:30PM +0800, Xishi Qiu wrote:
> How about this fix patch? I tested and it works.
> 
> diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
> index 088681d..f6c32f5 100644
> --- a/arch/x86/kernel/tboot.c
> +++ b/arch/x86/kernel/tboot.c
> @@ -131,6 +131,8 @@ static int map_tboot_page(unsigned long vaddr, unsigned long pfn,
>  	pud = pud_alloc(&tboot_mm, pgd, vaddr);
>  	if (!pud)
>  		return -1;
> +	if (__supported_pte_mask & _PAGE_NX)
> +		pgd->pgd &= ~_PAGE_NX;
>  	pmd = pmd_alloc(&tboot_mm, pud, vaddr);
>  	if (!pmd)
>  		return -1;

Oh great that you already verified this.

The only difference from the above to what I applied is that I didn't
check "__supported_pte_mask & _PAGE_NX", but that's superflous
here. It won't hurt to add it, your patch is fine as well.

The location where to do the NX clearing is the correct one and same
optimal place as in efi_64.c too (right after pud_alloc success).

Only the setting of NX requires verification that it's in the
__supported_pte_mask first, the clearing is always fine (worst case it
will do nothing).

On a side note, I already verified if NX is disabled (-cpu nx=off) the
pgd isn't NX poisoned in the first place, but clearing NX won't hurt
even in such case.

Thanks,
Andrea