Received: by 10.192.165.156 with SMTP id m28csp54224imm; Wed, 18 Apr 2018 17:13:07 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/zqBLlo+0wwp67y4Vj5iDps/DdeBWVf1r87wihpihwWoqIT7GOTi0ewUITS9XFqI+WKuut X-Received: by 2002:a17:902:7c86:: with SMTP id y6-v6mr3875056pll.378.1524096787121; Wed, 18 Apr 2018 17:13:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524096787; cv=none; d=google.com; s=arc-20160816; b=JI5W1/pu/aS1pEDYV90yJkGftVeo97lK9+j10gsux5SoIp3/SmcsCAg348z99OrAJS wNpQ9qW2hdPnLSZ2AJzooZqTSvDhlaRjLCckbpwfWhxhJ4mnxPU1uLG0vDn8++3BczK+ ih1kZjtUiYr+OlN3XHIWcyDu85uu4AzAxWyO0o9CDVc/uKIxqsiO4xzYav1NepwGw3g0 bjH1XdiUGEoqUgrLGUTmrnSCOiafjjxDU1Qx/ok9urRIwA0smekIZVhgIaOjZvT8Caq9 UiNjxZlrS8rAuKcTBP7frbNlfuk1QsMTgJpYxCXVloA9KeuYTBbD4SH11JOb3HcbMJIO YOkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=P/rooFWSRRBc5sRmMc3A+BZXvhv5KrKPx09/d/GKG2s=; b=1EBv4baSLT4Q2JFlGdgaXnXGZuKQ6nbLQHA5Ssrf43AialitRFY8vIgfFcHqL5P/6Q iO+0wELFsFMAmICRPH0noxlH/tOPOYHfrxo5sfd6/RYrhQWOmdE3OYwJP/WCbsxp6T96 SChaAdBB0p11jagFzanh+H1bi+Iid3szL+Fml8wKxq7Cwx3o7s5EakE/PMmhVwurEHFT QqmqL959N/lbV3T58HjCXp+yPMALTdz0OoRWyQGz2wfmarpjjiRykHoAvrKmKjaZoHKf tTjAQ6UImXDH+ePAXBl1hABGCDgxoJdOpDoHqAMNlUvUJiwzqVQyOFOcJtQUfrPSG1hR KUgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CrvqBY4r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si252086pfh.278.2018.04.18.17.12.52; Wed, 18 Apr 2018 17:13:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CrvqBY4r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753068AbeDSALo (ORCPT + 99 others); Wed, 18 Apr 2018 20:11:44 -0400 Received: from mail-ua0-f174.google.com ([209.85.217.174]:44121 "EHLO mail-ua0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752952AbeDSALl (ORCPT ); Wed, 18 Apr 2018 20:11:41 -0400 Received: by mail-ua0-f174.google.com with SMTP id r16so2321385uak.11 for ; Wed, 18 Apr 2018 17:11:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=P/rooFWSRRBc5sRmMc3A+BZXvhv5KrKPx09/d/GKG2s=; b=CrvqBY4r6xEFp3H0TOfeXQByY2r8b512iO4oBY0tne+xTVtOCILwy+kyWmUtQgPfaH Bs+YqVaWemlN3to+BtwIGXjU+dwhL3LS+3nxFqyu63PdtGnF5fLAhNQaw/gTPlcKYC8X 2Hjvv9ABjLr5MfU6a9JOYKADm1eaZ1Kye0CbkbFA5txEXFwQEwhXzLKAELkUQKYMTmRD OnHZswlGiUqfXTY8YrDj8Q34rzepdNyPeyv+cJvTVyb8AFctDMZBJH1f/cmH1yLjXzkS 0y+ej1SzRDdTa3Dg2CR1FaU7Qf9K4J4kYID9C9Z08Pbf77iygK6GviTUr2Gq8XAyGtVC nTHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=P/rooFWSRRBc5sRmMc3A+BZXvhv5KrKPx09/d/GKG2s=; b=VoatC7sMFreRiO2H+ASsZgUhWFELePjgj5/hM99a1lr757eG7fI5phlwV9w270FwZA J3lRtLTzMDOVPQZzkO/o64rjRIZayYF6Btsydxq48HGLf0rZRC+IS3pRkolOTgJ8TMpb hQp0eTsN9Sg3bYn3c04yKaGsa4iH0LmiPk3mcceMuMG4tWG9zCm7QDKa612XgwFvR34q O9ecUh9OSeLuhk01nONEXuAl/paSVbdti4dxvJbZzcPBmbqDF+TI/pzv7H2DdmA1vXwX NURbIVSlloCUhDQR4buDHWFzyjJogt43IIA4Zev7AEmiamAmu3LJJNbVPkfGH5pqxpdJ hxvw== X-Gm-Message-State: ALQs6tBPbCp5fqYi/99cOCm0QkdlI/nrMtbebc43j9QZHJ/T30p0FexY HhAJAxcdSIvke/woSIivL+PIuW1y886BSJLMeNPxG/NPDQw= X-Received: by 10.176.35.198 with SMTP id c6mr3076580uan.83.1524096700089; Wed, 18 Apr 2018 17:11:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.164.81 with HTTP; Wed, 18 Apr 2018 17:11:39 -0700 (PDT) In-Reply-To: <20180406205518.E3D989EB@viggo.jf.intel.com> References: <20180406205501.24A1A4E7@viggo.jf.intel.com> <20180406205518.E3D989EB@viggo.jf.intel.com> From: Kees Cook Date: Wed, 18 Apr 2018 17:11:39 -0700 Message-ID: Subject: Re: [PATCH 11/11] x86/pti: leave kernel text global for !PCID To: Dave Hansen Cc: LKML , Linux-MM , Andrea Arcangeli , Andy Lutomirski , Linus Torvalds , Hugh Dickins , Juergen Gross , X86 ML , namit@vmware.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 6, 2018 at 1:55 PM, Dave Hansen wrote: > +/* > + * For some configurations, map all of kernel text into the user page > + * tables. This reduces TLB misses, especially on non-PCID systems. > + */ > +void pti_clone_kernel_text(void) > +{ > + unsigned long start = PFN_ALIGN(_text); > + unsigned long end = ALIGN((unsigned long)_end, PMD_PAGE_SIZE); I think this is too much set global: _end is after data, bss, and brk, and all kinds of other stuff that could hold secrets. I think this should match what mark_rodata_ro() is doing and use __end_rodata_hpage_align. (And on i386, this should be maybe _etext.) -Kees -- Kees Cook Pixel Security