Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp908657rwi; Thu, 20 Oct 2022 06:40:37 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5u1ZBkSZiX8dRREwVxegOiur3uv2LkQ1ky6oK16z2L1LQYP/N29D0AKA27DZye97XklmQZ X-Received: by 2002:a05:6402:5024:b0:440:e4ad:f7b6 with SMTP id p36-20020a056402502400b00440e4adf7b6mr12398234eda.358.1666273237272; Thu, 20 Oct 2022 06:40:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666273237; cv=none; d=google.com; s=arc-20160816; b=HvZ94zMiBkOMgpC3H//+8JaaqJzV8P91futw6DyOzJJ3BYd1P95l+h3V0uFfhBBTAI ZK1aMSB2FbqAuzhvDWLwg6pNA8XJ4uGQMPmVB6qmxUrv8ocWFHJVmDJ66tPbek+BipOM UJwBuW2t1Q7j9s2nfdcBcoqz5vDgAGDnyHqu+vIhslbJ4/10X75mNIe72scbx6Ew64KG gyyzs8jNgECGI/IhTKMOPLx89V+qYCUVdnUY/vtzZtqyhRlVlaaPTQUYMVqjCXD3xI7N IdDkVOe6vrAYyksF0ZZ0m3RCvXPIhPmCKZkvlpJ6xPmHmV0Fo9Wtw1mL9vwXdYqUSMWP trSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:message-id:user-agent :references:in-reply-to:subject:cc:to:from:date:mime-version :dkim-signature:dkim-filter; bh=GYMsH9Ebnzm8SQXW7t4gkTpMsom8GVugJZf/83SavjE=; b=mVdTAfO+h5ufeuuB+Jx3hxixLFh3aFP3gHHFjW8vjgyLe0kD9QGI6LnelnzMhSmZQu 9T0AeinFnWm3okGSFNQMi/LTQ8kgsTnF1vGETFo4muflkvbcfNlc9+IjuZIHVjpuVDeb A5sJM1a/vB8bFjgcE+ZtO/uPPnVFPIOeMDmqSKXn5C+ngmdnDRDQTm4KbANhHVz2+Ehg qduRgNloY5/CJeC9s7WZAZRT4GIK1YXAQcI+Zbtz3DPj+/Co3LeJxU1SBlFaUEbNYgky NBOdrBG8vhL6y3efnd1OBR45RHAGrD0Ccr4PElDTt62XEy6lVwn29ldzDuAwVK4Kygqv vDng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=t4pusa81; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mp30-20020a1709071b1e00b0078e27ef9510si15202407ejc.747.2022.10.20.06.40.10; Thu, 20 Oct 2022 06:40:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=t4pusa81; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231209AbiJTN0L (ORCPT + 99 others); Thu, 20 Oct 2022 09:26:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231138AbiJTNZ5 (ORCPT ); Thu, 20 Oct 2022 09:25:57 -0400 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A59E12E0CF; Thu, 20 Oct 2022 06:25:53 -0700 (PDT) Received: from mail.ispras.ru (unknown [83.149.199.84]) by mail.ispras.ru (Postfix) with ESMTPSA id 34092419E9D1; Thu, 20 Oct 2022 13:25:51 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 34092419E9D1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1666272351; bh=GYMsH9Ebnzm8SQXW7t4gkTpMsom8GVugJZf/83SavjE=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=t4pusa818gjPOeCIBizSl2dpha4ZAejZRM/j2KGgrOL928umWHsxYUBhoXN8oCU7b mi5S/8q5L/GeYCtz8JmGORRslfFBIRCcESgWneZb1fHTWrnDB785iUvicIaG2saGZZ xtB9KM3V7w5SORbpCnGm9Ahzi7ZqheoIaSptjNnA= MIME-Version: 1.0 Date: Thu, 20 Oct 2022 16:25:51 +0300 From: Evgeniy Baskov To: Andrew Cooper Cc: Ard Biesheuvel , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , lvc-project@linuxtesting.org, x86@kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH 03/16] x86/boot: Set cr0 to known state in trampoline In-Reply-To: <7dce2b16-c652-8b6d-5594-d110c8ac4645@citrix.com> References: <7dce2b16-c652-8b6d-5594-d110c8ac4645@citrix.com> User-Agent: Roundcube Webmail/1.4.4 Message-ID: X-Sender: baskov@ispras.ru Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022-10-19 10:44, Andrew Cooper wrote: > On 06/09/2022 11:41, Evgeniy Baskov wrote: >> diff --git a/arch/x86/boot/compressed/head_64.S >> b/arch/x86/boot/compressed/head_64.S >> index d33f060900d2..5273367283b7 100644 >> --- a/arch/x86/boot/compressed/head_64.S >> +++ b/arch/x86/boot/compressed/head_64.S >> @@ -619,9 +619,8 @@ SYM_CODE_START(trampoline_32bit_src) >> /* Set up new stack */ >> leal TRAMPOLINE_32BIT_STACK_END(%ecx), %esp >> >> - /* Disable paging */ >> - movl %cr0, %eax >> - btrl $X86_CR0_PG_BIT, %eax >> + /* Disable paging and setup CR0 */ >> + movl $(CR0_STATE & ~X86_CR0_PG), %eax > > Why here?  WP is ignored when PG is disabled. > > ~Andrew PG is enabled lower in this function, so WP can also be set there, it should not make any difference. The only important thing is that WP supposed to be set in trampoline code. If you think, that it would be more logical to set PG and WP simultaneously, I can change it to be that way. Thanks, Evgeniy Baskov