Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp391517lqg; Fri, 1 Mar 2024 08:13:33 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX+oywj5ku1iSncLOlvUlC3EPvE2L+UeWVraMcDmA30kEdYWK/N3D4/koYsHUxeNJcMM0Y+Svl90eNDvfZ2P826M1qDemPKCgq84xXBog== X-Google-Smtp-Source: AGHT+IERZafIk/tvQ4QlKnhki5AiaiY4tFgBHfvORKsmnSdRfEnqZWiTtrEtdY6pZ9m5OtsHyL3z X-Received: by 2002:a17:90a:dd93:b0:29a:7579:88bc with SMTP id l19-20020a17090add9300b0029a757988bcmr1824684pjv.46.1709309613500; Fri, 01 Mar 2024 08:13:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709309613; cv=pass; d=google.com; s=arc-20160816; b=HOWCEUaiOQUYdbT9UdshzV2QSsP3R78m1Prm+WY16cdUolDRiMYeW09OT7pviA2JdU wcHPy2YW/0ahgKqZwAoTJASMUGS7OBFdKfZ2MskLaxIm2HNSuA2yNCZys4+4AwbdLid8 Hwy72GoO3WDct1+07u3w12K5aCu1obbmQWVN6OjYPeXdBD9nFQAMgBvSlt5VgC6fWRp6 khuu5h25cbhN2B5YtqfsDwdv2ZAM+ELNzcml8vvV7b5Kyw93emwkBkbgYz++3MEoWy8A mZsP3LEXZPyG+r1MCu67E28RUSV9GGzDfzx7+TqtmwsVwPg/U4Vi1iDTw/fVbMGbkQmW fv6w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=wJEN0joQiYmuo6Ze0sGnkJl0zJ3wbOy6dvxMTyKWEa8=; fh=cDHoXATbYNu4l85KZVSK4PkyqnGOGDn/kBaoOEMG9tU=; b=rzhJ4VBGsr8IV3FlzWIBc3VMveV5lgbKOI+8uRTIdrOxFbdg4UuCVmbi7E2kBttcAy arCG13iDNsnlQz02d71jaJbAK60ipD1GqyYREl1wWI65htANY7k81bRk5YVSjbxOFj0u cUlVzfXPuBCW/b/3EckkzU5DhO1FPOTHwUCpW3zxSzU0wYUAV/9z87dJhVzGfhXDaaQm lJkt0ZH41sDyuI9Ym6fqWXmsuwEEsQD+PxiP354nFOw4jDbS9OWH+RiItd8PQymugU3P u4ybXxE7YS+TLLxlFapOgaNyf2oC+dAi9KYRyZbEKT11WrgMLUknAGBvlrEguEcg1na7 ytIg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b=NDzNuBrz; arc=pass (i=1 spf=pass spfdomain=alien8.de dkim=pass dkdomain=alien8.de dmarc=pass fromdomain=alien8.de); spf=pass (google.com: domain of linux-kernel+bounces-88671-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-88671-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id lp6-20020a17090b4a8600b0029b2dacbd2dsi533963pjb.183.2024.03.01.08.13.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Mar 2024 08:13:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-88671-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b=NDzNuBrz; arc=pass (i=1 spf=pass spfdomain=alien8.de dkim=pass dkdomain=alien8.de dmarc=pass fromdomain=alien8.de); spf=pass (google.com: domain of linux-kernel+bounces-88671-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-88671-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 804C2B23D62 for ; Fri, 1 Mar 2024 16:12:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CDF8C70CB3; Fri, 1 Mar 2024 16:12:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b="NDzNuBrz" Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0561870030 for ; Fri, 1 Mar 2024 16:12:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709309572; cv=none; b=S01lgJ9Y1FFjSZG/VSRGXZKBhJhh2TEKJFXBNyAV5qFs+QqGmNvX26jzJseT8D9fuzpr29ANRudM0tMpgdY3TrWelzlh8VtL7fg5N29+dAqnyjehw+QwPqOAPLF+vfvE/nrdOZ3DW8o1vN2ph4/1TKEyb0D54ENHAVi0LF34ULs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709309572; c=relaxed/simple; bh=vDh09+dZ3VBmJF68aeZGfTWrikih0aY1G6yd5Dg8oO4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=GO2JJzzhXTUDg6t0e6NIjXVtNoMh3CO+AutBSKoOmJi21IwcM9aWJAGwQ7HF01d83Fer3xebcPcCIgHZU+8JUrsnrb9axwRdte4jBs+5gcwT2Byl78iI8mJgpf9zu766AnkeuezYBin5rBsus4X6FuAvftYhWF06FqfQJMe/4EQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; dkim=pass (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b=NDzNuBrz; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 30A8240E0185; Fri, 1 Mar 2024 16:12:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=pass (4096-bit key) header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 7ioUtbWqE6Q9; Fri, 1 Mar 2024 16:12:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1709309566; bh=wJEN0joQiYmuo6Ze0sGnkJl0zJ3wbOy6dvxMTyKWEa8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=NDzNuBrz9Xbn608O1fqBcbogJkQGMUN/1nMKmo2AV/Ex8UuybWZMkypFvAXDog1jU uAVsXlSgi5QtOPycs/jQ6jiI8ocLJa2JXk9OVs0ZpI4qa3J4vqr1ZnTUaARtLDU8xu NUOFDvKzQk4XHSZx+vCMQjmPlsibe6KURvY85pEeDsG++6hm5XlEYopzqGpmaru0w0 1/c20Tb5JjFPAVGzHQNxTXpKzJqRp48QKbaHRoKPjpwrq7GGHIiAcOmLhaRKUPTSWw Q3bbZ1WI/My9XEA9lnmppRLh9Tr5sQ9nErecKTyg0+p83RGeT3qRjRiN6H0qjPAiYT QQkHSP8y4BSWE237neLwfqH2f7Rie55Suy3jl5GnAfF8vY38N2MfW3yhqFSH5P60Iy JYmujTeGKdCNPhuaCBqZwws8aT6+BU2+GyOpfMW/DuLwJxZKEN9GkW8o/fypRgwa3W JAP8BNmcaBoKvj8+Rw+PjJjJXNeWF36WflhJ2Pok6CSWeCafmNQmNtPGhcBgPYZqb4 jcxrgn4ivlo4/+8aQG0URuJHfxoMML/trPkgTC3PmGWi20fyek3zaxRLAbFTxaUyD+ yQCGcdivkq1cV9KUsHg+whvwOw4nyqirnLTfVy6sw7BEw80mqIpDdO8b3eD85axZmV Fw/epio9qqARIYDGnE07LvH8= Received: from zn.tnic (pd953021b.dip0.t-ipconnect.de [217.83.2.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 1E17940E0028; Fri, 1 Mar 2024 16:12:35 +0000 (UTC) Date: Fri, 1 Mar 2024 17:12:34 +0100 From: Borislav Petkov To: Ard Biesheuvel Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, Kevin Loughlin , Tom Lendacky , Dionna Glaze , Thomas Gleixner , Ingo Molnar , Dave Hansen , Andy Lutomirski , Brian Gerst Subject: Re: [PATCH v7 4/9] x86/startup_64: Simplify virtual switch on primary boot Message-ID: <20240301161234.GCZeH-co78aShifhAN@fat_crate.local> References: <20240227151907.387873-11-ardb+git@google.com> <20240227151907.387873-15-ardb+git@google.com> <20240229103740.GKZeBedEybE0IeOXUG@fat_crate.local> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: On Thu, Feb 29, 2024 at 11:36:01PM +0100, Ard Biesheuvel wrote: > Because we enter with a 1:1 mapping, and so we can only switch to > another set of page tables that also includes this 1:1 mapping. Once > we are running from the kernel mapping, we can drop the 1:1 mapping > but we still need it. > > What we could do for robustness is reduce this 1:1 mapping to text + > rodata, and make it read-only, but I'm not sure it's worth the churn. Yeah, I was experimenting a bit with some shenanigans with those two pagetables yesterday and arrived to a similar conclusion - there's no point in trying to unify them. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette