Received: by 10.223.164.202 with SMTP id h10csp4887952wrb;
        Wed, 29 Nov 2017 13:40:52 -0800 (PST)
X-Google-Smtp-Source: AGs4zMYWX1KYlKuv84fSvZPozR7GG46lmiWo56gVQcUeHixnOBFp6GuNfuNYZr78W580D2vx4KU6
X-Received: by 10.159.216.139 with SMTP id s11mr257338plp.441.1511991652838;
        Wed, 29 Nov 2017 13:40:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511991652; cv=none;
        d=google.com; s=arc-20160816;
        b=E69LpiyZsNwP4FKir3BSORqKSFBugjbShM4Gg3ZIQJYEMFJJBWLCOsnJnHg8HMeY/z
         YssTbwY9j3a9+PmJEXsoc0/7dBB99GeRVsZHzYHX9JtKQkiImf9ckNAMyT966WKqfJO2
         b8TcNCHf8c3/3iNikhgSu+wfuARc4yGhbOA3UZ/6tqSWGXLM/RnaHYZrg7wnJk5jxC4+
         CN+/yVw5/N6inutgyFIUo3FcZJXx8jmlW92jbN4enBwL7S1hJaolBRYlv/8q92anP6iV
         eY6ihKh24f0CuI2mXMqqvN+yOAMIjMbCz1+/s8KR6pUDhu+prYHqswAZ3doV60MI2odY
         v+Zw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=bidhWCJES5LkDcG3dYAlQcysb7NqiJnVcMDhtZFwtb0=;
        b=ABUUIPas7zSKT5dtjA+ccKHLGJyHueKbkvQA/8uf5wRd0uE18X7BxnPmnXqxlV9A5P
         QxG5hJAOlBb1IlFw79XR4Lie/z3yOm7Vd7nFBN6KMFWzMVDK+nGE+/xazPwI/hTjLoBk
         oZC4SPD1y2sQbcxb1vHifxwbzVOrlgV8wiWIqWnTzYgvQB88X2bBKyfDu+n7K/OVDsvx
         pBvWiQIfOvfmuW0HMcTvtBNdsJmq7+EC/01+eAXAwiOaWdk/PWiAUH3MnKLkpgH9TBPs
         oKSDf0LotHJ5HyvE6aFCpoeyTKgboEazb6nEeWlFp0zJgeMR4/NhR/AMA8Y70waV3EmM
         nbUQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p20si415221pfk.92.2017.11.29.13.40.37;
        Wed, 29 Nov 2017 13:40:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752166AbdK2Vk0 (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Wed, 29 Nov 2017 16:40:26 -0500
Received: from terminus.zytor.com ([65.50.211.136]:45071 "EHLO mail.zytor.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750813AbdK2VkZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 Nov 2017 16:40:25 -0500
Received: from hanvin-desk.amr.corp.intel.com (jfdmzpr03-ext.jf.intel.com [134.134.139.72])
        (authenticated bits=0)
        by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id vATLXYm6002751
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
        Wed, 29 Nov 2017 13:33:36 -0800
Subject: Re: [PATCHv2 0/4] x86: 5-level related changes into decompression
 code
To:     Borislav Petkov <bp@suse.de>
Cc:     "Kirill A. Shutemov" <kirill@shutemov.name>,
        Thomas Gleixner <tglx@linutronix.de>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>, x86@kernel.org,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Cyrill Gorcunov <gorcunov@openvz.org>,
        Andi Kleen <ak@linux.intel.com>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
References: <20171110220645.59944-1-kirill.shutemov@linux.intel.com>
 <20171129154908.6y4st6xc7hbsey2v@pd.tnic>
 <20171129161349.d7ksuhwhdamloty6@node.shutemov.name>
 <alpine.DEB.2.20.1711291740050.1825@nanos>
 <20171129170831.2iqpop2u534mgrbc@node.shutemov.name>
 <20171129174851.jk2ai37uumxve6sg@pd.tnic>
 <793b9c55-e85b-97b5-c857-dd8edcda4081@zytor.com>
 <20171129191902.2iamm3m23e3gwnj4@pd.tnic>
From:   "H. Peter Anvin" <hpa@zytor.com>
Message-ID: <e4463396-9b7c-2fe8-534c-73820c0bce5f@zytor.com>
Date:   Wed, 29 Nov 2017 13:33:28 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <20171129191902.2iamm3m23e3gwnj4@pd.tnic>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/29/17 11:19, Borislav Petkov wrote:
> On Wed, Nov 29, 2017 at 11:01:35AM -0800, H. Peter Anvin wrote:
>> We can hang the machine, or we can triple-fault it in the hope of
>> triggering a reset, and that way if the bootloader has been configured
>> with a backup kernel there is a hope of recovery.
> 
> Well, it triple-faults right now and that's not really user-friendly. If
> we can't dump a message than we should make X86_5LEVEL depend on BROKEN
> for the time being...
> 

You can't dump a message about *anything* if the bootloader bypasses the
checks that happen before we leave the firmware behind.  This is what
this is about.  For BIOS or EFI boot that go through the proper stub
functions we will print a message just fine, as we already validate the
"required features" structure (although please do verify that the
relevant words are indeed being checked.)

However, if the bootloader jumps straight into the code what do you
expect it to do?  We have no real concept about what we'd need to do to
issue a message as we really don't know what devices are available on
the system, etc.  If the screen_info field in struct boot_params has
been initialized then we actually *do* know how to write to the screen
-- if you are okay with including a text font etc. since modern systems
boot in graphics mode.

What else could we do?  I guess we could add a new field -- which
bootloaders would have to add support for -- for a callback to the
bootloader in case of an early-detected fatal kernel initialization
error.  This would have some... interesting(*)... issues with it, and
wouldn't resolve anything for existing bootloaders, but perhaps it is a
worthwhile extension going forward.

	-hpa

(*) The bootloader would have to be prepared for a largely undefined CPU
    state, in a rarely executed path.  However, it is arguably no worse
    than what we have now.  Current bootloaders *can* at least know all
    the memory the kernel will use before the kernel's own memory
    management takes over, so it is possible for it to allocate the
    kernel in such a way that its own code/data is preserved.

    It is at least possible to determine which major CPU mode we are
    running in when we get to that entrypoint.  The following code
    snippet will do it:

entry:
	.code16
	dec %ax
	mov $0,%ax
	jmp 16f
	nop
	nop
	jmp 32f
	.code64
	jmp code_64
	.code32
32:	jmp code_32
	.code16
16:	/* Arbitrary 16-bit code can start here */


From 1585436308459357534@xxx Wed Nov 29 21:11:27 +0000 2017
X-GM-THRID: 1583718603202818481
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread