[PATCH v5 2/2] arm64: mm: install KPTI nG mappings with MMU enabled

Ard Biesheuvel ardb at kernel.org
Tue Jun 14 02:09:52 PDT 2022 

On Tue, 14 Jun 2022 at 11:01, Mark Rutland <mark.rutland at arm.com> wrote:
>
> On Thu, Jun 09, 2022 at 07:43:20PM +0200, Ard Biesheuvel wrote:
> > In cases where we unmap the kernel while running in user space, we rely
> > on ASIDs to distinguish the minimal trampoline from the full kernel
> > mapping, and this means we must use non-global attributes for those
> > mappings, to ensure they are scoped by ASID and will not hit in the TLB
> > inadvertently.
> >
> > We only do this when needed, as this is generally more costly in terms
> > of TLB pressure, and so we boot without these non-global attributes, and
> > apply them to all existing kernel mappings once all CPUs are up and we
> > know whether or not the non-global attributes are needed. At this point,
> > we cannot simply unmap and remap the entire address space, so we have to
> > update all existing block and page descriptors in place.
> >
> > Currently, we go through a lot of trouble to perform these updates with
> > the MMU and caches off, to avoid violating break before make (BBM) rules
> > imposed by the architecture. Since we make changes to page tables that
> > are not covered by the ID map, we gain access to those descriptors by
> > disabling translations altogether. This means that the stores to memory
> > are issued with device attributes, and require extra care in terms of
> > coherency, which is costly. We also rely on the ID map to access a
> > shared flag, which requires the ID map to be executable and writable at
> > the same time, which is another thing we'd prefer to avoid.
> >
> > So let's switch to an approach where we replace the kernel mapping with
> > a minimal mapping of a few pages that can be used for a minimal, ad-hoc
> > fixmap that we can use to map each page table in turn as we traverse the
> > hierarchy.
> >
> > Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
>
> This addresses all my concerns, so FWIW:
>
>   Reviewed-by: Mark Rutland <mark.rutland at arm.com>
>
> Thanks for respinning this, and sorry I didn't post the version I promised!
>

No worries - it seemed to me that we've both spent more time on this
than we should have, so I just went back to a more incremental
approach.

More information about the linux-arm-kernel mailing list