Re: [PATCH RFC v2 16/29] mm: asi: Map kernel text and static data as nonsensitive

[PATCH RFC v2 00/29] Address Space Isolation (ASI) · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 01/29] mm: asi: Make some utility functions noinstr compatible · Brendan Jackman <jackmanb@google.com> · 2025-01-10
Re: [PATCH RFC v2 01/29] mm: asi: Make some utility functions noinstr compatible · Borislav Petkov <bp@alien8.de> · 2025-01-16
Re: [PATCH RFC v2 01/29] mm: asi: Make some utility functions noinstr compatible · Borislav Petkov <bp@alien8.de> · 2025-01-16
Re: [PATCH RFC v2 01/29] mm: asi: Make some utility functions noinstr compatible · Brendan Jackman <jackmanb@google.com> · 2025-01-16
Re: [PATCH RFC v2 01/29] mm: asi: Make some utility functions noinstr compatible · Borislav Petkov <bp@alien8.de> · 2025-01-16
[PATCH RFC v2 02/29] x86: Create CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION · Brendan Jackman <jackmanb@google.com> · 2025-01-10
Re: [PATCH RFC v2 02/29] x86: Create CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION · Borislav Petkov <bp@alien8.de> · 2025-01-16
Re: [PATCH RFC v2 02/29] x86: Create CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION · Mike Rapoport <rppt@kernel.org> · 2025-03-01
Re: [PATCH RFC v2 02/29] x86: Create CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION · Brendan Jackman <jackmanb@google.com> · 2025-03-05
[PATCH RFC v2 03/29] mm: asi: Introduce ASI core API · Brendan Jackman <jackmanb@google.com> · 2025-01-10
Re: [PATCH RFC v2 03/29] mm: asi: Introduce ASI core API · Borislav Petkov <bp@alien8.de> · 2025-02-19
Re: [PATCH RFC v2 03/29] mm: asi: Introduce ASI core API · Brendan Jackman <jackmanb@google.com> · 2025-02-19
Re: [PATCH RFC v2 03/29] mm: asi: Introduce ASI core API · Brendan Jackman <jackmanb@google.com> · 2025-02-19
Re: [PATCH RFC v2 03/29] mm: asi: Introduce ASI core API · Borislav Petkov <bp@alien8.de> · 2025-02-27
[PATCH RFC v2 04/29] mm: asi: Add infrastructure for boot-time enablement · Brendan Jackman <jackmanb@google.com> · 2025-01-10
Re: [PATCH RFC v2 04/29] mm: asi: Add infrastructure for boot-time enablement · Borislav Petkov <bp@alien8.de> · 2025-03-19
Re: [PATCH RFC v2 04/29] mm: asi: Add infrastructure for boot-time enablement · Yosry Ahmed <hidden> · 2025-03-19
Re: [PATCH RFC v2 04/29] mm: asi: Add infrastructure for boot-time enablement · Brendan Jackman <jackmanb@google.com> · 2025-03-20
[PATCH RFC v2 06/29] mm: asi: Use separate PCIDs for restricted address spaces · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 05/29] mm: asi: ASI support in interrupts/exceptions · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 07/29] mm: asi: Make __get_current_cr3_fast() ASI-aware · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 08/29] mm: asi: Avoid warning from NMI userspace accesses in ASI context · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 09/29] mm: asi: ASI page table allocation functions · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 10/29] mm: asi: asi_exit() on PF, skip handling if address is accessible · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 11/29] mm: asi: Functions to map/unmap a memory range into ASI page tables · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 12/29] mm: asi: Add basic infrastructure for global non-sensitive mappings · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 14/29] mm: asi: Map non-user buddy allocations as nonsensitive · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 13/29] mm: Add __PAGEFLAG_FALSE · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH TEMP WORKAROUND RFC v2 15/29] mm: asi: Workaround missing partial-unmap support · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 17/29] mm: asi: Map vmalloc/vmap data as nonsensitive · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 16/29] mm: asi: Map kernel text and static data as nonsensitive · Brendan Jackman <jackmanb@google.com> · 2025-01-10
Re: [PATCH RFC v2 16/29] mm: asi: Map kernel text and static data as nonsensitive · Brendan Jackman <jackmanb@google.com> · 2025-01-17
[PATCH RFC v2 19/29] mm: asi: Stabilize CR3 in switch_mm_irqs_off() · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 18/29] mm: asi: Map dynamic percpu memory as nonsensitive · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 20/29] mm: asi: Make TLB flushing correct under ASI · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 21/29] KVM: x86: asi: Restricted address space for VM execution · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 23/29] mm: asi: exit ASI before suspend-like operations · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 24/29] mm: asi: Add infrastructure for mapping userspace addresses · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 25/29] mm: asi: Restricted execution fore bare-metal processes · Brendan Jackman <jackmanb@google.com> · 2025-01-10
Re: [PATCH RFC v2 25/29] mm: asi: Restricted execution fore bare-metal processes · Yosry Ahmed <hidden> · 2025-02-28
[PATCH RFC v2 26/29] x86: Create library for flushing L1D for L1TF · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 29/29] mm: asi: Stop ignoring asi=on cmdline flag · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 27/29] mm: asi: Add some mitigations on address space transitions · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 22/29] mm: asi: exit ASI before accessing CR3 from C code where appropriate · Brendan Jackman <jackmanb@google.com> · 2025-01-10
[PATCH RFC v2 28/29] x86/pti: Disable PTI when ASI is on · Brendan Jackman <jackmanb@google.com> · 2025-01-10

From: Brendan Jackman <jackmanb@google.com>
Date: 2025-01-17 11:23:42
Also in: kvm, linux-alpha, linux-arch, linux-efi, linux-m68k, linux-mips, linux-mm, linux-perf-users, linux-riscv, linux-s390, linux-sh, linux-trace-kernel, linux-um, lkml, loongarch, sparclinux

On Fri, 10 Jan 2025 at 19:41, Brendan Jackman [off-list ref] wrote:

+       asi_clone_pgd(asi_global_nonsensitive_pgd, init_mm.pgd, VMEMMAP_START);
+       asi_clone_pgd(asi_global_nonsensitive_pgd, init_mm.pgd,
+                     VMEMMAP_START + (1UL << PGDIR_SHIFT));

There's a bug here that Yosry has fixed in our internal version, I
neglected to incorporate that here.

Under KASLR, vmemmap is not necessarily exactly 2 PGDs like this is
assuming. In fact it can share a PGD entry with the vmalloc area. So
to be correct this cloning logic needs to actually look at the
alignment and then navigate the page table hierarchy appropriately.

To be fixed for the next version.

As Yosry noted internally we also need to think about vmmemap getting
updated under memory hotplug.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help