Re: [PATCH 42/43] x86/mm/kaiser: Allow KAISER to be enabled/disabled at runtime

From: Andy Lutomirski
Date: Sat Nov 25 2017 - 19:21:29 EST


On Sat, Nov 25, 2017 at 2:48 PM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> On Sat, 25 Nov 2017, Andy Lutomirski wrote:
>> > On Nov 25, 2017, at 1:05 PM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
>> > On Sat, 25 Nov 2017, Andy Lutomirski wrote:
>> >> Keep in mind that, for a static_branch, actually setting the thing needs
>> >> to be deferred, but that's straightforward.
>> >
>> > That's not an issue during boot. That would be an issue for a run time
>> > switch.
>>
>> What I mean is: if you modify a static_branch too early, it blows up terribly.
>
> I'm aware of that. We can't switch it in the early boot stage. But that
> does not matter as we can switch way before we reach user space.
>
> The early kaiser mappings are fine whether we use them later or not. At the
> point in boot where we actually make the decision, there is nothing more
> than the extra 4k shadow which got initialized.
>
> If we ever want to do runtime switching, then the full shadow mapping needs
> to be maintained even while kaiser is disabled, just the NX poisoning of
> the user space mappings is what makes the difference.

One unfortunate thing is that, if we boot with kaiser off and don't
intend to ever switch it on at runtime, we could avoid the 8k pgd
allocations. But if we want to be able to enable kaiser, we need the
8k mappings. My inclination is to not try for runtime control until
some distro asks for it.

In general, I think that trying to runtime switch without stop_machine
is a bit nuts, and getting it to be reliable even with stop_machine is
gross. Not to mention that stop_machine is currently incompatible
with writing to static branches, although that's fixable.

--Andy