Re: [PATCH 42/43] x86/mm/kaiser: Allow KAISER to be enabled/disabled at runtime

From: Thomas Gleixner
Date: Sun Nov 26 2017 - 03:11:54 EST


On Sat, 25 Nov 2017, Andy Lutomirski wrote:
> On Sat, Nov 25, 2017 at 2:48 PM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> > On Sat, 25 Nov 2017, Andy Lutomirski wrote:
> >> > On Nov 25, 2017, at 1:05 PM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> >> > On Sat, 25 Nov 2017, Andy Lutomirski wrote:
> >> >> Keep in mind that, for a static_branch, actually setting the thing needs
> >> >> to be deferred, but that's straightforward.
> >> >
> >> > That's not an issue during boot. That would be an issue for a run time
> >> > switch.
> >>
> >> What I mean is: if you modify a static_branch too early, it blows up terribly.
> >
> > I'm aware of that. We can't switch it in the early boot stage. But that
> > does not matter as we can switch way before we reach user space.
> >
> > The early kaiser mappings are fine whether we use them later or not. At the
> > point in boot where we actually make the decision, there is nothing more
> > than the extra 4k shadow which got initialized.
> >
> > If we ever want to do runtime switching, then the full shadow mapping needs
> > to be maintained even while kaiser is disabled, just the NX poisoning of
> > the user space mappings is what makes the difference.
>
> One unfortunate thing is that, if we boot with kaiser off and don't
> intend to ever switch it on at runtime, we could avoid the 8k pgd
> allocations. But if we want to be able to enable kaiser, we need the
> 8k mappings. My inclination is to not try for runtime control until
> some distro asks for it.

I completely agree. boot time is good enough. We should start with the 8k
allocations for simplicity reasons and when that works have a patch on top
which switches is back to 4k.

> In general, I think that trying to runtime switch without stop_machine
> is a bit nuts, and getting it to be reliable even with stop_machine is
> gross. Not to mention that stop_machine is currently incompatible
> with writing to static branches, although that's fixable.

Yes, it's doable, but surely not trivial and I'd like to avoid the mess it
creates.

Thanks,

tglx