[patch 2/4] x86/kaiser: Enable PARAVIRT again

From: Thomas Gleixner
Date: Mon Nov 27 2017 - 15:44:31 EST

Next message: Thomas Gleixner: "Re: [patch V2 5/5] x86/kaiser: Add boottime disable switch"
Previous message: Thomas Gleixner: "[patch 0/4] x86/kaiser: Paravirt support and various fixlets"
In reply to: Thomas Gleixner: "[patch 4/4] x86/mm/dump_pagetables: Use helper to get the shadow PGD"
Next in thread: Juergen Gross: "Re: [patch 2/4] x86/kaiser: Enable PARAVIRT again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

XEN_PV paravirtualizes read/write_c3. This does not work with KAISER as the
CR3 switch from and to user space PGD would require to map the whole XEN_PV
machinery into both. It's also not clear whether the register space is
sufficient to do so. All other PV guests use the native implementations and
are compatible with KAISER.

Add detection for XEN_PV and disable KAISER in the early boot process when
the kernel is running as a XEN_PV guest.

Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
---
arch/x86/include/asm/hypervisor.h | 25 +++++++++++++++----------
arch/x86/mm/kaiser.c | 3 +++
security/Kconfig | 2 +-
3 files changed, 19 insertions(+), 11 deletions(-)

--- a/arch/x86/include/asm/hypervisor.h
+++ b/arch/x86/include/asm/hypervisor.h
@@ -20,16 +20,7 @@
#ifndef _ASM_X86_HYPERVISOR_H
#define _ASM_X86_HYPERVISOR_H

-#ifdef CONFIG_HYPERVISOR_GUEST
-
-#include <asm/kvm_para.h>
-#include <asm/x86_init.h>
-#include <asm/xen/hypervisor.h>
-
-/*
- * x86 hypervisor information
- */
-
+/* x86 hypervisor types */
enum x86_hypervisor_type {
X86_HYPER_NATIVE = 0,
X86_HYPER_VMWARE,
@@ -39,6 +30,12 @@ enum x86_hypervisor_type {
X86_HYPER_KVM,
};

+#ifdef CONFIG_HYPERVISOR_GUEST
+
+#include <asm/kvm_para.h>
+#include <asm/x86_init.h>
+#include <asm/xen/hypervisor.h>
+
struct hypervisor_x86 {
/* Hypervisor name */
const char *name;
@@ -58,7 +55,15 @@ struct hypervisor_x86 {

extern enum x86_hypervisor_type x86_hyper_type;
extern void init_hypervisor_platform(void);
+static inline bool hypervisor_is_type(enum x86_hypervisor_type type)
+{
+ return x86_hyper_type == type;
+}
#else
static inline void init_hypervisor_platform(void) { }
+static inline bool hypervisor_is_type(enum x86_hypervisor_type type)
+{
+ return type == X86_HYPER_NATIVE;
+}
#endif /* CONFIG_HYPERVISOR_GUEST */
#endif /* _ASM_X86_HYPERVISOR_H */
--- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c
@@ -34,6 +34,7 @@
#include <linux/mm.h>
#include <linux/uaccess.h>

+#include <asm/hypervisor.h>
#include <asm/cmdline.h>
#include <asm/kaiser.h>
#include <asm/pgtable.h>
@@ -53,6 +54,8 @@ void __init kaiser_check_cmdline(void)
{
if (cmdline_find_option_bool(boot_command_line, "nokaiser"))
kaiser_enabled = false;
+ if (hypervisor_is_type(X86_HYPER_XEN_PV))
+ kaiser_enabled = false;
}

/*
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -56,7 +56,7 @@ config SECURITY_NETWORK

config KAISER
bool "Remove the kernel mapping in user mode"
- depends on X86_64 && SMP && !PARAVIRT && JUMP_LABEL
+ depends on X86_64 && SMP && JUMP_LABEL
help
This feature reduces the number of hardware side channels by
ensuring that the majority of kernel addresses are not mapped

Next message: Thomas Gleixner: "Re: [patch V2 5/5] x86/kaiser: Add boottime disable switch"
Previous message: Thomas Gleixner: "[patch 0/4] x86/kaiser: Paravirt support and various fixlets"
In reply to: Thomas Gleixner: "[patch 4/4] x86/mm/dump_pagetables: Use helper to get the shadow PGD"
Next in thread: Juergen Gross: "Re: [patch 2/4] x86/kaiser: Enable PARAVIRT again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]