[PATCH 0/3] x86/pti: Call pti_init() after mark_readonly()

From: Joerg Roedel
Date: Tue Jul 03 2018 - 07:52:52 EST


Hi,

here is a small patch-set to move the call to pti_init()
after mark_readonly() has run. The purpose of pti_inti() is to
initialize the kernel-mappings in the user-space page-table
by mapping kernel-text, entry-text, espfix and vsyscall
mappings into the user-space page-table.

These mappings only make sense when they have exactly the
same permissions as in the kernel page-table wrt.
read/write/execute with the global bit set (which we set in
shared mappings for performance reasons).

Since the mappings are copied only once and are not updated
later, we need to copy them when they are finished, which is
not before mark_readonly() has run.

Calling pti_init() earlier worked for now on x86-64 because
the sections that are cloned are at least 2M aligned and not
changed by later code. But that is still fragile because
pti_init() always needs special care when kernel mappings or
the elf-layout is changed or extended. Further it doesn't
work on x86-32 because the elf sections are not 2M aligned
there.

So move the call to pti_init() after all the kernel-mappings
have been finished.

Any useful feedback appreciated.


Thanks,

Joerg

Joerg Roedel (3):
x86/pti: Move pti_init() code out of __init
x86/mm/pti: Call pti_init() after mark_readonly()
x86/pti: Call pti_clone_kernel_text() from pti_init()

arch/x86/entry/vsyscall/vsyscall_64.c | 2 +-
arch/x86/include/asm/pti.h | 2 --
arch/x86/mm/init_64.c | 6 ------
arch/x86/mm/pti.c | 19 ++++++++++---------
init/main.c | 8 ++++++--
5 files changed, 17 insertions(+), 20 deletions(-)

--
2.7.4