Re: [PATCHv9 04/16] x86/cpu: Defer CR pinning setup until core initcall

From: Sohil Mehta
Date: Thu Jul 31 2025 - 19:45:35 EST

Next message: Sam Protsenko: "[PATCH] arm64: dts: exynos: Add Ethernet node for E850-96 board"
Previous message: Guenter Roeck: "Re: [PATCH 1/3] hwmon: (asus-ec-sensors) add STRIX B850-I GAMING WIFI"
Next in thread: Dave Hansen: "Re: [PATCHv9 04/16] x86/cpu: Defer CR pinning setup until core initcall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/9/2025 10:00 AM, Dave Hansen wrote:
> On 7/7/25 01:03, Kirill A. Shutemov wrote:
>> Instead of moving setup_cr_pinning() below efi_enter_virtual_mode() in
>> arch_cpu_finalize_init(), defer it until core initcall.
>
> What are the side effects of this move? Are there other benefits? What
> are the risks?
>

Picking this up from Kirill.. Reevaluating this, core_initcall() seems
too late for setup_cr_pinning().

We need to have CR pinning completed, and the associated static key
enabled before AP bring up. start_secondary()->cr4_init() depends on the
cr_pinning static key to initialize CR4 for APs.

To find the optimal location for CR pinning, here are the constraints:

1) The initialization of all the CPU-specific security features such as
SMAP, SMEP, UMIP and LASS must be done.

2) Since EFI needs to toggle CR4.LASS, EFI initialization must be completed.

3) Since APs depend on the BSP for CR initialization, CR pinning should
happen before AP bringup.

4) CR pinning should happen before userspace comes up, since that's what
we are protecting against.

I shortlisted two locations, arch_cpu_finalize_init() and early_initcall().

a) start_kernel()
arch_cpu_finalize_init()

arch_cpu_finalize_init() seems like the logical fit, since CR pinning
can be considered as the "finalizing" the security sensitive control
registers. Doing it at the conclusion of CPU initialization makes sense.

b) start_kernel()
rest_init()
kernel_init()
kernel_init_freeable()
do_pre_smp_initcalls()
early_initcall()

We could push the pinning until early_initcall() since that happens just
before SMP bringup as well the init process being executed. But, I don't
see any benefit to doing that.

Most of the stuff between arch_cpu_finalize_init() and rest_init() seems
to be arch agnostic (except maybe ACPI). Though the likelihood of
anything touching the pinned bits is low, it would be better to have the
bits pinned and complain if someone modifies them.

I am inclined towards arch_cpu_finalize_init() but I don't have a strong
preference. Dave, is there any other aspect I should consider?

> BTW, ideally, you'd get an ack from one of the folks who put the CR
> pinning in the kernel in the first place to make sure this isn't
> breaking the mechanism in any important ways.

Kees, do you have any preference or suggestions?

Next message: Sam Protsenko: "[PATCH] arm64: dts: exynos: Add Ethernet node for E850-96 board"
Previous message: Guenter Roeck: "Re: [PATCH 1/3] hwmon: (asus-ec-sensors) add STRIX B850-I GAMING WIFI"
Next in thread: Dave Hansen: "Re: [PATCHv9 04/16] x86/cpu: Defer CR pinning setup until core initcall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]