On 12/12/24 12:11, David Woodhouse wrote:
> From: David Woodhouse <dwmw@xxxxxxxxxxxx>
>
> The virtual mapping of the control page may have been _PAGE_GLOBAL and
> thus its PTE might not have been flushed on the %cr3 switch and it might
> effectively still be read-only. Move the writes to it down into the
> identity_mapped() function where the same %rip-relative addressing will
> get the new mapping.
>
> The stack is fine, as that's using the identity mapped address anyway.
Shouldn't we also ensure that Global entries don't bite anyone else?
Something like the completely untested attached patch?
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
index e9e88c342f752..ecbd77aab1221 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
@@ -155,6 +155,8 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
*/
andl $(X86_CR4_PAE | X86_CR4_LA57), %r13d
ALTERNATIVE "", __stringify(orl $X86_CR4_MCE, %r13d), X86_FEATURE_TDX_GUEST
+ /* Invalidate Global entries from the TLB: */
+ andq $~(X86_CR0_PGE), %r13d
movq %r13, %cr4
/* Flush the TLB (needed?) */
