On Fri, Feb 12, 2021 at 03:53:18PM +0100, Joerg Roedel wrote: > On Fri, Feb 12, 2021 at 03:17:57PM +0100, Peter Zijlstra wrote: > > On Fri, Feb 12, 2021 at 02:19:07PM +0100, Joerg Roedel wrote: > > > - Then we can pass this information up the boot process by > > > extending struct boot_params. The bootloader can pass which > > > E820 usable memory it validated, same for the kernel > > > decompressor. The text+data (but not bss) of the running > > > kernel image is per definition validated by the decompressor > > > and does not need to be added explicitly to boot_params. > > > > Even if all text+data is prevalidated, we'll probably still need some > > prevalidated bss and certainly some prevalidated percpu data (like the > > various stacks, but also crud like the percpu variable we store the DR7 > > shadow in etc..). > > The kernel sets up early exception handling in head_64.S, right after > setting MSR_GS_BASE. So per-cpu data can probably be be on-demand. For > bss you might be right. That's the thing, we don't want #VE to happen in noinstr code *ever*. noinstr covers the whole entry code, things like the syscall gap and nmi recursion setup. Getting a #VE there is fail. So most per-cpu data can be on-demand, but some of it must absolutely not be.
