Re: [PATCH v10 05/15] x86/cpu: Defer CR pinning enforcement until late_initcall()

Next message: Tim Chen: "Re: [PATCH 11/19] sched/fair: Identify busiest sched_group for LLC-aware load balancing"
Previous message: Randy Dunlap: "Re: [PATCH] htmldocs: userspace-api/dma-buf-heaps.rst: fix block quote warning"
In reply to: Sohil Mehta: "Re: [PATCH v10 05/15] x86/cpu: Defer CR pinning enforcement until late_initcall()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sohil Mehta

Date: Wed Oct 15 2025 - 17:17:28 EST

On 10/10/2025 1:45 PM, Sohil Mehta wrote:
>
> As we discussed in another thread, CR pinning has expanded beyond the
> original security related bits. They have become bits that are never
> expected to be modified once initialized. I wonder whether we could run
> into issues if the initial CR4 value on the APs doesn't have one of the
> pinned bits set. From a cursory look, everything should be fine (except
> maybe FRED). I could give it a try.
>

I tried this. Getting rid of the cr4_pinned_bits setting during
cr_init() seems to be working fine.

Xin says that there may be an existing issue with FRED, as CR4.FRED is
set before programming the FRED config MSRs in
cpu_init_fred_exceptions(). Any exceptions during that brief window,
though unlikely, would cause a triple fault. I think not setting
CR4.FRED might help the issue, but, I am not sure. I'll let Xin or Peter
evaluate this.

> But, is there a preference here? There is no additional cost of setting
> the pinned bits because we definitely need to program X86_CR4_PCIDE. Do
> we set the pinned bits along with that, or wait for the AP to go through
> the init flow and set them one by one?
>

As we are planning to defer CR pinning enforcement, I am inclining
towards getting rid of the following check in cr4_init().

if (static_branch_likely(&cr_pinning))
cr4 = (cr4 & ~cr4_pinned_mask) | cr4_pinned_bits;

AFAIU, this change shouldn't harm FRED. Resolving the existing FRED
issue can be done in a separate patch.