From nobody Sun Apr 28 22:59:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673879914011329.6706172014219; Mon, 16 Jan 2023 06:38:34 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.478650.742006 (Exim 4.92) (envelope-from ) id 1pHQcc-0003n1-25; Mon, 16 Jan 2023 14:38:02 +0000 Received: by outflank-mailman (output) from mailman id 478650.742006; Mon, 16 Jan 2023 14:38:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcb-0003kj-Pq; Mon, 16 Jan 2023 14:38:01 +0000 Received: by outflank-mailman (input) for mailman id 478650; Mon, 16 Jan 2023 14:38:00 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQca-0002Pl-Ex for xen-devel@lists.xenproject.org; Mon, 16 Jan 2023 14:38:00 +0000 Received: from casper.infradead.org (casper.infradead.org [2001:8b0:10b:1236::1]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 5f9efc28-95ab-11ed-91b6-6bf2151ebd3b; Mon, 16 Jan 2023 15:37:59 +0100 (CET) Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1pHQcT-008oZ5-S7; Mon, 16 Jan 2023 14:37:54 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id E59A8300C0C; Mon, 16 Jan 2023 15:37:38 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id ADBD820B75F3D; Mon, 16 Jan 2023 15:37:38 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5f9efc28-95ab-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=rHjspetb6Sj1qMw4IETTuTuaCFumb5EYx3riiNCTYv8=; b=cxz2ZJ+y57FVH0axH7GJ3/SDvk SfIli5aMNXUCBqSZ5s0hpQ541ETtZeXdeKeGN56Ebrzzk0C4N9eLXGVlRGHVrQ5JzV49oWAUTb+Qe Kn4rI0WMLi8kkdccgmv96vW1qIQzU99aMQ1+XNeo6itRotmYQ0j8+xlhlEUBQ0ztiZvuG2cxAChr6 22QxIhtpXZ6ZvAkrMLo5HT7ZYfsHVWzIJ2yKMB5H3w81SPg3IvAOF/XqgpTenKxT3AR/Anre1jbBa 5T4FbzmfMt67wCGdvro8HFHivVFFtpRbdX2x3wnviudr35z2uOGNZgbxfcNisa/ZFz7Fzu5vDAznP UN6EINCw==; Message-ID: <20230116143645.589522290@infradead.org> User-Agent: quilt/0.66 Date: Mon, 16 Jan 2023 15:25:34 +0100 From: Peter Zijlstra To: x86@kernel.org, Joan Bruguera Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, Juergen Gross , "Rafael J. Wysocki" , xen-devel , Jan Beulich , Roger Pau Monne , Kees Cook , mark.rutland@arm.com, Andrew Cooper , =?UTF-8?q?J=C3=B6rg=20R=C3=B6del?= , "H. Peter Anvin" , jroedel@suse.de Subject: [PATCH v2 1/7] x86/boot: Remove verify_cpu() from secondary_startup_64() References: <20230116142533.905102512@infradead.org> MIME-Version: 1.0 X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1673879915062100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The boot trampolines from trampoline_64.S have code flow like: 16bit BIOS SEV-ES 64bit EFI trampoline_start() sev_es_trampoline_start() trampoline_start_64() verify_cpu() | | switch_to_protected: <---------------' v | pa_trampoline_compat() v | startup_32() <-----------------------------------------------' | v startup_64() | v tr_start() :=3D head_64.S:secondary_startup_64() Since AP bringup always goes through the 16bit BIOS path (EFI doesn't touch the APs), there is already a verify_cpu() invocation. Removing the verify_cpu() invocation from secondary_startup_64() renders the whole secondary_startup_64_no_verify() thing moot, so remove that too. Cc: jroedel@suse.de Cc: hpa@zytor.com Fixes: e81dc127ef69 ("x86/callthunks: Add call patching for call depth trac= king") Reported-by: Joan Bruguera Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Ingo Molnar --- arch/x86/include/asm/realmode.h | 1 - arch/x86/kernel/head_64.S | 16 ---------------- arch/x86/realmode/init.c | 6 ------ 3 files changed, 23 deletions(-) --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -73,7 +73,6 @@ extern unsigned char startup_32_smp[]; extern unsigned char boot_gdt[]; #else extern unsigned char secondary_startup_64[]; -extern unsigned char secondary_startup_64_no_verify[]; #endif =20 static inline size_t real_mode_size_needed(void) --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -143,22 +143,6 @@ SYM_CODE_START(secondary_startup_64) * after the boot processor executes this code. */ =20 - /* Sanitize CPU configuration */ - call verify_cpu - - /* - * The secondary_startup_64_no_verify entry point is only used by - * SEV-ES guests. In those guests the call to verify_cpu() would cause - * #VC exceptions which can not be handled at this stage of secondary - * CPU bringup. - * - * All non SEV-ES systems, especially Intel systems, need to execute - * verify_cpu() above to make sure NX is enabled. - */ -SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL) - UNWIND_HINT_EMPTY - ANNOTATE_NOENDBR - /* * Retrieve the modifier (SME encryption mask if SME is active) to be * added to the initial pgdir entry that will be programmed into CR3. --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -74,12 +74,6 @@ static void __init sme_sev_setup_real_mo th->flags |=3D TH_FLAGS_SME_ACTIVE; =20 if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) { - /* - * Skip the call to verify_cpu() in secondary_startup_64 as it - * will cause #VC exceptions when the AP can't handle them yet. - */ - th->start =3D (u64) secondary_startup_64_no_verify; - if (sev_es_setup_ap_jump_table(real_mode_header)) panic("Failed to get/update SEV-ES AP Jump Table"); } From nobody Sun Apr 28 22:59:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673879914091194.47310157216566; Mon, 16 Jan 2023 06:38:34 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.478644.741944 (Exim 4.92) (envelope-from ) id 1pHQcX-0002Q3-4I; Mon, 16 Jan 2023 14:37:57 +0000 Received: by outflank-mailman (output) from mailman id 478644.741944; Mon, 16 Jan 2023 14:37:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcX-0002Pw-1P; Mon, 16 Jan 2023 14:37:57 +0000 Received: by outflank-mailman (input) for mailman id 478644; Mon, 16 Jan 2023 14:37:54 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcU-0002Pk-77 for xen-devel@lists.xenproject.org; Mon, 16 Jan 2023 14:37:54 +0000 Received: from casper.infradead.org (casper.infradead.org [2001:8b0:10b:1236::1]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 59b18eec-95ab-11ed-b8d0-410ff93cb8f0; Mon, 16 Jan 2023 15:37:51 +0100 (CET) Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1pHQcT-008oZ7-Sz; Mon, 16 Jan 2023 14:37:54 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id E3A5C3007DA; Mon, 16 Jan 2023 15:37:38 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id AF96620306BCC; Mon, 16 Jan 2023 15:37:38 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 59b18eec-95ab-11ed-b8d0-410ff93cb8f0 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=/Xw5T+5vUqgsMfvHO/2XJeMLoksLNzw5fViFdsAKWFI=; b=Eq3y0scguUgdkMj79Zzk6GCrvF hQAhEQP/E7cAerOW9szVqcnkFmKfzWUaiZxup/I+SMwXzVRopqfn4zPHPbmkQufcFo19M0uELMYv/ kYPxOMfLbqjIwv9QIGVc5oiVosXskQwBXNQfwBy/jDHeBBuxrkRaeFIhaA+Tm2XLDqfwvxvnRyH0O rvOYW2PlqyMs+3qT9hF1XykM1+ON8wTIDA4x8JJJGyRjveBRsW6uZuMNrQ9P/htuomhOyIDx2ZWUH ITNdFmVF/slE93TC/wZdRxX36dsgHyfS5wX7wOPPamJ7fIEFgb5fD7j0P6Cn79iKWZ/XYGoYdt6+A rE5ri56A==; Message-ID: <20230116143645.649204101@infradead.org> User-Agent: quilt/0.66 Date: Mon, 16 Jan 2023 15:25:35 +0100 From: Peter Zijlstra To: x86@kernel.org, Joan Bruguera Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, Juergen Gross , "Rafael J. Wysocki" , xen-devel , Jan Beulich , Roger Pau Monne , Kees Cook , mark.rutland@arm.com, Andrew Cooper , =?UTF-8?q?J=C3=B6rg=20R=C3=B6del?= , "H. Peter Anvin" Subject: [PATCH v2 2/7] x86/boot: Delay sev_verify_cbit() a bit References: <20230116142533.905102512@infradead.org> MIME-Version: 1.0 X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1673879916691100004 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Per the comment it is important to call sev_verify_cbit() before the first RET instruction, this means we can delay calling this until more of the CPU state is set up, specifically delay this until GS is 'sane' such that per-cpu variables work. Fixes: e81dc127ef69 ("x86/callthunks: Add call patching for call depth trac= king") Reported-by: Joan Bruguera Signed-off-by: Peter Zijlstra (Intel) --- arch/x86/kernel/head_64.S | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -185,19 +185,6 @@ SYM_CODE_START(secondary_startup_64) addq phys_base(%rip), %rax =20 /* - * For SEV guests: Verify that the C-bit is correct. A malicious - * hypervisor could lie about the C-bit position to perform a ROP - * attack on the guest by writing to the unencrypted stack and wait for - * the next RET instruction. - * %rsi carries pointer to realmode data and is callee-clobbered. Save - * and restore it. - */ - pushq %rsi - movq %rax, %rdi - call sev_verify_cbit - popq %rsi - - /* * Switch to new page-table * * For the boot CPU this switches to early_top_pgt which still has the @@ -265,6 +252,19 @@ SYM_CODE_START(secondary_startup_64) */ movq initial_stack(%rip), %rsp =20 + /* + * For SEV guests: Verify that the C-bit is correct. A malicious + * hypervisor could lie about the C-bit position to perform a ROP + * attack on the guest by writing to the unencrypted stack and wait for + * the next RET instruction. + * %rsi carries pointer to realmode data and is callee-clobbered. Save + * and restore it. + */ + pushq %rsi + movq %rax, %rdi + call sev_verify_cbit + popq %rsi + /* Setup and Load IDT */ pushq %rsi call early_setup_idt From nobody Sun Apr 28 22:59:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673879905040499.94174467512016; Mon, 16 Jan 2023 06:38:25 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.478651.742021 (Exim 4.92) (envelope-from ) id 1pHQcd-0004EL-SX; Mon, 16 Jan 2023 14:38:03 +0000 Received: by outflank-mailman (output) from mailman id 478651.742021; Mon, 16 Jan 2023 14:38:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcd-0004Dw-Nq; Mon, 16 Jan 2023 14:38:03 +0000 Received: by outflank-mailman (input) for mailman id 478651; Mon, 16 Jan 2023 14:38:01 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcb-0002Pk-D9 for xen-devel@lists.xenproject.org; Mon, 16 Jan 2023 14:38:01 +0000 Received: from desiato.infradead.org (desiato.infradead.org [2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 5f817ab7-95ab-11ed-b8d0-410ff93cb8f0; Mon, 16 Jan 2023 15:37:59 +0100 (CET) Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.96 #2 (Red Hat Linux)) id 1pHQc7-005csw-18; Mon, 16 Jan 2023 14:37:32 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id DE246300652; Mon, 16 Jan 2023 15:37:38 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id B311720EF0A20; Mon, 16 Jan 2023 15:37:38 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5f817ab7-95ab-11ed-b8d0-410ff93cb8f0 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=ts2f9zMhByBtAAtY3UBCAh5kpNSswewgiYAUfY8HRdU=; b=aGBhaLZsy7tRmU8DfE6K+TDDO0 vuZ+yzEJlLmyIkJpKj5j6TVZcKHJw7LV5zhoweNmIAXEhyqNbDctZ6rxIemADC20CHJlks7N8JIx+ K5F4VyyMc1wR1Ib2pi1CQk44Pzj8XTpGUHCP4oZt5ZuUo1cEJm9pBXD/3o3j4D+/yj051n7fxMsXX 9AcOJ4ti/xsLZ0KgZKwSKrmlvgRdCt+MP/E3zPoSa5b3jgTI5IW4LJAlgGIKa96qCBr3IpBr3kI5N Tg9J6WHAyn2j5+4GcLAyMQZQrgoS+GXww4z8hdfHou6kXyg3O02NeUUJTaNy52X7cIFx8XWm84+1+ NZWTDZ8g==; Message-ID: <20230116143645.708895882@infradead.org> User-Agent: quilt/0.66 Date: Mon, 16 Jan 2023 15:25:36 +0100 From: Peter Zijlstra To: x86@kernel.org, Joan Bruguera Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, Juergen Gross , "Rafael J. Wysocki" , xen-devel , Jan Beulich , Roger Pau Monne , Kees Cook , mark.rutland@arm.com, Andrew Cooper , =?UTF-8?q?J=C3=B6rg=20R=C3=B6del?= , "H. Peter Anvin" Subject: [PATCH v2 3/7] x86/power: De-paravirt restore_processor_state() References: <20230116142533.905102512@infradead.org> MIME-Version: 1.0 X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1673879910557100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Since Xen PV doesn't use restore_processor_state(), and we're going to have to avoid CALL/RET until at least GS is restored, de-paravirt the easy bits. Fixes: e81dc127ef69 ("x86/callthunks: Add call patching for call depth trac= king") Reported-by: Joan Bruguera Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Juergen Gross --- arch/x86/power/cpu.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c @@ -197,25 +197,25 @@ static void notrace __restore_processor_ struct cpuinfo_x86 *c; =20 if (ctxt->misc_enable_saved) - wrmsrl(MSR_IA32_MISC_ENABLE, ctxt->misc_enable); + native_wrmsrl(MSR_IA32_MISC_ENABLE, ctxt->misc_enable); /* * control registers */ /* cr4 was introduced in the Pentium CPU */ #ifdef CONFIG_X86_32 if (ctxt->cr4) - __write_cr4(ctxt->cr4); + native_write_cr4(ctxt->cr4); #else /* CONFIG X86_64 */ - wrmsrl(MSR_EFER, ctxt->efer); - __write_cr4(ctxt->cr4); + native_wrmsrl(MSR_EFER, ctxt->efer); + native_write_cr4(ctxt->cr4); #endif - write_cr3(ctxt->cr3); - write_cr2(ctxt->cr2); - write_cr0(ctxt->cr0); + native_write_cr3(ctxt->cr3); + native_write_cr2(ctxt->cr2); + native_write_cr0(ctxt->cr0); =20 /* Restore the IDT. */ - load_idt(&ctxt->idt); + native_load_idt(&ctxt->idt); =20 /* * Just in case the asm code got us here with the SS, DS, or ES @@ -230,7 +230,7 @@ static void notrace __restore_processor_ * handlers or in complicated helpers like load_gs_index(). */ #ifdef CONFIG_X86_64 - wrmsrl(MSR_GS_BASE, ctxt->kernelmode_gs_base); + native_wrmsrl(MSR_GS_BASE, ctxt->kernelmode_gs_base); #else loadsegment(fs, __KERNEL_PERCPU); #endif @@ -246,15 +246,15 @@ static void notrace __restore_processor_ loadsegment(ds, ctxt->es); loadsegment(es, ctxt->es); loadsegment(fs, ctxt->fs); - load_gs_index(ctxt->gs); + native_load_gs_index(ctxt->gs); =20 /* * Restore FSBASE and GSBASE after restoring the selectors, since * restoring the selectors clobbers the bases. Keep in mind * that MSR_KERNEL_GS_BASE is horribly misnamed. */ - wrmsrl(MSR_FS_BASE, ctxt->fs_base); - wrmsrl(MSR_KERNEL_GS_BASE, ctxt->usermode_gs_base); + native_wrmsrl(MSR_FS_BASE, ctxt->fs_base); + native_wrmsrl(MSR_KERNEL_GS_BASE, ctxt->usermode_gs_base); #else loadsegment(gs, ctxt->gs); #endif From nobody Sun Apr 28 22:59:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673879918007859.4809593558756; Mon, 16 Jan 2023 06:38:38 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.478647.741977 (Exim 4.92) (envelope-from ) id 1pHQcZ-0003AB-Uw; Mon, 16 Jan 2023 14:37:59 +0000 Received: by outflank-mailman (output) from mailman id 478647.741977; Mon, 16 Jan 2023 14:37:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcZ-0003A4-Rq; Mon, 16 Jan 2023 14:37:59 +0000 Received: by outflank-mailman (input) for mailman id 478647; Mon, 16 Jan 2023 14:37:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcY-0002Pl-BF for xen-devel@lists.xenproject.org; Mon, 16 Jan 2023 14:37:58 +0000 Received: from casper.infradead.org (casper.infradead.org [2001:8b0:10b:1236::1]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 5e68e912-95ab-11ed-91b6-6bf2151ebd3b; Mon, 16 Jan 2023 15:37:57 +0100 (CET) Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1pHQcT-008oZ6-SE; Mon, 16 Jan 2023 14:37:54 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id E016530073F; Mon, 16 Jan 2023 15:37:38 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id B816220B75F29; Mon, 16 Jan 2023 15:37:38 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5e68e912-95ab-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=dtG3CCLzMA0i0qOsNCGAACCWIWjzH+RX76nYJr/7nUg=; b=mNSQfQeUAAjFw9ESss496f+Z7Q u0TgyafjRhE1gQwftI2iBVWQ3NaSLG34VdbAWazXouiYsRdKyzqy1wML0X2573JOCsV/N0PK5k2F2 TPov7/LEGoLwGuZcybAwU9tHaa3wffyOD9zxSarAfZ29Q4WErfXs+qrs4jgpQMpEdyO9/ORvp95nX EjaMEymmS+cwIurns0c3wEq3uE17tL2K8Hwq/Ex3y3gpAT4bxe9pp5k86FtmXoW5UtC3/6pfTmVtZ 8qPTNYgKrdqtoTo1pP63NdYMrqwT3UhPTSsaXrAPfezN6rdi70FJ8sxMqiPPuMxRvDSFpPFtdzk0Q gXratnhg==; Message-ID: <20230116143645.768035056@infradead.org> User-Agent: quilt/0.66 Date: Mon, 16 Jan 2023 15:25:37 +0100 From: Peter Zijlstra To: x86@kernel.org, Joan Bruguera Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, Juergen Gross , "Rafael J. Wysocki" , xen-devel , Jan Beulich , Roger Pau Monne , Kees Cook , mark.rutland@arm.com, Andrew Cooper , =?UTF-8?q?J=C3=B6rg=20R=C3=B6del?= , "H. Peter Anvin" Subject: [PATCH v2 4/7] x86/power: Inline write_cr[04]() References: <20230116142533.905102512@infradead.org> MIME-Version: 1.0 X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1673879918853100002 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Since we can't do CALL/RET until GS is restored and CR[04] pinning is of dubious value in this code path, simply write the stored values. Fixes: e81dc127ef69 ("x86/callthunks: Add call patching for call depth trac= king") Reported-by: Joan Bruguera Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Kees Cook --- arch/x86/power/cpu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c @@ -208,11 +208,11 @@ static void notrace __restore_processor_ #else /* CONFIG X86_64 */ native_wrmsrl(MSR_EFER, ctxt->efer); - native_write_cr4(ctxt->cr4); + asm volatile("mov %0,%%cr4": "+r" (ctxt->cr4) : : "memory"); #endif native_write_cr3(ctxt->cr3); native_write_cr2(ctxt->cr2); - native_write_cr0(ctxt->cr0); + asm volatile("mov %0,%%cr0": "+r" (ctxt->cr0) : : "memory"); =20 /* Restore the IDT. */ native_load_idt(&ctxt->idt); From nobody Sun Apr 28 22:59:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673879916989483.0227015664327; Mon, 16 Jan 2023 06:38:36 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.478649.741988 (Exim 4.92) (envelope-from ) id 1pHQca-0003JE-L0; Mon, 16 Jan 2023 14:38:00 +0000 Received: by outflank-mailman (output) from mailman id 478649.741988; Mon, 16 Jan 2023 14:38:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQca-0003EQ-BN; Mon, 16 Jan 2023 14:38:00 +0000 Received: by outflank-mailman (input) for mailman id 478649; Mon, 16 Jan 2023 14:37:58 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcY-0002Pk-T6 for xen-devel@lists.xenproject.org; Mon, 16 Jan 2023 14:37:58 +0000 Received: from casper.infradead.org (casper.infradead.org [2001:8b0:10b:1236::1]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 5cfbc166-95ab-11ed-b8d0-410ff93cb8f0; Mon, 16 Jan 2023 15:37:55 +0100 (CET) Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1pHQcU-008oZF-RG; Mon, 16 Jan 2023 14:37:55 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 56162300C6F; Mon, 16 Jan 2023 15:37:39 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id B9FA620EF0A23; Mon, 16 Jan 2023 15:37:38 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5cfbc166-95ab-11ed-b8d0-410ff93cb8f0 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=Mc6JE/lSqhoI08ZCOd1MO1vmLEzmsp/ETRSpv4hRS+8=; b=T1nrQTJttu/3Jnm9EJrYVDiMxC s34Y8QKh6Os9ywtC1Z1w2DiWPN6Xf9K5GkRtu6DtxWWsA8ej0VDBcu9iVcitzgXSTWCKMPsZsT/yv UyAjSANcObXIQvCe1J1cb2ZFm0PgpHHKh22ywjkdRZY49ET7hYiwVX9R/AkWzL156Ux4u1mcKbpW3 wubPrTdQVa+IM+KQkoM2pcN0SQ8YrHNTvKlSQpXlxOMZ0Z7Y2ts9qxviLI1ZgAHkTz7oQ5Z95SZu9 jTowvNgMdlt4jqLsw2QD7LpDyIe1S1Qwn8XSQdU41tuNFe9PXsjS6ESqii8W89Nd11lkxG5d+ERsF kQkbM/9A==; Message-ID: <20230116143645.829076358@infradead.org> User-Agent: quilt/0.66 Date: Mon, 16 Jan 2023 15:25:38 +0100 From: Peter Zijlstra To: x86@kernel.org, Joan Bruguera Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, Juergen Gross , "Rafael J. Wysocki" , xen-devel , Jan Beulich , Roger Pau Monne , Kees Cook , mark.rutland@arm.com, Andrew Cooper , =?UTF-8?q?J=C3=B6rg=20R=C3=B6del?= , "H. Peter Anvin" Subject: [PATCH v2 5/7] x86/callthunk: No callthunk for restore_processor_state() References: <20230116142533.905102512@infradead.org> MIME-Version: 1.0 X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1673879918852100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Joan Bruguera When resuming from suspend we don't have coherent CPU state, trying to do callthunks here isn't going to work. Specifically GS isn't set yet. Fixes: e81dc127ef69 ("x86/callthunks: Add call patching for call depth trac= king") Signed-off-by: Joan Bruguera Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20230109040531.7888-1-joanbrugueram@gmail.c= om --- arch/x86/kernel/callthunks.c | 5 +++++ arch/x86/power/cpu.c | 3 +++ 2 files changed, 8 insertions(+) --- a/arch/x86/kernel/callthunks.c +++ b/arch/x86/kernel/callthunks.c @@ -7,6 +7,7 @@ #include #include #include +#include =20 #include #include @@ -151,6 +152,10 @@ static bool skip_addr(void *dest) dest < (void*)hypercall_page + PAGE_SIZE) return true; #endif +#ifdef CONFIG_PM_SLEEP + if (dest =3D=3D restore_processor_state) + return true; +#endif return false; } From nobody Sun Apr 28 22:59:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 167387991627926.440037025849165; Mon, 16 Jan 2023 06:38:36 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.478645.741949 (Exim 4.92) (envelope-from ) id 1pHQcX-0002Sf-DT; Mon, 16 Jan 2023 14:37:57 +0000 Received: by outflank-mailman (output) from mailman id 478645.741949; Mon, 16 Jan 2023 14:37:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcX-0002Rt-8S; Mon, 16 Jan 2023 14:37:57 +0000 Received: by outflank-mailman (input) for mailman id 478645; Mon, 16 Jan 2023 14:37:55 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcV-0002Pl-2i for xen-devel@lists.xenproject.org; Mon, 16 Jan 2023 14:37:55 +0000 Received: from casper.infradead.org (casper.infradead.org [2001:8b0:10b:1236::1]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 5bd6f224-95ab-11ed-91b6-6bf2151ebd3b; Mon, 16 Jan 2023 15:37:53 +0100 (CET) Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1pHQcU-008oZG-So; Mon, 16 Jan 2023 14:37:55 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 56119300C50; Mon, 16 Jan 2023 15:37:39 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id BEB6220D304B0; Mon, 16 Jan 2023 15:37:38 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5bd6f224-95ab-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=eW1eJS20PBPNIc/x7hkOEbhV5Z70C96GEP7VlPQr3GE=; b=bkEUaHzN3DU2Ozeq31w4gh/n2o R6F441bq+sbQaHOybPyF32cPvwYN0zd7oUr9R4K9RCdt8hDgWzWxaj2YBgmp4DkR9+D8F5Gs4dYOt 9lUNiL9h6dmbWadpBSYOt2SznC7hv64myxTtyscypeuWaItFMH/MD2H9N+RHOQ0ha2uXGYbfnTpp+ NghLUZyPGSsWGWKu+nqt7jQ7P4s9CMg2/V9GnkXxMdKljoX9C9dsDu4q8LkBDu52HDGHBkiTsolMw vvwHa2GRba1mlCVFQpftSw0QHpUi6oRrEyKnr2j/V09JyB9VCvK9zjxBViUdKEbhTQhWC7ktrQ+hh hJ6cgCPA==; Message-ID: <20230116143645.888786209@infradead.org> User-Agent: quilt/0.66 Date: Mon, 16 Jan 2023 15:25:39 +0100 From: Peter Zijlstra To: x86@kernel.org, Joan Bruguera Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, Juergen Gross , "Rafael J. Wysocki" , xen-devel , Jan Beulich , Roger Pau Monne , Kees Cook , mark.rutland@arm.com, Andrew Cooper , =?UTF-8?q?J=C3=B6rg=20R=C3=B6del?= , "H. Peter Anvin" Subject: [PATCH v2 6/7] x86/power: Sprinkle some noinstr References: <20230116142533.905102512@infradead.org> MIME-Version: 1.0 X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1673879918854100003 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Ensure no compiler instrumentation sneaks in while restoring the CPU state. Specifically we can't handle CALL/RET until GS is restored. Signed-off-by: Peter Zijlstra (Intel) --- arch/x86/power/cpu.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c @@ -192,7 +192,7 @@ static void fix_processor_context(void) * The asm code that gets us here will have restored a usable GDT, although * it will be pointing to the wrong alias. */ -static void notrace __restore_processor_state(struct saved_context *ctxt) +static __always_inline void __restore_processor_state(struct saved_context= *ctxt) { struct cpuinfo_x86 *c; =20 @@ -235,6 +235,13 @@ static void notrace __restore_processor_ loadsegment(fs, __KERNEL_PERCPU); #endif =20 + /* + * Definitely wrong, but at this point we should have at least enough + * to do CALL/RET (consider SKL callthunks) and this avoids having + * to deal with the noinstr explosion for now :/ + */ + instrumentation_begin(); + /* Restore the TSS, RO GDT, LDT, and usermode-relevant MSRs. */ fix_processor_context(); =20 @@ -276,10 +283,12 @@ static void notrace __restore_processor_ * because some of the MSRs are "emulated" in microcode. */ msr_restore_context(ctxt); + + instrumentation_end(); } =20 /* Needed by apm.c */ -void notrace restore_processor_state(void) +void noinstr restore_processor_state(void) { __restore_processor_state(&saved_context); } From nobody Sun Apr 28 22:59:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673879914910124.04699282361582; Mon, 16 Jan 2023 06:38:34 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.478646.741965 (Exim 4.92) (envelope-from ) id 1pHQcY-0002uH-MO; Mon, 16 Jan 2023 14:37:58 +0000 Received: by outflank-mailman (output) from mailman id 478646.741965; Mon, 16 Jan 2023 14:37:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcY-0002uA-IQ; Mon, 16 Jan 2023 14:37:58 +0000 Received: by outflank-mailman (input) for mailman id 478646; Mon, 16 Jan 2023 14:37:57 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pHQcW-0002Pl-HV for xen-devel@lists.xenproject.org; Mon, 16 Jan 2023 14:37:57 +0000 Received: from desiato.infradead.org (desiato.infradead.org [2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 5ccb2147-95ab-11ed-91b6-6bf2151ebd3b; Mon, 16 Jan 2023 15:37:55 +0100 (CET) Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.96 #2 (Red Hat Linux)) id 1pHQc8-005csz-1j; Mon, 16 Jan 2023 14:37:33 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 56FD1300C9D; Mon, 16 Jan 2023 15:37:39 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id C252D20EF0A28; Mon, 16 Jan 2023 15:37:38 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5ccb2147-95ab-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=w9+PAdJk73UH2Fl3uPAAs4wgk5kyO76VlH+ufUk/PX4=; b=OB3RdkQh/z8SFHj5199h+5XxCG thtkjKdk+ckbxf7Iellx2ZelkT1vO3AvWAgAjOiq8fzpCJwR6AC2SkmBx8R0Lr5PfqM/r3BVOSesf iNTTF8J0Dh6dYSuq81Aos7ogKJWM8VOUSyQK3UNQsqCLKlLOI0+qQzX7Hru0M/PxVUOf8M3fiPwcL XUNEPBzCO1X90Eazd5t/tUXX6nnvwXa2NznHU7elGvs2Vf9jjgratRjuPAlLu2YOjbhnfusCUjccb 9glOoHYAYwuO41FGkPxDyw2EqP509qne4J5wYOpjcjdfHCeOJ6BFrHWxncvKtAlQKHBLhyYXy8uSD vFlY2FHg==; Message-ID: <20230116143645.948125465@infradead.org> User-Agent: quilt/0.66 Date: Mon, 16 Jan 2023 15:25:40 +0100 From: Peter Zijlstra To: x86@kernel.org, Joan Bruguera Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, Juergen Gross , "Rafael J. Wysocki" , xen-devel , Jan Beulich , Roger Pau Monne , Kees Cook , mark.rutland@arm.com, Andrew Cooper , =?UTF-8?q?J=C3=B6rg=20R=C3=B6del?= , "H. Peter Anvin" Subject: [PATCH v2 7/7] PM / hibernate: Add minimal noinstr annotations References: <20230116142533.905102512@infradead.org> MIME-Version: 1.0 X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1673879916685100003 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When resuming there must not be any code between swsusp_arch_suspend() and restore_processor_state() since the CPU state is ill defined at this point in time. Signed-off-by: Peter Zijlstra (Intel) --- kernel/power/hibernate.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -280,6 +280,32 @@ __weak int arch_resume_nosmt(void) return 0; } =20 +static noinstr int suspend_and_restore(void) +{ + int error; + + /* + * Strictly speaking swsusp_arch_suspend() should be noinstr too but it + * is typically written in asm, as such, assume it is good and shut up + * the validator. + */ + instrumentation_begin(); + error =3D swsusp_arch_suspend(); + instrumentation_end(); + + /* + * Architecture resume code 'returns' from the swsusp_arch_suspend() + * call and resumes execution here with some very dodgy machine state. + * + * Compiler instrumentation between these two calls (or in + * restore_processor_state() for that matter) will make life *very* + * interesting indeed. + */ + restore_processor_state(); + + return error; +} + /** * create_image - Create a hibernation image. * @platform_mode: Whether or not to use the platform driver. @@ -323,9 +349,7 @@ static int create_image(int platform_mod in_suspend =3D 1; save_processor_state(); trace_suspend_resume(TPS("machine_suspend"), PM_EVENT_HIBERNATE, true); - error =3D swsusp_arch_suspend(); - /* Restore control flow magically appears here */ - restore_processor_state(); + error =3D suspend_and_restore(); trace_suspend_resume(TPS("machine_suspend"), PM_EVENT_HIBERNATE, false); if (error) pr_err("Error %d creating image\n", error);