From nobody Fri Nov 22 03:37:15 2024
Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com
 [209.85.219.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 973921E2827
	for <linux-kernel@vger.kernel.org>; Wed,  9 Oct 2024 16:09:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.219.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728490149; cv=none;
 b=X5PyJpFmvTW4Rcajk50pZUqEWDsij9EdSG6GAF2ign87nXbZ2z0BADVlVlqEtzWCIq+4od/c9Y0rnHeOdbqz3I0o08rHO3gYj8knvbW6WPdzvwOEFlQXmyDLlrlbPGRYLRp44p704ax3GwyvGkuG42kV7SA0yZjYESld0CCF55M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728490149; c=relaxed/simple;
	bh=n8f+eWsGmScuFwG5dDubDwigdZfb6CilE2zs5pzESkg=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=KYoBcAXPIAAs5PuKXfDugO2AdjsYP/QkUoqgx8+tdMPhu9FcleL3lhVtv3HPFhQJcAiCMBS+wxLeHSyChY69Bgmaw4Q5bB8Mny8B9om2RFvPjNWhPVTjSe6CHLssvUJGAc2hFLY0Ajv7YWEHCw1QDDCjy2dMZVTpWuABWylOYss=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=bqxlR1Ad; arc=none smtp.client-ip=209.85.219.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="bqxlR1Ad"
Received: by mail-yb1-f201.google.com with SMTP id
 3f1490d57ef6-e24a31ad88aso8085729276.1
        for <linux-kernel@vger.kernel.org>;
 Wed, 09 Oct 2024 09:09:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728490146; x=1729094946;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=N4os8DmpWomyhdXT3uIE5sI0/fikMzrPBJolJZzSSPQ=;
        b=bqxlR1Adq1QmrIGrbhG/hIoWMB6bVQt03zRRiEYQRfiV/SkYjzltkBUw0eoCJ2JHQS
         zLf95Z2G3uiGsIQz34XEJX2jalMlOsy4njxoplguna7HHGoZbokOjxD90g3/b4Ioy3yS
         4ZrqmetmaYOR+eLlcWPC8wtyl9vizXr8gyEcZbquJPZ79a8acrFYWFyglP2/b+DZNKhe
         2cjykuQHE+P3ToS1rTX3SYleJIdwPzpnW+JLBQibH7g2YdmU/FyKY999S1GfcC/3kHDw
         3AIqkUEcOMEUbzpNlE3L1LvkzuREKw+uDTn+Ef91Uc5Ox3HduJ32Qe24MOMYwGWpgA6V
         Zrog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728490146; x=1729094946;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=N4os8DmpWomyhdXT3uIE5sI0/fikMzrPBJolJZzSSPQ=;
        b=Zn1rhkS8/HmdfmR8C1dEIFwdpQVM0V4LirzGsuFemwRLgWUbjL6nJV64fxOjHZkF9R
         gArwceDpJBJGLv6+ZHE6NpDNgt33+AagxJDmBpqvJLLD8uxz0ztg1Jg0WkZtWq3wRiGC
         uaqwZGOGzSuTWOcQWCchSwG+K+QgAUDlVOrnCNH66UzqDS98CRQDZx+GQ5sakPojG7cY
         3kpDh9aR/Xk44nTpxJrxh381JSyqMUUOnH0hW6tsJS8GeQxGVMv7bHHIwXskz0pUvbin
         IkTZlShAI1H2nhHVgSYkVkSu69DJy+5ZsB7vzJFl2KHhE+nXvpz2f3CXL+qRAu8VlmkT
         2mzw==
X-Gm-Message-State: AOJu0Ywcnpwvmswz06UR1KnTTqYTA7w4EXbu+MuS7DZiX/cJi0/kBdTr
	lmUIBtJNxR7asWw4+lWasSIzolr/HJW/tNSgCHChzKgzOiJIP89eXSDJzxklFiiz4izpSFLM4wo
	JgJoupxFYDAnuSRWTAMC1RB4le/nk/4ywkjxrsZm6pLQ6W8rjIvGgY2IBpy98PTuHK6NN+y1hfk
	6KNHI0v79v3J4/XDD+ryaq838k+RyEIQ==
X-Google-Smtp-Source: 
 AGHT+IFT6IBvqDFvd1nh9Nvp19An6mvh9GEkIy5aq6tG0DxKt0GfrpuME+IFqFwS7fy8QSz4NyDyDfDy
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a25:850d:0:b0:e25:5cb1:77d8 with SMTP id
 3f1490d57ef6-e28fe4edeb1mr2566276.6.1728490146127; Wed, 09 Oct 2024 09:09:06
 -0700 (PDT)
Date: Wed,  9 Oct 2024 18:04:40 +0200
In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241009160438.3884381-7-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1584; i=ardb@kernel.org;
 h=from:subject; bh=iWMVWWds+djQXEXyMG9PXtB+asvAc5L9HBTrJQ9xUI0=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5Qzb+5vWNIRfeP0j+K0038QHKYoJW6Ocbk1xPSMu9
 /ZLNUtyRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIlByGPzxHlDuFHVdUrt/r
 MSct7e16de7eyB6v8DvPj7HsC2gs3MrwT9XpV2I1e25o/5H0axwpbNmz58ruzF5mZerQszMwWMW
 EFwA=
X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog
Message-ID: <20241009160438.3884381-8-ardb+git@google.com>
Subject: [PATCH v3 1/5] x86/pvh: Call C code via the kernel virtual mapping
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jason Andryuk <jason.andryuk@amd.com>,
	Juergen Gross <jgross@suse.com>,
 Boris Ostrovsky <boris.ostrovsky@oracle.com>, x86@kernel.org,
	xen-devel@lists.xenproject.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Calling C code via a different mapping than it was linked at is
problematic, because the compiler assumes that RIP-relative and absolute
symbol references are interchangeable. GCC in particular may use
RIP-relative per-CPU variable references even when not using -fpic.

So call xen_prepare_pvh() via its kernel virtual mapping on x86_64, so
that those RIP-relative references produce the correct values. This
matches the pre-existing behavior for i386, which also invokes
xen_prepare_pvh() via the kernel virtual mapping before invoking
startup_32 with paging disabled again.

Fixes: 7243b93345f7 ("xen/pvh: Bootstrap PVH guest")
Tested-by: Jason Andryuk <jason.andryuk@amd.com>
Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/platform/pvh/head.S | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index 64fca49cd88f..ce4fd8d33da4 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S
@@ -172,7 +172,14 @@ SYM_CODE_START_LOCAL(pvh_start_xen)
 	movq %rbp, %rbx
 	subq $_pa(pvh_start_xen), %rbx
 	movq %rbx, phys_base(%rip)
-	call xen_prepare_pvh
+
+	/* Call xen_prepare_pvh() via the kernel virtual mapping */
+	leaq xen_prepare_pvh(%rip), %rax
+	subq phys_base(%rip), %rax
+	addq $__START_KERNEL_map, %rax
+	ANNOTATE_RETPOLINE_SAFE
+	call *%rax
+
 	/*
 	 * Clear phys_base.  __startup_64 will *add* to its value,
 	 * so reset to 0.
--=20
2.47.0.rc0.187.ge670bccf7e-goog
From nobody Fri Nov 22 03:37:15 2024
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BAB4D1E2843
	for <linux-kernel@vger.kernel.org>; Wed,  9 Oct 2024 16:09:09 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728490151; cv=none;
 b=BP6dVaqAm6mZEN0+F1POJbMmONC7W1b/oZ3nVaJzVzvnVGePAp5LFrUIc5FBKaAJziln1A/2HYWUWTKH33IBHeAakFU90oBrHiheAmuqKYwSEQLw+K5/1H8vQPces4u3DEEOSeDKq521uSQ3X1k+xF5i6Vv9ImEkgS8ujCx1Ajs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728490151; c=relaxed/simple;
	bh=9AwPjYKc1tTHReZqpWWep5mg1gQzX/K7LnvZvyHbqdY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=M2oM7a9mLJZFSaVxNAuycp8i5oaYP+MF0fdMCWnsjRcLY5OKSCuRzVed8rSfZHPqvrAO5XkZtwZdmy4VnufUiXEvDmvt5MEBQOyYTv1JsKMtjTdSdViDsVGeutl4cGuAXiklqly8qmUVK4yG0xYctXMfEcyHhUdiAQj/+Az070U=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Cea2cNNE; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Cea2cNNE"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-6886cd07673so316047b3.3
        for <linux-kernel@vger.kernel.org>;
 Wed, 09 Oct 2024 09:09:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728490149; x=1729094949;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=NGJVSpQBdEJnufx8hCONnOeuil0ovqsMOkm2dztukRI=;
        b=Cea2cNNESI+KsPNuy0EKjvFV1nZT8DwPXFvl9eaGQPW6xsPWiG4+WCL00zD4ues+BG
         +LbaegjmPedLyE038RMAtiwgMhjBA6NHLvJdiVUKc2Q1bfGjt6JH33rzR+2ruR60tGfA
         Cq/weGopehcSZuS0ZmUJj/VRwSlvbQyLnR6tC7L5pFVbV+4wsWEc0EbE8naM10QOiGtl
         D2BhdcMGfpQWOyf949WiopwvZGag41jU5I5VmlGz26Ba7WPEf8N1E0XD2Oyr8y7perSb
         1Pniz9ZDLXkMu6jYHeAuSu+c9VfNkVE/FWdvdrLqKHvEZCGs3DfbPsJHhjArO7PdKJEi
         cvDQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728490149; x=1729094949;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=NGJVSpQBdEJnufx8hCONnOeuil0ovqsMOkm2dztukRI=;
        b=N+VC1TwirDl4MqiX89EPGmfSsnbRvLGB9rn6extbcxjpfZ7eZeMCZNgLOIkvZq6OT1
         TqZMCbaJXHSvAgK4Vj7w5/3n26yNKT1jhE4m+CPiiNbtJrILJLib0iWxXTY5kuN3Ryd2
         SLpiQLmRv9JufkDYQSxpj6LpZI1qUp9z5Rd6Xs5sqZoWtkgjKIaXd8bcoHLqZl3xgYdd
         V0q+9qPiBdaYX44HM3yzLv5LkU2rf9ic9iTHKos99LGkErXfYbco1rJlAfuee2niBBlG
         5Dj0ynkVQrEjAMcSLVG4wgI/8sct/a/XnmYTnxjjJL1daNMpjZ0mQR4UUNFja2w9+vVW
         cf+A==
X-Gm-Message-State: AOJu0YyWnC1KQihe4NeJJLCyUnRm8FNnuN4LS9fe/aASncg/kcbvShcN
	neiU0EdUBSWR3Eha3lgAHjgySvLdy0fKS5tmeO2e/TFaEGQJWh+fTUVVIa+w6oMxH5GEgSNNnB3
	R37e5ep0yEEINGoas6dycdyLI7kQCVVwOIUhjuiQ/6V8lMTORDSJzTL8s3CTU5MYRzRAue2EAWk
	Suw6dnCZBIn9oZLzuRNrN8Z4LH0ec/Hg==
X-Google-Smtp-Source: 
 AGHT+IGcrpMuY+JUdG2304e6zDFXCrIjHXd1oEUvOKqh9gm+2UjFx6EJkS5NZtUvSSlBsb3U+IRyhrgW
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a5b:b86:0:b0:e0e:8b26:484e with SMTP id
 3f1490d57ef6-e28fe516b5amr2248276.8.1728490148421; Wed, 09 Oct 2024 09:09:08
 -0700 (PDT)
Date: Wed,  9 Oct 2024 18:04:41 +0200
In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241009160438.3884381-7-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=870; i=ardb@kernel.org;
 h=from:subject; bh=2aGbXNWak6ut+XUg0ikYbMbWC3UWCn0/S+aA/QUouf0=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5azmxVvPswZHXo+eZV99ILxaoHCZkO2ShWG1fzZfj
 dj+ce7DjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjARy+2MDA/ZrgbNPbtsYlDP
 rOq9G7Q6V597L3Jqq9sCbs3/wpEGh5MYGb78MV6wNolJSO21T0+OoIGEyFzrXQ6zdnhMFmFb/nZ
 dCgcA
X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog
Message-ID: <20241009160438.3884381-9-ardb+git@google.com>
Subject: [PATCH v3 2/5] x86/pvh: Use correct size value in GDT descriptor
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jason Andryuk <jason.andryuk@amd.com>,
	Juergen Gross <jgross@suse.com>,
 Boris Ostrovsky <boris.ostrovsky@oracle.com>, x86@kernel.org,
	xen-devel@lists.xenproject.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The limit field in a GDT descriptor is an inclusive bound, and therefore
one less than the size of the covered range.

Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
Tested-by: Jason Andryuk <jason.andryuk@amd.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/platform/pvh/head.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index ce4fd8d33da4..5a196fb3ebd8 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S
@@ -224,7 +224,7 @@ SYM_CODE_END(pvh_start_xen)
 	.section ".init.data","aw"
 	.balign 8
 SYM_DATA_START_LOCAL(gdt)
-	.word gdt_end - gdt_start
+	.word gdt_end - gdt_start - 1
 	.long _pa(gdt_start) /* x86-64 will overwrite if relocated. */
 	.word 0
 SYM_DATA_END(gdt)
--=20
2.47.0.rc0.187.ge670bccf7e-goog
From nobody Fri Nov 22 03:37:15 2024
Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com
 [209.85.128.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E7FE31E32AD
	for <linux-kernel@vger.kernel.org>; Wed,  9 Oct 2024 16:09:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728490153; cv=none;
 b=R+f5hYf914gSGuDeZl/QVdqgp2RsdIzDit+wp8mIVjyvXLAmPE8j2rK3B2f2hkcMb2lbgOXZ2apEmStDob8svPWo1VZ1/D39CVydQK5n/5z/wjjf1Y3MMUPqvhJlRcJ/TBNugTmAb9hBPrwyyp4pQgn7dHsewEoOpuxIa6QXuYg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728490153; c=relaxed/simple;
	bh=PSXPNvRpGkOAPBFmE9Lw9VEE3YdfkqX94PI8zXrXzjU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=gA83d8AAo101WGfI4IoLg+nwaItK6191r/RH8ab6JbOuqNUrHWCgf6mAxVj92aZhnCrOYK3QYrbyBPPMnbIS9nrrdPALESo94no+pIQeLOM4dz4aoOygrGyrx+5QsENNUokx9RiQQdbeFMBs6Z1WG7fV8S2LrG45FAio2GcvMBs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=TY62f18l; arc=none smtp.client-ip=209.85.128.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="TY62f18l"
Received: by mail-yw1-f202.google.com with SMTP id
 00721157ae682-6e2e5e376fcso335397b3.2
        for <linux-kernel@vger.kernel.org>;
 Wed, 09 Oct 2024 09:09:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728490151; x=1729094951;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=J4+JRDfPTu3i9TGQoGrO88TmpFKth6/64PHl7TNFJEg=;
        b=TY62f18lYFHqsSi/rvQhJJeowMIxYPxbcp6p64oStl5WKFlYP9lMuZe4xp8exBlKyB
         YeDnM+1u0e35LJ5rFfrdTEMeGchUKcnFt9GK8SN4FcjIO9JUTh2DIX5Zci/cv+qLwJzm
         OwALaiw6aIh5531YUOrns1KYVcudaPdmtxFJ1Qurcc503CIKdaBFncrlkESwAxAvf5Va
         52G0t9pkFc/Q+H82CmXZWgXV2hcejTOX6ysPaHFId4DlyxLW9CLRVkTIoVGXB8P+c+02
         3sw9jyxonlxg+DB/2DLi/Vw0Pf2jRirIqzdIc7+7T22XjhAoooxCnpstz1BphLnpL4qv
         t+cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728490151; x=1729094951;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=J4+JRDfPTu3i9TGQoGrO88TmpFKth6/64PHl7TNFJEg=;
        b=FD5FHCYyG8hyFu0mNFwBTjwvQqTmXXlFhw/dvIa6w4l6f8B3pT/7r8eiEA2/vzR3EE
         rcywID5gBut8PnzeJiiPeo+ffIMAJHdAvC6IjhaCzkO0mQ67eLOR/Z0rjvZuTNJRJubQ
         WNNUvJPcqrWr9TJJePobYHEEP8vkz+Brz7CrUdadqLTnR6HpUNtCCmdX+bOT5O3endXw
         nOjXzQ8IrNbCr8sZBMvtubFuxMyTZKxBrrULjJc9+bFc6d+pIk3U1qF/tM/sXoSlw/bg
         Qn70iVOyp03rgc7My6rAdDh0lD0xBiX0XO5Zrqis/pFkYYRPEXrSZf3Uvkc8CAjjYu5E
         a2dw==
X-Gm-Message-State: AOJu0Yz9f6CVzodvYTI3w8rX58fvZuAzsSZ6xzmjFhygdVAVUq/toKvr
	agFnN3hB5G0bQJ55rh72ViYqeApAYYhup3eiRxQaMVFEX1w5OBEavsV+TpRZye2huyMDZR91fUj
	nx67bWY/NX2Qe3CY2j9o6SKG4q6esC255kaRUj3jSRZgp8VfEYGo3ZFkyb4VTVbO9MHCVJi6nN4
	+sMSm6K0Mu6vehMbPtq7e27DHwiL58EQ==
X-Google-Smtp-Source: 
 AGHT+IHh/v1gqKUGM1BBNWYUx+HRB+/b48NbVa7MzzwrUC5bvv7YGG3nH+h3kZviumtVaikoqrrnQUYJ
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a05:690c:6206:b0:6dd:fda3:6568 with SMTP id
 00721157ae682-6e322466d9cmr656517b3.3.1728490150649; Wed, 09 Oct 2024
 09:09:10 -0700 (PDT)
Date: Wed,  9 Oct 2024 18:04:42 +0200
In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241009160438.3884381-7-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1010; i=ardb@kernel.org;
 h=from:subject; bh=+Q7W1GiOJkPeWPDKOBo9uqagjD9LHIgeoC2Mxh5XnwY=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5Wzjs1ffPY46eO1bpusehTCZdacXZnoeNXOLyWxmX
 DlH7szhjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRbdaMDEdb5ytZOn3ZKLTX
 pfp7dSXXttVy8e9+vy+Nfj5V1CyCNYrhv6uByoSdnzjS98bXX9fpSBD+LWc9+VSxb4XCOdMJ2zc
 7cQAA
X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog
Message-ID: <20241009160438.3884381-10-ardb+git@google.com>
Subject: [PATCH v3 3/5] x86/pvh: Omit needless clearing of phys_base
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jason Andryuk <jason.andryuk@amd.com>,
	Juergen Gross <jgross@suse.com>,
 Boris Ostrovsky <boris.ostrovsky@oracle.com>, x86@kernel.org,
	xen-devel@lists.xenproject.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Since commit

  d9ec1158056b ("x86/boot/64: Use RIP_REL_REF() to assign 'phys_base'")

phys_base is assigned directly rather than added to, so it is no longer
necessary to clear it after use.

Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
Tested-by: Jason Andryuk <jason.andryuk@amd.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/platform/pvh/head.S | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index 5a196fb3ebd8..7ca51a4da217 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S
@@ -180,13 +180,6 @@ SYM_CODE_START_LOCAL(pvh_start_xen)
 	ANNOTATE_RETPOLINE_SAFE
 	call *%rax
=20
-	/*
-	 * Clear phys_base.  __startup_64 will *add* to its value,
-	 * so reset to 0.
-	 */
-	xor  %rbx, %rbx
-	movq %rbx, phys_base(%rip)
-
 	/* startup_64 expects boot_params in %rsi. */
 	lea pvh_bootparams(%rip), %rsi
 	jmp startup_64
--=20
2.47.0.rc0.187.ge670bccf7e-goog
From nobody Fri Nov 22 03:37:15 2024
Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com
 [209.85.219.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 606DB1E909A
	for <linux-kernel@vger.kernel.org>; Wed,  9 Oct 2024 16:09:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.219.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728490155; cv=none;
 b=RFFswpAdx+sg6W5Wg5fgECpTpZwWLKCJKFpISzpYVA7aTmeYKUscQeQQcvFDHaPTA3LFimfWkVlU5K9VROJO2GZs1lyEYr51tJGMsN0goTpQMpufeB1Ug7g1U4Da7AFDWwDDeW83EH2wAbT+dyRK1tqkpY7nFEyfw47MPRBt8ng=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728490155; c=relaxed/simple;
	bh=fwh5LXxdisltEp+RjBo75HomKfALPkDu+Kt+4I1wDxo=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=qeqA8y+0S89XSMYICkwx21eZaflMa7PRmrGBlhNSQMfvsjsC4WDHXT2n+dgMzPw+imsTFfFe6uvS9DYEqrmq71kUe1ARE6jECJqqwgMpeuuEV93VwQKEMkaaq3zf90DYBGyZJ9AHC+dbGhVku6W+Qg7qG4zpyO+DrtE8nt2i7Sg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Q8mV3SKL; arc=none smtp.client-ip=209.85.219.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Q8mV3SKL"
Received: by mail-yb1-f202.google.com with SMTP id
 3f1490d57ef6-e26046ed465so10046461276.3
        for <linux-kernel@vger.kernel.org>;
 Wed, 09 Oct 2024 09:09:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728490153; x=1729094953;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=qfTuALibAeUjzZyHnaTNb0n9bb4hHeONDW14sDZ6lQE=;
        b=Q8mV3SKLOa7OAr/a60BanxS+wLxXdBCbZU7NDBXrIHyCcevM633xUppNvPqGgKRJ1N
         ADt/zGyT3CvYaMMfN2pHZAZekLMd+PrUOzr2u/ozrpYSS793d1Hyy+CwKJ+GnW2R3q3f
         z+KjPhzsUxJBc16M/t5E9WvHMDrKrWZBFdlGqoESAgoE5wQFEG+Eziyqa9rrTmugpulx
         OmfEDDMSo9BK0MBfTQKlU8oxR20SdGXgmN1IfK8fxqN2bmSQE6vCDWreHOnyPp2xPiKm
         De7Q+/GacVDrER7foYehJxbJz3JvDKreszeq0TjPnxKOnUmEqkQCgGsNczTWEJELMkvP
         /++w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728490153; x=1729094953;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=qfTuALibAeUjzZyHnaTNb0n9bb4hHeONDW14sDZ6lQE=;
        b=Fbvld5fQU9tF3WdmAoeX4G3gMQIJy4iA+GziKoAHngyOUTEcd2SmhyNh0/GYr2QG6q
         flPeJZf4UhKnoL5UUNhhQU+bib/xLJZzsJDQftUA2iK9Ov9+NOR56QrMlamEiJSvF87S
         5T/wnxw9M1X8okM66PJXHF/FpPETf0dmlUFOqGmPGEsw5vyg1ltImLR1mGybU0jpjVo6
         +Q/WBYlGjQuVB6JDrCdY2DgHDJGQmBPX+vdaA4z76wLg28A6rFZogrzMJdminwfBv8Pq
         b5MSy1o9aYphs2bsJ7RJ3U9LSbBGixyZyE1/U9AOLelIN9b8L8bk5LOkaQV5CEcTRCTJ
         l3ew==
X-Gm-Message-State: AOJu0YwCWy02N+gnKhwIoqP1jV0bvyDSitxbV84TtOweY8MFHuZI+Im+
	xFbvdUB12DEA6dczdgFsqHREjK8TBjbUC47NTWPblguUwdljcM6JEIDf5iRmYfRTus3/GvkVMVM
	kkEGifr7ViNEnei5Jo3JDhTZtOr306rP6Q8GMWCGW5x7DcsBFR3GXMmpwhIY6B5zJxbAUpnkGFc
	n3i3X6PxNMNwiSL52Nspp133UfLLWkDQ==
X-Google-Smtp-Source: 
 AGHT+IGSwzDDwa9vfi8McEdFMoR0PLLZMRY7iqvUgt19TSvNHlS6capqTKRHK6X82aIm2RwCa+IhAMD6
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a25:df09:0:b0:e28:fc1c:eb4d with SMTP id
 3f1490d57ef6-e28fe32b721mr58962276.1.1728490153207; Wed, 09 Oct 2024 09:09:13
 -0700 (PDT)
Date: Wed,  9 Oct 2024 18:04:43 +0200
In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241009160438.3884381-7-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=4449; i=ardb@kernel.org;
 h=from:subject; bh=AQt8zs3Emx4CUUaeR6x58jNDJibSKr6ifPlMsbVG+cQ=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5ZwCb7dpkU8nOf9OFdq2+mPT7Qerpm6yWpi6sTF9c
 YQ2O+P9jlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRHfMZ/vA9beh7s984n3lF
 nbt8C5vrhH0L+bUzNWZc2rptzvfbi9Yz/C/2LdZQ9yvoyEoxXnp71/ubzTvKvmpbXurczZbm/Dj
 kCAcA
X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog
Message-ID: <20241009160438.3884381-11-ardb+git@google.com>
Subject: [PATCH v3 4/5] x86/xen: Avoid relocatable quantities in Xen ELF notes
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jason Andryuk <jason.andryuk@amd.com>,
	Juergen Gross <jgross@suse.com>,
 Boris Ostrovsky <boris.ostrovsky@oracle.com>, x86@kernel.org,
	xen-devel@lists.xenproject.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Xen puts virtual and physical addresses into ELF notes that are treated
by the linker as relocatable by default. Doing so is not only pointless,
given that the ELF notes are only intended for consumption by Xen before
the kernel boots. It is also a KASLR leak, given that the kernel's ELF
notes are exposed via the world readable /sys/kernel/notes.

So emit these constants in a way that prevents the linker from marking
them as relocatable. This involves place-relative relocations (which
subtract their own virtual address from the symbol value) and linker
provided absolute symbols that add the address of the place to the
desired value.

Tested-by: Jason Andryuk <jason.andryuk@amd.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
---
 arch/x86/kernel/vmlinux.lds.S | 19 +++++++++++++++++++
 arch/x86/platform/pvh/head.S  |  6 +++---
 arch/x86/tools/relocs.c       |  1 +
 arch/x86/xen/xen-head.S       |  6 ++++--
 4 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 6726be89b7a6..495f88c9d9f8 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -527,3 +527,22 @@ INIT_PER_CPU(irq_stack_backing_store);
 #endif
=20
 #endif /* CONFIG_X86_64 */
+
+/*
+ * The symbols below are referenced using relative relocations in the
+ * respective ELF notes. This produces build time constants that the
+ * linker will never mark as relocatable. (Using just ABSOLUTE() is not
+ * sufficient for that).
+ */
+#ifdef CONFIG_XEN
+#ifdef CONFIG_XEN_PV
+xen_elfnote_entry_value =3D
+	ABSOLUTE(xen_elfnote_entry) + ABSOLUTE(startup_xen);
+#endif
+xen_elfnote_hypercall_page_value =3D
+	ABSOLUTE(xen_elfnote_hypercall_page) + ABSOLUTE(hypercall_page);
+#endif
+#ifdef CONFIG_PVH
+xen_elfnote_phys32_entry_value =3D
+	ABSOLUTE(xen_elfnote_phys32_entry) + ABSOLUTE(pvh_start_xen - LOAD_OFFSET=
);
+#endif
diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index 7ca51a4da217..e6f39d77f0b4 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S
@@ -52,7 +52,7 @@
 #define PVH_CS_SEL		(PVH_GDT_ENTRY_CS * 8)
 #define PVH_DS_SEL		(PVH_GDT_ENTRY_DS * 8)
=20
-SYM_CODE_START_LOCAL(pvh_start_xen)
+SYM_CODE_START(pvh_start_xen)
 	UNWIND_HINT_END_OF_STACK
 	cld
=20
@@ -300,5 +300,5 @@ SYM_DATA_END(pvh_level2_kernel_pgt)
 		     .long KERNEL_IMAGE_SIZE - 1)
 #endif
=20
-	ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY,
-	             _ASM_PTR (pvh_start_xen - __START_KERNEL_map))
+	ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY, .global xen_elfnote_phys32_entry;
+		xen_elfnote_phys32_entry: _ASM_PTR xen_elfnote_phys32_entry_value - .)
diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
index c101bed61940..3ede19ca8432 100644
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
@@ -56,6 +56,7 @@ static const char * const	sym_regex_kernel[S_NSYMTYPES] =
=3D {
 	[S_ABS] =3D
 	"^(xen_irq_disable_direct_reloc$|"
 	"xen_save_fl_direct_reloc$|"
+	"xen_elfnote_.+_offset$|"
 	"VDSO|"
 	"__kcfi_typeid_|"
 	"__crc_)",
diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 758bcd47b72d..7f6c69dbb816 100644
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
@@ -94,7 +94,8 @@ SYM_CODE_END(xen_cpu_bringup_again)
 	ELFNOTE(Xen, XEN_ELFNOTE_VIRT_BASE,      _ASM_PTR __START_KERNEL_map)
 	/* Map the p2m table to a 512GB-aligned user address. */
 	ELFNOTE(Xen, XEN_ELFNOTE_INIT_P2M,       .quad (PUD_SIZE * PTRS_PER_PUD))
-	ELFNOTE(Xen, XEN_ELFNOTE_ENTRY,          _ASM_PTR startup_xen)
+	ELFNOTE(Xen, XEN_ELFNOTE_ENTRY,          .globl xen_elfnote_entry;
+		xen_elfnote_entry: _ASM_PTR xen_elfnote_entry_value - .)
 	ELFNOTE(Xen, XEN_ELFNOTE_FEATURES,       .ascii "!writable_page_tables")
 	ELFNOTE(Xen, XEN_ELFNOTE_PAE_MODE,       .asciz "yes")
 	ELFNOTE(Xen, XEN_ELFNOTE_L1_MFN_VALID,
@@ -115,7 +116,8 @@ SYM_CODE_END(xen_cpu_bringup_again)
 #else
 # define FEATURES_DOM0 0
 #endif
-	ELFNOTE(Xen, XEN_ELFNOTE_HYPERCALL_PAGE, _ASM_PTR hypercall_page)
+	ELFNOTE(Xen, XEN_ELFNOTE_HYPERCALL_PAGE, .globl xen_elfnote_hypercall_pag=
e;
+		xen_elfnote_hypercall_page: _ASM_PTR xen_elfnote_hypercall_page_value - =
.)
 	ELFNOTE(Xen, XEN_ELFNOTE_SUPPORTED_FEATURES,
 		.long FEATURES_PV | FEATURES_PVH | FEATURES_DOM0)
 	ELFNOTE(Xen, XEN_ELFNOTE_LOADER,         .asciz "generic")
--=20
2.47.0.rc0.187.ge670bccf7e-goog
From nobody Fri Nov 22 03:37:15 2024
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CE1F1EABC6
	for <linux-kernel@vger.kernel.org>; Wed,  9 Oct 2024 16:09:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728490159; cv=none;
 b=E++MvvEIi9XsRTyYOhetWyGaYMU7oSgEyeSCepm2Z7pCqjbrxp92DEuqHUkuGaCyoPeAfetsdlleb4MUmPcA2UuAfB9rIpjnwt0BGMzNZ8+p/yfDbNK0bv7MoE4s8BwsnAz7juIZ0Sl9qqUEceYXWcP3auDG/szd9O42ZJPiHhM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728490159; c=relaxed/simple;
	bh=pL//0qcr9Tz7E2ekIXYnOj8H6vKZ2yTe3/02guDyE4k=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=qjpJoYtt2/hDDpogX6RWfdZXDYdWQz4WuZnGhErGIPACNSH9xNumyrdl+0Rrbp0jB3hU0YnMIqQDS/vbNlwQ0MV1mAP4u1dTTFj4wHlASqs6gWUalc4rCeYcQVvyrZqRYOqQNzI1eQ1k8Qcc9cu41I2CSWSCaaOezs4tRHhdNus=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ULu7JkEG; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ULu7JkEG"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-43114c476c2so2157575e9.1
        for <linux-kernel@vger.kernel.org>;
 Wed, 09 Oct 2024 09:09:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728490156; x=1729094956;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=HupRAXXBqO2c8knr9kCujOHZqjOYFZu7/+ot2dyBYgU=;
        b=ULu7JkEGeqVxnJQIG3Kopy0b9HhOTD3y3TMaJwwMp+nqWLETaam5NbW3BtNjrPVh59
         XEjjx9G+AldEJDgEsHRCv8oA5+I6Pkf2hdpLJhyfdIH3hr0+TMEYaMDaYfxn7ec7R4ul
         3Khhq8I1DtMg3I8X1OsW+2aD4PLTVxoSE3MQMRNL8u2A6fIq3E355MlKWYcovYeoiA5s
         hOplJL9pje5Z1yWA3ynplEoEpRNNuFzav93Lza//eJK5zMxAivLnJhgctBgIiE/CZHgX
         iEDkRIFJFA55euIda9hruvIy/w6QeLPwJKzHmxCks/C+48ofp2wc768Sq6fAbyf/N61S
         yUEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728490156; x=1729094956;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=HupRAXXBqO2c8knr9kCujOHZqjOYFZu7/+ot2dyBYgU=;
        b=NFPhK608sADBgpYSbGcUJR87eP8xYN20Ebk/l/cH5ACypktMH1bzuErKDGzWLJLZY5
         SWoikEUrBG9LQCv7oa6JhHXGA8IjUhuaWl/HOf9fqZqQMzZmTOZdOFCBZaQ+TxZzJ8D7
         88ksVmv2+DlLtZjEIjSFRYoPCU63Ztd/586khzSIbvyPoUbV/YQjT03tD7iQ1Yz/TMN6
         JEWG0rUNzHQlw/+LTTdPneUp2dyFsiD37z1DmLxGfG0/TkWOwXBSScbAun7zucuDUgmv
         BLlzdeUxiCV1VUWxKD4Jh4x0QDvOvqGtxAzEPTo0RDXQum6fMgQ6+hZayAsnTfsiAs24
         k9lw==
X-Gm-Message-State: AOJu0YysmBndN/PsfKHyzHbD8fFWFpPbnWF4/fHqdonSatZJHLNdaHhS
	DqRzMZRi+fNK01J8W9xuKPDkyO7eSGqEYs8EpcLk1X2CvhAl6xoYo7esYkSuVSRRMJn6gnz0kTS
	5aQPWugA0JQJ2VqdRPs0RyTEtPR7onU3VSo4wasBWYVzN5j7PcueD3pHTl/zv3f/UUagAnmKsUV
	xqh+hLpjEqHG+UtKJifRZpy3gNzgpRgg==
X-Google-Smtp-Source: 
 AGHT+IF0eoXWAHq3au8yX0LdvnbgYQERBk447P9771B7f8cbOEk+/t/HPey2CQbVWfl9cygw+xLeM33/
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:7b:198d:ac11:8138])
 (user=ardb job=sendgmr) by 2002:a05:600c:331b:b0:426:67e0:3b2 with SMTP id
 5b1f17b1804b1-430ccefabddmr20795e9.1.1728490155371; Wed, 09 Oct 2024 09:09:15
 -0700 (PDT)
Date: Wed,  9 Oct 2024 18:04:44 +0200
In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241009160438.3884381-7-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3518; i=ardb@kernel.org;
 h=from:subject; bh=6GoieogoUAEj17Av6HLsT2CSmywAr8csNjqtL7xNpKA=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5TzXWXXdV5/qr9v97+vxsDkHP999MSFXzvk3C9cBl
 rO2X9o8O0pZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBEZl1iZHghPLHULP3cMp+6
 cz9NT5ow3TPcfrzua0qmU4Dg27SDJ48z/E84sEs74ejfB2lTLTI6z0zttAue3telfDGjOslWYfl
 nez4A
X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog
Message-ID: <20241009160438.3884381-12-ardb+git@google.com>
Subject: [PATCH v3 5/5] x86/pvh: Avoid absolute symbol references in
 .head.text
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Jason Andryuk <jason.andryuk@amd.com>,
	Juergen Gross <jgross@suse.com>,
 Boris Ostrovsky <boris.ostrovsky@oracle.com>, x86@kernel.org,
	xen-devel@lists.xenproject.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The .head.text section contains code that may execute from a different
address than it was linked at. This is fragile, given that the x86 ABI
can refer to global symbols via absolute or relative references, and the
toolchain assumes that these are interchangeable, which they are not in
this particular case.

For this reason, all absolute symbol references are being removed from
code that is emitted into .head.text. Subsequently, build time
validation may be added that ensures that no absolute ELF relocations
exist at all in that ELF section.

In the case of the PVH code, the absolute references are in 32-bit code,
which gets emitted with R_X86_64_32 relocations, and these are even more
problematic going forward, as it prevents running the linker in PIE
mode.

So update the 64-bit code to avoid _pa(), and to only rely on relative
symbol references: these are always 32-bits wide, even in 64-bit code,
and are resolved by the linker at build time.

Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
Tested-by: Jason Andryuk <jason.andryuk@amd.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/platform/pvh/head.S | 30 ++++++++++++--------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index e6f39d77f0b4..4733a5f467b8 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S
@@ -6,7 +6,9 @@
=20
 	.code32
 	.text
+#ifdef CONFIG_X86_32
 #define _pa(x)          ((x) - __START_KERNEL_map)
+#endif
 #define rva(x)          ((x) - pvh_start_xen)
=20
 #include <linux/elfnote.h>
@@ -72,8 +74,7 @@ SYM_CODE_START(pvh_start_xen)
 	movl $0, %esp
=20
 	leal rva(gdt)(%ebp), %eax
-	leal rva(gdt_start)(%ebp), %ecx
-	movl %ecx, 2(%eax)
+	addl %eax, 2(%eax)
 	lgdt (%eax)
=20
 	mov $PVH_DS_SEL,%eax
@@ -103,10 +104,23 @@ SYM_CODE_START(pvh_start_xen)
 	btsl $_EFER_LME, %eax
 	wrmsr
=20
+	/*
+	 * Reuse the non-relocatable symbol emitted for the ELF note to
+	 * subtract the build time physical address of pvh_start_xen() from
+	 * its actual runtime address, without relying on absolute 32-bit ELF
+	 * relocations, as these are not supported by the linker when running
+	 * in -pie mode, and should be avoided in .head.text in general.
+	 */
 	mov %ebp, %ebx
-	subl $_pa(pvh_start_xen), %ebx /* offset */
+	subl rva(xen_elfnote_phys32_entry)(%ebp), %ebx
 	jz .Lpagetable_done
=20
+	/*
+	 * Store the resulting load offset in phys_base.  __pa() needs
+	 * phys_base set to calculate the hypercall page in xen_pvh_init().
+	 */
+	movl %ebx, rva(phys_base)(%ebp)
+
 	/* Fixup page-tables for relocation. */
 	leal rva(pvh_init_top_pgt)(%ebp), %edi
 	movl $PTRS_PER_PGD, %ecx
@@ -165,14 +179,6 @@ SYM_CODE_START(pvh_start_xen)
 	xor %edx, %edx
 	wrmsr
=20
-	/*
-	 * Calculate load offset and store in phys_base.  __pa() needs
-	 * phys_base set to calculate the hypercall page in xen_pvh_init().
-	 */
-	movq %rbp, %rbx
-	subq $_pa(pvh_start_xen), %rbx
-	movq %rbx, phys_base(%rip)
-
 	/* Call xen_prepare_pvh() via the kernel virtual mapping */
 	leaq xen_prepare_pvh(%rip), %rax
 	subq phys_base(%rip), %rax
@@ -218,7 +224,7 @@ SYM_CODE_END(pvh_start_xen)
 	.balign 8
 SYM_DATA_START_LOCAL(gdt)
 	.word gdt_end - gdt_start - 1
-	.long _pa(gdt_start) /* x86-64 will overwrite if relocated. */
+	.long gdt_start - gdt
 	.word 0
 SYM_DATA_END(gdt)
 SYM_DATA_START_LOCAL(gdt_start)
--=20
2.47.0.rc0.187.ge670bccf7e-goog