From nobody Thu Dec 18 20:33:53 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4AC6DCA0EC3 for ; Tue, 12 Sep 2023 00:57:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232187AbjILA5j (ORCPT ); Mon, 11 Sep 2023 20:57:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232380AbjILA5e (ORCPT ); Mon, 11 Sep 2023 20:57:34 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB43310CE for ; Mon, 11 Sep 2023 17:42:12 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id 6a1803df08f44-655ce9dfae8so29863616d6.3 for ; Mon, 11 Sep 2023 17:42:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1694479243; x=1695084043; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HCGSGNbrdqSE84CGd9wFzsbbP6gSE2HdtTlTm4rVY0U=; b=o/vOntVQ5dP3h7QmvqIfc37RRLbCMeN/3ttnj3p6lxpphcC4aCudlgFSpR/RNKq352 7rX1RFhx5YDrxvZOBzWCNBWaxaTV0VMccgIFB7W/JFnyAkHPp1QO3pjEmybF+MeEApLj l51+Wqlt/VyqfyYSYi7O5wSOoAyGRPegh+sx8fJZ3heW6CXzn1GtPONe5I8Vo5oq+T4S 2XC3xUhpbzmEcnr1Nx4vKdw6K7Q8oluqb1yweY8zg8uQjKtouUmGAtUxcSdCIJtzBA8d Eqhu+yA6DJ4mhNgTv0Jw1TpJEuqeA3BB40ByY8ZDfloigWqeNY4lgpm+tv5YIs+a5Yn6 88iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694479243; x=1695084043; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HCGSGNbrdqSE84CGd9wFzsbbP6gSE2HdtTlTm4rVY0U=; b=r15qAtYB3D94TI88D+5WivuVtQtAMX6iiSLYpr/o8U56kKyGBW2lh4mcm+qpSnLMDJ wKyU/5JZO44INmb6kaN9ZCvmMib2k4U0oP+BT7HtaQd1TucRcnHDqdZgfVlUpBiptXi9 XvWuApnf56GrlaY4KzdgZRyKD/xVk3tgprIEapaqNEmNs1jrclz4dsa6aPKhONtLlZhy TdMoChCunxJn+ggxi0KJd3vujisfV/ziqfiqeKXXSeWheLDRwzIJ27135yptsh2318js Xv+M+pisH5aE2knMClMX54UAfZv2HZ2WCLcrKLX4eRPSHEtS5N+UNZUPLdTa2+Kd6SjQ AFCQ== X-Gm-Message-State: AOJu0YxVu5Lq5X9tZZjNdYOj1EQpG0J9H5b/iKkvjoKl7SSzhNVmbuTm 27Qnt7837ndiavItLLEyo89xBWHIiFBkrffsfcie6DtYA3t7G17fWjPtuO+RP1SZZI6p9C5HPrV G8qBewA2Vswo1xASNZ/WvuJrBjBY4O6TTLBFRoCc6IosrNRg5STaX3V2j0M2b6whKkIOrU9LXUB 4= X-Google-Smtp-Source: AGHT+IFYKbe4ZG8QfYS8MJV41+9/oOqY4X/pV+pQy3JrXFYSHCgyqNh7IkTzKbnAJdaTt8hDfAk7bJ2LjLy5jA== X-Received: from anticipation.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4517]) (user=acdunlap job=sendgmr) by 2002:a81:7647:0:b0:57a:e0b:f66 with SMTP id j7-20020a817647000000b0057a0e0b0f66mr283018ywk.7.1694478432944; Mon, 11 Sep 2023 17:27:12 -0700 (PDT) Date: Mon, 11 Sep 2023 17:27:02 -0700 In-Reply-To: <20230912002703.3924521-1-acdunlap@google.com> Mime-Version: 1.0 References: <20230912002703.3924521-1-acdunlap@google.com> X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog Message-ID: <20230912002703.3924521-2-acdunlap@google.com> Subject: [PATCH v2 1/2] x86/sev-es: Allow copy_from_kernel_nofault in earlier boot From: Adam Dunlap To: linux-kernel@vger.kernel.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Sean Christopherson , Kim Phillips , Juergen Gross , Ashok Raj , Adam Dunlap , Joerg Roedel Cc: Tom Lendacky , David Hildenbrand , Mike Rapoport , "Kirill A. Shutemov" , Nikunj A Dadhania , Dionna Glaze , Peter Gonda , David Rientjes , Khalid ElMously , Jacob Xu Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Previously, if copy_from_kernel_nofault was called before boot_cpu_data.x86_virt_bits was set up, then it would trigger undefined behavior due to a shift by 64. This ended up causing boot failures in the latest version of ubuntu2204 in the gcp project when using SEV-SNP. Specifically, this function is called during an early #VC handler which is triggered by a cpuid to check if nx is implemented. Fixes: 1aa9aa8ee517 ("x86/sev-es: Setup GHCB-based boot #VC handler") Suggested-by: Dave Hansen Signed-off-by: Adam Dunlap --- arch/x86/mm/maccess.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/maccess.c b/arch/x86/mm/maccess.c index 5a53c2cc169c..6993f026adec 100644 --- a/arch/x86/mm/maccess.c +++ b/arch/x86/mm/maccess.c @@ -9,12 +9,21 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_= src, size_t size) unsigned long vaddr =3D (unsigned long)unsafe_src; =20 /* - * Range covering the highest possible canonical userspace address - * as well as non-canonical address range. For the canonical range - * we also need to include the userspace guard page. + * Do not allow userspace addresses. This disallows + * normal userspace and the userspace guard page: */ - return vaddr >=3D TASK_SIZE_MAX + PAGE_SIZE && - __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits); + if (vaddr < TASK_SIZE_MAX + PAGE_SIZE) + return false; + + /* + * Allow everything during early boot before 'x86_virt_bits' + * is initialized. Needed for instruction decoding in early + * exception handlers. + */ + if (!boot_cpu_data.x86_virt_bits) + return true; + + return __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits); } #else bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) --=20 2.42.0.283.g2d96d420d3-goog From nobody Thu Dec 18 20:33:53 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C5B5CA0EC3 for ; Tue, 12 Sep 2023 01:12:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233083AbjILBMp (ORCPT ); Mon, 11 Sep 2023 21:12:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58832 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233272AbjILBMa (ORCPT ); Mon, 11 Sep 2023 21:12:30 -0400 Received: from mail-oo1-xc4a.google.com (mail-oo1-xc4a.google.com [IPv6:2607:f8b0:4864:20::c4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 781AB1BBB84 for ; Mon, 11 Sep 2023 18:07:58 -0700 (PDT) Received: by mail-oo1-xc4a.google.com with SMTP id 006d021491bc7-57386ed9591so4491573eaf.1 for ; Mon, 11 Sep 2023 18:07:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1694480783; x=1695085583; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=970Kku1qrn40V4eSbXmIGisrwVrsufYlhNF3TpQZHgw=; b=0e3TA+GKd09JBTGRan9gVhMoCscjxhAD5nqM5c+bTD16/i2Ebwysr/C4lrMflSb58A dkeQrw3wCTm4qy+/OMjQbe2fSCZPOAKJfvHU2l2NyG8SPngz92HBIBcyTA+RmfQ8Gc5F 4+KgYYrwVO/C5MKqQ/GnuFehU/oAYDagZl7pcRZ6BwR2BjO8iU34IZqxBgitw25Rbv+O O4D/Vp3GRGiHcyuqbn/PqdNjs5RHlUZd8rD5xssjC3N6jc4HWu3p40l8KRMXxYzFo1sA LGmnAOUAQQltvYj7r40YE8RB2oMbJIOiB6KBZyE0ZZl3ltc3AS+/mzz+ETLyX7Xxu0bl l9ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694480783; x=1695085583; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=970Kku1qrn40V4eSbXmIGisrwVrsufYlhNF3TpQZHgw=; b=KZhcBtju+tCN3l4m/8FqlBvSZZoNWEqOx8tZX+JulpfZ9mkL1mSapJD03EAXQD20sX Jx5tM9P/Q6AsRzUp2pXiqAqfm955jRGRfI4NaRowYwO1fNEoNWPjgzfXy36viuC+NVJy EKvUm0XKOW4YhCX7HMVmLluIBPZV+PXlyZdoimdRp9weBjOIh8UEBz4kL8v7S5hwp+Mz UAkqYApeUqVroXx5N+ovm5pOV9QRtQyZGGaCtbcEWJRkw4ICSkD016E52tt1c+xn0yGE nvKqYnYbJ6iTXoZb46ZNlwWOWGmE0A+Kczlxlio5DYnGYlaPykve/dPWjXqjSwkK0Pen T66Q== X-Gm-Message-State: AOJu0Yy2yWLurm1vPsY/yG8dE9HhpYvdGvB50wB4lB6kIY3aFzFtMrUj Q8RAgF7QAiiSnfTeUUHf9aUkXoZkUXTIamqOvHvNEI8TrFUGc6zEhFXl6v4VO8T+6vKuW/gC7i8 9i+WIaBVUl3YQ7RT/brTlVXgaTul/A/bz/MCEHcYeAY9bEOFgKcR2jgYHeQc2etFbnp/idpQZnD 0= X-Google-Smtp-Source: AGHT+IEr0R08qR8kalzBxDgPPVM2noCXXmz7bdyUG4nmBOjnaN2Ch4elJYHwNYuQzDOaTQT/W4YsMzvQunWueg== X-Received: from anticipation.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4517]) (user=acdunlap job=sendgmr) by 2002:a17:902:eb8e:b0:1bd:c6e9:e257 with SMTP id q14-20020a170902eb8e00b001bdc6e9e257mr265952plg.1.1694478434443; Mon, 11 Sep 2023 17:27:14 -0700 (PDT) Date: Mon, 11 Sep 2023 17:27:03 -0700 In-Reply-To: <20230912002703.3924521-1-acdunlap@google.com> Mime-Version: 1.0 References: <20230912002703.3924521-1-acdunlap@google.com> X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog Message-ID: <20230912002703.3924521-3-acdunlap@google.com> Subject: [PATCH v2 2/2] x86/sev-es: Only set x86_virt_bits to correct value From: Adam Dunlap To: linux-kernel@vger.kernel.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Sean Christopherson , Kim Phillips , Juergen Gross , Ashok Raj , Adam Dunlap , Joerg Roedel Cc: Tom Lendacky , David Hildenbrand , Mike Rapoport , "Kirill A. Shutemov" , Nikunj A Dadhania , Dionna Glaze , Peter Gonda , David Rientjes , Khalid ElMously , Jacob Xu Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Instead of setting x86_virt_bits to a possibly-correct value and then correcting it later, do all the necessary checks before setting it. At this point, the #VC handler references boot_cpu_data.x86_virt_bits, and in the previous version, it would be triggered by the cpuids between the point at which it is set to 48 and when it is set to the correct value. Suggested-by: Dave Hansen Signed-off-by: Adam Dunlap --- arch/x86/kernel/cpu/common.c | 37 +++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 52683fddafaf..23888d3da16f 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1099,17 +1099,32 @@ void get_cpu_cap(struct cpuinfo_x86 *c) void get_cpu_address_sizes(struct cpuinfo_x86 *c) { u32 eax, ebx, ecx, edx; + bool vp_bits_from_cpuid =3D true; =20 - if (c->extended_cpuid_level >=3D 0x80000008) { + if (!cpu_has(c, X86_FEATURE_CPUID) || + (c->extended_cpuid_level < 0x80000008)) + vp_bits_from_cpuid =3D false; + + if (vp_bits_from_cpuid) { cpuid(0x80000008, &eax, &ebx, &ecx, &edx); =20 c->x86_virt_bits =3D (eax >> 8) & 0xff; c->x86_phys_bits =3D eax & 0xff; + } else { + if (IS_ENABLED(CONFIG_X86_64)) { + c->x86_clflush_size =3D 64; + c->x86_phys_bits =3D 36; + c->x86_virt_bits =3D 48; + } else { + c->x86_clflush_size =3D 32; + c->x86_virt_bits =3D 32; + c->x86_phys_bits =3D 32; + + if (cpu_has(c, X86_FEATURE_PAE) || + cpu_has(c, X86_FEATURE_PSE36)) + c->x86_phys_bits =3D 36; + } } -#ifdef CONFIG_X86_32 - else if (cpu_has(c, X86_FEATURE_PAE) || cpu_has(c, X86_FEATURE_PSE36)) - c->x86_phys_bits =3D 36; -#endif c->x86_cache_bits =3D c->x86_phys_bits; } =20 @@ -1539,15 +1554,6 @@ static void __init cpu_parse_early_param(void) */ static void __init early_identify_cpu(struct cpuinfo_x86 *c) { -#ifdef CONFIG_X86_64 - c->x86_clflush_size =3D 64; - c->x86_phys_bits =3D 36; - c->x86_virt_bits =3D 48; -#else - c->x86_clflush_size =3D 32; - c->x86_phys_bits =3D 32; - c->x86_virt_bits =3D 32; -#endif c->x86_cache_alignment =3D c->x86_clflush_size; =20 memset(&c->x86_capability, 0, sizeof(c->x86_capability)); @@ -1561,7 +1567,6 @@ static void __init early_identify_cpu(struct cpuinfo_= x86 *c) cpu_detect(c); get_cpu_vendor(c); get_cpu_cap(c); - get_cpu_address_sizes(c); setup_force_cpu_cap(X86_FEATURE_CPUID); cpu_parse_early_param(); =20 @@ -1577,6 +1582,8 @@ static void __init early_identify_cpu(struct cpuinfo_= x86 *c) setup_clear_cpu_cap(X86_FEATURE_CPUID); } =20 + get_cpu_address_sizes(c); + setup_force_cpu_cap(X86_FEATURE_ALWAYS); =20 cpu_set_bug_bits(c); --=20 2.42.0.283.g2d96d420d3-goog