From nobody Sun Feb 8 21:27:31 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9500F12BE89 for ; Thu, 25 Apr 2024 12:04:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714046675; cv=none; b=nU5hBJOYsr6wVaoaTUPE5aHZa/qfSCIj+nTuAQQy4f2cXLN64Zzp97GmYw7dN4x/SZVj/82rHGlGNGMGRBE/G6Q6cYnzhD3Lj3LIVt2XxqIGUYKqcfMuY+CcK27vu/BbCZkeHCBwsb43Wlcehlenw2V7G6Qsz5usI6aAfXuO61U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714046675; c=relaxed/simple; bh=xB/u3s8S3T1IKgqC6u8KUWKSRQdV5bZ5gXMpZZCOHLM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pZRWXaAsQdStVmYYJrDSy3i8mFkTbU7af4uRVCmpzs8UA5pdCtIOQzdU4HUUZd/x0UvU0PXRzCuYEFL/ebTvVfVrVAhdaBM7CqrU6Z4BFEPKQFCuBM17GAT6w3EizIRIa1sAgD5JIKJmGJQy6ibdUJHwQBNeurq9wiA8xTuq6SU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Mqh6DGJP; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Mqh6DGJP" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-416ac21981dso4727465e9.1 for ; Thu, 25 Apr 2024 05:04:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714046672; x=1714651472; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=8akamN8H2fCd/XiP05RGvYAImcl40m0IUyP0E7BzIt4=; b=Mqh6DGJPNhNdUZ+/K0fk6P5LFoTflkDWC2KgLYvyCdQgkrlTnjvLgaoo+of0jHJ0Im PmDsjdgj2RHlVARS3cQrvFVQ6uQlOBKc7GB5CQmJBcPB7O0KlEsFUiuxIqYIvqPOJF2C pkTbJKnM7BdO2grBrjVlPvOPWPC9DMfkolqcj+Lzn/qWcACGKAmIpfpCTbqwcubRS8Gm y4TiNg+AtMEgMtSFJVoeJAkjgDH7Zyo2JgZPdyKzPMahQvWL1cneRbdknkIuCt7DV/bZ as6KaphZWdeXnzCU3Gh0p0NKizTM8jthiHrj3CmomeqBP+9OUzl86nfSh2qNDWD6MVGE YBTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714046672; x=1714651472; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8akamN8H2fCd/XiP05RGvYAImcl40m0IUyP0E7BzIt4=; b=KczY0v990ypTlWZZqvG503w0Dzl3dCfyRCz5e6n1jq76zaor6ZUxH6qUbJHWXrsMvl za4cHmxbFH/jPmrxdmP4fs6gJAPbevE+2E3Ejj2hhMkKGGV/+AqFXsZxfHYkD9TRC0c6 ktbdzVRtPKKoWej6qBVU906VKvjFaZrRsdPSFrKUqgFTH2PH1jUk/QfjMwxzp91guzq3 BiYmxr9W9Px6VHQl3gg2uttfrkBsh0aLSVoIgZdHgnH7iE0V7IqFvWZgjzAZKgKTKrqM ClRtwdrHwzTw02aJGfI3B83LJ9ApfVscKmn36buoaJAFEOKWRO+ISXzjKVgVluPvyQQx 3qZw== X-Gm-Message-State: AOJu0YzlMk8tpFvU7mrUK78e1PhFCJlGMxulNFrAVES6Kkgq458xlY0S PEuxhDSbTpshm6fpxkGxSV8fYWtvfVvJx8+g4jYriu/UzcqzoNSoPlLwVrcFr3P3keZpnBpUbgc Ej52lfD1674zZMguxXZcXwnLLoQSLCtVpg2qYmr+Mpj5saGCgDMWuK6RB0ljWNAQ4aCsY9CuomW GdRrUSQSGg9Zyj6mszGSBnyjgMbqeiwQ== X-Google-Smtp-Source: AGHT+IEwrNhI7GuAN3Y2JJ0TMUZeshLaV6URxBToDvPomkFUhkeVhH495cxM086PyyIHuXg+E1eNG1Ga X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:1d18:b0:418:f770:3216 with SMTP id l24-20020a05600c1d1800b00418f7703216mr61242wms.1.1714046671823; Thu, 25 Apr 2024 05:04:31 -0700 (PDT) Date: Thu, 25 Apr 2024 14:04:18 +0200 In-Reply-To: <20240425120416.2041037-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240425120416.2041037-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2319; i=ardb@kernel.org; h=from:subject; bh=PvaxtPqIBzGmQAhUg+/lL22jj0S5lyyb5ES94EuVLJs=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU3L7VCTlrWZ2rkPjTtsfiz4vLaofPYVRvXPZv/rvZ6+S FN4l9zQUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACay/jDDL+ZpsaueHvVItXsw 92ZxWQLj4W4edZkPsc/uiWSsX7SA8x7D/8SV1w4UMjJ+vd9af7Eoyd7YSuOx5m3x7vfl0R9PyFa LMAIA X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240425120416.2041037-7-ardb+git@google.com> Subject: [PATCH v2 1/4] x86/sev: Avoid WARN()s in early boot code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Tom Lendacky , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Using WARN() before the kernel is even mapped is unlikely to do anything useful: the string literals are passed using their kernel virtual addresses which are not even mapped yet. But even if they were, calling into the printk machinery from the early 1:1 mapped code is not going to get very far. So drop the WARN()s entirely. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/sev.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 38ad066179d8..d18e10eaf839 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -720,7 +720,7 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, if (op =3D=3D SNP_PAGE_STATE_SHARED) { /* Page validation must be rescinded before changing to shared */ ret =3D pvalidate(vaddr, RMP_PG_SIZE_4K, false); - if (WARN(ret, "Failed to validate address 0x%lx ret %d", paddr, ret)) + if (ret) goto e_term; } =20 @@ -733,21 +733,16 @@ early_set_pages_state(unsigned long vaddr, unsigned l= ong paddr, =20 val =3D sev_es_rd_ghcb_msr(); =20 - if (WARN(GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP, - "Wrong PSC response code: 0x%x\n", - (unsigned int)GHCB_RESP_CODE(val))) + if (GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) goto e_term; =20 - if (WARN(GHCB_MSR_PSC_RESP_VAL(val), - "Failed to change page state to '%s' paddr 0x%lx error 0x%llx\n", - op =3D=3D SNP_PAGE_STATE_PRIVATE ? "private" : "shared", - paddr, GHCB_MSR_PSC_RESP_VAL(val))) + if (GHCB_MSR_PSC_RESP_VAL(val)) goto e_term; =20 if (op =3D=3D SNP_PAGE_STATE_PRIVATE) { /* Page validation must be performed after changing to private */ ret =3D pvalidate(vaddr, RMP_PG_SIZE_4K, true); - if (WARN(ret, "Failed to validate address 0x%lx ret %d", paddr, ret)) + if (ret) goto e_term; } =20 @@ -780,7 +775,7 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE); } =20 -void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, +void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, unsigned long npages) { /* --=20 2.44.0.769.g3c40516874-goog From nobody Sun Feb 8 21:27:31 2026 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A95C612BF1E for ; Thu, 25 Apr 2024 12:04:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714046677; cv=none; b=mnnY1oQ3H1cjShfcnWazZZ4mHkBAHuryhaX7aiFkItYMJZlSKdJ34vmfP99g/6+dKdZWXIXUUpR5WI0QoVyJGskpy+TYlCKkIiczrarxJaMMzGSGKs9RFd+eUpbtMYULlZEZ6aou4rmb4j9bDKpdqIbjm0HzX7XAmnyZtVDdpEA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714046677; c=relaxed/simple; bh=LIxvUo8B52UW+FUtyckKlDOxVWs+4s1TDbE/HoKC42k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SPyu/GzxmHdHGdq86asZ5UPlMnygwoWM+D4VsqXOvqc5vpnNNMkirbWJ3f+/av1hPqfjCxz1sEfNSoAszXYYhCLVCf1ccMmniB3yYJNwGeHFy3m5+hX5SPHeUB1CDbmDoJHEbMMjgSuckyohxzJhofryXOe9YX1w+elopZEWKdk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FOzBsD2J; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FOzBsD2J" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-345c686ba9bso549171f8f.3 for ; Thu, 25 Apr 2024 05:04:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714046674; x=1714651474; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=7sbCECdJGjeZfGqEfdofY2INvouE2vkCUF5Dyf7luaA=; b=FOzBsD2JCPirsRTJhXM3rj5GafOMYDRXFDyfGzDVQ5GiwQfiKJuw7S9BG3IxQnoT6b 8hJgbnRtSmuWffhhrWyIu01dnQ2MqoU0GSfyVWJPx7KRXoBAQq6L3Tkthh6zKNCWLFrJ lw3pn0pF7/4vny8dnKlYBRxWEutHGpvvhgUTCDTL+VXby2rpI7yBq6DkMcHoHbcG2yhm UpnpGGkq3FLPGcK2eUtiPXG6FHqudFD4yuT9YnmnCkZjwpRdIBgi7dGktmTLN2IpaQEi Tk/Q4cEtVo+T2e8xdwP1LEz6H4Ln0aJrDRWrYY7PDF+avznnyTXSStjhtpZfHu3MDVFu R9Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714046674; x=1714651474; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7sbCECdJGjeZfGqEfdofY2INvouE2vkCUF5Dyf7luaA=; b=RGBw7n/TLsoVzkKnUVh7twKxayeX4cDmKMXKUp7nmsZpa2YZGaE0Ub/YZmPhe4+X+x 3ptb1/Uha80FIA90okdREp5KYUnMWAewrcgYSJNs+ZcH6hlFh6dMCe7FU9C5H1GwkEat G1a5zcQpvjUd90PULxWxg7jhcOWuvSgiGYjX8+UFhiaMdj5+G8Ho8KFyNTerpWT+tUl6 YCp7uDo5VkzJNTUV1UBWgPAc5Ttm9m2t6MBa4RKTigfb6F3v0eJfmn4hRrxiQsOWbCXy Q1p4WI7KWp04v0WUZHD574mIn2ol5xKRrhszulXzHl6t2h1myzNsqRMsT+LpMrbZMBWV e/Og== X-Gm-Message-State: AOJu0YxiUvkuuDn6EW+7Pn/jW9XdYQldQZzEKI1c/BgzSY/AMlJnowBD C+jXNwMdDMIHxLwn74vXzh2wss5cIzO7GCLLyT2wa3s3JHnbhr/lguUDuLuVM9MkMJGiIL7txB+ zNfry72pBMbMX0IqLfpxVAuOOLjWn5ueUp/POpK6N3nZN9DdEBS+Ub4zP5tpT53eaeMKo5YTkgw BfqA+m5aJRSkHm1DmwUKCvNnV7b0gN4Q== X-Google-Smtp-Source: AGHT+IEifglC5aNUwqI5yhOdJHBnVeUq3+nUuLwStermb7SBFhtGBttpJxDDl8ZWkxM+c5lqjtV9mwiu X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:adf:fd06:0:b0:346:ac36:9e49 with SMTP id e6-20020adffd06000000b00346ac369e49mr14189wrr.12.1714046674007; Thu, 25 Apr 2024 05:04:34 -0700 (PDT) Date: Thu, 25 Apr 2024 14:04:19 +0200 In-Reply-To: <20240425120416.2041037-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240425120416.2041037-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=969; i=ardb@kernel.org; h=from:subject; bh=vkA+u9LN7+M2HsoLmktuyPNgmAZxryq/utHLnCKXETs=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU3L7fDdjRGzjs/xenpzblFClb7+3HWPv+1j4K4TvVhfG mxl3jaho5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExEUZyR4ePZHztUzHzkKqtj dxT+vnFis85zw9PC33h+rl1/JUi0+Cgjw7K20p2pTcd82n478SydK8fM/6WF4a6bcs5tqyBjj8y nbAA= X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240425120416.2041037-8-ardb+git@google.com> Subject: [PATCH v2 2/4] x86/xen/pvh: Move startup code into .ref.text From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Tom Lendacky , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The Xen PVH startup code does not need to live in .head.text, given that its entry point is not at a fixed offset, and is communicated to the host/VMM via an ELF note. So move it out of .head.text into another code section. To avoid spurious warnings about references to .init code, move it into .ref.text rather than .text. (Note that the ELF note itself is not .init and so moving this code into .init.text would result in warnings as well) Signed-off-by: Ard Biesheuvel --- arch/x86/platform/pvh/head.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index f7235ef87bc3..0cf6008e834b 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -20,7 +20,7 @@ #include #include =20 - __HEAD + __REF =20 /* * Entry point for PVH guests. --=20 2.44.0.769.g3c40516874-goog From nobody Sun Feb 8 21:27:31 2026 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E7B012C46D for ; Thu, 25 Apr 2024 12:04:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714046679; cv=none; b=LfFvfPL3FjX9oSxWWYTEBaIkZAc/Zn+zCgB+Yjazm0O5c1M4M5g3o8AJhHW+MhPe+oVHeo0BltXJ1Cbh3GBNo1zhbwjcUXkhfabS+4Ag/l+aII+RSCLokVrikCCEQzNTCbgt4HcVVNUZPWrzL0KgQ6Rr0QRvT3pEd3GlvwyQ7SU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714046679; c=relaxed/simple; bh=rF23wvKTq87SEeQ4ourazzrM1UpHiAnLoC7/CSIqNnY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=IqWNYX26cX1JGTDcayaO1+VMCxLL620bFzYrHpx7xHMy4UII80jIjStdH5Hnw4MGsggT51ifNfDm/0niZvoytNcm/SAEmNZudE4d09spAzvb8Lcx3MP4EmuVuZz5j8sIh32CXLcptL0z/g8hBe+vAtcVZ2V29MOaFChpSr3u2Kc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=B6+jeEJi; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="B6+jeEJi" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-61b028ae5easo16710347b3.3 for ; Thu, 25 Apr 2024 05:04:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714046676; x=1714651476; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=E3uSrwI845cCjiiSjorMAUNJ/iyuZIm8zuWraMcqxvs=; b=B6+jeEJiYZMg8r7W1P1wB6vfCp4fjpj0qbxXEhIy/UQGHuRoajFzm4TQyXFr4e51sY HWQSCyrJaY8yJNT6IfQaBiJFKQXmrPHJYzvdSGTtr8VeGqT/0fTYjmACP461dqj72HLN ZUxbw07sFZiMWOyiDyng9lOAXQ5Au6jBxvtm36w3e2iwZbA6B+C29x5CYXShrCuOICEy IuEY3Hj1+sIFS8PTIWCCETpuvWHE0D/qfbJNana4Wvjm4+ZCdvtg6l/9h0ewwfQvsQGG P1LtxYmlDVrFZozgSZcMB//zmUC1ZGjIhjZXRRAhuJj2/xbBdGdQ+7O304sdueI81ZFv XRFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714046676; x=1714651476; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=E3uSrwI845cCjiiSjorMAUNJ/iyuZIm8zuWraMcqxvs=; b=SC1E3LFIZdFrmKrEZ88tq9ZzTxHYki+/6/b8maYqC867ynse2Eax2uqeMYDtjlU4wb rczBuffcHQsZU9nTqAzVQrIAW0Hgih37Qh2sVfzr8tcdLfmbmwB9j8tpA+vdxp6TeF4s KX4pQ2muokVd+ObG2ZiOB2idLA77XTu7dMvlyCxVMsxAQJvXkN+mfG8dIptKn5fCAkbZ BA95T4kyxKnz+szwtEnsh8f44ef8nWGEJ8ewkME01Xi0qkVFqHJ4aI9ABUx/Vf4VQohj KwsTL3QlJGFFGsYhj31J2MMtSqpSjGkVFVOWHEhNF+fArPdfkxPNrjGMYYi+kAbyH1SG 4HOw== X-Gm-Message-State: AOJu0Yw/FGToHPod8S7FDaiDzDsQDXP3VnSZcMN6Jp6RWWjNlovkf5NA tkKFzA/pCj55NEvKzo1AwUxYyqHaTVXBq1yPvTlxB5In+Vv9trAScUlmwtN9cd/R3DXkKpJvH9U n6mAYVCD1takc3arI/QyTQ7Z8BBA0v7CM1ya9xMP0SLGEqQzQdEc7U2whNNwnNICqmrdMZkQpSs 81rlCBlrkDJFwwwT90/ZRSM548y6MQiQ== X-Google-Smtp-Source: AGHT+IFyPYnxQ4Jm+h7UiFxOTB0Ck2tWMjCmnheR7HlmrBnYOgn1dDNHMX8jk8QOccBBA6TU9mst3Mrd X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:690c:84e:b0:61b:7dd6:1b24 with SMTP id bz14-20020a05690c084e00b0061b7dd61b24mr1199861ywb.8.1714046676534; Thu, 25 Apr 2024 05:04:36 -0700 (PDT) Date: Thu, 25 Apr 2024 14:04:20 +0200 In-Reply-To: <20240425120416.2041037-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240425120416.2041037-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4363; i=ardb@kernel.org; h=from:subject; bh=23IiH9zvtbn57cKpEGcuPb87YW4uD5sU5PW9hxnA730=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU3L7cjRwKPWcsbr65gEb7lUVP5qOSJmKyxxyCRf1EzMb f4HpykdpSwMYhwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCKHEhkZmtN5vr37Z/+/LMN8 uwjnBHWzN99nLMwwY3pfZhwhWNEnwvDf94WohWxxHc/X25cPydRyljGc+R9+P+Oifs7EZ+4s/pN ZAA== X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240425120416.2041037-9-ardb+git@google.com> Subject: [PATCH v2 3/4] x86/boot/64: Determine VA/PA offset before entering C code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Tom Lendacky , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Implicit absolute symbol references (e.g., taking the address of a global variable) must be avoided from the C code that runs from the early 1:1 mapping of the kernel, given that this is a practice that violates assumptions on the part of the toolchain. I.e., absolute and RIP-relative references are expected to produce the same result, and so the compiler is free to choose either, and currently, the code assumes that RIP-relative references are never emitted here. So an explicit virtual-to-physical offset will be used instead to derive the kernel virtual addresses of _text and _end, instead of simply taking the address and having to rely on such implicit absolute symbol references. Currently, phys_base is used for this purpose, which is derived from the kernel virtual address of _text, and this would lead to a circular dependency. So instead, derive this virtual-to-physical offset in asm code, using the kernel VA of common_startup_64 (which we already keep in a global variable for other reasons), and pass it to the C startup code. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/setup.h | 2 +- arch/x86/kernel/head64.c | 8 +++++--- arch/x86/kernel/head_64.S | 9 ++++++++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index e61e68d71cba..aca18be5a228 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -47,7 +47,7 @@ extern unsigned long saved_video_mode; =20 extern void reserve_standard_io_resources(void); extern void i386_reserve_resources(void); -extern unsigned long __startup_64(unsigned long physaddr, struct boot_para= ms *bp); +extern unsigned long __startup_64(unsigned long p2v_offset, struct boot_pa= rams *bp); extern void startup_64_setup_gdt_idt(void); extern void early_setup_idt(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index a817ed0724d1..81696a4967e6 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -138,12 +138,14 @@ static unsigned long __head sme_postprocess_startup(s= truct boot_params *bp, pmdv * doesn't have to generate PC-relative relocations when accessing globals= from * that function. Clang actually does not generate them, which leads to * boot-time crashes. To work around this problem, every global pointer mu= st - * be accessed using RIP_REL_REF(). + * be accessed using RIP_REL_REF(). Kernel virtual addresses can be determ= ined + * by subtracting p2v_offset from the RIP-relative address. */ -unsigned long __head __startup_64(unsigned long physaddr, +unsigned long __head __startup_64(unsigned long p2v_offset, struct boot_params *bp) { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D RIP_REL_REF(early_dynamic_pgts); + unsigned long physaddr =3D (unsigned long)&RIP_REL_REF(_text); unsigned long pgtable_flags; unsigned long load_delta; pgdval_t *pgd; @@ -163,7 +165,7 @@ unsigned long __head __startup_64(unsigned long physadd= r, * Compute the delta between the address I am compiled to run at * and the address I am actually running at. */ - load_delta =3D physaddr - (unsigned long)(_text - __START_KERNEL_map); + load_delta =3D __START_KERNEL_map + p2v_offset; RIP_REL_REF(phys_base) =3D load_delta; =20 /* Is the address not 2M aligned? */ diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index d8198fbd70e5..cb7efb3628ef 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -100,13 +100,20 @@ SYM_CODE_START_NOALIGN(startup_64) /* Sanitize CPU configuration */ call verify_cpu =20 + /* + * Use the 1:1 physical and kernel virtual addresses of + * common_startup_64 to determine the physical-to-virtual offset, and + * pass it as the first argument to __startup_64(). + */ + leaq common_startup_64(%rip), %rdi + subq 0f(%rip), %rdi + /* * Perform pagetable fixups. Additionally, if SME is active, encrypt * the kernel and retrieve the modifier (SME encryption mask if SME * is active) to be added to the initial pgdir entry that will be * programmed into CR3. */ - leaq _text(%rip), %rdi movq %r15, %rsi call __startup_64 =20 --=20 2.44.0.769.g3c40516874-goog From nobody Sun Feb 8 21:27:31 2026 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E230312C53B for ; Thu, 25 Apr 2024 12:04:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714046681; cv=none; b=OTmfvTQTbyK5Bv18Rt+zDZdOXhlAq+EZS/Lgw0Mz5tHJJr3k1uPiLU5XTVmE90z0oPytnxM2oX0COy0/TT36amK4qZYcxLGLatlb9v9jnBhR+vejbtYk+GkE6pUG8Z5UJNs2JDK8qDoUEtuV+QpXkGGuNBGLGVmcqHcMLM04IhU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714046681; c=relaxed/simple; bh=W4wjfte6q+UQQZ4ExLZkrQ1Z7tdGL2ravbfBcdus9Ek=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pzGpWh7vQcOt4I6GXJKX4RFIvNqAk2havFbWTes2KFkdJRDYa6yQPeZTmBg7WpqKWI4kwblTD0Zpy1+s4qLvDREBr24+c1saOwH7xS0kBk2t9m9MhZhRg3/BcUpWUdhJYz3uYHJerB2JB8ucTNFeB9DzGTGj6IRyNj6el04kDhs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=l1mOv42N; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="l1mOv42N" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-61b2abd30f9so15645317b3.0 for ; Thu, 25 Apr 2024 05:04:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714046679; x=1714651479; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YK36PSSfYCXKu8TOIykY9gFPtCmNGRC9sq2O5M5gVtQ=; b=l1mOv42NIFffTmLLXa255MwOWwJHHcHVsVyD6mi8Oioe1kxEHP4BMHTzeV7qBdGucB skE3E6cTa7g4SvlCDEhCYakl68uZ8fh4t52q/wbu0BZnZ0+0C7qBlM3rIRrWRyHfoDTU 9f9JtpMW3XYhNw2nQTB8BYw/MZUgUt4XrDYfkBxRwTqS9VHRamY4vCc+q5j2XZNGqrCI 6FDwOg0bGPsFW5N80x4CfK+0VoUdSDCzjlQItMtP8/bJ7aOKwYJ0Vs79fFbFvTtESS6t euqkuwBKqHNSYmwoLqfL+ST1bpaQHzf+R47Bi5HjTtcYs+vmjE8dlhWbfJ0rTciYisrN Vvdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714046679; x=1714651479; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YK36PSSfYCXKu8TOIykY9gFPtCmNGRC9sq2O5M5gVtQ=; b=Kw7PIVX6W1KgXwoW5BF7qtiKrG1jaK4jGh1UTux8uPordKML9WjCc+y2fHEoeG1Mbq /YM63FBsYCg87DleFJpR4JXj++n7Gl91Lm61fUsxajLpKNEPc5h21Dk7CzQzrQD/kLRg 3YPywgig7aktvJ/tfYnN82dXgFyf67TQpHiiaZpW/gGAQDpqoZM22oz8Ggt+OBE2XXgc rYqfKY+t33Jp4nttK9QLaKmc0urqEZFpNjmN2F3KhnEvp7a/SCynkOx7aHHJ8H80yjpZ KhN+rU/pQGJqWa1u4vxS55TL6FhBjzbeEkxdOjLpRcqENcmi1XxCYPI3ut+WnSmaqzBn YL5w== X-Gm-Message-State: AOJu0YxPkRkR8WFCWeHQpD1x7ZgBxBTeg5fpHRHZi1spcccfkT9RoleM fQyM/fn5JtC/QjZZ+XzexQ9/+gSgvlfyvBuMC8a0y9UJvFonNLvRV/Cm3RmbKcGqP2EFYv0JhFl BR/d7eMVy8+oMSlFROmfkU/LSfjc2yepay8xPpVE8QRvvxMBE2P6oH03tOXh49SnL3yHewJFJdC mVBIbHp5tnBsMNwHv5tgPVhxtMh3x2CQ== X-Google-Smtp-Source: AGHT+IGRWod11kLpYz3T4MmXDFR70IVTM5N25vUtFyQWpGp3FkGnomsrf6u59LfQVqwoOJQwBIfY6xig X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a81:e948:0:b0:611:2c40:e8d0 with SMTP id e8-20020a81e948000000b006112c40e8d0mr1160202ywm.3.1714046678904; Thu, 25 Apr 2024 05:04:38 -0700 (PDT) Date: Thu, 25 Apr 2024 14:04:21 +0200 In-Reply-To: <20240425120416.2041037-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240425120416.2041037-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4681; i=ardb@kernel.org; h=from:subject; bh=J0FkvPdq5mOGe6TzUIHU039KAtL9TmcrdWLzNqSNIaY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU3L7eheyUtGy23VMuMFt5w8kcIZVvrs8sNc5pUOCfazo 194KiR0lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIk8/8Xw332X3vmvuzqmXvCZ cHpr3BH3XuG9n09vjGoUmadTcTboRg3DP2Nf/ocqyg/XMngGVO1oOe7LLR0W1TZ35WO1tK/BYvU RHAA= X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240425120416.2041037-10-ardb+git@google.com> Subject: [PATCH v2 4/4] x86/boot/64: Avoid intentional absolute symbol references in .head.text From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Tom Lendacky , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The code in .head.text executes from a 1:1 mapping and cannot generally refer to global variables using their kernel virtual addresses. However, there are some occurrences of such references that are valid: the kernel virtual addresses of _text and _end are needed to populate the page tables correctly, and some other section markers are used in a similar way. To avoid the need for making exceptions to the rule that .head.text must not contain any absolute symbol references, derive these addresses from the RIP-relative 1:1 mapped physical addresses, which can be safely determined using RIP_REL_REF(). Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/head64.c | 30 ++++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 81696a4967e6..c0f20962f9b1 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -91,9 +91,11 @@ static inline bool check_la57_support(void) return true; } =20 -static unsigned long __head sme_postprocess_startup(struct boot_params *bp= , pmdval_t *pmd) +static unsigned long __head sme_postprocess_startup(struct boot_params *bp, + pmdval_t *pmd, + unsigned long p2v_offset) { - unsigned long vaddr, vaddr_end; + unsigned long paddr, paddr_end; int i; =20 /* Encrypt the kernel and related (if SME is active) */ @@ -106,10 +108,10 @@ static unsigned long __head sme_postprocess_startup(s= truct boot_params *bp, pmdv * attribute. */ if (sme_get_me_mask()) { - vaddr =3D (unsigned long)__start_bss_decrypted; - vaddr_end =3D (unsigned long)__end_bss_decrypted; + paddr =3D (unsigned long)&RIP_REL_REF(__start_bss_decrypted); + paddr_end =3D (unsigned long)&RIP_REL_REF(__end_bss_decrypted); =20 - for (; vaddr < vaddr_end; vaddr +=3D PMD_SIZE) { + for (; paddr < paddr_end; paddr +=3D PMD_SIZE) { /* * On SNP, transition the page to shared in the RMP table so that * it is consistent with the page table attribute change. @@ -118,11 +120,11 @@ static unsigned long __head sme_postprocess_startup(s= truct boot_params *bp, pmdv * mapping (kernel .text). PVALIDATE, by way of * early_snp_set_memory_shared(), requires a valid virtual * address but the kernel is currently running off of the identity - * mapping so use __pa() to get a *currently* valid virtual address. + * mapping so use the PA to get a *currently* valid virtual address. */ - early_snp_set_memory_shared(__pa(vaddr), __pa(vaddr), PTRS_PER_PMD); + early_snp_set_memory_shared(paddr, paddr, PTRS_PER_PMD); =20 - i =3D pmd_index(vaddr); + i =3D pmd_index(paddr - p2v_offset); pmd[i] -=3D sme_get_me_mask(); } } @@ -146,6 +148,7 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D RIP_REL_REF(early_dynamic_pgts); unsigned long physaddr =3D (unsigned long)&RIP_REL_REF(_text); + unsigned long va_text, va_end; unsigned long pgtable_flags; unsigned long load_delta; pgdval_t *pgd; @@ -172,6 +175,9 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, if (load_delta & ~PMD_MASK) for (;;); =20 + va_text =3D physaddr - p2v_offset; + va_end =3D (unsigned long)&RIP_REL_REF(_end) - p2v_offset; + /* Include the SME encryption mask in the fixup value */ load_delta +=3D sme_get_me_mask(); =20 @@ -232,7 +238,7 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, pmd_entry +=3D sme_get_me_mask(); pmd_entry +=3D physaddr; =20 - for (i =3D 0; i < DIV_ROUND_UP(_end - _text, PMD_SIZE); i++) { + for (i =3D 0; i < DIV_ROUND_UP(va_end - va_text, PMD_SIZE); i++) { int idx =3D i + (physaddr >> PMD_SHIFT); =20 pmd[idx % PTRS_PER_PMD] =3D pmd_entry + i * PMD_SIZE; @@ -257,11 +263,11 @@ unsigned long __head __startup_64(unsigned long p2v_o= ffset, pmd =3D &RIP_REL_REF(level2_kernel_pgt)->pmd; =20 /* invalidate pages before the kernel image */ - for (i =3D 0; i < pmd_index((unsigned long)_text); i++) + for (i =3D 0; i < pmd_index(va_text); i++) pmd[i] &=3D ~_PAGE_PRESENT; =20 /* fixup pages that are part of the kernel image */ - for (; i <=3D pmd_index((unsigned long)_end); i++) + for (; i <=3D pmd_index(va_end); i++) if (pmd[i] & _PAGE_PRESENT) pmd[i] +=3D load_delta; =20 @@ -269,7 +275,7 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, for (; i < PTRS_PER_PMD; i++) pmd[i] &=3D ~_PAGE_PRESENT; =20 - return sme_postprocess_startup(bp, pmd); + return sme_postprocess_startup(bp, pmd, p2v_offset); } =20 /* Wipe all early page tables except for the kernel symbol map */ --=20 2.44.0.769.g3c40516874-goog