From nobody Fri Feb 13 00:07:44 2026 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14E9C190490 for ; Wed, 5 Jun 2024 10:36:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717583784; cv=none; b=XTuVonbdraWr42LxnOiZhFlM7ABoSPTt4xQcNMVpLxUscDu7nYS+Wsq8IHJEvS2LVhP+/RlesHscgCEyx5JYEt7sxMyPcA9kMVyUhA9NCGvPUNXu8INCRBVDVRRQWynh2QbAZNvde0Bck682i1HQMWUjfxfaMR8+Yy4PhZAusx0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717583784; c=relaxed/simple; bh=HZn6Lg0mVfERSneXOWsIOgCopwKICO+zXzw+0NuieRc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=JbfMyXOlxB3+65STbMwYc1pG5ePhUEGORGCk5M+Xn1kLx/REd2f+R5RwX281Q92gCRa7YFMad8BlqVvtXHYdqUcjcC7rR7DTFHCOmKRxx82W/DQSg9duJiMSoGXFt7VdOVeXOvxoLfrf1EzWz/n5+j2RHmYSOV7NSwHFtmjDAAY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HZqUMxLl; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HZqUMxLl" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-629f8a92145so91830057b3.0 for ; Wed, 05 Jun 2024 03:36:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1717583782; x=1718188582; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=0N2W9Nmsi5h7OxcBbG9ML5HoGuBphmYpMVggbvZo/vw=; b=HZqUMxLlyHNlBhKkE+O7duRjP0zJszEOG5zVSJNY7LK56l1UzKfwBSYgK2pd5JSVui zys5Ix7M1bIDDs7VWceT4DTnkJvVd5esUxmuilqg66VrTFuYb0+eXA2WA71GqtoSUED8 zziT3sTYiKnQ7tU2ViG5FMFku1SeBiQ9SZ3ZQu4A+XlnYWMayambvO/143X3TMEHOTd1 IHeaoXdl7+MWchP9ntzLKIR3W/khHjIVHjRju6i2r7lJCWZwGse4Y7KOqS83R+iIITRT YCFToc0/ltfJ4MQTxn9oO6mRC4nfZTTXKxUpQ7oJa2AKyeT7VkwgxJWyBVePJgKS+/0p //Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717583782; x=1718188582; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0N2W9Nmsi5h7OxcBbG9ML5HoGuBphmYpMVggbvZo/vw=; b=YSKbt+xB0Cm8IFD4d9Sto3hs4UdKE0nDdHDSKnpuKpi9MzWsnSK3+rJ7462Skd5xB3 DMxHg/A6KhXBUly5/A3Kp5ocm4SwThk+EJ0Onb1aEWF9jO1iX1Kz0958DnkO0MvxliXr r9ohsAiLLeJWyGzEPRzyrrTowaOP4pVYnNu7qf+URMi1pS4c3ZCunIl6NXYklOsRzuWT zrlL6NssiRuKlIIDXAwQGuJp+s1+DURTx16xo7KTG7on6UxdPg0u78wLlqunr9yLZMFj GLKXzVRqwCS5HO3xv0SLrbqf7F4j/eULWoc14cqjSFB5P60weAxvpqVYkxmQnDgBVp1d IXUA== X-Gm-Message-State: AOJu0Yz8PikyqApT4TYfQMc+xTVDIpboWPQ0dJ0lz3w/dmye6SGgHKuV l0xV6JXuXNp8vapVgn7gEyBRUW/tsBKk3FP1lczyBLlXI7OAhDxf+qbqusv3bp0golp74jyWpDM QkQILqNZ0UFEKYFbWYTESni4igDOoZRZUUlxVcUTNfgPOBPuU2lTTDu3uKyl0Gr4HVsGC48PzZm TXl8WcQfrcKFvW5xPRL/YEX8BCJop1PQ== X-Google-Smtp-Source: AGHT+IHHwrnMZYLle86i+JI3i9KdUMYWIdoAsn+sp9WCadkBBuhMeR6JEa8WsodKZA1P/newdYfYDO+y X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:690c:f03:b0:627:7563:95b1 with SMTP id 00721157ae682-62cbb5a2e62mr5151377b3.5.1717583781966; Wed, 05 Jun 2024 03:36:21 -0700 (PDT) Date: Wed, 5 Jun 2024 12:16:12 +0200 In-Reply-To: <20240605101610.2824747-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240605101610.2824747-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2319; i=ardb@kernel.org; h=from:subject; bh=2Ohto+zqqFHiKYx8e0/IzBlCFtrmI1WgdIFm4ayPVDI=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIS3B6s3s4G/zvsucuvmgZ5qKVaLfudmKS85fsLigukLkg auAmbpfRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZiImhLDf8fFZ5ee5by2ZkJc af7B0xMZF12btHfp9JkVf1gTTCd5Mk9nZPikrVJyJWWu5w/FJ/vesIq61/a4+s8xkkhfH7P87P8 rTrwA X-Mailer: git-send-email 2.45.1.288.g0e0cd299f1-goog Message-ID: <20240605101610.2824747-7-ardb+git@google.com> Subject: [PATCH v3 1/4] x86/sev: Avoid WARN()s in early boot code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Tom Lendacky , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Using WARN() before the kernel is even mapped is unlikely to do anything useful: the string literals are passed using their kernel virtual addresses which are not even mapped yet. But even if they were, calling into the printk machinery from the early 1:1 mapped code is not going to get very far. So drop the WARN()s entirely. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/sev.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 3342ed58e168..33a669e85e5b 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -720,7 +720,7 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, if (op =3D=3D SNP_PAGE_STATE_SHARED) { /* Page validation must be rescinded before changing to shared */ ret =3D pvalidate(vaddr, RMP_PG_SIZE_4K, false); - if (WARN(ret, "Failed to validate address 0x%lx ret %d", paddr, ret)) + if (ret) goto e_term; } =20 @@ -733,21 +733,16 @@ early_set_pages_state(unsigned long vaddr, unsigned l= ong paddr, =20 val =3D sev_es_rd_ghcb_msr(); =20 - if (WARN(GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP, - "Wrong PSC response code: 0x%x\n", - (unsigned int)GHCB_RESP_CODE(val))) + if (GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) goto e_term; =20 - if (WARN(GHCB_MSR_PSC_RESP_VAL(val), - "Failed to change page state to '%s' paddr 0x%lx error 0x%llx\n", - op =3D=3D SNP_PAGE_STATE_PRIVATE ? "private" : "shared", - paddr, GHCB_MSR_PSC_RESP_VAL(val))) + if (GHCB_MSR_PSC_RESP_VAL(val)) goto e_term; =20 if (op =3D=3D SNP_PAGE_STATE_PRIVATE) { /* Page validation must be performed after changing to private */ ret =3D pvalidate(vaddr, RMP_PG_SIZE_4K, true); - if (WARN(ret, "Failed to validate address 0x%lx ret %d", paddr, ret)) + if (ret) goto e_term; } =20 @@ -780,7 +775,7 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE); } =20 -void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, +void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, unsigned long npages) { /* --=20 2.45.1.288.g0e0cd299f1-goog From nobody Fri Feb 13 00:07:44 2026 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C1A0191496 for ; Wed, 5 Jun 2024 10:36:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717583786; cv=none; b=OKxOHU8qQee9mCMWyaOlBTKGp4s4YTF+g0AnmWSzMRWjrMdZet5J68wl6/tkspHhip/Mub03ysUKgw8C2p+/Cz6r371iavqFR45mjvuIqEM9u5Kva/4zwE/afb7jMCgQRByGh+e8/27wNWX6Ilzi1jma6RLeCwkb/gdJUqmzoks= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717583786; c=relaxed/simple; bh=M/7mE8s2/w1kNQr5K+bEsNkgkzo1HaC4j+bCLXz3T1s=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=jhGOCnoFVlvN59Rfznhjod3W6W7BMToKR+fRG6JNnyBnBSlOOJohK6W3vXunL2ZrM+WSjGi6j4FECF+zDUn0ilrZPDbodtCj+M18ec6pvQyRv2gtna6HvbUqJKhXeU523XNIacgcSl7xrOleEt5yhxcaExhIw9k0G8xZA8sk08o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FKLvI9rM; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FKLvI9rM" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-629638f1cb0so86001897b3.3 for ; Wed, 05 Jun 2024 03:36:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1717583784; x=1718188584; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=SaQVPc8Js1wP4O8HHMzP5AA9E820c7Zwn1k4LiFnsGA=; b=FKLvI9rMGdqvNpsoUBOAPGf1OIXPLcIMYv8TX0cmBUdzaHExMglfdFd7ITNzbXMcq+ ySDAbUGi+tRV4cheJYRTFtErA8CQiLS2zRTpaIFMHG7jQ0jWxpbS1Tn3ePOHGWVpiIXb RTpH8ZlV1K+FH9+xCPEomnXg9qbXzmqBUXeYwtmll/oGBz0dy8BsfONY8hujbrfydGQD C6HNQJC1U6K7Rx+rL587oUw7ucPoZvFKOnbaQneFY1aQ/0VW03N91/o3tys9mTbyfq9E +14lM9dytLeCi8LDjhYP5fJCSEVoUGTvg5bVSBXo7NkkjKyRsCLNk46mnqqGSCf8rMOk 6Hxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717583784; x=1718188584; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SaQVPc8Js1wP4O8HHMzP5AA9E820c7Zwn1k4LiFnsGA=; b=vv8F50fbKOGpbKqlOJrG6tr4SsS29S1SSS/c+OFmBlaCNkWZidHJgciq5JalyYpZfl DBJ1OWkIH93ce2Mu0cGx7LPDyAiqAcnm0rchS8J8ph6XIyJxmtAd/i+C5VV5z4jc7Bf3 pMC6Zf2uP2loN+5rzY71uVdINZ9p8HfWVhd9VtZAETZWOJi3AjZs4Y5Li28y4kkKuRq9 nB7m3xae668qOnwhiUXJ0Mqy6GHVz+RG1N8Xrt5eylNQzhsezTqLnA5xXOb45v904UnI qhcucANR6xJoBSkgzbLpthW1S8q2S4gpdiCcbN0SFfm/AC/bqsSBkG/VXgEzNPbAoOQE 1CcA== X-Gm-Message-State: AOJu0YxEEm57nt/hJGHmgNPmhHVH53eP7XIorjse4R4YtiQvT12rGYP8 Blkxtidzh/zqCKbTbznDbN64zIEH6VLJee1ciqcEA4eRkQgj8o8Ss/BoT8MCh4ayAy2EPcGjDXm nzOuh7TLXXrEKfQmcam6Gfmaqe3MJ1IvJxFRPR82mZkpVtF6UK0I0p37jwn+y/9rn8Nk8G0Y1Z4 7KKs6Qhbrndx0OQWX8q6M7/lXjaVLu5A== X-Google-Smtp-Source: AGHT+IFCDZEru6zJbm6lPum96DeT37MLOOa338SS/zNVG8yCH2Yj9cSgJAN5dAYZDkxpGjGLMuuHLOrQ X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:690c:4c06:b0:61b:e689:7347 with SMTP id 00721157ae682-62cbb4a6b86mr4009457b3.2.1717583784569; Wed, 05 Jun 2024 03:36:24 -0700 (PDT) Date: Wed, 5 Jun 2024 12:16:13 +0200 In-Reply-To: <20240605101610.2824747-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240605101610.2824747-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=969; i=ardb@kernel.org; h=from:subject; bh=1WOxhSKXdPYsCJ6Ne8n2/N04btpqDMdNzicWbyeAr/c=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIS3B6u2e5kUrJjT+LT7Ls8XoLnNBTN4tvS1arx5tC30Rr s2vl8rZUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACYisIiR4ZfRxvCuR7eKVyt0 biyY5ypRYZynVSIzQ8Hfb7bhh7J+cUaGS792zpyi/e7V73VzA235VW80ie0rYvkWuPJA4NbgPcL GXAA= X-Mailer: git-send-email 2.45.1.288.g0e0cd299f1-goog Message-ID: <20240605101610.2824747-8-ardb+git@google.com> Subject: [PATCH v3 2/4] x86/xen/pvh: Move startup code into .ref.text From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Tom Lendacky , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The Xen PVH startup code does not need to live in .head.text, given that its entry point is not at a fixed offset, and is communicated to the host/VMM via an ELF note. So move it out of .head.text into another code section. To avoid spurious warnings about references to .init code, move it into .ref.text rather than .text. (Note that the ELF note itself is not .init and so moving this code into .init.text would result in warnings as well) Signed-off-by: Ard Biesheuvel --- arch/x86/platform/pvh/head.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index f7235ef87bc3..0cf6008e834b 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -20,7 +20,7 @@ #include #include =20 - __HEAD + __REF =20 /* * Entry point for PVH guests. --=20 2.45.1.288.g0e0cd299f1-goog From nobody Fri Feb 13 00:07:44 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB19C1922F8 for ; Wed, 5 Jun 2024 10:36:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717583790; cv=none; b=obzkt1vsF6bJeH5l3yLay5Y7epUKRohuUbrPtLqT5Ve+jMsyF7lqM/J7XPtmVrXTAB1EfNkDzcz7V4wKnnoSPJ8MICDe245FT1r0iwtttrZA2shur13b4u8PFmlzJFWdn0op9PkX2nwL6l8rvlJKM4Rf4n8Shmy8kHrUMCKA/6k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717583790; c=relaxed/simple; bh=mSfNhvbZFblrksvDeD/XmI+UMtvac2zLUNZOrNXN8NY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=a+yu9VfvhbWaDo4f6HH5c4XGSp0bfhvRgQIFHfsFZDfiuuEoZRn5HON1dL+v2UJuIpboKjs3DVObflKEOCzovrOpMi/IHvbRHRw9PeB0D9oeh/x/BIFRfb2aCMrpLO6o4p9FpcV26cKhYr9sKRS+ko4OLGqUa28R1HTyU8jOSRM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XF8XhHIs; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XF8XhHIs" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-42159c0fbb0so808715e9.0 for ; Wed, 05 Jun 2024 03:36:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1717583787; x=1718188587; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=CdALvWoWm/MeH/4RsJxbsYn8sMbeK49Nk2IJPPiKlcc=; b=XF8XhHIsO8ILPZ+35wnmXP+aZSdUuakfPFAoIUTAcVr4yxEcEbyEGNscYiN2ShJyLS +2kk342eEuHD+kQdq3+HHAQ22uJm5r7pfRFFf3xyPzL2iFVxwdOqHTPCt6rJufooXWNL Sdf5GRnLXrDHM09CkI6wGKl9g4qmMEa11ZVOf1cKHMFz0ScQvQG/xd0/vwuyclIcXkgC jN2fEjP3cHy+dufG7HId4kl7cvmJ5w8scMZQ9/FnFPh2O1K9LE858W4isDQFozi+ieYb m5hSuXdFISbzqHkLFU+GVKU8BMtXExyk49EttkakHKfBEF4sytcyYEyK0MFAM5d0HHQT 7zZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717583787; x=1718188587; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=CdALvWoWm/MeH/4RsJxbsYn8sMbeK49Nk2IJPPiKlcc=; b=S8GecVjfHwt0FXKjGohnUp4kFyatlukYk1bAWv8s5WuAa0IfePGwmUW8TYUhasBUOy TCdx00VYeIWyXS2CplBhfUPjOx+99+D3FZyxfiNkFUhMbqvhd7gUZIB14rKNaLnPsW45 Ma5pgjGtO8E2uxTlkztk2Vdprilf/kIom4ps7LdfdKMbS4uteZNeTvLezG53KCflBgrt 6o20ZSr/p41CMDrybTWZ6rRusGX5/pBin2D3HoOq8SI7G7qnVL2qFV4BYAP9a7leWUXo ZkvBcZSpt/NUQr46EOqO9QP5pEbMd3K4mJZUv1QueS32bAZ+OPTZ/xpWDdjo1G6k9ZbE mf/Q== X-Gm-Message-State: AOJu0YzDf3i0OUdIZ8uNsajoXQFEYAqmIjRC8eywLdvCWG7j7qr8ZEhq zRhHtN3DG7vSBEsGYBtB5bdnVDHmVyglP54SoGYdqeoa0q98aiXotKJbQpM7Vp9id9fJpXJvQ7Y zKcAbRp218noPpfzrJOpIcsWfveLyFZ9PFWYUGYniHcWyb2lVEHOi5RTOxhUAxh9Uo0FLBxwyX7 pvcmYDIQNQDv+iAbgi48BePXkfqTfmHg== X-Google-Smtp-Source: AGHT+IHB9DV/UsJRIe7HdeFmlJXtA6ZNvAVqjDSqZmzyPGkvCjW1H/YJ6GxCNDq4h5RYfLGqHbJAx6Si X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:3c94:b0:41f:3f3:2fd5 with SMTP id 5b1f17b1804b1-42156259597mr143195e9.0.1717583786739; Wed, 05 Jun 2024 03:36:26 -0700 (PDT) Date: Wed, 5 Jun 2024 12:16:14 +0200 In-Reply-To: <20240605101610.2824747-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240605101610.2824747-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4437; i=ardb@kernel.org; h=from:subject; bh=3w3PLjYmxjSrM/q/Li935O15LXzR9XspZXfmEVZ0SVM=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIS3B6l3mYTUPJ757b7M7Exa9O3S6rThm98rUK7XKf/d2b Qo8dW5PRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIVh6G/+7v69ijfQtv6xiG xUw0XNJfXSL+ovLRvm6/FbPLb3E93sXwP1zvtvLU9C6Vc2WpC712TQ/KKdt0sPfq0/mdJ8Svpf4 1YAMA X-Mailer: git-send-email 2.45.1.288.g0e0cd299f1-goog Message-ID: <20240605101610.2824747-9-ardb+git@google.com> Subject: [PATCH v3 3/4] x86/boot/64: Determine VA/PA offset before entering C code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Tom Lendacky , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Implicit absolute symbol references (e.g., taking the address of a global variable) must be avoided in the C code that runs from the early 1:1 mapping of the kernel, given that this is a practice that violates assumptions on the part of the toolchain. I.e., RIP-relative and absolute references are expected to produce the same values, and so the compiler is free to choose either. However, the code currently assumes that RIP-relative references are never emitted here. So an explicit virtual-to-physical offset needs to be used instead to derive the kernel virtual addresses of _text and _end, instead of simply taking the addresses and assuming that the compiler will not choose to use a RIP-relative references in this particular case. Currently, phys_base is already used to perform such calculations, but it is derived from the kernel virtual address of _text, which is taken using an implicit absolute symbol reference. So instead, derive this VA-to-PA offset in asm code, using the kernel VA of common_startup_64 (which we already keep in a global variable for other reasons), and pass it to the C startup code. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/setup.h | 2 +- arch/x86/kernel/head64.c | 8 +++++--- arch/x86/kernel/head_64.S | 9 ++++++++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index e61e68d71cba..aca18be5a228 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -47,7 +47,7 @@ extern unsigned long saved_video_mode; =20 extern void reserve_standard_io_resources(void); extern void i386_reserve_resources(void); -extern unsigned long __startup_64(unsigned long physaddr, struct boot_para= ms *bp); +extern unsigned long __startup_64(unsigned long p2v_offset, struct boot_pa= rams *bp); extern void startup_64_setup_gdt_idt(void); extern void early_setup_idt(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index a817ed0724d1..81696a4967e6 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -138,12 +138,14 @@ static unsigned long __head sme_postprocess_startup(s= truct boot_params *bp, pmdv * doesn't have to generate PC-relative relocations when accessing globals= from * that function. Clang actually does not generate them, which leads to * boot-time crashes. To work around this problem, every global pointer mu= st - * be accessed using RIP_REL_REF(). + * be accessed using RIP_REL_REF(). Kernel virtual addresses can be determ= ined + * by subtracting p2v_offset from the RIP-relative address. */ -unsigned long __head __startup_64(unsigned long physaddr, +unsigned long __head __startup_64(unsigned long p2v_offset, struct boot_params *bp) { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D RIP_REL_REF(early_dynamic_pgts); + unsigned long physaddr =3D (unsigned long)&RIP_REL_REF(_text); unsigned long pgtable_flags; unsigned long load_delta; pgdval_t *pgd; @@ -163,7 +165,7 @@ unsigned long __head __startup_64(unsigned long physadd= r, * Compute the delta between the address I am compiled to run at * and the address I am actually running at. */ - load_delta =3D physaddr - (unsigned long)(_text - __START_KERNEL_map); + load_delta =3D __START_KERNEL_map + p2v_offset; RIP_REL_REF(phys_base) =3D load_delta; =20 /* Is the address not 2M aligned? */ diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 330922b328bf..d0e494607acc 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -100,13 +100,20 @@ SYM_CODE_START_NOALIGN(startup_64) /* Sanitize CPU configuration */ call verify_cpu =20 + /* + * Use the 1:1 physical and kernel virtual addresses of + * common_startup_64 to determine the physical-to-virtual offset, and + * pass it as the first argument to __startup_64(). + */ + leaq common_startup_64(%rip), %rdi + subq 0f(%rip), %rdi + /* * Perform pagetable fixups. Additionally, if SME is active, encrypt * the kernel and retrieve the modifier (SME encryption mask if SME * is active) to be added to the initial pgdir entry that will be * programmed into CR3. */ - leaq _text(%rip), %rdi movq %r15, %rsi call __startup_64 =20 --=20 2.45.1.288.g0e0cd299f1-goog From nobody Fri Feb 13 00:07:44 2026 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96F4C192B66 for ; Wed, 5 Jun 2024 10:36:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717583792; cv=none; b=oe5nkkizigyuaOECrJV/VBpJLWxYW+aE6Hwn9NzoceHzMolv5Y+kfMOtMZfDVAHi8mO3STiO1JbMwy7Y6bwcO12JQrAPEvHYmkA1FWgRSXT+VyG40dNkxoF14RqOHzzzPGd4APZqGkrYHNlV/4y17yKoOEEPta+IGo/LOYxF2QI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717583792; c=relaxed/simple; bh=t+JYog3mSPZZIoU84rJI+s2xcKpJusbWDToFBxl4H20=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=H1aBvRAPZKSuI/zvz0xkhxPVN7/FLF6gg6Q+Qi58RGDZukdGLut9CGJm6BDr4lWo0r3OozYgwDqiinXsbvfisvwS0BWKC2kRijw6Cwr1Aa6V0YlJQUJr6Bzu3VB3f+KeT9u5JwwFy3fDcx//2GzCwvIvt8+Y4nCLaOtA0MTYwJA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=x7VaglDL; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="x7VaglDL" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-62ca03fc1ceso49086257b3.1 for ; Wed, 05 Jun 2024 03:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1717583789; x=1718188589; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=XEmtNDC5pui6ZIXiXr09dhxXS6IpsEqJxTtW36Erzok=; b=x7VaglDLNyihcOs9q2IxsSW+KEEeafmXvM3xcHg5rr/RX19EIXmXyjj5fVK4SmqsPt KjrqaWecCXn/O8Xa/Lth/GkWZo2NAHO2LGoMut6ihvDMHrUN3xirbkaliyisoqnMcBU0 D7JX5kNkIu/zPyxhFTBhKMatiTJRQyWbg/UV9JxtXCiRSJZASCknUeD+DGx4dF/C2Pss /EKX8nFas4YOxw5u66yzyDTlYHLDzL77RHAYWUkLAJrN9RTxxVLEN1VjY4j5GGLey4h0 nVvXdvKYms1F0oseNhhG9tYNjhmROGgV7BSEDwEPW9hcASNLpKHWzUh93YhSNM2MW63V /i8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717583789; x=1718188589; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XEmtNDC5pui6ZIXiXr09dhxXS6IpsEqJxTtW36Erzok=; b=DQQd/BFRJp3FaGex27NvKgc7GfZ7EebHHoUOoffS9lrledjOgpnGzNxrOPIPgCaXdH gMHr6GC3QhftjdQ6ZlFrffOibXna1obZntKzOzCgGfIC/8YNY3GVKrLFfqfMBozS45Hp 1lyjs6vrqDLd00jIk1DwS+MAORsUlqRWlkDyq3QYy7Aq0DBByzoOGAtLVcm6+kG4N1J6 qzBcdLnPndnjGuuCKJpNMbLJrzoRE0iIlRis5nkzrL2rgQwj5pnIKLdfIaOs/wX1AIv+ n+LWBtDZH40R+HPGmx++P3r8Y/RamHWel0Uj3hHC0PE+Q7wvwAULcLKwmsnWRknSIfxo kcOw== X-Gm-Message-State: AOJu0Yxu7G9yj9stY7HtcUTK7yXDtiJ0fDduPpkjMtjIiMIWlFxDHS/T vaPHjxjMlicsQJZ/ZfkfervtIz4KHBmXCTrWH6vTRnxP0ybnoAyRH/I+mH+1p5EhfM1dR41aSfY bR1Fupjki2I7sbVz0Tkpx5vWVGC/Jr2qcdi4mPMB9C3wllWAraHrveZ+WylRLdxUHHD0d1mMg4H mpoZ3nL+ixsU3hllcp/N3G0oX7FAYjdg== X-Google-Smtp-Source: AGHT+IErUQKTO2ZcLdxataNAEG3RQJL00sJsirZyJaf+bAntAY3hTC9uSlGTLmYfzNdhPplKlB8hmwbs X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:690c:5:b0:622:cd98:3b89 with SMTP id 00721157ae682-62cbb5e58admr3992217b3.9.1717583789516; Wed, 05 Jun 2024 03:36:29 -0700 (PDT) Date: Wed, 5 Jun 2024 12:16:15 +0200 In-Reply-To: <20240605101610.2824747-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240605101610.2824747-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4681; i=ardb@kernel.org; h=from:subject; bh=HUfqDZ5e/aoYcRzKVO71ALLOyHdGEo9FPF3h43qwzBo=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIS3B6n2zy7bFP4ODt1gXLtKQ6DjJsPrWxNe155bnWm67q xcxtdW+o5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExEbDIjQ+8u9fWKCodvG78o t1grPi0sJPcli/38f1Xej6o4Xy7I9GH4n8L185zfhRah447yxXeEjk3Xm26qN+Vs0ZfN9/N5bQ8 t4QMA X-Mailer: git-send-email 2.45.1.288.g0e0cd299f1-goog Message-ID: <20240605101610.2824747-10-ardb+git@google.com> Subject: [PATCH v3 4/4] x86/boot/64: Avoid intentional absolute symbol references in .head.text From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Tom Lendacky , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The code in .head.text executes from a 1:1 mapping and cannot generally refer to global variables using their kernel virtual addresses. However, there are some occurrences of such references that are valid: the kernel virtual addresses of _text and _end are needed to populate the page tables correctly, and some other section markers are used in a similar way. To avoid the need for making exceptions to the rule that .head.text must not contain any absolute symbol references, derive these addresses from the RIP-relative 1:1 mapped physical addresses, which can be safely determined using RIP_REL_REF(). Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/head64.c | 30 ++++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 81696a4967e6..c0f20962f9b1 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -91,9 +91,11 @@ static inline bool check_la57_support(void) return true; } =20 -static unsigned long __head sme_postprocess_startup(struct boot_params *bp= , pmdval_t *pmd) +static unsigned long __head sme_postprocess_startup(struct boot_params *bp, + pmdval_t *pmd, + unsigned long p2v_offset) { - unsigned long vaddr, vaddr_end; + unsigned long paddr, paddr_end; int i; =20 /* Encrypt the kernel and related (if SME is active) */ @@ -106,10 +108,10 @@ static unsigned long __head sme_postprocess_startup(s= truct boot_params *bp, pmdv * attribute. */ if (sme_get_me_mask()) { - vaddr =3D (unsigned long)__start_bss_decrypted; - vaddr_end =3D (unsigned long)__end_bss_decrypted; + paddr =3D (unsigned long)&RIP_REL_REF(__start_bss_decrypted); + paddr_end =3D (unsigned long)&RIP_REL_REF(__end_bss_decrypted); =20 - for (; vaddr < vaddr_end; vaddr +=3D PMD_SIZE) { + for (; paddr < paddr_end; paddr +=3D PMD_SIZE) { /* * On SNP, transition the page to shared in the RMP table so that * it is consistent with the page table attribute change. @@ -118,11 +120,11 @@ static unsigned long __head sme_postprocess_startup(s= truct boot_params *bp, pmdv * mapping (kernel .text). PVALIDATE, by way of * early_snp_set_memory_shared(), requires a valid virtual * address but the kernel is currently running off of the identity - * mapping so use __pa() to get a *currently* valid virtual address. + * mapping so use the PA to get a *currently* valid virtual address. */ - early_snp_set_memory_shared(__pa(vaddr), __pa(vaddr), PTRS_PER_PMD); + early_snp_set_memory_shared(paddr, paddr, PTRS_PER_PMD); =20 - i =3D pmd_index(vaddr); + i =3D pmd_index(paddr - p2v_offset); pmd[i] -=3D sme_get_me_mask(); } } @@ -146,6 +148,7 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D RIP_REL_REF(early_dynamic_pgts); unsigned long physaddr =3D (unsigned long)&RIP_REL_REF(_text); + unsigned long va_text, va_end; unsigned long pgtable_flags; unsigned long load_delta; pgdval_t *pgd; @@ -172,6 +175,9 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, if (load_delta & ~PMD_MASK) for (;;); =20 + va_text =3D physaddr - p2v_offset; + va_end =3D (unsigned long)&RIP_REL_REF(_end) - p2v_offset; + /* Include the SME encryption mask in the fixup value */ load_delta +=3D sme_get_me_mask(); =20 @@ -232,7 +238,7 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, pmd_entry +=3D sme_get_me_mask(); pmd_entry +=3D physaddr; =20 - for (i =3D 0; i < DIV_ROUND_UP(_end - _text, PMD_SIZE); i++) { + for (i =3D 0; i < DIV_ROUND_UP(va_end - va_text, PMD_SIZE); i++) { int idx =3D i + (physaddr >> PMD_SHIFT); =20 pmd[idx % PTRS_PER_PMD] =3D pmd_entry + i * PMD_SIZE; @@ -257,11 +263,11 @@ unsigned long __head __startup_64(unsigned long p2v_o= ffset, pmd =3D &RIP_REL_REF(level2_kernel_pgt)->pmd; =20 /* invalidate pages before the kernel image */ - for (i =3D 0; i < pmd_index((unsigned long)_text); i++) + for (i =3D 0; i < pmd_index(va_text); i++) pmd[i] &=3D ~_PAGE_PRESENT; =20 /* fixup pages that are part of the kernel image */ - for (; i <=3D pmd_index((unsigned long)_end); i++) + for (; i <=3D pmd_index(va_end); i++) if (pmd[i] & _PAGE_PRESENT) pmd[i] +=3D load_delta; =20 @@ -269,7 +275,7 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, for (; i < PTRS_PER_PMD; i++) pmd[i] &=3D ~_PAGE_PRESENT; =20 - return sme_postprocess_startup(bp, pmd); + return sme_postprocess_startup(bp, pmd, p2v_offset); } =20 /* Wipe all early page tables except for the kernel symbol map */ --=20 2.45.1.288.g0e0cd299f1-goog