From: Ard Biesheuvel <ardb@kernel.org>

Reorganize C code that is used during early boot, either in the
decompressor/EFI stub or the kernel proper, but before the kernel
virtual mapping is up.

v3:
- keep rip_rel_ptr() around in PIC code - sadly, it is still needed in
  some cases
- remove RIP_REL_REF() uses in separate patches
- keep __head annotations for now, they will all be removed later
- disable objtool validation for library objects (i.e., pieces that are
  not linked into vmlinux)

I will follow up with a series that gets rid of .head.text altogether,
as it will no longer be needed at all once the startup code is checked
for absolute relocations.

The SEV startup code needs to be moved first, though, and this is a bit
more complicated, so I will decouple that effort from this series, also
because there is a known issue that needs to be fixed first related to
memory acceptance from the EFI stub.

Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: Kevin Loughlin <kevinloughlin@google.com>

Ard Biesheuvel (7):
  x86/boot/startup: Disable objtool validation for library code
  x86/asm: Make rip_rel_ptr() usable from fPIC code
  x86/boot: Move the early GDT/IDT setup code into startup/
  x86/boot: Move early kernel mapping code into startup/
  x86/boot: Drop RIP_REL_REF() uses from early mapping code
  x86/boot: Move early SME init code into startup/
  x86/boot: Drop RIP_REL_REF() uses from SME startup code

 arch/x86/boot/compressed/Makefile                          |   2 +-
 arch/x86/boot/startup/Makefile                             |  22 ++
 arch/x86/boot/startup/gdt_idt.c                            |  83 ++++++
 arch/x86/boot/startup/map_kernel.c                         | 225 ++++++++++++++++
 arch/x86/{mm/mem_encrypt_identity.c => boot/startup/sme.c} |  19 +-
 arch/x86/coco/sev/core.c                                   |   2 +-
 arch/x86/coco/sev/shared.c                                 |   4 +-
 arch/x86/include/asm/asm.h                                 |   2 +-
 arch/x86/include/asm/coco.h                                |   2 +-
 arch/x86/include/asm/mem_encrypt.h                         |   2 +-
 arch/x86/kernel/head64.c                                   | 285 +-------------------
 arch/x86/mm/Makefile                                       |   6 -
 12 files changed, 346 insertions(+), 308 deletions(-)
 create mode 100644 arch/x86/boot/startup/gdt_idt.c
 create mode 100644 arch/x86/boot/startup/map_kernel.c
 rename arch/x86/{mm/mem_encrypt_identity.c => boot/startup/sme.c} (97%)


base-commit: 4f2d1bbc2c92a32fd612e6c3b51832d5c1c3678e
-- 
2.49.0.504.g3bcea36a83-goog

On Tue, Apr 8, 2025 at 5:01 AM Ard Biesheuvel <ardb+git@google.com> wrote:
>
> From: Ard Biesheuvel <ardb@kernel.org>
>
> Reorganize C code that is used during early boot, either in the
> decompressor/EFI stub or the kernel proper, but before the kernel
> virtual mapping is up.
>
> v3:
> - keep rip_rel_ptr() around in PIC code - sadly, it is still needed in
>   some cases
> - remove RIP_REL_REF() uses in separate patches
> - keep __head annotations for now, they will all be removed later
> - disable objtool validation for library objects (i.e., pieces that are
>   not linked into vmlinux)
>
> I will follow up with a series that gets rid of .head.text altogether,
> as it will no longer be needed at all once the startup code is checked
> for absolute relocations.
>
> The SEV startup code needs to be moved first, though, and this is a bit
> more complicated, so I will decouple that effort from this series, also
> because there is a known issue that needs to be fixed first related to
> memory acceptance from the EFI stub.

Is there anything to verify that the compiler doesn't do something
unexpected with PIC code generation like create GOT references?


Brian Gerst

On Tue, 8 Apr 2025 at 20:16, Brian Gerst <brgerst@gmail.com> wrote:
>
> On Tue, Apr 8, 2025 at 5:01 AM Ard Biesheuvel <ardb+git@google.com> wrote:
> >
> > From: Ard Biesheuvel <ardb@kernel.org>
> >
> > Reorganize C code that is used during early boot, either in the
> > decompressor/EFI stub or the kernel proper, but before the kernel
> > virtual mapping is up.
> >
> > v3:
> > - keep rip_rel_ptr() around in PIC code - sadly, it is still needed in
> >   some cases
> > - remove RIP_REL_REF() uses in separate patches
> > - keep __head annotations for now, they will all be removed later
> > - disable objtool validation for library objects (i.e., pieces that are
> >   not linked into vmlinux)
> >
> > I will follow up with a series that gets rid of .head.text altogether,
> > as it will no longer be needed at all once the startup code is checked
> > for absolute relocations.
> >
> > The SEV startup code needs to be moved first, though, and this is a bit
> > more complicated, so I will decouple that effort from this series, also
> > because there is a known issue that needs to be fixed first related to
> > memory acceptance from the EFI stub.
>
> Is there anything to verify that the compiler doesn't do something
> unexpected with PIC code generation like create GOT references?
>

I will propose something along the lines of what is already being done
for the EFI stub:

------%<------

STUBCOPY_RELOC-$(CONFIG_X86_64) := R_X86_64_64

quiet_cmd_stubcopy = STUBCPY $@
      cmd_stubcopy =                                                    \
        $(STRIP) --strip-debug -o $@ $<;                                \
        if $(OBJDUMP) -r $@ | grep $(STUBCOPY_RELOC-y); then            \
                echo "$@: absolute symbol references not allowed in
the EFI stub" >&2; \
                /bin/false;                                             \
        fi;                                                             \
        $(OBJCOPY) $(STUBCOPY_FLAGS-y) $< $@