From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBF2726C38B for ; Wed, 23 Apr 2025 11:10:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406640; cv=none; b=AO44P1U0dpBy4euEgM8J7v8r1UOOzJkH39l9i8c2sOApTDGoyimDApxyzVKd5dvNRi+q99T/RrldKUlJAh/IxzfGVVvFrxPXAF/Sps+IqM16SFbksYGbO8gyxRyGNWJmtA+TtV9olDDkhOX0zeqeHvHpoPT8Kl2znQDgwlZNJgM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406640; c=relaxed/simple; bh=AIhGYwkLeED8QStPdAydMCUNiRnP/CVX0kIh57deXpY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=HZyI8qga9rUPOv1rBBIfG3ppaGIN7mx1f26if4iiNn9Ho/UBH2PRZ4kPmGsuisUS4B0OliW6aBAB1I5Z7pOj+iyV8TMgwAJEzWspvpwQ9yA/ak2fDtX8C3fw7Z7XkKQMHWwfD1tXrEa1HVfb+VGCwHhhyAMgcCzjhf8cA+tQGcQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NHXc3JyT; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NHXc3JyT" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-39ee57e254aso2978762f8f.1 for ; Wed, 23 Apr 2025 04:10:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406637; x=1746011437; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=b9EdJfoFvntZ3Aijc9ezm1SvO5dYoA86SEzEWFMBPBA=; b=NHXc3JyTYp29mEwMOlzM1kpx+KT2QA7/6WpjVaX7UpDF6PZtR1YwKxiEABKZJxEwx8 ggrmk7qJ4cvYsWsQKyOG4aezL5XOHwFQ3dsmdw6OLWTdrm2KPdvsMh19JYhxIsl7IQ0J weaLBMBNqFm8lUhOwfOQeUE/OGuPuoD2YnVC3jv5P9xbX5/3HKNXslcJVNIeRgxgWE+5 kGNXxg4dW7lufyioi5dOmA2plj5Ok6DVyscgUFCI5CeoP2hpuvLpdsWRb5Fm5Sm3Uobc x0o1wiZx+OaO2UMv6Ter7t1mVEQNpQVDzlMyYBUN+XAnXZ7TNRVHvIx3yXQ6ygrczr4l cOPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406637; x=1746011437; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=b9EdJfoFvntZ3Aijc9ezm1SvO5dYoA86SEzEWFMBPBA=; b=h++hFUbfgekSGrkE+X6fc0t456L8Ts5SUpujxyPzhAqHsv3oE/eh76C7XligEw2ngL 1D7gRFnS4HOtKXNIbLMonRymNXgS7aKYCq2Bn4b64ROsw3s7qoTeww0j5yoR9ApMUUje +9TGvizDwCpfNkEtyDVx84EZeIJWhX3s8bZxdiZj2PbeLnUyO/vMl0it7GTleKFHvieG yt81OKsKfLat//mO7XPIgpkPRoU21wOBfrjqMizZ6jZ+6kbiRfZOYQHNKX7l+hsR9J8P wpIp8BjPBjq/8/WY4tNF0Bo1PV4Vbi98oceZMp7tpeoEjtWPy3xacGxI29XSHEh9M3J8 ygLg== X-Gm-Message-State: AOJu0Yz+SotJQBfxKmHCACvyxvGj9BXIe7ICDTPXFG8CjB4/ZLxTYinQ C0oKiXMesh89LglBHBMX/LBH/HvUJLNddFXNnhfffMk4ZkS9A7x67n7ykybm6NvTxLTPcTDsMz0 hdDyQKqSjFn+brVJy64ZNlyDvtQ7iOvjkRnUKxCaTwAxSjK6rds+n3fbzDLkE9ohY3kXbudjoue 9l2infOtNhmw+tVaRWmSpH39X93LoZ3Q== X-Google-Smtp-Source: AGHT+IGh7kubV1d3R3ZD3F79F3LXSp3GH8VsTNG4XhDosIDSpzfMdrMwDFzmMjz7Yn7jCRbX7GhQxSXK X-Received: from wrbaz1.prod.google.com ([2002:adf:e181:0:b0:39e:e3f9:60d2]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:144a:b0:391:2a9a:478c with SMTP id ffacd0b85a97d-39efba3cc88mr16844764f8f.23.1745406637306; Wed, 23 Apr 2025 04:10:37 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:50 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1039; i=ardb@kernel.org; h=from:subject; bh=kVSqHU9mGbp8hJj8L+zQL1y2c7Ahk8a3EXR2gn1jxkA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPjVJfJ9jUVgpt49pavfxKhmvjpWBGf/IPHtYt8Tr1Yd Mh0/3nVjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjAR015GhqOLvh5rq5vuFLls h4C0XAtbY1us4rJNc16Jey/NO2bzpZThf+2MXKeCGWrtrfH8kjOm1K5ZFqrqtk2Sw74p9Pyvhj/ OXAA= X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-14-ardb+git@google.com> Subject: [RFC PATCH PoC 01/11] x86/linkage: Add SYM_PI_ALIAS() macro helper to emit symbol aliases From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Startup code that may execute from the early 1:1 mapping of memory will be confined into its own address space, and only be permitted to access ordinary kernel symbols if this is known to be safe. Introduce a macro helper PI_ALIAS() that emits a __pi_ prefixed alias for a symbol, which allows startup code to access it. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/linkage.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/include/asm/linkage.h b/arch/x86/include/asm/linkage.h index b51d8a4673f5..ad59ff384f72 100644 --- a/arch/x86/include/asm/linkage.h +++ b/arch/x86/include/asm/linkage.h @@ -141,5 +141,11 @@ #define SYM_FUNC_START_WEAK_NOALIGN(name) \ SYM_START(name, SYM_L_WEAK, SYM_A_NONE) =20 +#ifdef __ASSEMBLER__ +#define SYM_PI_ALIAS(sym) SYM_ALIAS(__pi_ ## sym, sym, SYM_L_GLOBAL) +#else +#define SYM_PI_ALIAS(sym) extern typeof(sym) __PASTE(__pi_, sym) __alias(s= ym) +#endif + #endif /* _ASM_X86_LINKAGE_H */ =20 --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 11B0426D4F2 for ; Wed, 23 Apr 2025 11:10:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406642; cv=none; b=M1+Sf/M0kyYcBo1hQMhvJcidQMIqocuLGzw/tcwylUkOpVJkyg27UB7Lrz4TjAjl/uKq9A4ac5Pzc1d9SOz7oVeQX07hS5HxmwXTzySelLJPaInJYDBuLLLzpjiqi/xfJsCzV4YAe85myHZkO1L/1FT6p1UxSIttuF5KYO/nqvY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406642; c=relaxed/simple; bh=Ib99OdMh0enkY6TPRZxjv/65h/XKNl3J75/X+8IrRls=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=A23ewwktUocn0BKHpaT1QBuPdQjgUW1owjQF2NB7ASDntf9OsL695R1PdwMIJnc5ERoZjf4DzCE0TH5PkrbjnIs4Qn8BaxUTV6sloh27iOfblwoCb4T+N25LsfyBLva9nbPusQRcsN2I+fd5NdN4MQ3cMjcBmL87Gznh3ijtUS4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vj8p290g; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vj8p290g" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43941ad86d4so25635265e9.2 for ; Wed, 23 Apr 2025 04:10:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406639; x=1746011439; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=VBoJ481uB7mn+QxWuP87Dth5SOxpKWB10cRWV+uYmEE=; b=vj8p290gM4bDQ28XEJ4TeU1wgwD5JJOHb7lV5ndwObTIodOWhLvYyfvOq/fR/NEW12 kkVEw5SsgK9LpkPxXgoNBTQIP0Gr6TCR4VQDNEvwedvACAJwQBvL0gC005YP1wuFcbub Gtkz5J1WpYSVi/T4/ZJ2v4YJ0wa48Fq65HAJsInTpIeZ++aeRbj9O/azD6ZQOjz7T3So RjjUJmJckSNf+rJ3xpz/v67RSeD6PIY2tsVVDeE1Mv54lPdk23Qm8cBRtBAgvFdcPoIc MjHVO1VpJuMjyK5+NfeeQIrESVZtK4VKVHmfJzYtEuoacz44wU9Pq5LC2vr62zOV4e0a cqrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406639; x=1746011439; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VBoJ481uB7mn+QxWuP87Dth5SOxpKWB10cRWV+uYmEE=; b=RJHdK8YmUAYm6V8FuUiuFGfIOhoxJbgJzuxBVGjECoLKyex10Hj69/PuXrt1xIMHms eDZicHREhOgnjMUxjV4L4ABRsOBeSyE384k9sLe+WI/BV5zbIuTFVxLvsqZpaPbumbFV ejNlgpxTFX0FLdqamuFeNDZhzk3agSvSL7XOGGZc338NlNINUQaYaA1wx1/KQWcfVXYf cOXTIVPs3mYaDJBHkdlGiRg61o+M7p6uBTHwFnsfOczzaAJHiHMYCv+8du8T4W9VSaJn 4/LG82vvEOYtD8bpPWdyNrzKi3xWBjuCDfQ8ZuQyzop60sQzDKjpVB8wn2El/Kr/xixL pntA== X-Gm-Message-State: AOJu0Yz7y7uOPPHfwufdQrFSnOdVexP+O2dljy0c8EAePo1Y55SIKkh4 8QGQ+IAnDSptV1tdom9djihsR0dBsPOlTT2LDu0KoZBFEwKYQjqm38mDq8IDSYrW3kpPCmk/HGr 3x83/GByHP8Qou4xc/MFfi0Zq9gT4J4sDcxop7j1OvbbMPUkYU6Vfkthk/lEQHBiyy2GfudjOyD llrKAhL4oY1T7/9BaIlDmsa34oqfRHGQ== X-Google-Smtp-Source: AGHT+IHS+TC/FCGjgyFsj2LnSFdg94JEZUpuejLGQ1OOh/hDt3tCkNGth3+vP/WHmrnlf3z74iwa07o7 X-Received: from wmqb12.prod.google.com ([2002:a05:600c:4e0c:b0:43d:55cd:66bb]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:500d:b0:43c:eea9:f438 with SMTP id 5b1f17b1804b1-4408a656ee6mr78207045e9.15.1745406639413; Wed, 23 Apr 2025 04:10:39 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:51 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2683; i=ardb@kernel.org; h=from:subject; bh=Pd/u42EgAdRCuYeaihpEHLBTzgMWHgpQ2dl3Fj3QJe0=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPjVI8EP2/ezX0ZQv0TF8blrl8k2NESyrZM2O7K8j8zp 9flPlrZUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZSOY3hv/vZ9xufrlz3Zms3 7+HiUnPzVM8/DOssv5obBC2NaLv0J4+RYTPX9wsVzUetBXTDN3m7CKfy7Fav3i7hpa5Vv/HZxFQ 3NgA= X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-15-ardb+git@google.com> Subject: [RFC PATCH PoC 02/11] x86/boot: Move early_setup_gdt() back into head64.c From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Move early_setup_gdt() out of the startup code that is callable from the 1:1 mapping - this is not needed, and instead, it is better to expose the helper that does reside in __head directly. This reduces the amount of code that needs special checks for 1:1 execution suitability. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/gdt_idt.c | 15 +-------------- arch/x86/include/asm/setup.h | 1 + arch/x86/kernel/head64.c | 12 ++++++++++++ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/arch/x86/boot/startup/gdt_idt.c b/arch/x86/boot/startup/gdt_id= t.c index 7e34d0b426b1..a3112a69b06a 100644 --- a/arch/x86/boot/startup/gdt_idt.c +++ b/arch/x86/boot/startup/gdt_idt.c @@ -24,7 +24,7 @@ static gate_desc bringup_idt_table[NUM_EXCEPTION_VECTORS] __page_aligned_d= ata; =20 /* This may run while still in the direct mapping */ -static void __head startup_64_load_idt(void *vc_handler) +void __head startup_64_load_idt(void *vc_handler) { struct desc_ptr desc =3D { .address =3D (unsigned long)rip_rel_ptr(bringup_idt_table), @@ -43,19 +43,6 @@ static void __head startup_64_load_idt(void *vc_handler) native_load_idt(&desc); } =20 -/* This is used when running on kernel addresses */ -void early_setup_idt(void) -{ - void *handler =3D NULL; - - if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) { - setup_ghcb(); - handler =3D vc_boot_ghcb; - } - - startup_64_load_idt(handler); -} - /* * Setup boot CPU state needed before kernel switches to virtual addresses. */ diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index ad9212df0ec0..6324f4c6c545 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -52,6 +52,7 @@ extern void reserve_standard_io_resources(void); extern void i386_reserve_resources(void); extern unsigned long __startup_64(unsigned long p2v_offset, struct boot_pa= rams *bp); extern void startup_64_setup_gdt_idt(void); +extern void startup_64_load_idt(void *vc_handler); extern void early_setup_idt(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); =20 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 6b68a206fa7f..29226f3ac064 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -303,3 +303,15 @@ void __init __noreturn x86_64_start_reservations(char = *real_mode_data) =20 start_kernel(); } + +void early_setup_idt(void) +{ + void *handler =3D NULL; + + if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) { + setup_ghcb(); + handler =3D vc_boot_ghcb; + } + + startup_64_load_idt(handler); +} --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E83B326FA5D for ; Wed, 23 Apr 2025 11:10:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406645; cv=none; b=dMEl2e/MsSFnvmzsdZa8yYCYW4iE6ByRcYlPde6veRvXiqODoTI4iTDGIEYmlRaNgGgx1ZZH5Nc5wqSVgj2mMQx+hpHtm7jiIeBZBWD5133GCaI/XQyy3QiOoKdWzdp6hM/fKDnxc0PcL/+mt3XC1oHmUOpOhn2VFV1krLGl2uM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406645; c=relaxed/simple; bh=gGpYZxg5+AcETpfTWoUQvD57ks0/PH9h0iv3aCMiNUs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YLK9Sj0YG1Cnbew20cOvqCHIbUWqfVP6Ik/JKRCwJOamN/J5y6w2LuAqv5RTE/RfGMtB/hOvOFmcWq/XMMuFNWv9K2rHwhsRbl/cAiHXbSYEha8W/W9GkWM3pAiVCBz6T/8wujbZ+xCYCIzactDKnCMBXYN5M6IygX5J8WDIsgA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Vk+S5nBm; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Vk+S5nBm" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43ceeaf1524so3754125e9.1 for ; Wed, 23 Apr 2025 04:10:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406641; x=1746011441; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=dz/mDOsr201xeCvIvk7JY8XBjobiOcX7m1b5fgok938=; b=Vk+S5nBmnvYcMq/+QZ51hg1zQ0dkZjyVylJRmDqevQYAKVRSQ/ObEbcy43U/w5hyH1 PJX/Nzg/dS9CUbdTULwlihq5mqOsgrgTtRE4aLYq5fbQ07a1DTBTPwOh1MWZvuTdfrJw HzfN7UvN5PKKpP0wgkiGJGVwokVtSDI3shvSPDct3abWXrjFu8nXh17Csfrzz3l6o6NB uwX+Mz6phmjJBbWg9WK2SzRPEfqVoSMRIRBmI8OPsdcaLy6CHeyEpiQHjF4B1y9PBoTQ y6+gJ5VAqTsl12dMC94eLFnufwX23N2TmEmSU7GkBhn2sxA4EvmxnJoa1GUxuvJ3w9Bv 3dKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406641; x=1746011441; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dz/mDOsr201xeCvIvk7JY8XBjobiOcX7m1b5fgok938=; b=o/djrGIc9nfowBCVkZyMC5Rgt+wJLyuvLanX+Gy8Cl5xKnuxdSGKv8wsbh+C8EnLio A5rmQZuENsLr4fT2LRQ/upr+plDKQsBbFoyx9mMMaxThTU1xaYfAmxnPc9F+VYAPtKvJ RZkZ05KT7DcO2jfBM3QYoLqiBoGG+AC4ZY2BsvyHMitWhgK9XU2C68xCCx4rb27O1VBm TbjPzhtjnKASr9mY6y02BNLcP27BOow673aP6v8n9BYvldacqtY9mNqKzO8GRd8HYGkh qRle4ICG21cfAwhYvxmg9gwpZEwhCJD6NKEE71H/v9Un1UZcWl9yWImTJDU4Z2KG79cS TTYw== X-Gm-Message-State: AOJu0YywvwNlcVshHxsx2T1I0D6f1rMqUeKqYsu3nKzpIPALPgzRHhnq yHpqgoQfNlMLeOlBnNj8OGQBdegGTkvffpyH7SOXin0nZ0rANHqszVF9XWnW8IfEWgPok+madtn a/xcUmuvs0wYtxK2EC8JbOcN6TMN9Bks9UzvCUvAhcciPCt8ioi7w9nwXi5Zh5h7OHcHpfg59nZ netrIrAHKLO9ZphaUxpUtbE+uH5vicKQ== X-Google-Smtp-Source: AGHT+IEU8MjGPKd0fdUWKptTodlDCfOm2x9U6kS3lSYO3BEh+tOROAdF34OcxpgYDHbvwNsdgPECV1c2 X-Received: from wmrn7.prod.google.com ([2002:a05:600c:5007:b0:43c:f6c0:3375]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c08a:b0:439:873a:1114 with SMTP id 5b1f17b1804b1-44091eee173mr16483325e9.6.1745406641365; Wed, 23 Apr 2025 04:10:41 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:52 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=961; i=ardb@kernel.org; h=from:subject; bh=JADx/rxGDZiU/7QnFcGFPRIEIAFKDCf42sLIuHIBDFs=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPjVO/0SN3k1VX+rVe+Xlw/+/h/XhbP4pfP/CMuZ905/ mHigYvzO0pZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBEbsozMuyaINSpLWn0wOSZ NFNjR/iRwOjMucd2N9pcmhb1RtTw2i1GhhubucRe7Rde/8h5TkmVfovHS5fzvyvjG867bNkXoTs vgwkA X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-16-ardb+git@google.com> Subject: [RFC PATCH PoC 03/11] x86/boot: Disregard __supported_pte_mask in __startup_64() From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel __supported_pte_mask is statically initialized to U64_MAX and never assigned until long after the startup code executes that creates the initial page tables. So applying the mask is unnecessary, and can be avoided. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/map_kernel.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/x86/boot/startup/map_kernel.c b/arch/x86/boot/startup/map= _kernel.c index 0eac3f17dbd3..099ae2559336 100644 --- a/arch/x86/boot/startup/map_kernel.c +++ b/arch/x86/boot/startup/map_kernel.c @@ -179,8 +179,6 @@ unsigned long __head __startup_64(unsigned long p2v_off= set, pud[(i + 1) % PTRS_PER_PUD] =3D (pudval_t)pmd + pgtable_flags; =20 pmd_entry =3D __PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL; - /* Filter out unsupported __PAGE_KERNEL_* bits: */ - pmd_entry &=3D __supported_pte_mask; pmd_entry +=3D sme_get_me_mask(); pmd_entry +=3D physaddr; =20 --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6F4D26FA6F for ; Wed, 23 Apr 2025 11:10:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406646; cv=none; b=gYLlE55RI/1kW4axz6cbPsEEwGnPOvK8ufKu6n+WXfl1JP2U4kX46gKlG5V74PeTrrTE71rI3k/jDdsfeyPdvtSicfUBFwcwP4/QtCD+XsAXO8Pk+pG9rVdKJ1ZsNYzWNmJySbj0lCMNWeIWPsF0iPommJpCAZ/KCe4zfbnoAdc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406646; c=relaxed/simple; bh=XkA3HYEGwj91QxLKsAzM0febMq73OcEzy2RmvnaYohg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MggiwUcnn3DFmqz+BhyOEW48tpf50SiBLix825MSTczUE3pcUSNXLQTa0PatlUfRLJG7frfRF+QPSgsAm6OtBEoPWCuNGf31pm6BWTGm9NqaM58cLzFvOFg+wkfw5k4pWc/OSIoJP+CAF6WeNXKwc6JLfDlP2962vdrIW4FvxcY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=py9d4lib; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="py9d4lib" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43947a0919aso45194375e9.0 for ; Wed, 23 Apr 2025 04:10:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406643; x=1746011443; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=h069Sp4yFKtz4Sfd7IxnH3MQe78yHPLJe923z0mD/9Y=; b=py9d4libj1mo9OFPUl1FLcMUsirBKrdJgH4nTyb2kRFGJJDekJEJQEL6JD7P+Dz/tx aSde5ATSKSX8ASqPlCu0TyJYogyVSuj3kkq6BMlwuk9pUdfFPQV9cX3nNtuBGEOO1jKV jlkfmLZVZEXZtcfiq/U+xUfPNZmzExYyQxmoq0eG/XIUiTCjqVLl8SSkP9xM9GBA/Sp/ EYXV4ZIDyVMnRlSkV/H6tMNMPudYgayq0yYqxuskbedDVDCY2Q+BQNSqisq9O0pxEnVF 5IrbvPcp129H5ng0xKTKTIY9wzaRckg6N99Yjk5ibk0aT/5DxPgE1AKAZbuJ6/tsm+qq 4jIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406643; x=1746011443; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=h069Sp4yFKtz4Sfd7IxnH3MQe78yHPLJe923z0mD/9Y=; b=cew6tlbp0+Q8UwJXZyAAIi1eUpvfNr2BAjhihQ0qvOg8tMc94w8VoDPwmzMX6+yDMg AKSEE9JISBZwFA6/27q7wtDqhqczimTOJSPXYnqWaspqrcbWMrO3zK/+Vf73DkzkHZom VP0v5ys5juQdf0hlzmC1jgBFnjfFJKRDcBucocjBcUAuVMhZVLGDjKz4LKxY0BdD22xx moTWDLURatnF9l0pgRcCNJxFotd6jSJ/CUTsHsX+EePqH3RO+yyofLsEeGojmGi2vZmM ClXNHK1yab3/Vu+g4ui+1yH5FxC+anXFURfglIV0xwlNWy2NolFFZdbvzBeW9nZwOeYS zS7Q== X-Gm-Message-State: AOJu0Yx/f3pijByh9beKlVHZwK16xWeAfmHPChghJJHAnEUoKT4XWoMJ AnUcTEnthHrGtOq5LAiqbWZBj6CPkPfB1NHn1EulXeUaL9UXs6Wnh7pxFmUXS/nkErp2WrZ1E48 tqWIY4BExzicqRtXxY5Iuinrta6NKiLENS5ixUsIQM4RqCYiJUTSAsuc57psSFZLHVO7z6Wxnmy +ewaRSQODdvoe6VhBq0bCzlogBp0dtoQ== X-Google-Smtp-Source: AGHT+IHasKEFo0O1xl8qRFJr8I9yaIj0B0fZjnA5DS6M7Y8W+Kz92Kt4Pr2Iit49l8SkpRLdAHQm9k/l X-Received: from wmbdz10.prod.google.com ([2002:a05:600c:670a:b0:43c:f60a:4c59]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:870f:b0:43c:fcbc:968c with SMTP id 5b1f17b1804b1-4406ab7a5ecmr167373975e9.7.1745406643318; Wed, 23 Apr 2025 04:10:43 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:53 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7865; i=ardb@kernel.org; h=from:subject; bh=tzfXWCRTH9WnYCqa0wFjdgO1/a71ojpw+Fy+D8l8Il8=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPjVH957dPZ8yYeF/Q6lbPHIF2k4PM10UdBrwKMqu+G2 EjFi6l1lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIkkKzMybN58eVtE/6QqMV2L y3+uzN/Ps764hqddvO1A0tyQaToadYwMTVVW+dW1SifUZjRVu+w4uPFGrXanx5rNa2SmvdVUfCT MDwA= X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-17-ardb+git@google.com> Subject: [RFC PATCH PoC 04/11] x86/boot: Add a bunch of PI aliases From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Add aliases for all the data objects that the startup code references - this is needed so that this code can be moved into its own confined area where it can only access symbols that have a __pi_ prefix. Signed-off-by: Ard Biesheuvel --- arch/x86/coco/core.c | 2 ++ arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/head64.c | 7 +++++++ arch/x86/kernel/head_64.S | 8 ++++++++ arch/x86/kernel/setup.c | 1 + arch/x86/kernel/vmlinux.lds.S | 4 ++++ arch/x86/lib/retpoline.S | 1 + arch/x86/mm/mem_encrypt_amd.c | 2 ++ arch/x86/mm/pgtable.c | 1 + 9 files changed, 27 insertions(+) diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index 9a0ddda3aa69..303360508a71 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -18,7 +18,9 @@ #include =20 enum cc_vendor cc_vendor __ro_after_init =3D CC_VENDOR_NONE; +SYM_PI_ALIAS(cc_vendor); u64 cc_mask __ro_after_init; +SYM_PI_ALIAS(cc_mask); =20 static struct cc_attr_flags { __u64 host_sev_snp : 1, diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 12126adbc3a9..8fe2e9859c4b 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -242,6 +242,7 @@ DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = =3D { .gdt =3D { #endif } }; EXPORT_PER_CPU_SYMBOL_GPL(gdt_page); +SYM_PI_ALIAS(gdt_page); =20 #ifdef CONFIG_X86_64 static int __init x86_nopcid_setup(char *s) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 29226f3ac064..b251186a819e 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -48,23 +48,30 @@ */ extern pmd_t early_dynamic_pgts[EARLY_DYNAMIC_PAGE_TABLES][PTRS_PER_PMD]; unsigned int __initdata next_early_pgt; +SYM_PI_ALIAS(next_early_pgt); pmdval_t early_pmd_flags =3D __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_= NX); =20 #ifdef CONFIG_X86_5LEVEL unsigned int __pgtable_l5_enabled __ro_after_init; +SYM_PI_ALIAS(__pgtable_l5_enabled); unsigned int pgdir_shift __ro_after_init =3D 39; EXPORT_SYMBOL(pgdir_shift); +SYM_PI_ALIAS(pgdir_shift); unsigned int ptrs_per_p4d __ro_after_init =3D 1; EXPORT_SYMBOL(ptrs_per_p4d); +SYM_PI_ALIAS(ptrs_per_p4d); #endif =20 #ifdef CONFIG_DYNAMIC_MEMORY_LAYOUT unsigned long page_offset_base __ro_after_init =3D __PAGE_OFFSET_BASE_L4; EXPORT_SYMBOL(page_offset_base); +SYM_PI_ALIAS(page_offset_base); unsigned long vmalloc_base __ro_after_init =3D __VMALLOC_BASE_L4; EXPORT_SYMBOL(vmalloc_base); +SYM_PI_ALIAS(vmalloc_base); unsigned long vmemmap_base __ro_after_init =3D __VMEMMAP_BASE_L4; EXPORT_SYMBOL(vmemmap_base); +SYM_PI_ALIAS(vmemmap_base); #endif =20 /* Wipe all early page tables except for the kernel symbol map */ diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index fefe2a25cf02..0c0d38ebf70b 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -573,6 +573,7 @@ SYM_CODE_START_NOALIGN(vc_no_ghcb) /* Pure iret required here - don't use INTERRUPT_RETURN */ iretq SYM_CODE_END(vc_no_ghcb) +SYM_PI_ALIAS(vc_no_ghcb); #endif =20 #ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION @@ -604,10 +605,12 @@ SYM_DATA_START_PTI_ALIGNED(early_top_pgt) .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE_NOENC .fill PTI_USER_PGD_FILL,8,0 SYM_DATA_END(early_top_pgt) +SYM_PI_ALIAS(early_top_pgt) =20 SYM_DATA_START_PAGE_ALIGNED(early_dynamic_pgts) .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0 SYM_DATA_END(early_dynamic_pgts) +SYM_PI_ALIAS(early_dynamic_pgts); =20 SYM_DATA(early_recursion_flag, .long 0) =20 @@ -651,6 +654,7 @@ SYM_DATA_START_PAGE_ALIGNED(level4_kernel_pgt) .fill 511,8,0 .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE_NOENC SYM_DATA_END(level4_kernel_pgt) +SYM_PI_ALIAS(level4_kernel_pgt) #endif =20 SYM_DATA_START_PAGE_ALIGNED(level3_kernel_pgt) @@ -659,6 +663,7 @@ SYM_DATA_START_PAGE_ALIGNED(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE_NOENC .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE_NOENC SYM_DATA_END(level3_kernel_pgt) +SYM_PI_ALIAS(level3_kernel_pgt) =20 SYM_DATA_START_PAGE_ALIGNED(level2_kernel_pgt) /* @@ -676,6 +681,7 @@ SYM_DATA_START_PAGE_ALIGNED(level2_kernel_pgt) */ PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE) SYM_DATA_END(level2_kernel_pgt) +SYM_PI_ALIAS(level2_kernel_pgt) =20 SYM_DATA_START_PAGE_ALIGNED(level2_fixmap_pgt) .fill (512 - 4 - FIXMAP_PMD_NUM),8,0 @@ -688,6 +694,7 @@ SYM_DATA_START_PAGE_ALIGNED(level2_fixmap_pgt) /* 6 MB reserved space + a 2MB hole */ .fill 4,8,0 SYM_DATA_END(level2_fixmap_pgt) +SYM_PI_ALIAS(level2_fixmap_pgt) =20 SYM_DATA_START_PAGE_ALIGNED(level1_fixmap_pgt) .rept (FIXMAP_PMD_NUM) @@ -703,6 +710,7 @@ SYM_DATA(smpboot_control, .long 0) .align 16 /* This must match the first entry in level2_kernel_pgt */ SYM_DATA(phys_base, .quad 0x0) +SYM_PI_ALIAS(phys_base); EXPORT_SYMBOL(phys_base) =20 #include "../xen/xen-head.S" diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 9d2a13b37833..ae1fdb0fc6ba 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -134,6 +134,7 @@ struct ist_info ist_info; =20 struct cpuinfo_x86 boot_cpu_data __read_mostly; EXPORT_SYMBOL(boot_cpu_data); +SYM_PI_ALIAS(boot_cpu_data); =20 #if !defined(CONFIG_X86_PAE) || defined(CONFIG_X86_64) __visible unsigned long mmu_cr4_features __ro_after_init; diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index ccdc45e5b759..9340c74b680d 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -79,11 +79,13 @@ const_cpu_current_top_of_stack =3D cpu_current_top_of_s= tack; #define BSS_DECRYPTED \ . =3D ALIGN(PMD_SIZE); \ __start_bss_decrypted =3D .; \ + __pi___start_bss_decrypted =3D .; \ *(.bss..decrypted); \ . =3D ALIGN(PAGE_SIZE); \ __start_bss_decrypted_unused =3D .; \ . =3D ALIGN(PMD_SIZE); \ __end_bss_decrypted =3D .; \ + __pi___end_bss_decrypted =3D .; \ =20 #else =20 @@ -128,6 +130,7 @@ SECTIONS /* Text and read-only data */ .text : AT(ADDR(.text) - LOAD_OFFSET) { _text =3D .; + __pi__text =3D .; _stext =3D .; ALIGN_ENTRY_TEXT_BEGIN *(.text..__x86.rethunk_untrain) @@ -391,6 +394,7 @@ SECTIONS =20 . =3D ALIGN(PAGE_SIZE); /* keep VO_INIT_SIZE page aligned */ _end =3D .; + __pi__end =3D .; =20 #ifdef CONFIG_AMD_MEM_ENCRYPT /* diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index a26c43abd47d..cabec2788e70 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -394,6 +394,7 @@ SYM_CODE_START(__x86_return_thunk) #endif int3 SYM_CODE_END(__x86_return_thunk) +SYM_PI_ALIAS(__x86_return_thunk) EXPORT_SYMBOL(__x86_return_thunk) =20 #endif /* CONFIG_MITIGATION_RETHUNK */ diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index 7490ff6d83b1..9aaeda6eb83d 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -40,7 +40,9 @@ * section is later cleared. */ u64 sme_me_mask __section(".data") =3D 0; +SYM_PI_ALIAS(sme_me_mask); u64 sev_status __section(".data") =3D 0; +SYM_PI_ALIAS(sev_status); u64 sev_check_data __section(".data") =3D 0; EXPORT_SYMBOL(sme_me_mask); =20 diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index a05fcddfc811..9e26215da18d 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -10,6 +10,7 @@ #ifdef CONFIG_DYNAMIC_PHYSICAL_MASK phys_addr_t physical_mask __ro_after_init =3D (1ULL << __PHYSICAL_MASK_SHI= FT) - 1; EXPORT_SYMBOL(physical_mask); +SYM_PI_ALIAS(physical_mask); #endif =20 pgtable_t pte_alloc_one(struct mm_struct *mm) --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04D3F270554 for ; Wed, 23 Apr 2025 11:10:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406648; cv=none; b=cgp77/bw07lqhOSez0g6CYXaYpnb0eJ5Om4ZZcyK7zi3gdmLmA2AWDXhGgco1FAUjByffMnPlWA+ZglMQQzwvruAbETsYf9caZBo6vdcZGfNu33icycFtttzUVWdHlodcplNVud9LqG5p9uJiRutA52XJKsfAu8HHOadxG9hPxw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406648; c=relaxed/simple; bh=u0f2l6Sgc6ajr8A522K1IeJj184b1wFLWBt52U7tYs8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=TqEbp5dl+OGFZFKZYI4Ph0wUvNy+Jk4gp1qNvBF+uzEwfnJIKy8HoWuuzOhEazr5I7fpSBk2K0wtHPRWKMXu4hsG+JBcWRH2rIIOxyMG8PFLEWNAE69TsoQiRcpwHFlLLaXsq8ImGZaseqpFx36Bmgg+N/BWUePBpdHX5ih/4yA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Q3MUXyly; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Q3MUXyly" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43ceb011ea5so35181895e9.2 for ; Wed, 23 Apr 2025 04:10:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406645; x=1746011445; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=KCme20QBKZuSQy8pgc1gzzDJPWd9mPYUrzaCqfMmcr0=; b=Q3MUXylyzvepPv8zTV7+MiD7AeaL/eOa8vLKZnOOQnA3pgMQ4dGi8Zd+9ElA9xn1bS ehuYeN+02aQvAait5rM4GDdFYaRX2Ke80yHjx4dREMqrM2yG8BmIa+Z+tb4wiYhJewRy fTSwJxkH9iSdNVKq2t8CUK6HhxmP+hu95KEQQ9wSKvc973SO3fV99WwSiEf6d3lTzOXB 5rsByDtPywZTyzQulflfrov8ApuGp42YIAusdi/vcyPPDOtX/w6m8mFWUl/ean1jEoim c/yMsHmLIyIMP4g6KzycbtWb4GxwkKbjSy8TI1N23gBEqwq2OK5J2NSnq7Wy49/vzCFf oqLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406645; x=1746011445; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KCme20QBKZuSQy8pgc1gzzDJPWd9mPYUrzaCqfMmcr0=; b=UPjqHKntiUX/lf8un01qs6EQbJ6gIfX+qevd92tm/O1n084QbMeAUwY4imwtmjNf+6 LrV/uf9oiQFBcsu6afaml/W89tJuEledtdtukQGpWcgNF0sc1ywiW7OfsbmBwWcwxllC pnN2f8/Y2YAbtBz/RhaChHtq06LeOmvZ8wgJ8NJGYIpQoj9lrXUpYbRg2qjeGSPfYlgJ NixESWfJ77sNxJ6VJ1+BL10Q8bDlimROSEjMT9A6PIlvGsb+e90V2yPC1iRrGiEVqpkS Q03ikESUhT8Znq74ivxGq4LPl03yK1YyJVo7heTM7HFvbeCddES5uQfdBoG35yz7liPn Ahrw== X-Gm-Message-State: AOJu0YyVJ7flYEzlHVEnocVZSBtgrJGQZDajuE29bm+iyyJJn2kLUWVv p1iOzjrNky2KaWruatYRm2UFzP6ClfwC14sIo9tex73PY4Ot1jl7D+cdyhhCqOF+86DCxaz8sof Zb4TA2hsVprcrvN+hpxuaIjWGKaELXUMhvwybGwjJ6WNegNZ6e9LN2sbci5rJxzai+wixqykZsg j5C08Wn3y2960cWDk10FplcWif9z7Srw== X-Google-Smtp-Source: AGHT+IHcQY60Zeww9QiepiBanJhLNQ5YUihXLEvz3bqieg4UPklywAa1Mu+h99IYAsADseRnSIVHVtAh X-Received: from wmhu7.prod.google.com ([2002:a05:600c:a367:b0:440:5e10:a596]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c2a:b0:43c:fb36:d296 with SMTP id 5b1f17b1804b1-4406ac0a9c8mr152311415e9.25.1745406645254; Wed, 23 Apr 2025 04:10:45 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:54 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=817; i=ardb@kernel.org; h=from:subject; bh=gr1xEJNEV0/G705MfiH6XFvAxAGrVlSXWj5oMivvbko=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPj1MSYzaq8bAvjXRmYvxjVT/56yl2u9Jbwh5sbjtelH M5ZmGbRUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACYit4SR4eOBbQznXtnqriye sCdmakdI+3OF8H1Zd3JOPtv/+vxLZieG/wn6OxJbCuUOKBgGpHuzWTd6NjRJWC7aIdqRwv/oSGM WAwA= X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-18-ardb+git@google.com> Subject: [RFC PATCH PoC 05/11] HACK: provide __pti_set_user_pgtbl() to startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The SME startup code may call out to pti_set_user_pgtbl(), which is not part of the code corpus that is explicitly built to tolerate execution from the 1:1 mapping of memory. Hack around this for now by providing an alternative that just returns the pgd. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/sme.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index 5738b31c8e60..d55b24cd4d08 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -564,3 +564,8 @@ void __head sme_enable(struct boot_params *bp) cc_vendor =3D CC_VENDOR_AMD; cc_set_mask(me_mask); } + +pgd_t __pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd) +{ + return pgd; +} --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAD4627057A for ; Wed, 23 Apr 2025 11:10:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406650; cv=none; b=OYbH9xYvSojX6FIT5E874vPhoOZ73FHtCc5q9In2HSfwoNqSWGzEgJJS7UDPN7GLeWbgefS548rKvXzixAxPKoc058axcUbUv6Nxd19PUWMWOQtlwSYUJBxbvEtfbtgJTG2rPHEVyFNACf/V7reZGGLaCGzlK9gK/kZrzHQKYCc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406650; c=relaxed/simple; bh=UKVuMNXgWDMwNKunagylIuuLfdoGqqCt/psLzOz4s9w=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PiTRHOf9bEQS7fW4+8pu7axxdIisDT/6jkszqiTj9oQMtpYmq0pT54Yuu4IQ1b+iDDjzIE9ZkDlVtz5wBysc2PpPn/9v78p4ZKO6+IYr7OH373KtlXHMcMM/1EuYRvcipsTn18jYZYaZbipqrW5iWs1WIb768A0R8sJtofssSuw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=W2qm9zxK; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="W2qm9zxK" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-440667e7f92so28879735e9.3 for ; Wed, 23 Apr 2025 04:10:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406647; x=1746011447; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=6JWp+ZT6BrY4Sz4JeRmWQuSD5qSLIPDKmpbbDhaooKI=; b=W2qm9zxKNp0VcsZMVrgpGUH3CK6jD0Q/8gThrqnDWCc8GndEA4jj8mp5F89BcK9e/C pYO3ct/wLaFTXMwVgwqDhgcaJPC0aq7BiHShlk6efqESgic5TrLix8q0PxgsWsk1OZbG 7LVnnzKnOZ/7OP/8pmKdHlC64eQ/0iG9dpa1OFtfhOvzroHhmmWFGo1iu4DoEsaVXskt lXLERHdyN8Xs5BwwIo1Pt3yXkThg5W3gFLCZVgsyOwYqp3LN9X881BlLvDaNAAgnVi2Z dkkr/NAsGSL9Kj0HGueIeGfFvvzrBKmHG6oa/waom64hDUCanBxEBV2QrtouwZfd0KfN WzXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406647; x=1746011447; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6JWp+ZT6BrY4Sz4JeRmWQuSD5qSLIPDKmpbbDhaooKI=; b=En4wp8HavHRYkstJueCgc0MaAqGpr81WaXkFjMULHuPHLDh5X3syB0hspv8KXw7+HT UEEm+enB/865913UsUdz04ZTpUSCJBobqIrhbz6SjDfgtWvX2NDGiRv5zvULctgTa5u5 PZGkf89yXgBFYcz3ia6J2OyFsTLMQFIJwAN1VbVNx0LiVFwzPV5xgmk/fsj/5CZMCqrK OtG05DCs+guIb/0M0feviUMJ8Aps7iPYH7uxxNCgEMF1wItNBWsVgTUnCzByVCTQGPOn 1wOUJxefHH+j3hw7dAU+9oiL4lEahaOnZdfAxpWuXVY7kNixq7KxWjTJ9sZTnEJzAyRj UAUQ== X-Gm-Message-State: AOJu0YyqynNS3GWdP051lrrtsOHPSI96+tIi2GgLWQFfXycKi57FktJH Tl+gKW5XJrIHt+tJSpT4i+NRf3OHAyrxeefcdcKFIk4FOTcZf/RxFThIuqCkb25WeWYGXi5CbqW 7GzLQm7e/6PJXHfkbkl1meTWUJvjiDV4WZIEOBKuEUEt2KkpfPuITS7JLmzP5OyzYy0I1dhk5jj QMrvDG7SvBlOkX9PD2AXz65cT7uOGglQ== X-Google-Smtp-Source: AGHT+IEKdlz2Ty8mtbipgYfwruOiiGEmbg5G9d3KFT4V3uLCjVMBhsDFx+6/0indt8OGnyIS9TBe4Qlt X-Received: from wmbfl24.prod.google.com ([2002:a05:600c:b98:b0:43b:c336:7b29]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c12:b0:43e:ee80:c233 with SMTP id 5b1f17b1804b1-4406ac20146mr153023665e9.32.1745406647367; Wed, 23 Apr 2025 04:10:47 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:55 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4594; i=ardb@kernel.org; h=from:subject; bh=2E7YpnyQuBr+mAfDSoAVpwsc4EPphYHtbpgVaCqHdtw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPj1OR/vxadkU/0nj3Psv3+vyLPb/GsS7Orc3jSv7J/k hZUUz/VUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACbyay4jw31mvoLFUTqvmr0u 8+Wwmi7MDb++irmveo2MuegkkbdXtjL8D7hw69aPN2X8R2cKRz3xbZmasfLqbUumpTYZ35I2SXC V8AEA X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-19-ardb+git@google.com> Subject: [RFC PATCH PoC 06/11] x86/boot: Created a confined code area for startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel In order to be able to have tight control over which code may execute from the early 1:1 mapping of memory, but still link vmlinux as a single executable, prefix all symbol references in startup code with __pi_, and invoke it from outside using the __pi_ prefix. HACK: omit sev-status.c for the time being - disentangling that is rather challenging, and not necessary for a proof of concept implementation. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 18 ++++++++++++++++-- arch/x86/include/asm/setup.h | 1 + arch/x86/kernel/head64.c | 2 +- arch/x86/kernel/head_64.S | 6 +++--- arch/x86/mm/mem_encrypt_boot.S | 6 +++--- 5 files changed, 24 insertions(+), 9 deletions(-) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index b514f7e81332..4062582144f6 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -17,8 +17,9 @@ KMSAN_SANITIZE :=3D n UBSAN_SANITIZE :=3D n KCOV_INSTRUMENT :=3D n =20 -obj-$(CONFIG_X86_64) +=3D gdt_idt.o map_kernel.o -obj-$(CONFIG_AMD_MEM_ENCRYPT) +=3D sme.o sev-startup.o +pi-obj-$(CONFIG_X86_64) +=3D gdt_idt.o map_kernel.o +pi-obj-$(CONFIG_AMD_MEM_ENCRYPT) +=3D sme.o #sev-startup.o +obj-$(CONFIG_AMD_MEM_ENCRYPT) +=3D sev-startup.o =20 lib-$(CONFIG_X86_64) +=3D la57toggle.o lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o @@ -28,3 +29,16 @@ lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o # to be linked into the decompressor or the EFI stub but not vmlinux # $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_STANDARD :=3D y + +# +# Confine the startup code by prefixing all symbols with __pi_ (for positi= on +# independent). This ensures that startup code can only call other startup +# code, or code that has explicitly been made accessible to it via a symbol +# alias. +# +$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ +$(obj)/%.pi.o: $(obj)/%.o FORCE + $(call if_changed,objcopy) + +extra-y :=3D $(pi-obj-y) +obj-y +=3D $(patsubst %.o,%.pi.o,$(pi-obj-y)) diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index 6324f4c6c545..895d09faaf83 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -53,6 +53,7 @@ extern void i386_reserve_resources(void); extern unsigned long __startup_64(unsigned long p2v_offset, struct boot_pa= rams *bp); extern void startup_64_setup_gdt_idt(void); extern void startup_64_load_idt(void *vc_handler); +extern void __pi_startup_64_load_idt(void *vc_handler); extern void early_setup_idt(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); =20 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index b251186a819e..8107cd68bc41 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -320,5 +320,5 @@ void early_setup_idt(void) handler =3D vc_boot_ghcb; } =20 - startup_64_load_idt(handler); + __pi_startup_64_load_idt(handler); } diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 0c0d38ebf70b..e448279a0f87 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -71,7 +71,7 @@ SYM_CODE_START_NOALIGN(startup_64) xorl %edx, %edx wrmsr =20 - call startup_64_setup_gdt_idt + call __pi_startup_64_setup_gdt_idt =20 /* Now switch to __KERNEL_CS so IRET works reliably */ pushq $__KERNEL_CS @@ -91,7 +91,7 @@ SYM_CODE_START_NOALIGN(startup_64) * subsequent code. Pass the boot_params pointer as the first argument. */ movq %r15, %rdi - call sme_enable + call __pi_sme_enable #endif =20 /* Sanitize CPU configuration */ @@ -111,7 +111,7 @@ SYM_CODE_START_NOALIGN(startup_64) * programmed into CR3. */ movq %r15, %rsi - call __startup_64 + call __pi___startup_64 =20 /* Form the CR3 value being sure to include the CR3 modifier */ leaq early_top_pgt(%rip), %rcx diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index f8a33b25ae86..edbf9c998848 100644 --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -16,7 +16,7 @@ =20 .text .code64 -SYM_FUNC_START(sme_encrypt_execute) +SYM_FUNC_START(__pi_sme_encrypt_execute) =20 /* * Entry parameters: @@ -69,9 +69,9 @@ SYM_FUNC_START(sme_encrypt_execute) ANNOTATE_UNRET_SAFE ret int3 -SYM_FUNC_END(sme_encrypt_execute) +SYM_FUNC_END(__pi_sme_encrypt_execute) =20 -SYM_FUNC_START(__enc_copy) +SYM_FUNC_START_LOCAL(__enc_copy) ANNOTATE_NOENDBR /* * Routine used to encrypt memory in place. --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA45D26D4F3 for ; Wed, 23 Apr 2025 11:10:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406652; cv=none; b=j+Xhm4YvW8e3BOBLyQY/6PK0EqTgTPoKcd0NvYRr7Mi5kv2qss3PHe7sZrWcQ6zIH/F25MsDN7LH0F6unAcaS4KPeN0QoVb3xkWxpkhLTDkbtx4o961tlcTb1AKRDtN1SZYi+IRZri1cuXOdGmoAxhpB1VaERjVNVwBqAKYmgBU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406652; c=relaxed/simple; bh=WiElLAcWG7Yok/aR7PkCV8+EXk5A56tbQMYc7mBZbEk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KLNCD+CiDmXAfqEMiMwRF+qyF9uPDRuwtrP4SDp7YyA3XI/PqyzC1YL6z2GvdwOSv9jkjZoMdH8UmdKcSTUhrEuGwSpz2y+9xYyHCfdOSoZfuBgkRXHGOESj2QHAWv/z/TD7skcKf44Sltjhhl2Ka06eIY/KAlTNSY/zHZ1jtWk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=EbB5q3qz; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="EbB5q3qz" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43d08915f61so34198295e9.2 for ; Wed, 23 Apr 2025 04:10:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406649; x=1746011449; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5Zcjkai0mBWP8Xx+OqiAgnAgZ8TAN8uUF5bmFIuXhSo=; b=EbB5q3qzJ1/T++/3fldtvAQxvM+krelSwqfzruSdBDhamN1iPqcsxiWOG+mAGL/dKt ItqnlhFznG8T09qtykZHkQ5bmx/lQI5dzDCfmFLabHfBFeaJ6x54X3I1+a7kjjLkJ/ph wD6qfNm3NWEewQwZw0dQqshQzxMHGFeaIja+ZK9XsG7iQsf9wBmsYpmiXD5RWjZDe6zB +TlcI1HegK6Y9ts9wyxNl+m24h5EXhFffDSxZYkRegMQmiM8nNBayWs8JtftmOynzvGO m7PIb8z3HnnRIC8+rYKzGu9mXEnFC9M2ecfcHWBT1GAlielPQ18XKnYIgn5CEYK0W1b4 J+Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406649; x=1746011449; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5Zcjkai0mBWP8Xx+OqiAgnAgZ8TAN8uUF5bmFIuXhSo=; b=qA3V6S4Ik29BAstsiE26VEuTwyi0aZuMEfcg0radjYRhnR++RHeBEqfdQQkYJWhCGY e2RkX5VKeWiR4jnj1VaEpEVwRdJ8GvOxhrYa+D8h3w9QH3CUBW01SlwiU6MD1xs6MuPX T0B25+hb8QqCuVxZaEobO3iYdLZMB9jyzE/YzywHkpoZhbu47gZ55R2iJ4fLRks68dU+ UoAN/LLfyFuYUwVirWtu2p58ODNPYhWve1PVCtXXD3dBdLrGeknbxkji+AL2vqOB/WqN c/FkHDrDXgFiMT7McuOjl7gaiJHICa4aavtB/m26b8eA3OFacmUe2j7sp0zHb/nicCNp hkHg== X-Gm-Message-State: AOJu0YxyabUyDNhNVAdl4Yw2sg3Kbk4E0I3fY6K8U1TXM+qmdctdxN8V B3a3F2IH4nGYVTIbvJbtwkPZDIdIbzohUGcGt9eZypcukcc1n8d3XQXi0RoAgHgRJi+uiFHQIF9 8c6x3BxuAT3FrGpdGn4RBbT15F5FVF58EdLIC3POHJRSYGWGvSPol7MISHUF4EHxowEv7V7TTOV jJTu6qbmGio43MePf3P3N06rWwb6ELgg== X-Google-Smtp-Source: AGHT+IF/BrPBwefAZAF+nPxA4LKULExZ+5b87PotOGvn8JR8KwxYqyA6g4kDf2MukF+hhkIvJJDwIr0S X-Received: from wmbep21.prod.google.com ([2002:a05:600c:8415:b0:43d:1873:dbaf]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3555:b0:43c:fa3f:8e5d with SMTP id 5b1f17b1804b1-4406ab7efd0mr181899565e9.2.1745406649377; Wed, 23 Apr 2025 04:10:49 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:56 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2384; i=ardb@kernel.org; h=from:subject; bh=MKwZOwyHZp2LktNRJNcNIldmDczuXL1yEG/m0Ieip+s=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPj1NSewwzX18rNm8twa/eBX8KXM8/Hbp73ufOwzKu/e X71rJs1O0pZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBETiYx/Heynu76UyhKzr7z x/qotmjf3ZktISIzxfSPlDNtVZm45CXDX5mdJl8nhF1IiucW1Iy6XFqpfOth9/WV3UX54nyy17/ 95wEA X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-20-ardb+git@google.com> Subject: [RFC PATCH PoC 07/11] HACK: work around sev-startup.c being omitted for now From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Add some PI aliases that shouldn't be needed once sev-startup.c is also built with __pi_ aliases. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/sev-startup.c | 3 +++ arch/x86/include/asm/sev.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 36a75c5096b0..7b9de4479c0c 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -562,6 +562,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr /* Ask hypervisor to mark the memory pages shared in the RMP table. */ early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); } +SYM_PI_ALIAS(early_snp_set_memory_shared); =20 /* Writes to the SVSM CAA MSR are ignored */ static enum es_result __vc_handle_msr_caa(struct pt_regs *regs, bool write) @@ -1383,8 +1384,10 @@ bool __head snp_init(struct boot_params *bp) =20 return true; } +SYM_PI_ALIAS(snp_init); =20 void __head __noreturn snp_abort(void) { sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } +SYM_PI_ALIAS(snp_abort); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index a8661dfc9a9a..9ba1f30eb03e 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -494,6 +494,7 @@ void snp_set_memory_private(unsigned long vaddr, unsign= ed long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); +void __noreturn __pi_snp_abort(void); void snp_dmi_setup(void); int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct = svsm_attest_call *input); void snp_accept_memory(phys_addr_t start, phys_addr_t end); @@ -541,7 +542,6 @@ static inline void snp_set_memory_shared(unsigned long = vaddr, unsigned long npag static inline void snp_set_memory_private(unsigned long vaddr, unsigned lo= ng npages) { } static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } -static inline void snp_abort(void) { } static inline void snp_dmi_setup(void) { } static inline int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call = *call, struct svsm_attest_call *input) { --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0298F274664 for ; Wed, 23 Apr 2025 11:10:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406654; cv=none; b=nfJu8Y13OiGrKWTZe+A8p15UyVgSpXLFGU3l/BhYOJEBI5COiKp/y7SrZvEgkFcbRxWBLhi9XiutQ3u78mOHm9sQMP1qotXC36sQ1jIy+4otRuaUCTQyZEa9xxMvoS3f+ieCNRZMsRQ5P1xLzlzL6E45WUB7G4+sqZ23BdtDVZA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406654; c=relaxed/simple; bh=P1yDcuKVSS92bW/obG4PbcSbjS6P1dtU1oq/VhxlyVM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nCqMOdL3DptD7EedvOGcK+Wrd4youRs2MIXrEso6+Oo6cLhRQzFE5tLH6r9PR0eMsrrqP/0G5iJYqasVWnhED3d8AbChljVy8RDnViklpkxiLCew2n4FJXQ67eZnOEci9n0oqXgK2LnhaTJS4LldgdMSjb013uJqJQW7y/NNQEI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Tu5OOt+a; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Tu5OOt+a" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-44059976a1fso23814325e9.1 for ; Wed, 23 Apr 2025 04:10:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406651; x=1746011451; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=cxApNsLTT5sudbmHPjTE/gvVQtNjwMPXDMW0YLEQcas=; b=Tu5OOt+aSr2/W7eO1BywNxj41QQNreWCkodBG3Vi2xZ/JjFioA9PA58t+cv8rR9WEy DGpQhDOiWHDEfxko2dtmyqevC6r2pQUYaIS1MJew/yTCCk6n1kfDZcCB42Z9a8z+m5yK Xf7W7OZq60QX7uPHrlrulaRqC9QWVIQBmkoaduAvwiFIsCF/oKAHxqGc46KD2QoJKKxw Tkx52kl8hQLHRZzoS1Uu54TGPWzVz+/krDxMyUV/SH9jR7FruGpmIAOg5ckI7c0RgaVh F432nok7oDX6a6Zay5wEW6We+mLR76zwEfqOmX6tjNGd1cs1ibl3CgdUkQLm6IK616EO Z0aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406651; x=1746011451; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cxApNsLTT5sudbmHPjTE/gvVQtNjwMPXDMW0YLEQcas=; b=wviJzYK0GBWYUhQ500l5ov2yvULJn5+MyAg+BJuPY4uVsQsaITgd8cQL4K/siKw7ut MkJiajAtXtlWp88m7kgOPfPqT0r1uCG/GiBMp1iPS47QpJPJnQw3MvBlQDHzi0/gaiIK rWxiJaSFPH69f99hONC1kkQDHwG8tMxP1wCvMrt3cfnS4gyvBOfK35+305Fn64ZpRYkw pOHAfSZgyMvfg5XSYI3urhdEjZ0O7jelEamxcTBGEsoNovBWR29V1i+itIbuyQczyqDR p9WFKsG6YIMDrmYfI0pS9dOE8EeNkFBqUaMY/qHYSkjjAIrGdJn1IOreFs2AwI9xr6jk PYfA== X-Gm-Message-State: AOJu0YzdcOX/OnIqBSp/AIfXPWU/3OShKd+4q0lnsE2llsoo+bgebKnN YS7cLko2W1e5+cEt5bl/Ew5ZHzVyrWXWSwb2pp9F8Ea+Vcb9+lsBybuJOuSJPm57y61cv6UXRMU ZGaIzMFoyh78gDfmTDHIbx9atE+NAz68i2g2prF/JrVjq9bYWaQkjw0S5pu4KgD2htlXazs8OyI /I4lNy039jB+oW6bQXY+jYYwqCtMXOGA== X-Google-Smtp-Source: AGHT+IE3ZYrPhMrkKiKPfMJeH8kjeNNcHVz2R6ikggf2cAjm3b6CLwtUjPvK80MC245UD8NjieFrxL2D X-Received: from wmbdz10.prod.google.com ([2002:a05:600c:670a:b0:43c:f60a:4c59]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3d08:b0:43b:cc3c:60bc with SMTP id 5b1f17b1804b1-4406aba7ecdmr199178195e9.15.1745406651373; Wed, 23 Apr 2025 04:10:51 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:57 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7799; i=ardb@kernel.org; h=from:subject; bh=sWwa7y2W0Temi1y3WLio3OoGWuUuyEhLAHrY/J19j+k=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPj1PTi7IWOLxhXyd9avuE9z+kPJzb8Nc7YVvblicn5D b4hsxfldZSyMIhxMMiKKbIIzP77bufpiVK1zrNkYeawMoEMYeDiFICJrDjHyHB/y9GMeJX98TN4 px/UfqdsaihjwMLxukV60+OU4yeNuSoY/hkUZGsY76tcpl3E9dMoNSp7WmnHyR2/DnRfPsOb3nX pJSMA X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-21-ardb+git@google.com> Subject: [RFC PATCH PoC 08/11] x86/boot: Move startup code out of __head section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Move startup code out of the __head section, now that this no longer has a special significance. Move everything into .text or .init.text as appropriate, so that startup code is not kept around unnecessarily. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/gdt_idt.c | 4 +-- arch/x86/boot/startup/map_kernel.c | 4 +-- arch/x86/boot/startup/sme.c | 26 ++++++++++---------- arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 2 +- arch/x86/platform/pvh/head.S | 2 +- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/arch/x86/boot/startup/gdt_idt.c b/arch/x86/boot/startup/gdt_id= t.c index a3112a69b06a..d16102abdaec 100644 --- a/arch/x86/boot/startup/gdt_idt.c +++ b/arch/x86/boot/startup/gdt_idt.c @@ -24,7 +24,7 @@ static gate_desc bringup_idt_table[NUM_EXCEPTION_VECTORS] __page_aligned_d= ata; =20 /* This may run while still in the direct mapping */ -void __head startup_64_load_idt(void *vc_handler) +void startup_64_load_idt(void *vc_handler) { struct desc_ptr desc =3D { .address =3D (unsigned long)rip_rel_ptr(bringup_idt_table), @@ -46,7 +46,7 @@ void __head startup_64_load_idt(void *vc_handler) /* * Setup boot CPU state needed before kernel switches to virtual addresses. */ -void __head startup_64_setup_gdt_idt(void) +void __init startup_64_setup_gdt_idt(void) { struct gdt_page *gp =3D rip_rel_ptr((void *)(__force unsigned long)&gdt_p= age); void *handler =3D NULL; diff --git a/arch/x86/boot/startup/map_kernel.c b/arch/x86/boot/startup/map= _kernel.c index 099ae2559336..75b3dd62da50 100644 --- a/arch/x86/boot/startup/map_kernel.c +++ b/arch/x86/boot/startup/map_kernel.c @@ -36,7 +36,7 @@ static inline bool check_la57_support(void) return true; } =20 -static unsigned long __head sme_postprocess_startup(struct boot_params *bp, +static unsigned long __init sme_postprocess_startup(struct boot_params *bp, pmdval_t *pmd, unsigned long p2v_offset) { @@ -90,7 +90,7 @@ static unsigned long __head sme_postprocess_startup(struc= t boot_params *bp, * the 1:1 mapping of memory. Kernel virtual addresses can be determined by * subtracting p2v_offset from the RIP-relative address. */ -unsigned long __head __startup_64(unsigned long p2v_offset, +unsigned long __init __startup_64(unsigned long p2v_offset, struct boot_params *bp) { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D rip_rel_ptr(early_dynamic_pgts); diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index d55b24cd4d08..914016184755 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -91,7 +91,7 @@ struct sme_populate_pgd_data { */ static char sme_workarea[2 * PMD_SIZE] __section(".init.scratch"); =20 -static void __head sme_clear_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; pgd_t *pgd_p; @@ -106,7 +106,7 @@ static void __head sme_clear_pgd(struct sme_populate_pg= d_data *ppd) memset(pgd_p, 0, pgd_size); } =20 -static pud_t __head *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) +static pud_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) { pgd_t *pgd; p4d_t *p4d; @@ -143,7 +143,7 @@ static pud_t __head *sme_prepare_pgd(struct sme_populat= e_pgd_data *ppd) return pud; } =20 -static void __head sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) +static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) { pud_t *pud; pmd_t *pmd; @@ -159,7 +159,7 @@ static void __head sme_populate_pgd_large(struct sme_po= pulate_pgd_data *ppd) set_pmd(pmd, __pmd(ppd->paddr | ppd->pmd_flags)); } =20 -static void __head sme_populate_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) { pud_t *pud; pmd_t *pmd; @@ -185,7 +185,7 @@ static void __head sme_populate_pgd(struct sme_populate= _pgd_data *ppd) set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); } =20 -static void __head __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd_large(ppd); @@ -195,7 +195,7 @@ static void __head __sme_map_range_pmd(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range_pte(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd(ppd); @@ -205,7 +205,7 @@ static void __head __sme_map_range_pte(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range(struct sme_populate_pgd_data *ppd, +static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, pmdval_t pmd_flags, pteval_t pte_flags) { unsigned long vaddr_end; @@ -229,22 +229,22 @@ static void __head __sme_map_range(struct sme_populat= e_pgd_data *ppd, __sme_map_range_pte(ppd); } =20 -static void __head sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } =20 -static void __head sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); } =20 -static void __head sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) +static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); } =20 -static unsigned long __head sme_pgtable_calc(unsigned long len) +static unsigned long __init sme_pgtable_calc(unsigned long len) { unsigned long entries =3D 0, tables =3D 0; =20 @@ -281,7 +281,7 @@ static unsigned long __head sme_pgtable_calc(unsigned l= ong len) return entries + tables; } =20 -void __head sme_encrypt_kernel(struct boot_params *bp) +void __init sme_encrypt_kernel(struct boot_params *bp) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; @@ -485,7 +485,7 @@ void __head sme_encrypt_kernel(struct boot_params *bp) native_write_cr3(__native_read_cr3()); } =20 -void __head sme_enable(struct boot_params *bp) +void __init sme_enable(struct boot_params *bp) { unsigned int eax, ebx, ecx, edx; unsigned long feature_mask; diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S index 2e42056d2306..5962ff2a189a 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -61,7 +61,7 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE) * any particular GDT layout, because we load our own as soon as we * can. */ -__HEAD + __INIT SYM_CODE_START(startup_32) movl pa(initial_stack),%ecx =09 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index e448279a0f87..0cbc992c39e4 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -33,7 +33,7 @@ * because we need identity-mapped pages. */ =20 - __HEAD + __INIT .code64 SYM_CODE_START_NOALIGN(startup_64) UNWIND_HINT_END_OF_STACK diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index cfa18ec7d55f..16aa1f018b80 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -24,7 +24,7 @@ #include #include =20 - __HEAD + __INIT =20 /* * Entry point for PVH guests. --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F46B2749EA for ; Wed, 23 Apr 2025 11:10:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406656; cv=none; b=udxV03V4M2VrnIn5bxN8iPtG6iQZ+6w1bzL/07lgpQWvLTTvKKdBStk+01X2/7JhgKnz1NWlqZFoQKJZmwK0pOvwjzIy7qpfIleVxBC44IWX+6zF1vyvesQ4iP5qKo4GDS85yyDRdjrP0Zzrq84ostyTFQtZplCXNafTaNJb53E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406656; c=relaxed/simple; bh=NEJFfugNNS0wm5pEF6crb+BvqkC0xKljc3xcR+nSPAs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PLG+KUFYxnZFPmVqJU/vJoerBWy9HcMFe6PLqpAO8jbll001BUWvv6jlUiIK9bbTBH2TK0bwXKuPfYl0qJsJgqCQnC9YJ0ZhAOFKRr4l3KLICYH1KAIpAq6wMHTkB5tP0lsOtUkgFmjF/kUuBZCUEmYPk4/Nx+VXwrsfJkMymG4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=QaR5bSgZ; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QaR5bSgZ" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43cf5196c25so35398135e9.0 for ; Wed, 23 Apr 2025 04:10:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406653; x=1746011453; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=+83uvMKBJPVnv8WRj/faVWuMv9FoXyp74KE4V0XVyvw=; b=QaR5bSgZ/zvbUvIe9vGzEFFfv5TgzLvhXa4rc6wIUZoQLCuOHbWnRmwL7dOLQRvjeN iMgTjCXdrAb9GfwCC5Ta0Yj6uNHxce1ETmZT6jtsM6iNoGMZuMjJK3ARVAog/stweSzA AktId4PkZOnwEVAWgX23w/anXmh4/rOrE/x+dEVE3wgGN9j11ygMV9pj4BHNp8mq8p2e N8+1J4E1ORKOtEQCH6BWRMpzzqmA5P11S+MsuGt2JuZFtZIci5+JJQUGCP2zN8AocSRL ggrrKENyTz6UQRNE5jysTDIumurGDLXtmFaupg9EtWFMQIJWVbKnFl04398nVWKz4p8v v8jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406653; x=1746011453; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+83uvMKBJPVnv8WRj/faVWuMv9FoXyp74KE4V0XVyvw=; b=vtpnkyDP4b7F/2FOtie0ReN89gAGmDFG4xeV05dyQeIyxNrL5gwmMKWahdjIzBy2SS ogvex5ZfHXouSu7xMf4axUG06CvU31dp7hlLtSSMUW69gT6dMABV52CgN+RlYWsbCtQ1 DyeYYnIRnyKhKFtTrZSsQhPFfpMY2yvFOIoxynwnHWgcS1GzfDiA/kWM6jADkFq1CKJ2 bkg5a7ka7r622sdU6DHqKiiQ9Rv5RMnNO/5UiGCAhM3EbtiYPUTy8aNAplohcPMb0Efa rhTn/nwLokN0TkSLtxEKCXCdrA83qMwZVYuhqFU1cV06qz2CrS1ey98WRdFgQgfYTXR4 Yo6w== X-Gm-Message-State: AOJu0YzmRFhZRg1FXM6I/SWFklWBVSPOQLjBuIfIfdpRAftQUrdHxSJa 2/xMOpqtoNay5SSm7IGljjsXKmOCtH169vIDkylgWnID5xzEpMaPByD8dxZKkgg6a8Ud0mm9ZBh oFGIIRVPe4cosCtjQigtQW6zAHdkTub2Ey51Ey5VDtyPoq51U2YRToewwelmkcKF/SZfe+70JeR x84tVc4fn2ExCKeuQDdT6PbLsf5XwsPw== X-Google-Smtp-Source: AGHT+IHNR7+o9+BQG1YHfyNwGLFFQnSCjks3ze4nTfqI32RirW/RuNpv6da6UId2B/TwpyNZK33gUOan X-Received: from wmbfp26.prod.google.com ([2002:a05:600c:699a:b0:43d:1c63:a630]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4690:b0:43d:17f1:2640 with SMTP id 5b1f17b1804b1-4406ac0ed7emr156086625e9.26.1745406653454; Wed, 23 Apr 2025 04:10:53 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:58 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1675; i=ardb@kernel.org; h=from:subject; bh=LV01tjPpg4Y1pRce+BLB3PHdjlmISpNI2EQkl7VKLmk=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPj1MxM9iMFbkFyE0U0vfl2CLvZ+ikcn39zll1J8IEc6 UkKgeodpSwMYhwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCKt5YwMbfr7Jy0OPbjk3q2W S+/d5lY81szh+anS85vv0x+vmwIS/Qz/i7mllSY9KrWVsvHKeV3TnmWzp7Bt4sfz/Qfc/u3oX9f DDgA= X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-22-ardb+git@google.com> Subject: [RFC PATCH PoC 09/11] x86/boot: Disallow absolute symbol references in startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Check that the objects built under arch/x86/boot/startup do not contain any absolute symbol reference. Given that the code is built with -fPIC, such references can only be emitted using R_X86_64_64 relocations, so checking that those are absent is sufficient. Note that debug sections and __patchable_funtion_entries section may contain such relocations nonetheless, but these are unnecessary in the startup code, so they can be dropped first. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index 4062582144f6..43560ab9e21a 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -36,9 +36,17 @@ $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_ST= ANDARD :=3D y # code, or code that has explicitly been made accessible to it via a symbol # alias. # -$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ +$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ --strip-debug \ + --remove-section=3D.rela__patchable_function_entries $(obj)/%.pi.o: $(obj)/%.o FORCE - $(call if_changed,objcopy) + $(call if_changed,piobjcopy) + +quiet_cmd_piobjcopy =3D $(quiet_cmd_objcopy) + cmd_piobjcopy =3D $(cmd_objcopy); \ + if $(READELF) -r $(@) | grep R_X86_64_64; then \ + echo "$@: R_X86_64_64 references not allowed in startup co= de" >&2; \ + /bin/false; \ + fi =20 extra-y :=3D $(pi-obj-y) obj-y +=3D $(patsubst %.o,%.pi.o,$(pi-obj-y)) --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D45C5274FFC for ; Wed, 23 Apr 2025 11:10:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406659; cv=none; b=Qhpw9hr3biweZR8r+EQ1BJSMIsftPxWHEXFoDmY0gY0hthrmItvT6HkKzXwpZ3Ymxvl+Dqh+fQeTUulK/JJpo8KsuJtWxLv0OEyCCLDe9FpdEvi4ChqW0xYIgevlZ8hIxXQk9mqcw07MwFQHSrCcIfDjyCzDWFyqrDneJT6V0JU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406659; c=relaxed/simple; bh=q1Z2G2KOGd3lW3woCaucka2BDMfkf+8/mHBEbUuGPEY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=TYUwaeiEHhRHspuyUZVfcaWyignMXz2fZq/raG0xvM9znoeULL+qqm6quY5jGYdk8e3Hk6IbWw+tT6CE62+gT+NW5KKhN52JAfCZkQ6bn5/hUSfbQy7HmrJHRvo4uNOlPkhYMUT10qNWGdZMESWAPd7BVIoeZPYhIcJ7iWwRpbQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=u0Y0mQB6; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="u0Y0mQB6" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3912e4e2033so1982208f8f.0 for ; Wed, 23 Apr 2025 04:10:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406656; x=1746011456; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=E7nNq8tcnHWfg19QVcn8r9DdOppAanJgj1MB1iB8axk=; b=u0Y0mQB6rtqNoX7DkdlZIukfsD4FFKHLFdvAO9mqs4JkEAb8iDsICyOA1elEwANjO5 0LJmaiG1yjqdV/X9+PZIvjWDcmp6m3hvF29axZ7ttOFdUOYiKtvd+Sq/0vhZNYZ3OgDP ss+sinwWyu9tkCltr7ikMd8fw4a0T3mfp+4MiPMh1gcfIN01DGKo5sfP/xCNF47xeOBT zUcAnjKJkPw64f1wCgM5E59UHl9DQnSRAT9K2xzuvlHH3zTsQzBKVuPVGoH2Ss0EsPhR QaxL4NxhjAMK+zNuWL2gBM+R/2vcNMlxt7q1KCQITVv/7RQtGD68ZklAXFgvpv9jrq9z 0mZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406656; x=1746011456; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=E7nNq8tcnHWfg19QVcn8r9DdOppAanJgj1MB1iB8axk=; b=YBRIPIZn8VWoWrscwLFOA4fFpinzTz9NJegAcMxy5u0Ji+FV5yROf5IcEXR57b9xbx vh5XEEPYvFXlCXkJVkJeKWpo/d/6evSFwuV97Yn2XB2RsJ52qTpOKJHXhnpLsyMOLLFI /4ZqXIfmEAn5R7RAG7wvbG5NPswhwQ4qzLDdnUteQqyKoWgBYifwjXqQFpjyRh7qjd86 XmfId+tn/YVt8l8G1MPiZIjRiBfRPlw7Z8b7FhD2t7fABEKMkLmYq6h2Xpp5D1cCMq7T ZIJTR3/js5DrRW9jy3uNKkfZDxAG4iDYmPOv9iTFxPULha3MzWjC8Fsnui6gZ+CBsam7 AK4g== X-Gm-Message-State: AOJu0Yx0n7blhfDLrLGg1TFk/eob28rNTOJEiEY79OizBEujd4mOOgMZ sEr/TG/saauBw+JW/Rp3M4JEhj0NMKQdBLGghfZgnqpoU9t3Llx1FqsxdytAmq75nocDFqQRbIW dpUqhHwDpSIVihRIOoZqvt7wcPCFBSj+/vxDewHOCjP0C8wMwXtlvyHRH8+Ggb5dtzgrj/pKzo8 CzA+tqNsijo2xTPGPGiVC5NPCcmQ39AA== X-Google-Smtp-Source: AGHT+IFkduK/Kj+NtLDmt3SoaMV5d11uuYbe94PzEimjSNJkMXfTGXRXZYbyZwZOZLv9Nd8Xh4VvyALO X-Received: from wre18.prod.google.com ([2002:a05:6000:4b12:b0:3a0:393d:9b82]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:144a:b0:39e:f9e8:d083 with SMTP id ffacd0b85a97d-39efbb05a20mr15497986f8f.50.1745406655773; Wed, 23 Apr 2025 04:10:55 -0700 (PDT) Date: Wed, 23 Apr 2025 13:09:59 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1438; i=ardb@kernel.org; h=from:subject; bh=HFQgpxJICjKeXXn3m24A7oiYrWljGN4Ov8mm0BxbdIk=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPj1Gx217gNLjfPmvLd3fLuIsPSoqcir6WXfN+wr2uiz t2DsWeCO0pZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBE3HgYGbolPzUoue1e4rvB 5eud8tupOwu3Tvp/xVapq65TyoLzUhDD/7DD+/Ou/tr36ne9EBtL1JUOx+WOhW6nbAXs1L+EewS G8AIA X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-23-ardb+git@google.com> Subject: [RFC PATCH PoC 10/11] x86/boot: Revert "Reject absolute references in .head.text" From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel This reverts commit faf0ed487415f76fe4acf7980ce360901f5e1698. The startup code is checked directly for the absence of absolute symbol references, so checking the .head.text section in the relocs tool is no longer needed. Signed-off-by: Ard Biesheuvel --- arch/x86/tools/relocs.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index 5778bc498415..e5a2b9a912d1 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -740,10 +740,10 @@ static void walk_relocs(int (*process)(struct section= *sec, Elf_Rel *rel, static int do_reloc64(struct section *sec, Elf_Rel *rel, ElfW(Sym) *sym, const char *symname) { - int headtext =3D !strcmp(sec_name(sec->shdr.sh_info), ".head.text"); unsigned r_type =3D ELF64_R_TYPE(rel->r_info); ElfW(Addr) offset =3D rel->r_offset; int shn_abs =3D (sym->st_shndx =3D=3D SHN_ABS) && !is_reloc(S_REL, symnam= e); + if (sym->st_shndx =3D=3D SHN_UNDEF) return 0; =20 @@ -783,12 +783,6 @@ static int do_reloc64(struct section *sec, Elf_Rel *re= l, ElfW(Sym) *sym, break; } =20 - if (headtext) { - die("Absolute reference to symbol '%s' not permitted in .head.text\n", - symname); - break; - } - /* * Relocation offsets for 64 bit kernels are output * as 32 bits and sign extended back to 64 bits when --=20 2.49.0.805.g082f7c87e0-goog From nobody Fri Dec 19 16:05:26 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ABA4D275115 for ; Wed, 23 Apr 2025 11:10:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406661; cv=none; b=JDb4hA7OM15lJDpJvR1tn7dZKREa7EOsDV46tOXr0UH1sTHKO+7BZMimPBes3/2vmxLCDsQ/c86FJlTPpPxE1qBYRo8xQo1dDa3nQejl55IER1v9CzWKtO16lBg2dNU58uA7NKUCZXTxQmVBNFSAABv+XWhB4XIQ3rJ1uR7FfTE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745406661; c=relaxed/simple; bh=TF98LjU0DxqS7tScv4TESve8IJsu/JdhYrzSpfQGKFI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=WwiJOq/u+E6DDLfTGRIQcZxXvClLIOIZ27bv88MbsV8doYwtUw69FJj3gi8AYzIzmcW6nIHs61FTlAMkTvIlXoxrLXDs3IdnWEQaKTemvZ5EbIWRmcZ9q1VK0/YLZ0uuLi3LVpR8SVUCUlD7vQ/5BpDOBhJab30WJ28Ai2MrtP0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=B2oA/Vg3; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="B2oA/Vg3" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43d4d15058dso44961635e9.0 for ; Wed, 23 Apr 2025 04:10:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1745406658; x=1746011458; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=EIqJY6fyIWDHD3k4SVjhOIrIDaUIAapUqmm2UCnx5PM=; b=B2oA/Vg3B3x73NRUgo//EbNDKwncoDFyRRvTWK4srSxom5X23MyzF1CT4/PVF1CRt7 1PqYhPZbn3qoXbwrdAVzPwQmyLFJBqQ18FXeUGp92WyaAVf17tnqAxWpUqjNAtW9j+hi zCmdeOmj0aRc5u7tN6rMwKZwXhWQNh1viUv7TKmoe8V5C4AmUcep9BoiNmY+r2DmH4ha Rm+qrYHGjflX6Egdg0byym8RqqcftXAByIpiLy4sRWSVjxSmb9KljI/HRrupxpL3as9j cTukRC8XANsSiHlQ6qk5i3jt0oR3pSTfjNVCT/l/eK2ndiGlGUZZ4Ocwfc3usHvaEXFU DAFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745406658; x=1746011458; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=EIqJY6fyIWDHD3k4SVjhOIrIDaUIAapUqmm2UCnx5PM=; b=qhF+I9/90Tl5KkTxEfmLmxst8EbsUCMoirrXxzVcfX3+9A/H/zXhDvQnqwPIPIzNdx YA6mdDnHuLqCpkUslAbvJFhXPe/3KC1SiSvGkh/baUFKBhH5dnl6pTtkWMXQyLPJQmzz hrtlZ0K3dKxWDXK1hIIGHOSFhkLChkFysSg6TVYGFkQqSQH7VGtvcuuEv/4rO5yc1grV Uyt0ZrNSxkb+FTRdS/uULfbNtHaUF7qCc4YVkCqCXvJPhzj03gRvGAW78N5I/1Y7M3NF GF8LPgD1nqAkZJHXmyvWBN3qtua4bFRCt3S5PS4Q707nnAg03hq9+/hs+nh9e2zCkj3u BvYw== X-Gm-Message-State: AOJu0Yz8S5VSugRDunD8GuwCVlz+S5J4d3MLjsA2FHzWDVGxwW8z10jY ZKPztnLzHNMM77rEgioFRDzZx8gpetkykHBtJdgyjS5M80WrCXJq7y5yWmHAOcHCyC5UhiPe4Ah cul4aXG+P+wqKR7XTrm0qZ7cMg5bzPVdgh6XUR4Zyh4WvslmS2VlPVEX4IJqooNhjEPsMLxYLPa oGg1DPUoYRkfeAGplUJ4GyqimwDRKwCw== X-Google-Smtp-Source: AGHT+IEV/yAm90+Os9i3vxCkHdHcnFq5MD/ujeqwrPyY4yDUOI1TXBZtEOwok64uhCk1iGiVJY8eO0Ks X-Received: from wmqd4.prod.google.com ([2002:a05:600c:34c4:b0:440:68cb:bd4]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8709:b0:43c:fbbf:7bf1 with SMTP id 5b1f17b1804b1-4406ac1fe25mr196371525e9.30.1745406658101; Wed, 23 Apr 2025 04:10:58 -0700 (PDT) Date: Wed, 23 Apr 2025 13:10:00 +0200 In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250423110948.1103030-13-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=737; i=ardb@kernel.org; h=from:subject; bh=NxfR/p2hPSBwNkndB+RtpXfmCPjcurS4X6crKuq8drQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYPj1NzEVzl85V/eXGsJOfi7sdt5XQ9LYdTj3JkO/TsSj kdLdr7uKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABP5FcPIMNnRR2jiEb9Hy1lm hremJfzevEj8hCf3o5339zXnPcuV5GBkmDPp+DlOtd13D+xJVLwbkPrXNuLY2R/Lkldv6vdZl7R tARMA X-Mailer: git-send-email 2.49.0.805.g082f7c87e0-goog Message-ID: <20250423110948.1103030-24-ardb+git@google.com> Subject: [RFC PATCH PoC 11/11] x86/boot: Get rid of the .head.text section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The .head.text section is now empty, so it can be dropped from the linker script. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/vmlinux.lds.S | 5 ----- 1 file changed, 5 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 9340c74b680d..9c50546b11a1 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -160,11 +160,6 @@ SECTIONS =20 } :text =3D 0xcccccccc =20 - /* bootstrapping code */ - .head.text : AT(ADDR(.head.text) - LOAD_OFFSET) { - HEAD_TEXT - } :text =3D 0xcccccccc - /* End of text section, which should occupy whole number of pages */ _etext =3D .; . =3D ALIGN(PAGE_SIZE); --=20 2.49.0.805.g082f7c87e0-goog