From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34563297B90 for ; Mon, 12 May 2025 19:11:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077098; cv=none; b=gew1+4+XxNes1Uw0zj36A2wB90oOvkR3Z/5tAiusg6oDMi867BzesdE9cOY//eXpWLlVTMwtIOCdQtfHfUK3XJhq/1xp4iwuazop57Wtoh5xFhs19Zu9ePdT1qJD8jvpAfz6COk0ldJT8SdwO9ogxGZqydDfqH/kkVwFCPsZHfA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077098; c=relaxed/simple; bh=IT9XlH23kMRDjTqP6nbxillnbIsmo5aqXnIcKYyC0J8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DR29N7w8tiZwAdbZbjPcwLaflmkfPjS28fGXdq1yDrQqyhmeGKsdzx5YvJVdRb2mtu6KKhKgZkOJJwoiDNy0dKE+vkePZLd2yyZiJt4Tf0N+x4oNvouCkCPP6S2ooMQRA5mTxc92g+OiztnvGBtQ3Hkd8ilV2KwPy2mjHNCvxSw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GrdBEEie; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GrdBEEie" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43ea256f039so35761505e9.0 for ; Mon, 12 May 2025 12:11:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077094; x=1747681894; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=tez2B6Dx36hKxJWfXYtYmnT1eeCqtp3xVkagTtM9zXQ=; b=GrdBEEienyM11Tf5WfkYHG3VhIHrkmDdCPpFJCBF2nWz7cRJnxDmC2OI4LiN6yokNt muPj2a6pGCw+qby0/Kqa9nTKIhta59nuAiMJdPB3tTrpgWEH97HN+f7FwhsIy0LJIiro qThaIGuVO+G3Pl4DCv7g8lBXTo4DOpT8tegHx4v9Rz4h5JRGb8EpbgURcv7jnjcJr8cU H/IZ/YE+5yZt03PZlT2YNwVfPEZcKPkywtpb6lfwKJLf4PF39UWVVDaPSVd8FmcQCnUn /hwD66q4xovwBkmRszvMj05xxnY5agifH3MMggOEXGbYzgYtIqne2LmU+JH1KQT8qiYT Bnxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077094; x=1747681894; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tez2B6Dx36hKxJWfXYtYmnT1eeCqtp3xVkagTtM9zXQ=; b=Hy6jUznHsBOtpV0waDGHsHuWQh8YYRUeRNzVSrOus1n9/g9LsF2C1R9BINEwCkuhrq LBvDUWzjRzBEoghy+bpebyZDH1moV+WpHn2LWoHA3nn3gTtRfF21FnohnsWlHwimVHpH /XpJtdzPXxBXnW4MuExdJTBefs7r7hvtbwqjHEfQcYSj2SKRGtp+1mCC8BXqaPuVd5mc TuXaSSFk/h1T0CjYLb+eusZMcmQUHaJ/SVnhj5TXKUFYua+PgqbZOzcVd4lKlpts0XlY wHDXkAIS1Ptbsdsr+suhHa8J+xevysYqGuqujbzHF15S3T1olSANSRBl7p2kq7bldsJ+ 0CgA== X-Gm-Message-State: AOJu0Ywzu26zYcfR/g7uO12kcgMtxzFAzS4AL9y7L4r2K8pVAZTxisnG IyNdW4MYFHLmMU4TJwdZsIEf8tSibN/pWD8F7I2FJH22+1rt4UixLG+SqSyuS4/hhabQlG0SmV6 uSCnGb5tjhTEoTwsp+wB04UWkkCeRo00cc+jDmuYVHd7xd2pIlTaClWIIKDeHh8Gyl3oPPBHb5M P+dvMvTTV66UmmBuvwowGV8dRpHGjQKQ== X-Google-Smtp-Source: AGHT+IGCI+eHbv4DUOM4UndVn2vwms3Eyzkvt8uC7GVyEEz2YxCexQ6Ik3N8j/O+v2ykKFoys4uS2Q90 X-Received: from wmbbd12.prod.google.com ([2002:a05:600c:1f0c:b0:43b:b74b:9350]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:34d5:b0:441:b19c:96fe with SMTP id 5b1f17b1804b1-442d6d3e243mr140125965e9.10.1747077094561; Mon, 12 May 2025 12:11:34 -0700 (PDT) Date: Mon, 12 May 2025 21:08:36 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7269; i=ardb@kernel.org; h=from:subject; bh=vgBLVpHUAk6O1vi3E1PwJCjzQ1f2dPW7uqfVkWdmNWQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3cy0YUurzGvm2/wPt8WnibH2L5nWwP9ogvl6ZV9et 55qK5uOUhYGMQ4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJGOxQz/VE9Oi0jgWKxp8EjA 2jJpno3ba+//1cobrDjczFuv3pePZGR4rvA3rK5R5GBBtZL3J2NZbabJiTve7JzMGf2/R7y4YzE vAA== X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-24-ardb+git@google.com> Subject: [RFT PATCH v3 01/21] x86/sev: Separate MSR and GHCB based snp_cpuid() via a callback From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel There are two distinct callers of snp_cpuid(): one where the MSR protocol is always used, and one where the GHCB page based interface is always used. The snp_cpuid() logic does not care about the distinction, which only matters at a lower level. But the fact that it supports both interfaces means that the GHCB page based logic is pulled into the early startup code where PA to VA conversions are problematic, given that it runs from the 1:1 mapping of memory. So keep snp_cpuid() itself in the startup code, but factor out the hypervisor calls via a callback, so that the GHCB page handling can be moved out. Code refactoring only - no functional change intended. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/sev-shared.c | 58 ++++---------------- arch/x86/coco/sev/vc-shared.c | 49 ++++++++++++++++- arch/x86/include/asm/sev.h | 3 +- 3 files changed, 61 insertions(+), 49 deletions(-) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 7a706db87b93..408e064a80d9 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -342,44 +342,7 @@ static int __sev_cpuid_hv_msr(struct cpuid_leaf *leaf) return ret; } =20 -static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) -{ - u32 cr4 =3D native_read_cr4(); - int ret; - - ghcb_set_rax(ghcb, leaf->fn); - ghcb_set_rcx(ghcb, leaf->subfn); - - if (cr4 & X86_CR4_OSXSAVE) - /* Safe to read xcr0 */ - ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK)); - else - /* xgetbv will cause #UD - use reset value for xcr0 */ - ghcb_set_xcr0(ghcb, 1); - - ret =3D sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); - if (ret !=3D ES_OK) - return ret; - - if (!(ghcb_rax_is_valid(ghcb) && - ghcb_rbx_is_valid(ghcb) && - ghcb_rcx_is_valid(ghcb) && - ghcb_rdx_is_valid(ghcb))) - return ES_VMM_ERROR; =20 - leaf->eax =3D ghcb->save.rax; - leaf->ebx =3D ghcb->save.rbx; - leaf->ecx =3D ghcb->save.rcx; - leaf->edx =3D ghcb->save.rdx; - - return ES_OK; -} - -static int sev_cpuid_hv(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct= cpuid_leaf *leaf) -{ - return ghcb ? __sev_cpuid_hv_ghcb(ghcb, ctxt, leaf) - : __sev_cpuid_hv_msr(leaf); -} =20 /* * This may be called early while still running on the initial identity @@ -484,21 +447,21 @@ snp_cpuid_get_validated_func(struct cpuid_leaf *leaf) return false; } =20 -static void snp_cpuid_hv(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struc= t cpuid_leaf *leaf) +static void snp_cpuid_hv_no_ghcb(void *ctx, struct cpuid_leaf *leaf) { - if (sev_cpuid_hv(ghcb, ctxt, leaf)) + if (__sev_cpuid_hv_msr(leaf)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); } =20 static int __head -snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_ctxt *ctxt, - struct cpuid_leaf *leaf) +snp_cpuid_postprocess(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), + void *ctx, struct cpuid_leaf *leaf) { struct cpuid_leaf leaf_hv =3D *leaf; =20 switch (leaf->fn) { case 0x1: - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_hv(ctx, &leaf_hv); =20 /* initial APIC ID */ leaf->ebx =3D (leaf_hv.ebx & GENMASK(31, 24)) | (leaf->ebx & GENMASK(23,= 0)); @@ -517,7 +480,7 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, break; case 0xB: leaf_hv.subfn =3D 0; - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_hv(ctx, &leaf_hv); =20 /* extended APIC ID */ leaf->edx =3D leaf_hv.edx; @@ -565,7 +528,7 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, } break; case 0x8000001E: - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_hv(ctx, &leaf_hv); =20 /* extended APIC ID */ leaf->eax =3D leaf_hv.eax; @@ -587,7 +550,8 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, * should be treated as fatal by caller. */ int __head -snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct cpuid_leaf *l= eaf) +snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), + void *ctx, struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); =20 @@ -621,7 +585,7 @@ snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, s= truct cpuid_leaf *leaf) return 0; } =20 - return snp_cpuid_postprocess(ghcb, ctxt, leaf); + return snp_cpuid_postprocess(cpuid_hv, ctx, leaf); } =20 /* @@ -648,7 +612,7 @@ void __head do_vc_no_ghcb(struct pt_regs *regs, unsigne= d long exit_code) leaf.fn =3D fn; leaf.subfn =3D subfn; =20 - ret =3D snp_cpuid(NULL, NULL, &leaf); + ret =3D snp_cpuid(snp_cpuid_hv_no_ghcb, NULL, &leaf); if (!ret) goto cpuid_done; =20 diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c index 2c0ab0fdc060..b4688f69102e 100644 --- a/arch/x86/coco/sev/vc-shared.c +++ b/arch/x86/coco/sev/vc-shared.c @@ -409,15 +409,62 @@ static enum es_result vc_handle_ioio(struct ghcb *ghc= b, struct es_em_ctxt *ctxt) return ret; } =20 +static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) +{ + u32 cr4 =3D native_read_cr4(); + int ret; + + ghcb_set_rax(ghcb, leaf->fn); + ghcb_set_rcx(ghcb, leaf->subfn); + + if (cr4 & X86_CR4_OSXSAVE) + /* Safe to read xcr0 */ + ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK)); + else + /* xgetbv will cause #UD - use reset value for xcr0 */ + ghcb_set_xcr0(ghcb, 1); + + ret =3D sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); + if (ret !=3D ES_OK) + return ret; + + if (!(ghcb_rax_is_valid(ghcb) && + ghcb_rbx_is_valid(ghcb) && + ghcb_rcx_is_valid(ghcb) && + ghcb_rdx_is_valid(ghcb))) + return ES_VMM_ERROR; + + leaf->eax =3D ghcb->save.rax; + leaf->ebx =3D ghcb->save.rbx; + leaf->ecx =3D ghcb->save.rcx; + leaf->edx =3D ghcb->save.rdx; + + return ES_OK; +} + +struct cpuid_ctx { + struct ghcb *ghcb; + struct es_em_ctxt *ctxt; +}; + +static void snp_cpuid_hv_ghcb(void *p, struct cpuid_leaf *leaf) +{ + struct cpuid_ctx *ctx =3D p; + + if (__sev_cpuid_hv_ghcb(ctx->ghcb, ctx->ctxt, leaf)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); +} + static int vc_handle_cpuid_snp(struct ghcb *ghcb, struct es_em_ctxt *ctxt) { + struct cpuid_ctx ctx =3D { ghcb, ctxt }; struct pt_regs *regs =3D ctxt->regs; struct cpuid_leaf leaf; int ret; =20 leaf.fn =3D regs->ax; leaf.subfn =3D regs->cx; - ret =3D snp_cpuid(ghcb, ctxt, &leaf); + ret =3D snp_cpuid(snp_cpuid_hv_ghcb, &ctx, &leaf); if (!ret) { regs->ax =3D leaf.eax; regs->bx =3D leaf.ebx; diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 6158893786d6..f50a606be4f1 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -533,7 +533,8 @@ struct cpuid_leaf { u32 edx; }; =20 -int snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct cpuid_lea= f *leaf); +int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), + void *ctx, struct cpuid_leaf *leaf); =20 void __noreturn sev_es_terminate(unsigned int set, unsigned int reason); enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D60F2989B6 for ; Mon, 12 May 2025 19:11:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077099; cv=none; b=XBviLLQ19g/27y1TuzdRrkFnXEt2Qvyxnsl6omZTNrXjHsRf4xqKBQlzD3IQacGIPzOj3ZBqD2FAlYfnNKSNzB6sr0vnQNxOi1gqQVyi0lzFssdw9n42oy5YD1IZpu3PRzA5GoLBTIW4i5BEHZD/2RPI0EoSVRnqjFNlPuRPU0U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077099; c=relaxed/simple; bh=k2nJHzJI79JTiEUmZ2Lm7CSeKjm3kcKUtV1vGbAlOxA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mi2mkBteT0SqGTvCciNrsLnr2tFnpFijVxyufv4/xAL+/GJYMQV660FYlh1vR7/Sn9l4w3ewKGBmITmggmQeO/mwjxv+pCwoGNl+buoF0FveFHniumqXvLPV9No8L4Tm/UiClZeVZ6kPpznJNA13p6g4i1LK8FU98G/a69dH58g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=24NcXgf2; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="24NcXgf2" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a0b2e56da1so1851082f8f.0 for ; Mon, 12 May 2025 12:11:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077096; x=1747681896; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2A4QOYtd+e+YapxsnA4mVLLZLavidWLily5bwA/VPvU=; b=24NcXgf2Yhi02ZD9tByE5DmymhLuZgiGgs6sMg0cwnyhfeYi5+eFnMunDr18BOYP8x 65vohHfD2HiAiqbTcEPVb0AaI2YolCUHuEr7s0p3u2WWzXvC0zFk6kC8OGx7F8l7hnZO IEroOEkQ+03tW+7iUXE+c6xo08odB5gCk+jE4MPHrPjFEtfIjDqOa+85eKdCrh3DUcZa I/iEP7qDVNmYGsUSPuq1ry1U1WG23Su+PypvzV0xJze8pjWm4N0I7vwTQHEp+Z0w9d0X H7HI3Zt84UKXtAY2akYr9xOFnQy1TTXRl+S4+NzlrsDMG432Da6+dC64Nctvwgk2t1bF lOAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077096; x=1747681896; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2A4QOYtd+e+YapxsnA4mVLLZLavidWLily5bwA/VPvU=; b=gI4rp5CdcgTIIROOv31NTqRwRvbZUvroDykfWwgRYo6E56NUGFkzPy33auKr1oCZ5a QvuMijR6QuX8co7VSePOjDtPQOZJqDV4NfCBl50EXgKN4vE5L6tdOQ+nUMNyhWrHu4GJ IO4vzww6nFqSnUvCJVYYybbtLwcER6rJKC/roerYpbX1zpl9ropv584hapmRPujpXiFz RWaRxr39DbJmSfIZYjN3ZAdqyeVODHNNRpZFtHy38BWeNb0U2ilcxrL6dG1pQ83jXUSB FiBzuaXTAcFwMdHy9SNq6l4JaUXtRU/CK1yDgtCXKPh6OPSPEMrIz4kNe6Cl7euiQaNp 1JUQ== X-Gm-Message-State: AOJu0YxjD79zJ596bEyKQJGOva+OFzmLvu8LiWLr/+48/lcEGJ43MXJc nQtlhc24I0RZdy3/p8sVwf23id6wgo4ZOJz35E38peT9eiQ1Wd02ZWUMO1HWJ2QuOsx9UIqExAP rlYnOVFw2n1n978zEG469en+MMydlTWYPdc3tRBCZyu8fdUgdnHJ/CuPVeZJItsm+2d1/8bqujX kjXBFk1JtwjKDkk3KV4irG/G+WcOJDAw== X-Google-Smtp-Source: AGHT+IErwosD9vJ9JrYgrLx7V9RG6j5DmK6Fk3l/BmDVN9yfDorOHyQFkGdzbGclKBnt8rsqb/4LW6To X-Received: from wmbhh12.prod.google.com ([2002:a05:600c:530c:b0:440:626b:cdc]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:240d:b0:3a2:3b9:5c97 with SMTP id ffacd0b85a97d-3a203b95dfcmr5365332f8f.10.1747077096579; Mon, 12 May 2025 12:11:36 -0700 (PDT) Date: Mon, 12 May 2025 21:08:37 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1194; i=ardb@kernel.org; h=from:subject; bh=etgeXANbrFUuOBqj8tjP9eeHGfbZA0Naim5ziEeTbkU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3WL9V9YldTk75PhN3ZKf2BtO3vD1eEvn01X7nk5SU d4e6Xamo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzENIyRYbUlq+7P21pvJ/Bq MUd7Hvd7Od/uZ/+5tak7UtzPTNKtB6po5okQ/rjIvX/T6rpmpnu/maomGwYkzvk80/3c95Xc240 ZAA== X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-25-ardb+git@google.com> Subject: [RFT PATCH v3 02/21] x86/sev: Use MSR protocol for remapping SVSM calling area From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel As the preceding code comment already indicates, remapping the SVSM calling area occurs long before the GHCB page is configured, and so calling svsm_perform_call_protocol() is guaranteed to result in a call to svsm_perform_msr_protocol(). So just call the latter directly. This allows most of the GHCB based API infrastructure to be moved out of the startup code in a subsequent patch. Signed-off-by: Ard Biesheuvel Reviewed-by: Borislav Petkov (AMD) --- arch/x86/boot/startup/sev-startup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 435853a55768..a1d5a5632d58 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -325,7 +325,9 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) call.caa =3D svsm_get_caa(); call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); call.rcx =3D pa; - ret =3D svsm_perform_call_protocol(&call); + do { + ret =3D svsm_perform_msr_protocol(&call); + } while (ret =3D=3D -EAGAIN); if (ret) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CA_REMAP_FAIL); =20 --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56CA12989B8 for ; Mon, 12 May 2025 19:11:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077102; cv=none; b=tj+4ejyTEl+hZj90HxXGV7v0/QhgLpg2IVAXy5PR602XmrEIFm+2i94X5RQUEXmpQS/qwYA9/QIonGu5jLwq9iKoZ6HrzZDSYkSYaaejIVrrHXQ96DpOJFH86zU7CGhBPAajl0B2yWwzg8AP4mg+B6Odpbn/Cnz8lXyGwrFXJTY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077102; c=relaxed/simple; bh=IViD4YYHBXDwo5g9TTRUGnmwmbfGnTDlYSGdvojExjo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Lwdrz7defbBkYvYH0cr/jP+X941lwii4BF2n9Rq7YZ7b8lnEBe2+GlCS7dnFe/dHEVIzMEYs84ElKsP/RzvHeBv2VHp3mrVTQ8HtZEKMI8KIkCO1N9nR+aPmbtl5RPybEBqF/JkUv9pvviUnMPamoUVo0O8jwVyK+n4oZxLhgnA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vysdTSxg; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vysdTSxg" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43cf172ffe1so33687685e9.3 for ; Mon, 12 May 2025 12:11:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077099; x=1747681899; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=EtH8lgB/xLdugV2I/4aL/pTw0ePxg4uZHnaRHJhekpA=; b=vysdTSxgq925HuW4y1I+vFp5ClrUO0aiw3e0BxnesV5POb/MPwhzKwxjuH4zHiyQGw 53NrSfOaTVliKsjL68z0Qm41lVDFoY6scFWvaBkaxjmZnmi4CewfIAtn4M4xZYv5CCCB DaR6SdgQfwAMUzohMRRJpsx9c508W/72jzwN0+tJxgD5WI4JUu1eXvc1npJLqiYnuVNf S+RL5wYGo43m/vw/2SfuAtzzMLntYrmCRwhWgMqBeefSqKfTgbZnIdsAxda7WsQKeNOc xYNEq15+OkESZUP9pBqeB8CgBvhRWFYEzRyKsFPHYYkejuYPbFjsNykuGNu2BUicT1O2 uVfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077099; x=1747681899; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=EtH8lgB/xLdugV2I/4aL/pTw0ePxg4uZHnaRHJhekpA=; b=SCCKJZKrFUx6826j4DuNEgOfL5i2KsIELX4eJ4ykmUtmyVutZ3G6PXQp7VEDpvCpLE DJwm5BgsaCx6SAiiPJl6ZCM/mTi/2uJztBuP4fhd1NiGI46GEFwuAUJgcUm1/nzk3TkA k0BcJiQPnv79pweaMENYTlTgQCMlH+WgqLNI42CQyf3uLqrv4Rg3HytzweOStCcP79YC moG/F2+r5mYGCR2zaCcBWDmx4IFx5eq/4zIWV9gL45cdHcfXnMtZGKRKcHnZHYHjuDMS JxVfxX0K+OP1jX839XCQ0+c4HMfOS9bMcnSvwqXRxt+Lh2BoHj2DXSMc6bsTVI4Jg329 LAyg== X-Gm-Message-State: AOJu0YzzwnZiJhq8eSAH+Zy/ydSDG6XmPKtvl9tFwHS/VrnvFxKoAMmy v320fWCwdYxXCOkIo0Pr7C5P+WW4MKADzZq3+WKmih6On4UwbeHGcLxSbSi9oGg3MZ21Yc+cnz6 P+7IUd7G0f9Dk3A0AaUU/5ce7XQdiBHVFOdPHLL0KhWGWezg3gJuijJOHrYuaJiS2YTLaCGwaZx rWJRqiR4g/j/VdjneHOu9B4GEpS7ilEQ== X-Google-Smtp-Source: AGHT+IEgrDQQqKcWDwlMTlU1f6Qdn6QqOQozwGRLNFc69IqJnl2DD/+q9cSOAKZT5gYzuW1GjaLqr9OG X-Received: from wmbfm20.prod.google.com ([2002:a05:600c:c14:b0:43d:8f:dd29]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3587:b0:441:d437:e3b8 with SMTP id 5b1f17b1804b1-442d6dd21a5mr106536425e9.23.1747077098869; Mon, 12 May 2025 12:11:38 -0700 (PDT) Date: Mon, 12 May 2025 21:08:38 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2349; i=ardb@kernel.org; h=from:subject; bh=Gf5X2ytHxR1g5slHaQh9jtJb2moZ8ZWVoSoEdAWq+8g=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3eor11e7C/0z9mus1TzVx/Howsapu/VCpaY0tB2QY S+4ZM/eUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZyTpiRYc8yU+3ZqROeTj76 PcvavW694L2X7y+wX5N8OlUvNkXh1TeG/wW3D02ZNLPkmvntX7HsmnL+L85w3/751SMjOF89x0F 6NRMA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-26-ardb+git@google.com> Subject: [RFT PATCH v3 03/21] x86/sev: Use MSR protocol only for early SVSM PVALIDATE call From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The early page state change API performs an SVSM call to PVALIDATE each page when running under a SVSM, and this involves either a GHCB page based call or a call based on the MSR protocol. The GHCB page based variant involves VA to PA translation of the GHCB address, and this is best avoided in the startup code, where virtual addresses are ambiguous (1:1 or kernel virtual). As this is the last remaining occurrence of svsm_perform_call_protocol() in the startup code, switch to the MSR protocol exclusively in this particular case, so that the GHCB based plumbing can be moved out of the startup code entirely in a subsequent patch. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 20 -------------------- arch/x86/boot/startup/sev-shared.c | 4 +++- 2 files changed, 3 insertions(+), 21 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 612b443296d3..bc4ec45d9935 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -50,31 +50,11 @@ u64 svsm_get_caa_pa(void) return boot_svsm_caa_pa; } =20 -int svsm_perform_call_protocol(struct svsm_call *call); - u8 snp_vmpl; =20 /* Include code for early handlers */ #include "../../boot/startup/sev-shared.c" =20 -int svsm_perform_call_protocol(struct svsm_call *call) -{ - struct ghcb *ghcb; - int ret; - - if (boot_ghcb) - ghcb =3D boot_ghcb; - else - ghcb =3D NULL; - - do { - ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); - } while (ret =3D=3D -EAGAIN); - - return ret; -} - static bool sev_snp_enabled(void) { return sev_status & MSR_AMD64_SEV_SNP_ENABLED; diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 408e064a80d9..297d2abe8e3d 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -755,7 +755,9 @@ static void __head svsm_pval_4k_page(unsigned long padd= r, bool validate) call.rax =3D SVSM_CORE_CALL(SVSM_CORE_PVALIDATE); call.rcx =3D pc_pa; =20 - ret =3D svsm_perform_call_protocol(&call); + do { + ret =3D svsm_perform_msr_protocol(&call); + } while (ret =3D=3D -EAGAIN); if (ret) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); =20 --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FFBA298C36 for ; Mon, 12 May 2025 19:11:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077104; cv=none; b=pUWjuPkOTD1zaAM8d0jjduSWiyHaGkOWX8AbQOnbZ0WC6ebj8cgFmcfQUBQCav8XL72aEZpWzekzl0mAt4p+OkcuGrt36O3wMouX9LDuQ9TIDAtxJIOayv0LgLBeuwCnQ+4GdgJkWGmsRRntgWiivJXJMMlnyy9/HnUq8Tucw5c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077104; c=relaxed/simple; bh=N8lIrN6QnYWQRxj3loyK87tJKBDaO7dJNOxuR7UZwmY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=NHzc+dUkgarwqyde1ffuZjQvqMf+BN1HqSlHi0DjGwsl8ZQQdMG/3+IegZNfoCXi3pQyJYGnDWYRwPFt0qJ0TtIUz8tiF2AYBHQYO8otIFig8EDa3VTCJxhrONffkaNeK84DFOjSsqDRAmazvGv58nb+kMw3sgaezQfZKcarlfs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=wUtImQtJ; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wUtImQtJ" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a2046b5e75so532726f8f.1 for ; Mon, 12 May 2025 12:11:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077101; x=1747681901; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=yAKS3akGBR/9SddxoYh5t/3Kaeg1HbH4Cc4GvmNf7kc=; b=wUtImQtJBDXmt4kjPAk33q0f3OAdM1UB9jlrtKhPnGg3zpPfnXRJehSnUe2qoFDXcU OBjAvVO13mYD13vYlTkJBXTVDDES8inZHj7ODljrq9uwWWu6vYSVTfVc4xAAd1uk5hP8 XmUlvtSZoM4EaYhvPsX/l4BhvmDs3ZU6MgUylx6Z5KanRJlN/dDMit53TpItxxDynsTM IdtThM6XN97A11VkGM/uu+MjhmjbMnB6VIVc4h6p1T1tkXL5POZvoEMgeQvpEebaRDZy g53GxnAIq2W/2UylK+zYESBdlGYxTmoWb3HQRg8Lo5ALgaKx8QGPl/jqp1mbTS2d70wm yRdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077101; x=1747681901; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yAKS3akGBR/9SddxoYh5t/3Kaeg1HbH4Cc4GvmNf7kc=; b=oHUbhTu+xorw7S7C/EsJGwqSgaYgVnhTlLQschiYWqBrVhj/0s9Hv/dgJ6TPy1NlAn HFhOG3uwySe3M37XVJGoNfT0abhEI6RaOfBwClcyxpD8adCvyUTi9WuqpRNP+S/mC1g7 W4aO1Iarm6hSy13FXVPpVG9imJlHri33I8IqQJFbHq0p/Yfq5VvzNZ2lDzPR+i9proT0 zOPHhOhMEO9T0gcIf2y/OlcOdlHZ85sz4W89G3Yfps9xcregPdcvUSpBb223FjGVAtF6 sfX/WUy3FoGHhZk8hdiKXg54iPUahZkENUMV+OowVKNyVzgTgKHsfmxD8k5PKQRmdzdG dOyQ== X-Gm-Message-State: AOJu0YxuN9OiwzxDjTPsJmunnGyrlRLXmDA1Nuq8Ev20nnD/hac0p/tp Qdkn6shoKFNnHb4rSEyjLhplmDrSSw6muDErZRXn7bniXWsH7+jTshUhNiMJxtRjPni/Dkk0csq cQ1XK92OE8TxTBsF19rJXsP92YiM8U7aLu8e8Q6SKMGjNgr6QDoQd8Xm+2YkicPt9fgbjb38WYL 7pJ7282kk+hkemjPIDLJUlWmXiVZHJOQ== X-Google-Smtp-Source: AGHT+IGX1Wukqh3EK0YfLcD9ed759VITS0iUHJbGg2BkqMIQpCmp8NgTxMLsY1cSzdbBmJab7Amumzsu X-Received: from wmbhh12.prod.google.com ([2002:a05:600c:530c:b0:440:626b:cdc]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:3103:b0:39e:e217:28c0 with SMTP id ffacd0b85a97d-3a1f642217dmr11281761f8f.10.1747077100813; Mon, 12 May 2025 12:11:40 -0700 (PDT) Date: Mon, 12 May 2025 21:08:39 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2831; i=ardb@kernel.org; h=from:subject; bh=gyvK1vVt7xT2yPdX1EeqNZBgIdQd81Ru1FpgpHIYf3o=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3UbMLaG9Z8ePSUG7V/zZ0Gt39cOFEv7j8hw9drPiU 6MfbdvSUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZy+R4jw8Iq14cHUy47Hbwz /Rz3Uw7zD7whh9wn1m5f/oA/IbNv80WG36y1Ghd9X/WmWtx/u+rrCY73Ykmx/t9O7yz0eWXFs7L 7CC8A X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-27-ardb+git@google.com> Subject: [RFT PATCH v3 04/21] x86/sev: Run RMPADJUST on SVSM calling area page to test VMPL From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Determining the VMPL at which the kernel runs involves performing a RMPADJUST operation on an arbitary page of memory, and observing whether it succeeds. The use of boot_ghcb_page in the core kernel in this case is completely arbitary, but results in the need to provide a PIC alias for it. So use boot_svsm_ca_page instead, which already needs this alias for other reasons. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 2 +- arch/x86/boot/startup/sev-shared.c | 5 +++-- arch/x86/boot/startup/sev-startup.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index bc4ec45d9935..2141936daba7 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -327,7 +327,7 @@ static bool early_snp_init(struct boot_params *bp) * running at VMPL0. The CA will be used to communicate with the * SVSM and request its services. */ - svsm_setup_ca(cc_info); + svsm_setup_ca(cc_info, rip_rel_ptr(&boot_ghcb_page)); =20 /* * Pass run-time kernel a pointer to CC info via boot_params so EFI diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 297d2abe8e3d..9c8dd6bfe833 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -782,7 +782,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. */ -static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info) +static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, + void *page) { struct snp_secrets_page *secrets_page; struct snp_cpuid_table *cpuid_table; @@ -805,7 +806,7 @@ static bool __head svsm_setup_ca(const struct cc_blob_s= ev_info *cc_info) * routine is running identity mapped when called, both by the decompress= or * code and the early kernel code. */ - if (!rmpadjust((unsigned long)rip_rel_ptr(&boot_ghcb_page), RMP_PG_SIZE_4= K, 1)) + if (!rmpadjust((unsigned long)page, RMP_PG_SIZE_4K, 1)) return false; =20 /* diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index a1d5a5632d58..1f928e8264bb 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -303,7 +303,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) * running at VMPL0. The CA will be used to communicate with the * SVSM to perform the SVSM services. */ - if (!svsm_setup_ca(cc_info)) + if (!svsm_setup_ca(cc_info, rip_rel_ptr(&boot_svsm_ca_page))) return; =20 /* --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78917298CAA for ; Mon, 12 May 2025 19:11:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077107; cv=none; b=RRFnKqBSdJs/ixz80/iaCnGL8VhZO8KL77N/gzu02nF/gwhux34UbXmzDoXz8JkDvnERydHu9Vo56zCy6f3WknW6cWco/bQdi4ZRzMkyNVCPrQQYb9vCu6pe9GUBkE35XYTFI6uS4ilYIlcIHx1MbaqIvA334bye5FeoQsPjnag= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077107; c=relaxed/simple; bh=EsOakeC/Phz2KSj3ueqUKzDoUxs7glVALXUQVB7i3bM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YCDsDeXkmnDqaAPcdLCAT2qEzZPWtP7FfYMVn9ASnJIIvt0RUdUtyrRrPIkqabGWuELiIe2peHcEzxzY6ayw157oPT9YaKBlv9zouTgHdtdBwqZifGqpYGhTphAnlXHi5lCTHcebX4B4ehlirt2tzZdw6tYm5fURbPQnLaj8Lnc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=a7ilOvTL; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="a7ilOvTL" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-442d472cf84so21959625e9.2 for ; Mon, 12 May 2025 12:11:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077103; x=1747681903; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=/r+WMXBO/gfDlqsyugcImJrsAq/d8Zz4Wr6G5LEn+9E=; b=a7ilOvTLhgq1D0pUUXX4FDj+JrH3n+erzKFL0RrESWo29YnROTDfc668JZcbeM6gsx zI1EPLr/fpChtgyw0kUbnO8/mrhYQ9Ssg14QEs6rw7dHggtU1gA8ZwZvoFTQe640Yvcs 8Vrj8yuk5a8B3tomNQ7yfgQqlPsChhjzG5DHW6VBW4NlF3/91u2QjU5H3hoAJ1OYFXwO 3WP1uuOiU7ZZF1RSgXoEF8e4cTCOn0bLtHkzie6gcyP3NQaLezH85c38dWlHsJa2XvcF 4iLgMLWQrZEbmO57jQe17PJWSDz9+wACIt2Yc3TBC73IV4CVv3SfWndDwAQk6HR1Co8O ZwAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077103; x=1747681903; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/r+WMXBO/gfDlqsyugcImJrsAq/d8Zz4Wr6G5LEn+9E=; b=KoIfGZaqyG4qw5pYfsnAiAY3/6JULsY2O8bT0vkzqnVYeme4HYgV4X7hvyHn8uw4DP OLEaxR8du/g+gvbGU7VLrPFzqHFQECPi/5F4kZ9tQ5AtsB5ibvd2FpLkoXMFaJrl0HIh cetrSk0Nltx/Ws/3UyRMx9+6QcnEzhQ29aFctsSpPUXLg4ykmQrBtFHxFtYfY48uG6rc XwnvvtN3+eH0bS08lnqYeXrZqel5RsnQuRjD+5aUjcZ95De1PH4QJivVT4uzqjJ8Y61a oo0cntcijVW/abiM0OQtM7KT24rg7FfkXYHUnEzLK6IRe+uBcs1Zyna5KEN16njuN/ge 3X9w== X-Gm-Message-State: AOJu0Yzq+/dnzXtR3EUM9ULMRW9AUnw1a6SFH5ncfHsm62T5wQ7PNow+ bwytb26ZOGzLpOkchFqRYh6Iw74BBo2fhd4Eb6ZPyEhC1uthRdT678n4wwG2/TCQAwWjMnSgrQz eBc+s9IJeNDaDIlj3PttPU0zYKToPsUUS/GSF0IfAA8ZrYuCtYtcgKtJ10Fj6nIZC1U84VmzrUz cC1PmWHWZ4qE/lLT8nAmqYrlfVACN0VQ== X-Google-Smtp-Source: AGHT+IHWFoadMMw6DJrqhZ8yK4ycBZLMVndhAccvxLZMZpJp7mm9Gy7aW2fCl2/ASDbCWfa0yBkM3ymx X-Received: from wmbhj14.prod.google.com ([2002:a05:600c:528e:b0:43b:d6ca:6dd3]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4e90:b0:43c:f050:fed3 with SMTP id 5b1f17b1804b1-442d6d3e35amr95287015e9.11.1747077102857; Mon, 12 May 2025 12:11:42 -0700 (PDT) Date: Mon, 12 May 2025 21:08:40 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=20707; i=ardb@kernel.org; h=from:subject; bh=xJuAohr1Yjdxojosm4HIflLT3rqnlRRJHuN1gXHuuDw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3e7T4c3Oef5X3ZfbVF+asCHcq+Pnuv6kdTyLkgM2R 3n1uC3uKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNZFcPIsFzXc87z4yxP6jdE CxyYLmq0e4rj6Yu9KyeZpvxaGqN8ZAPDP7UT3g090ya4SQQ8jP3t7tP1Zc7JVo0DtefL+Fa1flY 6yAcA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-28-ardb+git@google.com> Subject: [RFT PATCH v3 05/21] x86/sev: Move GHCB page based HV communication out of startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Both the decompressor and the core kernel implement an early #VC handler, which only deals with CPUID instructions, and full featured one, which can handle any #VC exception. The former communicates with the hypervisor using the MSR based protocol, whereas the latter uses a shared GHCB page, which is configured a bit later during the boot, when the kernel runs from its ordinary virtual mapping, rather than the 1:1 mapping that the startup code uses. Accessing this shared GHCB page from the core kernel's startup code is problematic, because it involves converting the GHCB address provided by the caller to a physical address. In the startup code, virtual to physical address translations are problematic, given that the virtual address might be a 1:1 mapped address, and such translations should therefore be avoided. This means that exposing startup code dealing with the GHCB to callers that execute from the ordinary kernel virtual mapping should be avoided too. So move all GHCB page based communication out of the startup code, now that all communication occurring before the kernel virtual mapping is up relies on the MSR protocol only. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev-handle-vc.c | 3 + arch/x86/boot/startup/sev-shared.c | 190 +------------------- arch/x86/boot/startup/sev-startup.c | 42 ----- arch/x86/coco/sev/core.c | 76 ++++++++ arch/x86/coco/sev/vc-handle.c | 2 + arch/x86/coco/sev/vc-shared.c | 94 ++++++++++ arch/x86/include/asm/sev-internal.h | 7 +- arch/x86/include/asm/sev.h | 59 +++++- 8 files changed, 236 insertions(+), 237 deletions(-) diff --git a/arch/x86/boot/compressed/sev-handle-vc.c b/arch/x86/boot/compr= essed/sev-handle-vc.c index 89dd02de2a0f..7530ad8b768b 100644 --- a/arch/x86/boot/compressed/sev-handle-vc.c +++ b/arch/x86/boot/compressed/sev-handle-vc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 =20 #include "misc.h" +#include "error.h" #include "sev.h" =20 #include @@ -14,6 +15,8 @@ #include =20 #define __BOOT_COMPRESSED +#undef __init +#define __init =20 /* Basic instruction decoding support needed */ #include "../../lib/inat.c" diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 9c8dd6bfe833..7884884c0898 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -13,12 +13,9 @@ =20 #ifndef __BOOT_COMPRESSED #define error(v) pr_err(v) -#define has_cpuflag(f) boot_cpu_has(f) #else #undef WARN #define WARN(condition, format...) (!!(condition)) -#undef vc_forward_exception -#define vc_forward_exception(c) panic("SNP: Hypervisor requested exceptio= n\n") #endif =20 /* @@ -39,7 +36,7 @@ u64 boot_svsm_caa_pa __ro_after_init; * * GHCB protocol version negotiated with the hypervisor. */ -static u16 ghcb_version __ro_after_init; +u16 ghcb_version __ro_after_init; =20 /* Copy of the SNP firmware's CPUID page. */ static struct snp_cpuid_table cpuid_table_copy __ro_after_init; @@ -54,16 +51,6 @@ static u32 cpuid_std_range_max __ro_after_init; static u32 cpuid_hyp_range_max __ro_after_init; static u32 cpuid_ext_range_max __ro_after_init; =20 -bool __init sev_es_check_cpu_features(void) -{ - if (!has_cpuflag(X86_FEATURE_RDRAND)) { - error("RDRAND instruction not supported - no trusted source of randomnes= s available\n"); - return false; - } - - return true; -} - void __head __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { @@ -100,123 +87,7 @@ u64 get_hv_features(void) return GHCB_MSR_HV_FT_RESP_VAL(val); } =20 -void snp_register_ghcb_early(unsigned long paddr) -{ - unsigned long pfn =3D paddr >> PAGE_SHIFT; - u64 val; - - sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn)); - VMGEXIT(); - - val =3D sev_es_rd_ghcb_msr(); - - /* If the response GPA is not ours then abort the guest */ - if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_REG_GPA_RESP) || - (GHCB_MSR_REG_GPA_RESP_VAL(val) !=3D pfn)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER); -} - -bool sev_es_negotiate_protocol(void) -{ - u64 val; - - /* Do the GHCB protocol version negotiation */ - sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ); - VMGEXIT(); - val =3D sev_es_rd_ghcb_msr(); - - if (GHCB_MSR_INFO(val) !=3D GHCB_MSR_SEV_INFO_RESP) - return false; - - if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN || - GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX) - return false; - - ghcb_version =3D min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX= ); - - return true; -} - -static enum es_result verify_exception_info(struct ghcb *ghcb, struct es_e= m_ctxt *ctxt) -{ - u32 ret; - - ret =3D ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0); - if (!ret) - return ES_OK; - - if (ret =3D=3D 1) { - u64 info =3D ghcb->save.sw_exit_info_2; - unsigned long v =3D info & SVM_EVTINJ_VEC_MASK; - - /* Check if exception information from hypervisor is sane. */ - if ((info & SVM_EVTINJ_VALID) && - ((v =3D=3D X86_TRAP_GP) || (v =3D=3D X86_TRAP_UD)) && - ((info & SVM_EVTINJ_TYPE_MASK) =3D=3D SVM_EVTINJ_TYPE_EXEPT)) { - ctxt->fi.vector =3D v; - - if (info & SVM_EVTINJ_VALID_ERR) - ctxt->fi.error_code =3D info >> 32; - - return ES_EXCEPTION; - } - } - - return ES_VMM_ERROR; -} - -static inline int svsm_process_result_codes(struct svsm_call *call) -{ - switch (call->rax_out) { - case SVSM_SUCCESS: - return 0; - case SVSM_ERR_INCOMPLETE: - case SVSM_ERR_BUSY: - return -EAGAIN; - default: - return -EINVAL; - } -} - -/* - * Issue a VMGEXIT to call the SVSM: - * - Load the SVSM register state (RAX, RCX, RDX, R8 and R9) - * - Set the CA call pending field to 1 - * - Issue VMGEXIT - * - Save the SVSM return register state (RAX, RCX, RDX, R8 and R9) - * - Perform atomic exchange of the CA call pending field - * - * - See the "Secure VM Service Module for SEV-SNP Guests" specification= for - * details on the calling convention. - * - The calling convention loosely follows the Microsoft X64 calling - * convention by putting arguments in RCX, RDX, R8 and R9. - * - RAX specifies the SVSM protocol/callid as input and the return co= de - * as output. - */ -static __always_inline void svsm_issue_call(struct svsm_call *call, u8 *pe= nding) -{ - register unsigned long rax asm("rax") =3D call->rax; - register unsigned long rcx asm("rcx") =3D call->rcx; - register unsigned long rdx asm("rdx") =3D call->rdx; - register unsigned long r8 asm("r8") =3D call->r8; - register unsigned long r9 asm("r9") =3D call->r9; - - call->caa->call_pending =3D 1; - - asm volatile("rep; vmmcall\n\t" - : "+r" (rax), "+r" (rcx), "+r" (rdx), "+r" (r8), "+r" (r9) - : : "memory"); - - *pending =3D xchg(&call->caa->call_pending, *pending); - - call->rax_out =3D rax; - call->rcx_out =3D rcx; - call->rdx_out =3D rdx; - call->r8_out =3D r8; - call->r9_out =3D r9; -} - -static int svsm_perform_msr_protocol(struct svsm_call *call) +int svsm_perform_msr_protocol(struct svsm_call *call) { u8 pending =3D 0; u64 val, resp; @@ -247,63 +118,6 @@ static int svsm_perform_msr_protocol(struct svsm_call = *call) return svsm_process_result_codes(call); } =20 -static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call = *call) -{ - struct es_em_ctxt ctxt; - u8 pending =3D 0; - - vc_ghcb_invalidate(ghcb); - - /* - * Fill in protocol and format specifiers. This can be called very early - * in the boot, so use rip-relative references as needed. - */ - ghcb->protocol_version =3D ghcb_version; - ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; - - ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL); - ghcb_set_sw_exit_info_1(ghcb, 0); - ghcb_set_sw_exit_info_2(ghcb, 0); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - - svsm_issue_call(call, &pending); - - if (pending) - return -EINVAL; - - switch (verify_exception_info(ghcb, &ctxt)) { - case ES_OK: - break; - case ES_EXCEPTION: - vc_forward_exception(&ctxt); - fallthrough; - default: - return -EINVAL; - } - - return svsm_process_result_codes(call); -} - -enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, - struct es_em_ctxt *ctxt, - u64 exit_code, u64 exit_info_1, - u64 exit_info_2) -{ - /* Fill in protocol and format specifiers */ - ghcb->protocol_version =3D ghcb_version; - ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; - - ghcb_set_sw_exit_code(ghcb, exit_code); - ghcb_set_sw_exit_info_1(ghcb, exit_info_1); - ghcb_set_sw_exit_info_2(ghcb, exit_info_2); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - VMGEXIT(); - - return verify_exception_info(ghcb, ctxt); -} - static int __sev_cpuid_hv(u32 fn, int reg_idx, u32 *reg) { u64 val; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 1f928e8264bb..0000885dc24c 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,15 +41,6 @@ #include #include =20 -/* For early boot hypervisor communication in SEV-ES enabled guests */ -struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); - -/* - * Needs to be in the .data section because we need it NULL before bss is - * cleared - */ -struct ghcb *boot_ghcb __section(".data"); - /* Bitmap of SEV features supported by the hypervisor */ u64 sev_hv_features __ro_after_init; =20 @@ -139,39 +130,6 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state) } } =20 -int svsm_perform_call_protocol(struct svsm_call *call) -{ - struct ghcb_state state; - unsigned long flags; - struct ghcb *ghcb; - int ret; - - /* - * This can be called very early in the boot, use native functions in - * order to avoid paravirt issues. - */ - flags =3D native_local_irq_save(); - - if (sev_cfg.ghcbs_initialized) - ghcb =3D __sev_get_ghcb(&state); - else if (boot_ghcb) - ghcb =3D boot_ghcb; - else - ghcb =3D NULL; - - do { - ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); - } while (ret =3D=3D -EAGAIN); - - if (sev_cfg.ghcbs_initialized) - __sev_put_ghcb(&state); - - native_local_irq_restore(flags); - - return ret; -} - void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index ac400525de73..310d867be4dc 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -100,6 +100,15 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); u8 snp_vmpl __ro_after_init; EXPORT_SYMBOL_GPL(snp_vmpl); =20 +/* For early boot hypervisor communication in SEV-ES enabled guests */ +static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); + +/* + * Needs to be in the .data section because we need it NULL before bss is + * cleared + */ +struct ghcb *boot_ghcb __section(".data"); + static u64 __init get_snp_jump_table_addr(void) { struct snp_secrets_page *secrets; @@ -153,6 +162,73 @@ static u64 __init get_jump_table_addr(void) return ret; } =20 +static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call = *call) +{ + struct es_em_ctxt ctxt; + u8 pending =3D 0; + + vc_ghcb_invalidate(ghcb); + + /* + * Fill in protocol and format specifiers. This can be called very early + * in the boot, so use rip-relative references as needed. + */ + ghcb->protocol_version =3D ghcb_version; + ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; + + ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL); + ghcb_set_sw_exit_info_1(ghcb, 0); + ghcb_set_sw_exit_info_2(ghcb, 0); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + + svsm_issue_call(call, &pending); + + if (pending) + return -EINVAL; + + switch (verify_exception_info(ghcb, &ctxt)) { + case ES_OK: + break; + case ES_EXCEPTION: + vc_forward_exception(&ctxt); + fallthrough; + default: + return -EINVAL; + } + + return svsm_process_result_codes(call); +} + +static int svsm_perform_call_protocol(struct svsm_call *call) +{ + struct ghcb_state state; + unsigned long flags; + struct ghcb *ghcb; + int ret; + + flags =3D native_local_irq_save(); + + if (sev_cfg.ghcbs_initialized) + ghcb =3D __sev_get_ghcb(&state); + else if (boot_ghcb) + ghcb =3D boot_ghcb; + else + ghcb =3D NULL; + + do { + ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) + : svsm_perform_msr_protocol(call); + } while (ret =3D=3D -EAGAIN); + + if (sev_cfg.ghcbs_initialized) + __sev_put_ghcb(&state); + + native_local_irq_restore(flags); + + return ret; +} + static inline void __pval_terminate(u64 pfn, bool action, unsigned int pag= e_size, int ret, u64 svsm_ret) { diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c index b4895c648024..3cadaa46b9d7 100644 --- a/arch/x86/coco/sev/vc-handle.c +++ b/arch/x86/coco/sev/vc-handle.c @@ -344,6 +344,8 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ct= xt, } =20 #define sev_printk(fmt, ...) printk(fmt, ##__VA_ARGS__) +#define error(v) +#define has_cpuflag(f) boot_cpu_has(f) =20 #include "vc-shared.c" =20 diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c index b4688f69102e..9b01c9ad81be 100644 --- a/arch/x86/coco/sev/vc-shared.c +++ b/arch/x86/coco/sev/vc-shared.c @@ -409,6 +409,53 @@ static enum es_result vc_handle_ioio(struct ghcb *ghcb= , struct es_em_ctxt *ctxt) return ret; } =20 +enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt) +{ + u32 ret; + + ret =3D ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0); + if (!ret) + return ES_OK; + + if (ret =3D=3D 1) { + u64 info =3D ghcb->save.sw_exit_info_2; + unsigned long v =3D info & SVM_EVTINJ_VEC_MASK; + + /* Check if exception information from hypervisor is sane. */ + if ((info & SVM_EVTINJ_VALID) && + ((v =3D=3D X86_TRAP_GP) || (v =3D=3D X86_TRAP_UD)) && + ((info & SVM_EVTINJ_TYPE_MASK) =3D=3D SVM_EVTINJ_TYPE_EXEPT)) { + ctxt->fi.vector =3D v; + + if (info & SVM_EVTINJ_VALID_ERR) + ctxt->fi.error_code =3D info >> 32; + + return ES_EXCEPTION; + } + } + + return ES_VMM_ERROR; +} + +enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, + struct es_em_ctxt *ctxt, + u64 exit_code, u64 exit_info_1, + u64 exit_info_2) +{ + /* Fill in protocol and format specifiers */ + ghcb->protocol_version =3D ghcb_version; + ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; + + ghcb_set_sw_exit_code(ghcb, exit_code); + ghcb_set_sw_exit_info_1(ghcb, exit_info_1); + ghcb_set_sw_exit_info_2(ghcb, exit_info_2); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + VMGEXIT(); + + return verify_exception_info(ghcb, ctxt); +} + static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) { u32 cr4 =3D native_read_cr4(); @@ -549,3 +596,50 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghc= b, =20 return ES_OK; } + +void snp_register_ghcb_early(unsigned long paddr) +{ + unsigned long pfn =3D paddr >> PAGE_SHIFT; + u64 val; + + sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn)); + VMGEXIT(); + + val =3D sev_es_rd_ghcb_msr(); + + /* If the response GPA is not ours then abort the guest */ + if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_REG_GPA_RESP) || + (GHCB_MSR_REG_GPA_RESP_VAL(val) !=3D pfn)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER); +} + +bool __init sev_es_check_cpu_features(void) +{ + if (!has_cpuflag(X86_FEATURE_RDRAND)) { + error("RDRAND instruction not supported - no trusted source of randomnes= s available\n"); + return false; + } + + return true; +} + +bool sev_es_negotiate_protocol(void) +{ + u64 val; + + /* Do the GHCB protocol version negotiation */ + sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ); + VMGEXIT(); + val =3D sev_es_rd_ghcb_msr(); + + if (GHCB_MSR_INFO(val) !=3D GHCB_MSR_SEV_INFO_RESP) + return false; + + if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN || + GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX) + return false; + + ghcb_version =3D min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX= ); + + return true; +} diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index b7232081f8f7..4269d9dbefdf 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -2,7 +2,6 @@ =20 #define DR7_RESET_VALUE 0x400 =20 -extern struct ghcb boot_ghcb_page; extern u64 sev_hv_features; extern u64 sev_secrets_pa; =20 @@ -80,7 +79,8 @@ static __always_inline u64 svsm_get_caa_pa(void) return boot_svsm_caa_pa; } =20 -int svsm_perform_call_protocol(struct svsm_call *call); +enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt); +void vc_forward_exception(struct es_em_ctxt *ctxt); =20 static inline u64 sev_es_rd_ghcb_msr(void) { @@ -97,9 +97,6 @@ static __always_inline void sev_es_wr_ghcb_msr(u64 val) native_wrmsr(MSR_AMD64_SEV_ES_GHCB, low, high); } =20 -void snp_register_ghcb_early(unsigned long paddr); -bool sev_es_negotiate_protocol(void); -bool sev_es_check_cpu_features(void); u64 get_hv_features(void); =20 const struct snp_cpuid_table *snp_cpuid_get_table(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index f50a606be4f1..07081bb85331 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -485,6 +485,7 @@ static inline int pvalidate(unsigned long vaddr, bool r= mp_psize, bool validate) struct snp_guest_request_ioctl; =20 void setup_ghcb(void); +void snp_register_ghcb_early(unsigned long paddr); void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, @@ -521,8 +522,6 @@ static __always_inline void vc_ghcb_invalidate(struct g= hcb *ghcb) __builtin_memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitm= ap)); } =20 -void vc_forward_exception(struct es_em_ctxt *ctxt); - /* I/O parameters for CPUID-related helpers */ struct cpuid_leaf { u32 fn; @@ -533,15 +532,71 @@ struct cpuid_leaf { u32 edx; }; =20 +int svsm_perform_msr_protocol(struct svsm_call *call); int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), void *ctx, struct cpuid_leaf *leaf); =20 +/* + * Issue a VMGEXIT to call the SVSM: + * - Load the SVSM register state (RAX, RCX, RDX, R8 and R9) + * - Set the CA call pending field to 1 + * - Issue VMGEXIT + * - Save the SVSM return register state (RAX, RCX, RDX, R8 and R9) + * - Perform atomic exchange of the CA call pending field + * + * - See the "Secure VM Service Module for SEV-SNP Guests" specification= for + * details on the calling convention. + * - The calling convention loosely follows the Microsoft X64 calling + * convention by putting arguments in RCX, RDX, R8 and R9. + * - RAX specifies the SVSM protocol/callid as input and the return co= de + * as output. + */ +static __always_inline void svsm_issue_call(struct svsm_call *call, u8 *pe= nding) +{ + register unsigned long rax asm("rax") =3D call->rax; + register unsigned long rcx asm("rcx") =3D call->rcx; + register unsigned long rdx asm("rdx") =3D call->rdx; + register unsigned long r8 asm("r8") =3D call->r8; + register unsigned long r9 asm("r9") =3D call->r9; + + call->caa->call_pending =3D 1; + + asm volatile("rep; vmmcall\n\t" + : "+r" (rax), "+r" (rcx), "+r" (rdx), "+r" (r8), "+r" (r9) + : : "memory"); + + *pending =3D xchg(&call->caa->call_pending, *pending); + + call->rax_out =3D rax; + call->rcx_out =3D rcx; + call->rdx_out =3D rdx; + call->r8_out =3D r8; + call->r9_out =3D r9; +} + +static inline int svsm_process_result_codes(struct svsm_call *call) +{ + switch (call->rax_out) { + case SVSM_SUCCESS: + return 0; + case SVSM_ERR_INCOMPLETE: + case SVSM_ERR_BUSY: + return -EAGAIN; + default: + return -EINVAL; + } +} + void __noreturn sev_es_terminate(unsigned int set, unsigned int reason); enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, struct es_em_ctxt *ctxt, u64 exit_code, u64 exit_info_1, u64 exit_info_2); =20 +bool sev_es_negotiate_protocol(void); +bool sev_es_check_cpu_features(void); + +extern u16 ghcb_version; extern struct ghcb *boot_ghcb; =20 #else /* !CONFIG_AMD_MEM_ENCRYPT */ --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8765298CC1 for ; Mon, 12 May 2025 19:11:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077108; cv=none; b=FGqxZbq4MZSiWv7vr1y/JytE3FkQl+WFVzhVkp+fP3FWgsfanWHEuAs4jPs7Cb7o7yLW/Up5w8zePLNj1CXb2uo7UxaPeMjwB26+edJXeOwJSG1vLq1xi5CmyqJNm0IotkNVUn0Wr4c22gFZZj95Fu85BEAUNfllMtNlboOdlmQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077108; c=relaxed/simple; bh=RRnMIw5g/jrAb0W13Erg+CyjBnpxxydYbxaGL2P/YX4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YwoM2FBWCv8lNuh2fjW+jbm1Ft7zPloIVYynCDdopWrgFJdZ0I/Qxnksy8KCVb3ewi6AJ/XXjBSQjXn+VUtBKSCZi/LXtHO4DF4ovdMCMh+5FyH271kYuCJddwvZi1QdnzXP85YCo9NsgGD8mQotP5SLNxjmGRDqKUdFN8aCFec= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3+8XNM5f; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3+8XNM5f" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-441c122fa56so19034485e9.2 for ; Mon, 12 May 2025 12:11:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077105; x=1747681905; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=71xIGwXHz9m/rl1b5tE1mHXI8wzc1cOO1kDEHCl0Ovk=; b=3+8XNM5fO0HVrV6nUuPA3EILKQqkWJiq4sgzCSreX1zAp26zdB2jCj9I8ggGMB7paO UYk3riMN1meluBLIMy/ay12+AVZxfzAHkauT7ZBO3iPdORPVl7L81BZVuVr+iA8feg1r jVQGv3/U2zxilnKSheyxLJ8JCg788PM1/LpMjm3hnTCzYrH9CCRxHFuMsCXWII9Ah85u yMUK9bshQTHKpQFD4h3A5jOqZserBztVhopLjXiR1ehNpluVlcmUasqYBNWAxoYaDX8F CAwMBrahYOw6k59App4JS2z8iJXJ3TVd4e8YDlbuxksLuSTDXErNrkF7hCam/5jlv1Hz 2xEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077105; x=1747681905; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=71xIGwXHz9m/rl1b5tE1mHXI8wzc1cOO1kDEHCl0Ovk=; b=F2oo31q0j6EY3TGJaPTLFrJJmQPhXf6JadnwqsHxAjTPcuGATXySu2nTurb+9r1HC3 0wIkdS7DHkTj+qBr/fyaOeVPzxK1sKybWIg9k3hEN8nmDZI3sH7OtgwaM0gMncFYj9Hd vrgBsOXcpvlhQ56gSlNs3LJy/ENhIvWKXFrI6I7jU/XDDC9qhqDATld6+mS+LM2V6kJA Lwy2mwd+nvXqNDos/VHNYlZi4ylHJzM2yQQpPfFGxe5LGzm3K+GR/dcmYFVjRwmLLoTC +4QpSXPcHUbdV/iPIahPKzPh6UZGKK3UfzWpaAnvxX19+Tpb1b/Xvuqrac4Jfj2yfjgJ jeGg== X-Gm-Message-State: AOJu0Yya3DwMfeAxs0PqLjoZB7lYVoMXexhh4sr33XJAE5bdFiRm5F53 Un0gIslDS2sWn5YebXg2OHh1LzpuPKXjwd0bEnrS7dq/jRRkslNAMi0uE2LuiVw+Ol/X1Ew0URI 6FO0gjY5GSZ0yQCKeaZHK4WPHdW4fbPK0+wqnjwg98L6xgM3e1sfwZDaO2vzOGQpSVEacCPozZK zgws+5ErDdafXLuKPufHPw34iuiitALQ== X-Google-Smtp-Source: AGHT+IFFqCt+fsBqPngsdQyiVskwd9ConFlbUeF25rdan8MOxzENvfrbYyiCj4mVU1L3lcsff9F8yZql X-Received: from wrbcc8.prod.google.com ([2002:a5d:5c08:0:b0:39a:be1a:5df9]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2dc4:b0:39c:dfa:c3de with SMTP id ffacd0b85a97d-3a1f64a383dmr11163957f8f.47.1747077104992; Mon, 12 May 2025 12:11:44 -0700 (PDT) Date: Mon, 12 May 2025 21:08:41 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6919; i=ardb@kernel.org; h=from:subject; bh=bBn+bWoiPv9ap4MhobATz6OEPk63e0DgR5JHkfb8XMQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3WHqFU2915K2656WWP98v+/q7/p5s3rlMyyLov8rS QZc42PuKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABP518/IcP/zIeVrPTfDVUI3 XHM/tvDCk4N35K+uv2b8U+Cxw6vAFS8YGd4u3205lU+KR0X7a5TeoZN3hbY5JizO6f+6bFdzNdu jUCYA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-29-ardb+git@google.com> Subject: [RFT PATCH v3 06/21] x86/sev: Avoid global variable to store virtual address of SVSM area From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The boottime SVSM calling area is used both by the startup code running from a 1:1 mapping, and potentially later on running from the ordinary kernel mapping. This SVSM calling area is statically allocated, and so its physical address doesn't change. However, its virtual address depends on the calling context (1:1 mapping or kernel virtual mapping), and even though the variable that holds the virtual address of this calling area gets updated from 1:1 address to kernel address during the boot, it is hard to reason about why this is guaranteed to be safe. So instead, take the RIP-relative address of the boottime SVSM calling area whenever its virtual address is required, and only use a global variable for the physical address. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 5 ++--- arch/x86/boot/startup/sev-shared.c | 6 ------ arch/x86/boot/startup/sev-startup.c | 4 ++-- arch/x86/coco/sev/core.c | 9 --------- arch/x86/include/asm/sev-internal.h | 3 +-- arch/x86/include/asm/sev.h | 2 -- arch/x86/mm/mem_encrypt_amd.c | 6 ------ 7 files changed, 5 insertions(+), 30 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 2141936daba7..70c3f4fc4349 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -37,12 +37,12 @@ struct ghcb *boot_ghcb; =20 #define __BOOT_COMPRESSED =20 -extern struct svsm_ca *boot_svsm_caa; extern u64 boot_svsm_caa_pa; =20 struct svsm_ca *svsm_get_caa(void) { - return boot_svsm_caa; + /* The decompressor is mapped 1:1 so VA =3D=3D PA */ + return (struct svsm_ca *)boot_svsm_caa_pa; } =20 u64 svsm_get_caa_pa(void) @@ -530,7 +530,6 @@ bool early_is_sevsnp_guest(void) =20 /* Obtain the address of the calling area to use */ boot_rdmsr(MSR_SVSM_CAA, &m); - boot_svsm_caa =3D (void *)m.q; boot_svsm_caa_pa =3D m.q; =20 /* diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 7884884c0898..9e0573aa29c1 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -26,7 +26,6 @@ * early boot, both with identity mapped virtual addresses and proper ke= rnel * virtual addresses. */ -struct svsm_ca *boot_svsm_caa __ro_after_init; u64 boot_svsm_caa_pa __ro_after_init; =20 /* @@ -648,11 +647,6 @@ static bool __head svsm_setup_ca(const struct cc_blob_= sev_info *cc_info, if (caa & (PAGE_SIZE - 1)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CAA); =20 - /* - * The CA is identity mapped when this routine is called, both by the - * decompressor code and the early kernel code. - */ - boot_svsm_caa =3D (struct svsm_ca *)caa; boot_svsm_caa_pa =3D caa; =20 /* Advertise the SVSM presence via CPUID. */ diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 0000885dc24c..24e7082e1a50 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -252,6 +252,7 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) =20 static __head void svsm_setup(struct cc_blob_sev_info *cc_info) { + struct snp_secrets_page *secrets =3D (void *)cc_info->secrets_phys; struct svsm_call call =3D {}; int ret; u64 pa; @@ -280,7 +281,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) * RAX =3D 0 (Protocol=3D0, CallID=3D0) * RCX =3D New CA GPA */ - call.caa =3D svsm_get_caa(); + call.caa =3D (struct svsm_ca *)secrets->svsm_caa; call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); call.rcx =3D pa; do { @@ -289,7 +290,6 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) if (ret) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CA_REMAP_FAIL); =20 - boot_svsm_caa =3D (struct svsm_ca *)pa; boot_svsm_caa_pa =3D pa; } =20 diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 310d867be4dc..0e0ddf4c92aa 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1496,15 +1496,6 @@ void sev_show_status(void) pr_cont("\n"); } =20 -void __init snp_update_svsm_ca(void) -{ - if (!snp_vmpl) - return; - - /* Update the CAA to a proper kernel address */ - boot_svsm_caa =3D &boot_svsm_ca_page; -} - #ifdef CONFIG_SYSFS static ssize_t vmpl_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 4269d9dbefdf..e3b203c280aa 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -60,7 +60,6 @@ void early_set_pages_state(unsigned long vaddr, unsigned = long paddr, DECLARE_PER_CPU(struct svsm_ca *, svsm_caa); DECLARE_PER_CPU(u64, svsm_caa_pa); =20 -extern struct svsm_ca *boot_svsm_caa; extern u64 boot_svsm_caa_pa; =20 static __always_inline struct svsm_ca *svsm_get_caa(void) @@ -68,7 +67,7 @@ static __always_inline struct svsm_ca *svsm_get_caa(void) if (sev_cfg.use_cas) return this_cpu_read(svsm_caa); else - return boot_svsm_caa; + return rip_rel_ptr(&boot_svsm_ca_page); } =20 static __always_inline u64 svsm_get_caa_pa(void) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 07081bb85331..ae2502253bd3 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -501,7 +501,6 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t e= nd); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); void sev_show_status(void); -void snp_update_svsm_ca(void); int prepare_pte_enc(struct pte_enc_desc *d); void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot_t new_prot); void snp_kexec_finish(void); @@ -629,7 +628,6 @@ static inline void snp_accept_memory(phys_addr_t start,= phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } -static inline void snp_update_svsm_ca(void) { } static inline int prepare_pte_enc(struct pte_enc_desc *d) { return 0; } static inline void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot= _t new_prot) { } static inline void snp_kexec_finish(void) { } diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index faf3a13fb6ba..2f8c32173972 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -536,12 +536,6 @@ void __init sme_early_init(void) x86_init.resources.dmi_setup =3D snp_dmi_setup; } =20 - /* - * Switch the SVSM CA mapping (if active) from identity mapped to - * kernel mapped. - */ - snp_update_svsm_ca(); - if (sev_status & MSR_AMD64_SNP_SECURE_TSC) setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); } --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8EFE1298CD1 for ; Mon, 12 May 2025 19:11:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077110; cv=none; b=MKJ3VsuFvDhXqs/3EfdsIATAaTXmrcCZ3h+6pv6SvH7BllUpv4MhJzNnGGYbWi6QRhUEJWCbS2r3kGHR4zVFmARP6gphYJAwvQMK6TgUYXUNmv/sbNWMhnyXY80skNhc6RYtSrl9ZpYNy7+QcgnN+9hcPeAJQK7CMVwiRiDOwms= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077110; c=relaxed/simple; bh=gQ8lgJlMYZZ+fT7GZ7D62t7EJjJ4IWqxiM5r2SVc5Lg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=rw9R3rLt7ukn9GtajmXfARTNLX3pfcmO+Q7CbmrEaUe1XZMK1vGq7t5UpnyffzuIoazZ53LnEbycSqYS+qwqOo9Cg+ziDmFL3tmrjMDj/vTy2GuKgP3cyCNhvuFl68fxV2ood7x+aoIT0ZTzKjYfwVL/cHQxQz1Z6gZqD8aHnUg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=m0CPwE33; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="m0CPwE33" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-441c96c1977so31416765e9.0 for ; Mon, 12 May 2025 12:11:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077107; x=1747681907; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=etUdhENjKmpns5z45eOeD8S5YfrxjLnIgRLkkUi4X3I=; b=m0CPwE33zkGT89EbMTN9J/H24IUwLikbxLxceOmSwW9+DWv0eKmEe7IviUG3tp/HzZ DTYfHaLL+ktlMQQ3UqSK1A+9dfVr2t620NKsyRUJQkdO4FZuwJYbAcxaxuxo/psyGCE+ Bov1uZFPOojqglbyaYdWRN3UmeWmjA/bPxXich9rxaNyhrtS5/Rn6XefPLjkkWxgO0rJ ZHvqT9SlVwWj7zU07IqjgGp6KeFdXZggXBTfVS5BfqU/kICV+dC042sF3TfHGzYTX+JO E4yAh9wGfeLKB06Bb/xPjzUGPbACCL/x+CzrlnLLFG/8rR4cx9PDja3m4GnEQhR96Zo+ JNBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077107; x=1747681907; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=etUdhENjKmpns5z45eOeD8S5YfrxjLnIgRLkkUi4X3I=; b=QJZREfmHJQW9QnAZe2gbDax+40ionPj369lBRDa5jlk5ihLDdSRQhgVBDTrzFmUi2w b6WwdsYG4VxzQXp4P7JTbevoHMjxFD33Ul6PmmMWEr/Y72gUFa/wWlE5hAjmJSz0BW4g z/BekfDn9hq/aR6h38tFuXGQlqlX6hERu6eomn2EhsbiY/9OqiLrVOL0G2TPTSExrVQK iVJjwEsrCN/Y5xSvnXKQHhw2vC+LhuS+sJBFhGqYSaH5kSWz2nHt38pV4nu+NB4ropzl Xx8jb8qKY6hyjMB00LXI6XDSqNCyPhWZrbHmmHRe20l4zfbFTeqjPH6fvnaz/0rSgGnH y0Vg== X-Gm-Message-State: AOJu0YxIijcj0qSw4RiBVNxQTRD/QH/yS9FrITxiJom6FUJbaeJO00Sz Gk9Guyw1gRDyhnFo3ZEkxyiE5HsKfrNx4jnvrFPh0U0XapKuVwFoYk3j7C3kYSDE5k0l6TvsSfs 7q/x+H/UMhhWxTqJOVPCuV2G8mOoL310P4gGkzXWlbJF5yt9bIf54/H6nAPPjy+sZYEzKeEV2um cMqNHlY08oM6go94Xy2XWkO3mPb0YcPA== X-Google-Smtp-Source: AGHT+IGVPx+7Fn6h2Kmc96sbuWH07igYL+IWA+ogqiWd98w5hhU54EATJ0tFD0vuB5SNKFalP+NdojpD X-Received: from wmbay28.prod.google.com ([2002:a05:600c:1e1c:b0:442:cd39:5ca4]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:37cd:b0:43d:fa59:be38 with SMTP id 5b1f17b1804b1-442d6ddf676mr106827995e9.32.1747077107046; Mon, 12 May 2025 12:11:47 -0700 (PDT) Date: Mon, 12 May 2025 21:08:42 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2569; i=ardb@kernel.org; h=from:subject; bh=TjnRuEtXbnPmDvCBZD7Rs00effSPeHNgL50qf3H7vXI=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3XFGUO5TgWOLZhR6aPQyhfgsDeWYxrRDy/nU3Tv3f PfczTjVUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACbStZ6RYXXRz6CTE/fOKpy4 +lbv75U88hMe1S/44ls74+DqLJaLZlcZGfoVqtZwLgpNOfraaGp4oedir1TWS09489boiBtx9Xx dyAcA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-30-ardb+git@google.com> Subject: [RFT PATCH v3 07/21] x86/sev: Move MSR save/restore out of early page state change helper From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The function __page_state_change() in the decompressor is very similar to the loop in early_set_pages_state(), and they can share this code once the MSR save/restore is moved out. This also avoids doing the preserve/restore for each page in a longer sequence unnecessarily. This simplifies subsequent changes, where the APIs used by __page_state_change() are modified for better separation between startup code and ordinary code. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 70c3f4fc4349..bdedf4bd23ec 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -71,9 +71,6 @@ static void __page_state_change(unsigned long paddr, enum= psc_op op) if (op =3D=3D SNP_PAGE_STATE_SHARED) pvalidate_4k_page(paddr, paddr, false); =20 - /* Save the current GHCB MSR value */ - msr =3D sev_es_rd_ghcb_msr(); - /* Issue VMGEXIT to change the page state in RMP table. */ sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); VMGEXIT(); @@ -83,9 +80,6 @@ static void __page_state_change(unsigned long paddr, enum= psc_op op) if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); =20 - /* Restore the GHCB MSR value */ - sev_es_wr_ghcb_msr(msr); - /* * Now that page state is changed in the RMP table, validate it so that i= t is * consistent with the RMP entry. @@ -96,18 +90,26 @@ static void __page_state_change(unsigned long paddr, en= um psc_op op) =20 void snp_set_page_private(unsigned long paddr) { + u64 msr; + if (!sev_snp_enabled()) return; =20 + msr =3D sev_es_rd_ghcb_msr(); __page_state_change(paddr, SNP_PAGE_STATE_PRIVATE); + sev_es_wr_ghcb_msr(msr); } =20 void snp_set_page_shared(unsigned long paddr) { + u64 msr; + if (!sev_snp_enabled()) return; =20 + msr =3D sev_es_rd_ghcb_msr(); __page_state_change(paddr, SNP_PAGE_STATE_SHARED); + sev_es_wr_ghcb_msr(msr); } =20 bool early_setup_ghcb(void) @@ -132,8 +134,11 @@ bool early_setup_ghcb(void) =20 void snp_accept_memory(phys_addr_t start, phys_addr_t end) { + u64 msr =3D sev_es_rd_ghcb_msr(); + for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) __page_state_change(pa, SNP_PAGE_STATE_PRIVATE); + sev_es_wr_ghcb_msr(msr); } =20 void sev_es_shutdown_ghcb(void) --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97B3A299925 for ; Mon, 12 May 2025 19:11:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077112; cv=none; b=bihd01hqyC5TVjWMMOz4O37zkdXqe+SKGeSl0C8hEQ0251J/2IofkUXwxeGjF1fk4C2ZNuqundcd+xgFWkJCN8nppHsqdkfrhzkers8IsKr5AbxhyHRfO4+TWH1C8mFJIv6z52CbnDgDNYmKQBOaGun0DyFoYVrB1nPCWp9o+VE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077112; c=relaxed/simple; bh=CEDHPADBrtfM/ieGiln94YohPo2UkLSRjqpr/xNAnb8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mCq5Bz50xmYJQshq/fuJlu5foeSCIZO00mm22RxuzCzevhDu06l2/33H2j1n+6FPcf2/JlEKeo/UrV6pikMGhnJSvYtzqAMTAzYW+90McrAhL7ydzv2GyO29X96v75o3k9MjAXO2yXshlcGsz36CV/KLGQbyCxfuUD+DvxvrNCE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sJXloRfR; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sJXloRfR" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43cf446681cso26124435e9.1 for ; Mon, 12 May 2025 12:11:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077109; x=1747681909; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=nhvFVJIiQ0vT+i/sKXNm0DR7xFRSNY+vN9L5egobjeA=; b=sJXloRfRoEvAYUdrjRFvj05n7CWyWPuIxB5VhJnrEzQg6zKARNYNfQgr1x5VtnimC5 KiVCL1FdWyiw+A2LwRNXKfq9dpNuG8wWf349LBzCucc9Azz3WMDzdyLSwPLX52EM5+ky PzigqPQPUE947fkLthmeauGpPG5Wv8Yy/rvxuElMpJBbIOchAK9jPjbackzdOlhmZqqc vuBMPxCUtYAQuZC0XdWyvmzWtdb1APQyo4WL9DBKZhwJQ/wedzm5dHaIU83TnomzIuG7 mCEaCzRbQo3O8U+pPodu5o4+R/ncFA1FPyrsITLrOB6SdpKzJIUGArhza6zEFIWEP0ke B67A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077109; x=1747681909; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=nhvFVJIiQ0vT+i/sKXNm0DR7xFRSNY+vN9L5egobjeA=; b=MMAm4meY1NaY4LE9aGOR5SOYgmIRqkrLjoCWRIqDEcm5sI13b1EMaSsr8E0Xbp2GvK GnzT6B1uatlzaCwNhiK/QyA4KN5R5rLaXxuu0u6rFharhSnw29VUNPQoC0yuRO78so70 Vt9+g1HyXS6n2hDXBNzxGEaM7vXUro/x7WSx81KmVknOrHOCeTphIXgH1DDjgr8Jrb3n o0o9QBi2ZFtmD78+pWPJbQZ3uz0YRebiCHUuBwz5UPG0/+NnaxewC4MO+OKX4WHmAVvn 96YZ2rPFFC6jY3P89b5RCLsQhtbJnHFrxOnLsbvzrOEzp5+ZpztLK9tzFPxZeyDzbBBP PXYQ== X-Gm-Message-State: AOJu0Yxc88E8rN1IH+iST1P59xROp7EvNJXI8ZP9tfZfHUo7u/pHVNGd +ceKm8PmLG3qQMphW+NUBCrKFJXwKN0vMh2HiBkOmSR37m5mREc7ScUllxi77bpgXpTC5PhIxhA sqpV+vZQse9oJ+alR/J/djSFyy9JfytLYPhiX3Gt6pRodr3aIseNIbyuMyjR2w0chKHO4wejq5O HtPd7DNfOtgqDVJupRTobnubYagv8YWw== X-Google-Smtp-Source: AGHT+IE9c4d8hXCnsFdSoEnEljzaBiKUHnHJAmVQhNhaHMh0SWW33pmdhIS4P2KN4rpcXJGV8HvHUh01 X-Received: from wmbet7.prod.google.com ([2002:a05:600c:8187:b0:442:e9fd:359]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c8f:b0:434:fa55:eb56 with SMTP id 5b1f17b1804b1-442d6d18a76mr112034265e9.7.1747077109001; Mon, 12 May 2025 12:11:49 -0700 (PDT) Date: Mon, 12 May 2025 21:08:43 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4782; i=ardb@kernel.org; h=from:subject; bh=3yIuqQM7nuI1sJOHAR/DsDxVbgNKhocAaK2M0PWLoso=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3cWL/cSpfVwTXj8qlz9TMX/py8/xZ3kU+W6nromZq XbYN9+2o5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEyEu5iR4aLurx8vAkyu61zk 3bWWTaPztsi0acHLcy3PL9DwY+aeUsTI8OPKVNlNb73OP9/BEp/qrrWwUpnjgZDSXiGBhuuhupm WHAA= X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-31-ardb+git@google.com> Subject: [RFT PATCH v3 08/21] x86/sev: Share implementation of MSR-based page state change From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Both the decompressor and the SEV startup code implement the exact same sequence for invoking the MSR based communication protocol to effectuate a page state change. Before tweaking the internal APIs used in both versions, merge them and share them so those tweaks are only needed in a single place. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 28 ------------------- arch/x86/boot/startup/sev-shared.c | 28 +++++++++++++++++++ arch/x86/boot/startup/sev-startup.c | 29 +------------------- 3 files changed, 29 insertions(+), 56 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index bdedf4bd23ec..7a01eef9ae01 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -60,34 +60,6 @@ static bool sev_snp_enabled(void) return sev_status & MSR_AMD64_SEV_SNP_ENABLED; } =20 -static void __page_state_change(unsigned long paddr, enum psc_op op) -{ - u64 val, msr; - - /* - * If private -> shared then invalidate the page before requesting the - * state change in the RMP table. - */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(paddr, paddr, false); - - /* Issue VMGEXIT to change the page state in RMP table. */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); - VMGEXIT(); - - /* Read the response of the VMGEXIT. */ - val =3D sev_es_rd_ghcb_msr(); - if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); - - /* - * Now that page state is changed in the RMP table, validate it so that i= t is - * consistent with the RMP entry. - */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(paddr, paddr, true); -} - void snp_set_page_private(unsigned long paddr) { u64 msr; diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 9e0573aa29c1..dae770327b50 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -591,6 +591,34 @@ static void __head pvalidate_4k_page(unsigned long vad= dr, unsigned long paddr, } } =20 +static void __head __page_state_change(unsigned long paddr, enum psc_op op) +{ + u64 val; + + /* + * If private -> shared then invalidate the page before requesting the + * state change in the RMP table. + */ + if (op =3D=3D SNP_PAGE_STATE_SHARED) + pvalidate_4k_page(paddr, paddr, false); + + /* Issue VMGEXIT to change the page state in RMP table. */ + sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); + VMGEXIT(); + + /* Read the response of the VMGEXIT. */ + val =3D sev_es_rd_ghcb_msr(); + if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); + + /* + * Now that page state is changed in the RMP table, validate it so that i= t is + * consistent with the RMP entry. + */ + if (op =3D=3D SNP_PAGE_STATE_PRIVATE) + pvalidate_4k_page(paddr, paddr, true); +} + /* * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 24e7082e1a50..28bf68753580 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -135,7 +135,6 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages, enum psc_op op) { unsigned long paddr_end; - u64 val; =20 vaddr =3D vaddr & PAGE_MASK; =20 @@ -143,37 +142,11 @@ early_set_pages_state(unsigned long vaddr, unsigned l= ong paddr, paddr_end =3D paddr + (npages << PAGE_SHIFT); =20 while (paddr < paddr_end) { - /* Page validation must be rescinded before changing to shared */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(vaddr, paddr, false); - - /* - * Use the MSR protocol because this function can be called before - * the GHCB is established. - */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); - VMGEXIT(); - - val =3D sev_es_rd_ghcb_msr(); - - if (GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) - goto e_term; - - if (GHCB_MSR_PSC_RESP_VAL(val)) - goto e_term; - - /* Page validation must be performed after changing to private */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(vaddr, paddr, true); + __page_state_change(paddr, op); =20 vaddr +=3D PAGE_SIZE; paddr +=3D PAGE_SIZE; } - - return; - -e_term: - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); } =20 void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92778299945 for ; Mon, 12 May 2025 19:11:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077114; cv=none; b=rBEJZ9JWsdUc59Ik2fwrXCHcX6UUrsGid7KhJD227OM6zPESUWW79WWVC9usDjtm7SAEbBcZWagjGSsQQXlZxiv2TAJNw6Va8Ygw9aboUZ/tcfiB/hme15ywLQZkOTVBuTgG+sAMFJdik+6Ns+Kqi8Vko7f5OqEs22yuXlnaask= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077114; c=relaxed/simple; bh=4PRMUsF3/4G7hA2q4hjeIR+JdxZK6wTZjWGcyi+aY1U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=BNnHjqEwSkA1jYRVmkt2B+MWJHhDpknxf5qfNCzYXpbUe++PAypa064tRUuJg77zRZCLi4Q5MLyp8L4pV/RCn1G7aqYPILv0YnUYU8n2FRD4H6weaCQuETBi70BaK1yRfIqzQns/y7P6D2RdonDbjqKvFfZN7OgyOuPCERUFyRY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qpGNIYkK; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qpGNIYkK" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a20257c758so1263416f8f.0 for ; Mon, 12 May 2025 12:11:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077111; x=1747681911; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=VT9UVC5WaYQlU9gYbZ4bwLAzMBxTTt0hC6BCcLJpAOM=; b=qpGNIYkKjSxkXjV6X7yKbx0IqamhISs7CcDqyl7Dahmp3WnmxjIekJpVYjaUaecmZ9 9DpcsTJWxtF2sdIiBAFRE9YBiwn+c+uHtGUYuRePUVj/7sYu2ItYqnua+nIT9hoc27GO Tv6cQWZMYlHai+bjXSEF+0Ln4qrJalCzbC4IoVZNmnMuncfkpr101QCHFCwvudFi0Qa8 KCUH31iqCpi0kwgxVUfmdbXgkHVy/SWet4nrhm0fy6dzolDQ4vN2PaWS2Uer9qVs3i1a /YWzsScECv6mOiVO4Wb3F/spY8MuBfFLkwB2RokoqSiEAqImDnvyROsQB+bNSGhlgVHl 5NIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077111; x=1747681911; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VT9UVC5WaYQlU9gYbZ4bwLAzMBxTTt0hC6BCcLJpAOM=; b=Pz0fUiP0HJJK0e+AxMPNlWCkyLPYFJ2AB+0JuOMTe9ECxfT9UKwjATUT181QS+p3L3 t8eH+kdHgf+RIpEGYU8CBa7kQ18OOUDdWW/MQEYtEyy2owLsOfFFgW9b1NLDiUr0YbAI wi6JnZysV23wKBX2/VfzVPCeQt/tXbCPJPyiVrqMukdd3cEua9EASigT9uHxRYsxp+kY mqDg3WyX+Lg8SRYyxxU0xCORxBkbZdjyMt9U+Lju+DWjw5hvpWtKLZtKXuAUXgXhKtXF Uk8d7kT3lY+vci8y15t1WQZkRKSZSu9EJieviw+T5Y6IeGMOFcRQxIP9W4HF+Pmv9MRv kSpw== X-Gm-Message-State: AOJu0Yy4HFb9Wl/t5vo7I2c3kTZI6LbRahl2OyW8S2ubMnpg6LG9gump YAgC2X+oz1TCi1S7NgXMoXX5JZMkxHC19mUavxcHt/rhdgcCcu+r0RgLv/uper2O2aeRYMVdtse rVU8PnifBemK9IIi4tuHaRVe26A+smFWtjD7DVRD9uw2mVm5y1DrMWWhdseeuWM7Ju1z6YlpkPg y5POt0hrjd6HDvOrV3UC7ivJip3EWyZQ== X-Google-Smtp-Source: AGHT+IHzd4RlyfLXOODAOZP0BRMlZsBxFntsPH1oq9ob7Ye5rGtrjBHCSJaGDnfwVynWIoCZwe59kvFZ X-Received: from wmbbd9.prod.google.com ([2002:a05:600c:1f09:b0:442:e9ed:dccc]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2289:b0:3a0:6c62:8169 with SMTP id ffacd0b85a97d-3a1f646a66amr11099907f8f.25.1747077111021; Mon, 12 May 2025 12:11:51 -0700 (PDT) Date: Mon, 12 May 2025 21:08:44 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7709; i=ardb@kernel.org; h=from:subject; bh=nKTaGIifaijNW5UnObPbBk/6m3hva4eEIq5cHT0Ct3Y=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3W3+khBF5gqd6w1p79xlVv+PvvkhUu3E+gu71jBN4 9muefJBRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZiI6RuG/1WP689v9vqsKZ2f u2TpgfPZPdM01z5gffTWKmf+tDdfVVYyMjx72Zvy9hgf0w/uxfrb1/oGmphMPHneYSm/N8+LSMb tzXwA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-32-ardb+git@google.com> Subject: [RFT PATCH v3 09/21] x86/sev: Pass SVSM calling area down to early page state change API From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The early page state change API is mostly only used very early, when only the boot time SVSM calling area is in use. However, this API is also called by the kexec finishing code, which runs very late, and potentially from a different CPU (which uses a different calling area). To avoid pulling the per-CPU SVSM calling area pointers and related SEV state into the startup code, refactor the page state change API so the SVSM calling area virtual and physical addresses can be provided by the caller. No functional change intended. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 12 +++++++++--- arch/x86/boot/startup/sev-shared.c | 18 ++++++++++-------- arch/x86/boot/startup/sev-startup.c | 11 +++++++---- arch/x86/coco/sev/core.c | 3 ++- arch/x86/include/asm/sev-internal.h | 3 ++- 5 files changed, 30 insertions(+), 17 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 7a01eef9ae01..04bc39d065ff 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -68,7 +68,9 @@ void snp_set_page_private(unsigned long paddr) return; =20 msr =3D sev_es_rd_ghcb_msr(); - __page_state_change(paddr, SNP_PAGE_STATE_PRIVATE); + __page_state_change(paddr, SNP_PAGE_STATE_PRIVATE, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); sev_es_wr_ghcb_msr(msr); } =20 @@ -80,7 +82,9 @@ void snp_set_page_shared(unsigned long paddr) return; =20 msr =3D sev_es_rd_ghcb_msr(); - __page_state_change(paddr, SNP_PAGE_STATE_SHARED); + __page_state_change(paddr, SNP_PAGE_STATE_SHARED, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); sev_es_wr_ghcb_msr(msr); } =20 @@ -109,7 +113,9 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t e= nd) u64 msr =3D sev_es_rd_ghcb_msr(); =20 for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) - __page_state_change(pa, SNP_PAGE_STATE_PRIVATE); + __page_state_change(pa, SNP_PAGE_STATE_PRIVATE, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); sev_es_wr_ghcb_msr(msr); } =20 diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index dae770327b50..70ad9a0aa023 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -538,7 +538,8 @@ static void __head setup_cpuid_table(const struct cc_bl= ob_sev_info *cc_info) } } =20 -static void __head svsm_pval_4k_page(unsigned long paddr, bool validate) +static void __head svsm_pval_4k_page(unsigned long paddr, bool validate, + struct svsm_ca *caa, u64 caa_pa) { struct svsm_pvalidate_call *pc; struct svsm_call call =3D {}; @@ -552,10 +553,10 @@ static void __head svsm_pval_4k_page(unsigned long pa= ddr, bool validate) */ flags =3D native_local_irq_save(); =20 - call.caa =3D svsm_get_caa(); + call.caa =3D caa; =20 pc =3D (struct svsm_pvalidate_call *)call.caa->svsm_buffer; - pc_pa =3D svsm_get_caa_pa() + offsetof(struct svsm_ca, svsm_buffer); + pc_pa =3D caa_pa + offsetof(struct svsm_ca, svsm_buffer); =20 pc->num_entries =3D 1; pc->cur_index =3D 0; @@ -578,12 +579,12 @@ static void __head svsm_pval_4k_page(unsigned long pa= ddr, bool validate) } =20 static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long pa= ddr, - bool validate) + bool validate, struct svsm_ca *caa, u64 caa_pa) { int ret; =20 if (snp_vmpl) { - svsm_pval_4k_page(paddr, validate); + svsm_pval_4k_page(paddr, validate, caa, caa_pa); } else { ret =3D pvalidate(vaddr, RMP_PG_SIZE_4K, validate); if (ret) @@ -591,7 +592,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, } } =20 -static void __head __page_state_change(unsigned long paddr, enum psc_op op) +static void __head __page_state_change(unsigned long paddr, enum psc_op op, + struct svsm_ca *caa, u64 caa_pa) { u64 val; =20 @@ -600,7 +602,7 @@ static void __head __page_state_change(unsigned long pa= ddr, enum psc_op op) * state change in the RMP table. */ if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(paddr, paddr, false); + pvalidate_4k_page(paddr, paddr, false, caa, caa_pa); =20 /* Issue VMGEXIT to change the page state in RMP table. */ sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); @@ -616,7 +618,7 @@ static void __head __page_state_change(unsigned long pa= ddr, enum psc_op op) * consistent with the RMP entry. */ if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(paddr, paddr, true); + pvalidate_4k_page(paddr, paddr, true, caa, caa_pa); } =20 /* diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 28bf68753580..7a3ad17d06f6 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -132,7 +132,8 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state) =20 void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, - unsigned long npages, enum psc_op op) + unsigned long npages, enum psc_op op, + struct svsm_ca *caa, u64 caa_pa) { unsigned long paddr_end; =20 @@ -142,7 +143,7 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, paddr_end =3D paddr + (npages << PAGE_SHIFT); =20 while (paddr < paddr_end) { - __page_state_change(paddr, op); + __page_state_change(paddr, op, caa, caa_pa); =20 vaddr +=3D PAGE_SIZE; paddr +=3D PAGE_SIZE; @@ -165,7 +166,8 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd * Ask the hypervisor to mark the memory pages as private in the RMP * table. */ - early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE); + early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE, + svsm_get_caa(), svsm_get_caa_pa()); } =20 void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, @@ -181,7 +183,8 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr return; =20 /* Ask hypervisor to mark the memory pages shared in the RMP table. */ - early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); + early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED, + svsm_get_caa(), svsm_get_caa_pa()); } =20 /* diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 0e0ddf4c92aa..39bbbea09c24 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -584,7 +584,8 @@ static void set_pages_state(unsigned long vaddr, unsign= ed long npages, int op) =20 /* Use the MSR protocol when a GHCB is not available. */ if (!boot_ghcb) - return early_set_pages_state(vaddr, __pa(vaddr), npages, op); + return early_set_pages_state(vaddr, __pa(vaddr), npages, op, + svsm_get_caa(), svsm_get_caa_pa()); =20 vaddr =3D vaddr & PAGE_MASK; vaddr_end =3D vaddr + (npages << PAGE_SHIFT); diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index e3b203c280aa..08e2cfdef512 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -55,7 +55,8 @@ DECLARE_PER_CPU(struct sev_es_runtime_data*, runtime_data= ); DECLARE_PER_CPU(struct sev_es_save_area *, sev_vmsa); =20 void early_set_pages_state(unsigned long vaddr, unsigned long paddr, - unsigned long npages, enum psc_op op); + unsigned long npages, enum psc_op op, + struct svsm_ca *ca, u64 caa_pa); =20 DECLARE_PER_CPU(struct svsm_ca *, svsm_caa); DECLARE_PER_CPU(u64, svsm_caa_pa); --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF09C299A8A for ; Mon, 12 May 2025 19:11:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077116; cv=none; b=szN7PNwfi0CiCvhw9NaYsKGRtClTdSqkzOAEmN/OotDRZjY/yGy5iVYDBUaVpxpCopH2fitlCqytMjRqi8hfOr0F2kUsud4EGlxgMrGgHHAXKepsMMldsCkUpiVxQFazUU1qbuKISY1SzTqM0cxhkSvu2531JWTrkv90XYf5Ffo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077116; c=relaxed/simple; bh=7K2L+GKfDJZEmOoWCjZzAUSDROLuN9vFgPOoHrZk8MI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tpxMXbbyuztwfyPYH4dLN/0meNaMmLh1xBT8+8T5ig+0hiFhDx3FGqC2fgzVwE2vY9nZ6Gt+K3YKkB5WjKitcrWMj+XsCUSwKrkIdC+e6piJRXwvs6OIfDSxfJm6Ct62EFiTgrVkfAbw0qtI7O1bcFKeKsJpf/w7hv85X7nUuuk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=H2ruq6+u; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="H2ruq6+u" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43d5ca7c86aso22717255e9.0 for ; Mon, 12 May 2025 12:11:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077113; x=1747681913; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3XKokAspLOvkjts4pWwEpgnj480mrGaJGARvds1P8gU=; b=H2ruq6+ur9GO1EneyBzUiLVVvZt+fyW+tq4ytWW0WZAnY8WYNXKgG/QjnL4itgy95Q KR24Vv0VJfjTJ4y+4qfi5Gn1onLI5gnWv/DpbrAiwXg+J27lTFysnecU6DRa8flSHQEF iCCyNS6Va8FdOWGY0u++WcC73bPyJ3gnA7Im3VxMUaB32x4YA7KrNyvReoUcewfqiHN0 q/eU1Nb0bMnH12g1qmoXpPEdZaeZ+mgL6L6CYHE/HSdvPRImRaVtsNjJ30/5VSmMx6nm Dtecd0gYNLHWdR3AvZwT2ywKz9zhBgT1sg9BuMgadMDBVdWNR4OohGUlgu5lXcuxm8N6 zjzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077113; x=1747681913; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3XKokAspLOvkjts4pWwEpgnj480mrGaJGARvds1P8gU=; b=rMVhvvVIZg4ZXCrcckL3bvPJidoUHDSQBZiECN3Vej7G3Gdk5MQ5at2g0M7DztVcUg 5lwvX7DNC/5/njWVu3n+cWAREYdXq/eD9ZG8WYKAYR9s5axP4Uiw4qvNW7wA1Y6Bahm2 2Aj1k30fpUfTsbQTMhOs+PwfYEysSx2JxU3l+50zbe2lnh/D4eqZorcTEKYNbSszjT9H 0iMv2KuJ/kTL56OrBM6J/2FQ3zAV2E556Yzu42IQr/NaJkbLVxVwunD1PYogQOBrEVeL 6/rQ2mOZluU+C74b8bNKICdx6QDIA3GBUiKgAt8DwC94X573a0fisg/pOlZ4VMs4TNvY Jetg== X-Gm-Message-State: AOJu0Yy9oUOD4iD/Sx3Y1FpB3oijyLaNpnXcBigSb19BCJXcOAhAYEwP LjRCfa87ueteI2Bu+YFHGCANKD/45nR7ATWNxBCJaGVJkeXb56q4AzxS2gPg3XQ+T+B0tbZMXNF sAFn4oS2MbhrGXPNgSYjUqFaZ3DeNCpCOsd6V++tN5iBkEPVxPgWGfIEhwsvMPmRbM6clhR48sL UYQpVwSr50ri6YYwMcag30/x4lEsX0uQ== X-Google-Smtp-Source: AGHT+IFCBAwZKHnIc2xjqftOjJZwQmyTYMlu5P3aWusXhTyeYtY2YRoTyZ+awOa8ofAOsfGILXoGhK9q X-Received: from wmqb6.prod.google.com ([2002:a05:600c:4e06:b0:442:cd17:732c]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c12:b0:43c:f616:f08 with SMTP id 5b1f17b1804b1-442d6d3decbmr125763715e9.8.1747077113088; Mon, 12 May 2025 12:11:53 -0700 (PDT) Date: Mon, 12 May 2025 21:08:45 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5484; i=ardb@kernel.org; h=from:subject; bh=bVbymWKNm9wWjinbz/J23+LuQcjm/YhHZrH0j/hDw2w=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3Z0zI1ElwedOVEPJR+c3x17um37Q6kvA+0c57C84P 8TJzl3fUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACbCksDI8Cuq0nhSuXncrXUi y/52Lcl9J7UoxqJu5fUiB8fcFZ+uSTMyvPj53PGLiZ6uwrwvvC9S958q7Kt92b9//4PqCLkZZWd VGQE= X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-33-ardb+git@google.com> Subject: [RFT PATCH v3 10/21] x86/sev: Use boot SVSM CA for all startup and init code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel To avoid having to reason about whether or not to use the per-CPU SVSM calling area when running startup and init code on the boot CPU, reuse the boot SVSM calling area as the per-CPU area for CPU #0. This removes the need to make the per-CPU variables and associated state in sev_cfg accessible to the startup code once confined. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 13 ------ arch/x86/boot/startup/sev-startup.c | 7 +-- arch/x86/coco/sev/core.c | 47 +++++++++----------- arch/x86/include/asm/sev-internal.h | 16 ------- 4 files changed, 24 insertions(+), 59 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 04bc39d065ff..fc0119bdc878 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -37,19 +37,6 @@ struct ghcb *boot_ghcb; =20 #define __BOOT_COMPRESSED =20 -extern u64 boot_svsm_caa_pa; - -struct svsm_ca *svsm_get_caa(void) -{ - /* The decompressor is mapped 1:1 so VA =3D=3D PA */ - return (struct svsm_ca *)boot_svsm_caa_pa; -} - -u64 svsm_get_caa_pa(void) -{ - return boot_svsm_caa_pa; -} - u8 snp_vmpl; =20 /* Include code for early handlers */ diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 7a3ad17d06f6..2e946dab036c 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -50,9 +50,6 @@ u64 sev_secrets_pa __ro_after_init; /* For early boot SVSM communication */ struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); =20 -DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); -DEFINE_PER_CPU(u64, svsm_caa_pa); - /* * Nothing shall interrupt this code path while holding the per-CPU * GHCB. The backup GHCB is only for NMIs interrupting this path. @@ -167,7 +164,7 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd * table. */ early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE, - svsm_get_caa(), svsm_get_caa_pa()); + rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, @@ -184,7 +181,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr =20 /* Ask hypervisor to mark the memory pages shared in the RMP table. */ early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED, - svsm_get_caa(), svsm_get_caa_pa()); + rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 /* diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 39bbbea09c24..fa7fdd11a45b 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -45,6 +45,25 @@ #include #include =20 +DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); +DEFINE_PER_CPU(u64, svsm_caa_pa); + +static inline struct svsm_ca *svsm_get_caa(void) +{ + if (sev_cfg.use_cas) + return this_cpu_read(svsm_caa); + else + return rip_rel_ptr(&boot_svsm_ca_page); +} + +static inline u64 svsm_get_caa_pa(void) +{ + if (sev_cfg.use_cas) + return this_cpu_read(svsm_caa_pa); + else + return boot_svsm_caa_pa; +} + /* AP INIT values as documented in the APM2 section "Processor Initializa= tion State" */ #define AP_INIT_CS_LIMIT 0xffff #define AP_INIT_DS_LIMIT 0xffff @@ -1207,7 +1226,8 @@ static void __init alloc_runtime_data(int cpu) struct svsm_ca *caa; =20 /* Allocate the SVSM CA page if an SVSM is present */ - caa =3D memblock_alloc_or_panic(sizeof(*caa), PAGE_SIZE); + caa =3D cpu ? memblock_alloc_or_panic(sizeof(*caa), PAGE_SIZE) + : &boot_svsm_ca_page; =20 per_cpu(svsm_caa, cpu) =3D caa; per_cpu(svsm_caa_pa, cpu) =3D __pa(caa); @@ -1261,32 +1281,9 @@ void __init sev_es_init_vc_handling(void) init_ghcb(cpu); } =20 - /* If running under an SVSM, switch to the per-cpu CA */ - if (snp_vmpl) { - struct svsm_call call =3D {}; - unsigned long flags; - int ret; - - local_irq_save(flags); - - /* - * SVSM_CORE_REMAP_CA call: - * RAX =3D 0 (Protocol=3D0, CallID=3D0) - * RCX =3D New CA GPA - */ - call.caa =3D svsm_get_caa(); - call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); - call.rcx =3D this_cpu_read(svsm_caa_pa); - ret =3D svsm_perform_call_protocol(&call); - if (ret) - panic("Can't remap the SVSM CA, ret=3D%d, rax_out=3D0x%llx\n", - ret, call.rax_out); - + if (snp_vmpl) sev_cfg.use_cas =3D true; =20 - local_irq_restore(flags); - } - sev_es_setup_play_dead(); =20 /* Secondary CPUs use the runtime #VC handler */ diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 08e2cfdef512..3690994275dd 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -63,22 +63,6 @@ DECLARE_PER_CPU(u64, svsm_caa_pa); =20 extern u64 boot_svsm_caa_pa; =20 -static __always_inline struct svsm_ca *svsm_get_caa(void) -{ - if (sev_cfg.use_cas) - return this_cpu_read(svsm_caa); - else - return rip_rel_ptr(&boot_svsm_ca_page); -} - -static __always_inline u64 svsm_get_caa_pa(void) -{ - if (sev_cfg.use_cas) - return this_cpu_read(svsm_caa_pa); - else - return boot_svsm_caa_pa; -} - enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt); void vc_forward_exception(struct es_em_ctxt *ctxt); =20 --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BBF3B299A82 for ; Mon, 12 May 2025 19:11:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077118; cv=none; b=s/taVS17ukhDQmG4Nnc525WWofUzAMMMOindGugj1sn0bdpmkJXS9zyRSSdtfb1uNYo4byUXDfpL4JSRWDdaxiOHS5hElBjvN3cmKMJJiC6VF3chPy68SXJJZp/zJ51KwNst81KE8kjHBn4JDq0uD53QT9AwkbqbAB8uCAao7dQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077118; c=relaxed/simple; bh=aDKXddBmfA7RTqjn2IVQf1JJqM5fseVSyiUbPLA7/2U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Gjy6tz3zgjaftnwPIW4G2L0Ic1nsIiu2qAY3945TPZrLk0gGz+vVgBJIQexgg6bKKyT2zYevHgxfoUR7kaF3WadQ04l4vi4UaHstSWscvbnGfpZP3w1FQOslgViYN3LPcUYPOVN6e6lkhQ0f2YLO/QkqHexpcYuc1w156Mvxmas= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=PRsqtBFr; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="PRsqtBFr" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43cf44b66f7so27259625e9.1 for ; Mon, 12 May 2025 12:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077115; x=1747681915; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=IkqYSPwglKGsOQATio9iDSPAoMiQZFICU2YOedJQt4I=; b=PRsqtBFr8bJruAHNjFNqofk3z33T7WwZh2f1xG+mBpHnLw+DfBgKxc6NIVMI+1aH1e jtJYCcfAgepFhoJQb9ebz8qV4pCvFnYH9tvlKhG/o5vd4Amrl/3cmdmjMsIoAnZN3xGe 1+F11CfWNYWRPFHmm35kL8H+5ADNrkYZjZsDn782LQYhpyM7jqk9YjUUBWZ77e7gzpGj vsSlGfhUEvqLXgs6O7z+2MMBh7iFkYvImrsrS0HdfaWF3Agt4nsipGux2ydAQzSOvWpM sBrqzZKQtBn4Me9H/E9qriScdG0tj+tYig1sWfBAkMAoQJC/E7R9NlhkEzIsfFHzPhpq oCjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077115; x=1747681915; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IkqYSPwglKGsOQATio9iDSPAoMiQZFICU2YOedJQt4I=; b=MTJbyAmNutEHu76OqZLwKeIZTEXsnVA4xvgbbkktRI5Y+8QteEUZuT2zAib6Rdh/gN xDLqhIdGApc5WyXL10y41bI3mqfStB5Rj+zTQnWEpjfjS9DPyy8ykbGfK7R+UDHiYtb+ LBWWGYcTkNyoLHrFz3ymYZxG1RTKG8mwlnSMUjkdXgrU954p2ksAP4K7fwcexI8vJYEm MVMgXdohxMqwW7KyWCNZ2wVHpMkXsJb8cdNVG6+2oLrg3VSoeRT7tKkiOMiHusx+dbX7 idf2AuPds8S2m+oWzZsMp9xChvUQmB894O228QOQz+3i+kYXOfsVplQO9J1POwxjmHID TVDQ== X-Gm-Message-State: AOJu0YzcRlVPjyBeSvMx9wSO0XG/UR2TU2RlBbpor/1u8/J5BaSKNRuW cjaepIyVWOzHrRaRtoKYaFpOo9a9dIlvJTUP0ThvnQC7Z1P8OTESOUxvRa6Ljm+gzLRvAEZ//ap TcoJGWKMPeq0CzYA+IuugUTiWCIfgG/zu5z5R61H263kq6mJgeC/cxYSKFAJOFTbe3ylkEcwn2T KgFibanglRdw+mtxDo+RcGLsba9E4IwQ== X-Google-Smtp-Source: AGHT+IEaaHhwrXfd/Wzouxv8CS+dY6uNWRlhAgaStz1xy0fKpo+oVpgJ/U/jRB1OuOMvYFuzaKBDVsRR X-Received: from wmbej13.prod.google.com ([2002:a05:600c:3e8d:b0:43d:1f28:b8bf]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:348e:b0:43d:79:ae1b with SMTP id 5b1f17b1804b1-442d6d3db06mr128986795e9.14.1747077115165; Mon, 12 May 2025 12:11:55 -0700 (PDT) Date: Mon, 12 May 2025 21:08:46 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2030; i=ardb@kernel.org; h=from:subject; bh=qYeNzewJfU+/ilrF/EECZk7hASJcT/OB77Eaj+puqno=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3bO89LCQuM93j1JZ379X39WqK134fljETN2vQvegX 5js5HUdpSwMYhwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCJLjzP8D867JiCx7F79VzXN rZ9embRJJ8SVX9j3SmGO5XflsL5GIUaGDi4/g8i6fRu7X99UnneS623eoQs9k59tT/o467Ti7ax IbgA= X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-34-ardb+git@google.com> Subject: [RFT PATCH v3 11/21] x86/boot: Drop redundant RMPADJUST in SEV SVSM presence check From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel snp_vmpl will be assigned a non-zero value when executing at a VMPL other than 0, and this is inferred from a call to RMPADJUST, which only works when running at VMPL0. This means that testing snp_vmpl is sufficient, and there is no need to perform the same check again. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index fc0119bdc878..68fc3d179bbe 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -403,30 +403,16 @@ void sev_enable(struct boot_params *bp) */ if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { u64 hv_features; - int ret; =20 hv_features =3D get_hv_features(); if (!(hv_features & GHCB_HV_FT_SNP)) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); =20 /* - * Enforce running at VMPL0 or with an SVSM. - * - * Use RMPADJUST (see the rmpadjust() function for a description of - * what the instruction does) to update the VMPL1 permissions of a - * page. If the guest is running at VMPL0, this will succeed. If the - * guest is running at any other VMPL, this will fail. Linux SNP guests - * only ever run at a single VMPL level so permission mask changes of a - * lesser-privileged VMPL are a don't-care. + * Running at VMPL0 is required unless an SVSM is present and + * the hypervisor supports the required SVSM GHCB events. */ - ret =3D rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1); - - /* - * Running at VMPL0 is not required if an SVSM is present and the hyperv= isor - * supports the required SVSM GHCB events. - */ - if (ret && - !(snp_vmpl && (hv_features & GHCB_HV_FT_SNP_MULTI_VMPL))) + if (snp_vmpl > 0 && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); } =20 --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C61DB299ABA for ; Mon, 12 May 2025 19:11:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077120; cv=none; b=hsgpEv9/SSEAB0Lg4hcIM0r02ee0cKyXP6merBdf4fETE2eQMM3f5nFrRVzm0XymmNHjY1N9xzgKLo8vYy7zieFe2T1s77i1xMskF6QUjYkpqWQSpFNKNXaTMC7wqSIWD7NPrWrf+yuhvjKGeINVzPrx6i4J/WJ1cwolJnhgG9A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077120; c=relaxed/simple; bh=Ae2bTUsPVgTkgeeoTxnjjgufOuYstQjBzDP0Q98XS34=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=hDxZVCQuYNij/QayI1qJPYu3F/ZqEsu0bxM1qeEDRarb1W0TCLc1zCKnRQ/NpraQTgH4U5BI5tMO8qq45Gftp1PmGx+8q2b7tzTuuiKgxcvFlr5xG2U0I2cKOc7+5SHht8MiyKBqWijc833pnZvU5reL7iN2oI/h9oZe9wwSrMo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GzDMK/Dk; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GzDMK/Dk" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-442e0e6eb84so13215405e9.0 for ; Mon, 12 May 2025 12:11:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077117; x=1747681917; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=h2cjVQZuIH0EwsabYOpjvP/rbkK0LuiNi8s+Yy7b5os=; b=GzDMK/Dk5oJckkrLT8lfE79KGvcY8A74bD335syAYPAtlExvw2sPf/PercefDn/AzX 4VGKrnnYcvvejeHHd1DjIZIenLp3s2g+8AmhwHNOewXsw3NVO/3Ncq1WCvKsVSJ/K7qR 7hc90tbA+upbO0VzloVo7MTu42Mu/2yPo7QDWA3Tzt1tP7aYalcjGqSY9Rk4PdnhhIWx 3pwGC30skiORB8L5MWnw4cX2K1NZZq9sCafDJf+VD+aE8gcb9UdDyUImD6ufTgnS34jm XuG4Ll5t753wYWqpuIFHv2814bvOy4O6fc8kaoAQIN/sXbN4MbryktW7rXxYsgCF8qnM xrhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077117; x=1747681917; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=h2cjVQZuIH0EwsabYOpjvP/rbkK0LuiNi8s+Yy7b5os=; b=C3EZ1x11pxy75LIwRtaJvjeTaHzSqcsDXkyeq1+GW0RCwsbAhaoIuWCJ5npIO2CFdl 91RJcHxx4Y+xD6JNLFDc86l6WxiHpmdjzfKKrZJg1RnRLgIkrn9iB3To22FgjKJO87BA HgyYRKT8yUEYgSq+JUlTksc9vDNXLZVI06koNqYm40VmOrxAJ1s9+NJiuk3y2eiwq8ID ko7tIkl8L3vfNMWlOKF0L8w4IUuyVag7ofefEgvfO387YEDLWrE0JWktYctXKZI7bXDW MOgQKw272zRA2kN52kQCDzLjdYhO7eEZgm0FQ3DnWEAHRULm7bAL3mKkB/ZfosejoUaw jiwg== X-Gm-Message-State: AOJu0YytuAGzHZoUfTlTvbjrYj8rqzg2wQ3310lpK0Q3w1BbleO0Cms9 amYwxK/ZvaA5SJK2+sS8vbFK0vdKZVmqfhsEuaq6K3hAk1Ym0qRsa8qL3cuQS4BBRtjFr6Z6qMV o1XmYLAZiNa3QAjWhyvSLAhzyhzicRRZU5qKKZI0saE9ROzUcCrBv4gzH3TVI2KqyJYHx2TETA/ YAQYFnM1cM919x/TwM/EF1cFqFRQQT0g== X-Google-Smtp-Source: AGHT+IFO2Juxgf0Vy95m5fzCvEWVqisVFwZ/ZeZtIx+d2i9YuGp6LSEDOFfWg83ZlqJL44eeGcS09Pr4 X-Received: from wmbji6.prod.google.com ([2002:a05:600c:a346:b0:43c:fe99:2bc5]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4f52:b0:43d:40b0:5b with SMTP id 5b1f17b1804b1-442d6dda0bfmr89095805e9.25.1747077117045; Mon, 12 May 2025 12:11:57 -0700 (PDT) Date: Mon, 12 May 2025 21:08:47 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6173; i=ardb@kernel.org; h=from:subject; bh=puw+vd+gW6u69/qXNHG7sPOaV2+GnhFrDkUQFAxL0rY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3Vvdfc/9ortWk10F7u+1U/8YnGQzacdPdalvXx+03 pftUeLpKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABPZ28XwT/nRlncfbLpvz/yx fsk7nVTvpMc7GnZbO/4JU6gLK1lRxMzwV0BXf9Num0W9wdofC/VXnGNmuVTAdeHctO17Zzp+22P hwQ0A X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-35-ardb+git@google.com> Subject: [RFT PATCH v3 12/21] x86/sev: Unify SEV-SNP hypervisor feature check From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The decompressor and the core kernel both check the hypervisor feature mask exposed by the hypervisor, but test it in slightly different ways. This disparity seems unintentional, and simply a result of the fact that the decompressor and the core kernel evolve differently over time when it comes to setting up the SEV-SNP execution context. So move the HV feature check into a helper function and call that instead. For the core kernel, move the check to an earlier boot stage, right after the point where it is established that the guest is executing in SEV-SNP mode. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 19 +---------- arch/x86/boot/startup/sev-shared.c | 33 +++++++++++++++----- arch/x86/boot/startup/sme.c | 2 ++ arch/x86/coco/sev/core.c | 11 ------- arch/x86/include/asm/sev-internal.h | 2 +- arch/x86/include/asm/sev.h | 2 ++ 6 files changed, 32 insertions(+), 37 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 68fc3d179bbe..4b7a99b2f822 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -397,24 +397,7 @@ void sev_enable(struct boot_params *bp) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_PROT_UNSUPPORTED); } =20 - /* - * SNP is supported in v2 of the GHCB spec which mandates support for HV - * features. - */ - if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { - u64 hv_features; - - hv_features =3D get_hv_features(); - if (!(hv_features & GHCB_HV_FT_SNP)) - sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); - - /* - * Running at VMPL0 is required unless an SVSM is present and - * the hypervisor supports the required SVSM GHCB events. - */ - if (snp_vmpl > 0 && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); - } + snp_check_hv_features(); =20 if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) error("SEV-SNP supported indicated by CC blob, but not SEV status MSR."); diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 70ad9a0aa023..560985ef8df6 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -66,16 +66,10 @@ sev_es_terminate(unsigned int set, unsigned int reason) asm volatile("hlt\n" : : : "memory"); } =20 -/* - * The hypervisor features are available from GHCB version 2 onward. - */ -u64 get_hv_features(void) +static u64 __head get_hv_features(void) { u64 val; =20 - if (ghcb_version < 2) - return 0; - sev_es_wr_ghcb_msr(GHCB_MSR_HV_FT_REQ); VMGEXIT(); =20 @@ -86,6 +80,31 @@ u64 get_hv_features(void) return GHCB_MSR_HV_FT_RESP_VAL(val); } =20 +u64 __head snp_check_hv_features(void) +{ + /* + * SNP is supported in v2 of the GHCB spec which mandates support for HV + * features. + */ + if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { + u64 hv_features; + + hv_features =3D get_hv_features(); + if (!(hv_features & GHCB_HV_FT_SNP)) + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); + + /* + * Running at VMPL0 is required unless an SVSM is present and + * the hypervisor supports the required SVSM GHCB events. + */ + if (snp_vmpl > 0 && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); + + return hv_features; + } + return 0; +} + int svsm_perform_msr_protocol(struct svsm_call *call) { u8 pending =3D 0; diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index 753cd2094080..0ae04e333f51 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -533,6 +533,8 @@ void __head sme_enable(struct boot_params *bp) if (snp_en ^ !!(msr & MSR_AMD64_SEV_SNP_ENABLED)) snp_abort(); =20 + sev_hv_features =3D snp_check_hv_features(); + /* Check if memory encryption is enabled */ if (feature_mask =3D=3D AMD_SME_BIT) { if (!(bp->hdr.xloadflags & XLF_MEM_ENCRYPTION)) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index fa7fdd11a45b..fc4f6f188d42 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1264,17 +1264,6 @@ void __init sev_es_init_vc_handling(void) if (!sev_es_check_cpu_features()) panic("SEV-ES CPU Features missing"); =20 - /* - * SNP is supported in v2 of the GHCB spec which mandates support for HV - * features. - */ - if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) { - sev_hv_features =3D get_hv_features(); - - if (!(sev_hv_features & GHCB_HV_FT_SNP)) - sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); - } - /* Initialize per-cpu GHCB pages */ for_each_possible_cpu(cpu) { alloc_runtime_data(cpu); diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 3690994275dd..7ad8faf5e88b 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -81,6 +81,6 @@ static __always_inline void sev_es_wr_ghcb_msr(u64 val) native_wrmsr(MSR_AMD64_SEV_ES_GHCB, low, high); } =20 -u64 get_hv_features(void); +void check_hv_features(void); =20 const struct snp_cpuid_table *snp_cpuid_get_table(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index ae2502253bd3..17b03a1f5694 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -418,6 +418,7 @@ struct svsm_call { #ifdef CONFIG_AMD_MEM_ENCRYPT =20 extern u8 snp_vmpl; +extern u64 sev_hv_features; =20 extern void __sev_es_ist_enter(struct pt_regs *regs); extern void __sev_es_ist_exit(void); @@ -495,6 +496,7 @@ void snp_set_memory_private(unsigned long vaddr, unsign= ed long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); +u64 snp_check_hv_features(void); void snp_dmi_setup(void); int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct = svsm_attest_call *input); void snp_accept_memory(phys_addr_t start, phys_addr_t end); --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B61B229A315 for ; Mon, 12 May 2025 19:12:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077122; cv=none; b=SExh4DJArOtOAWBrqsepu1YAb0HUtrkopR1LpswP9ygI0Chty3xAOVWkhpC4Fg9hthm+VI2fv+7yS8Cj5n2yHe8pJsJAu/HeVnTPZCT4Co1cMm9G82T7T58dGE7vgLwegev0mz/qXY4Uzhd4qHmWKmG7dsXodE2ZbhqvNf6ugJE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077122; c=relaxed/simple; bh=vZC/lvuXnvs/3ILzP3Sss1MDVjBUvH2peEOGAMozm/k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QGJ0ath3fUr/Gf9B9pt/DMorBTMR4G0uapmnlSmfD4S7OMYLc3mf5Yb3rbebsqBxSQYui+QqYR5/sNWapy0oMJ7aOSPMOzJ5tKA1mWdfvEhGc4lSws6IGcWwuSCVasz6DuifnX7fbkw2dZDDM5OyHnLre80YDMUrM0Ltrs4PAK0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1nKDckbd; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1nKDckbd" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-442dc702850so14980925e9.1 for ; Mon, 12 May 2025 12:12:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077119; x=1747681919; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rzI9Rhhz6VtpWzTUQUiGCDtgPAAyeJ3jVJn+Xj3MKJo=; b=1nKDckbdA6V76/DYg8SgcvcgaBL6z6J/jsXpMv/lCbMrFCmx1SipxO1zvsCm4nK7wi YsF0IgUbOJGL/MnpIEd+2Q97iwb+xg9uevXeXWfXGYTIZKYVnEr97OTvEfHZxn0SKnE7 OLok5G1+r5PSGGMuMZ5oSQgma7sFBjXsi3W+6YVXzDW4m+hs3+LHG0Rm1WBT3PjslfLm /O5plnLnvJtF4F2tRawU9p9jjgve7rhco2j8Xd3jl38tfvSscXDMRhgiG0GbGekutRnx atL8ofu1YODAuEdeo5BnmW5Z2C34YI0AiQQrohSg1hxreb6HQd8+ViPaIwnBtDd086Ig sLEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077119; x=1747681919; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rzI9Rhhz6VtpWzTUQUiGCDtgPAAyeJ3jVJn+Xj3MKJo=; b=ALMHP/U+I0z11UHqvzG0n4LZnw79zFAM3KOcxNyFt8yjIE68+DtINViArlvUCQ8cYU wXvVlIaV/SbEXFq1RadW/4hI2bhU2WQvSyn87gqsZ/Nys1A9rL+Etb96bh2KW4EG0Hyg fVsdoW2ygLljGjGIw4NzHGw+nqtF0n0D6L1k7oWmuvuMC3ch14hlfvk0pWNAycOistuA S5szORuOuay4dW4wiep+7vgemAyPv8acxXuq2ViIUoxa8GiSkYj39FmKRSIUOUesL8N3 vl/6AVHYyY57t9qDLmr5/JbD1X0zNksrZy4oUBtjUQC6zM1Y5ke1Z9COF+lzhb/mLRPR GuVA== X-Gm-Message-State: AOJu0Yw1dprXIRXi0UowFph2U5T3G797YBuK9H5fhIPZqhJ1WHzx5/Ek pxg0GG4ryMFV6Jay3svjhNu+1fhbGsIULTgnUy1j7ZJ4vcej5gHo9QKL+J+k+GdxYCYafBp45TG Qa3r72ZPub2inzHvMrQZQSyQZkro67CcUoxF0+vNcv0qlNHRW7V8hMWB3rkgOfmQNu5B261WFrz DmbHoSVGoYHkPsQfPumHMrDv11L8KL9g== X-Google-Smtp-Source: AGHT+IEyRKCMjROgwRNMYsTnB0oB57qSWvIJs2wXwqzTUCe9KiyD/LGh/ym0XBUJQTN0ZcEAk63kOyNw X-Received: from wmrm7.prod.google.com ([2002:a05:600c:37c7:b0:440:5f8a:667c]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:82c3:b0:43d:160:cd9e with SMTP id 5b1f17b1804b1-442e9f4a297mr21324885e9.17.1747077119148; Mon, 12 May 2025 12:11:59 -0700 (PDT) Date: Mon, 12 May 2025 21:08:48 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4998; i=ardb@kernel.org; h=from:subject; bh=L1iwoqc7okjVK978IuWgIFWvuGDLtTUNFEDU369cp3U=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3beSa0muTuXD1E17bXmtfedcN+Ba/rrt8IXdayz1T qX3dc/uKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABP5Movhf8EnpQuKPo3Lk+S4 9ggdtNlXOGtbRUJr5lWJrOId//acvM7IcMP974/nq0Q/5J/9O8k3SWT2tNQLqd1tUysNvyZZaRV +ZwMA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-36-ardb+git@google.com> Subject: [RFT PATCH v3 13/21] x86/sev: Provide PIC aliases for SEV related data objects From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Provide PIC aliases for data objects that are shared between the SEV startup code and the SEV code that executes later. This is needed so that the confined startup code is permitted to access them. This requires some of these variables to be moved into a source file that is not part of the startup code, as the PIC alias is already implied, and exporting variables in the opposite direction is not supported. Move ghcb_version as well, but don't provide a PIC alias as it is not actually needed. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 3 ++ arch/x86/boot/startup/sev-shared.c | 19 ----------- arch/x86/boot/startup/sev-startup.c | 9 ------ arch/x86/coco/sev/core.c | 33 ++++++++++++++++++++ 4 files changed, 36 insertions(+), 28 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 4b7a99b2f822..750f08d1c7a1 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -38,6 +38,9 @@ struct ghcb *boot_ghcb; #define __BOOT_COMPRESSED =20 u8 snp_vmpl; +u16 ghcb_version; + +u64 boot_svsm_caa_pa; =20 /* Include code for early handlers */ #include "../../boot/startup/sev-shared.c" diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 560985ef8df6..21d5a0e33145 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -18,25 +18,6 @@ #define WARN(condition, format...) (!!(condition)) #endif =20 -/* - * SVSM related information: - * During boot, the page tables are set up as identity mapped and later - * changed to use kernel virtual addresses. Maintain separate virtual and - * physical addresses for the CAA to allow SVSM functions to be used dur= ing - * early boot, both with identity mapped virtual addresses and proper ke= rnel - * virtual addresses. - */ -u64 boot_svsm_caa_pa __ro_after_init; - -/* - * Since feature negotiation related variables are set early in the boot - * process they must reside in the .data section so as not to be zeroed - * out when the .bss section is later cleared. - * - * GHCB protocol version negotiated with the hypervisor. - */ -u16 ghcb_version __ro_after_init; - /* Copy of the SNP firmware's CPUID page. */ static struct snp_cpuid_table cpuid_table_copy __ro_after_init; =20 diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 2e946dab036c..9dc0e64ef040 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,15 +41,6 @@ #include #include =20 -/* Bitmap of SEV features supported by the hypervisor */ -u64 sev_hv_features __ro_after_init; - -/* Secrets page physical address from the CC blob */ -u64 sev_secrets_pa __ro_after_init; - -/* For early boot SVSM communication */ -struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); - /* * Nothing shall interrupt this code path while holding the per-CPU * GHCB. The backup GHCB is only for NMIs interrupting this path. diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index fc4f6f188d42..ebf1f5ee8386 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -45,6 +45,29 @@ #include #include =20 +/* Bitmap of SEV features supported by the hypervisor */ +u64 sev_hv_features __ro_after_init; +SYM_PIC_ALIAS(sev_hv_features); + +/* Secrets page physical address from the CC blob */ +u64 sev_secrets_pa __ro_after_init; +SYM_PIC_ALIAS(sev_secrets_pa); + +/* For early boot SVSM communication */ +struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); +SYM_PIC_ALIAS(boot_svsm_ca_page); + +/* + * SVSM related information: + * During boot, the page tables are set up as identity mapped and later + * changed to use kernel virtual addresses. Maintain separate virtual and + * physical addresses for the CAA to allow SVSM functions to be used dur= ing + * early boot, both with identity mapped virtual addresses and proper ke= rnel + * virtual addresses. + */ +u64 boot_svsm_caa_pa __ro_after_init; +SYM_PIC_ALIAS(boot_svsm_caa_pa); + DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); DEFINE_PER_CPU(u64, svsm_caa_pa); =20 @@ -118,6 +141,16 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); */ u8 snp_vmpl __ro_after_init; EXPORT_SYMBOL_GPL(snp_vmpl); +SYM_PIC_ALIAS(snp_vmpl); + +/* + * Since feature negotiation related variables are set early in the boot + * process they must reside in the .data section so as not to be zeroed + * out when the .bss section is later cleared. + * + * GHCB protocol version negotiated with the hypervisor. + */ +u16 ghcb_version __ro_after_init; =20 /* For early boot hypervisor communication in SEV-ES enabled guests */ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1A4A29A32F for ; Mon, 12 May 2025 19:12:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077125; cv=none; b=kigFquyGzpnHUNZU6riUOnJWNmBjuq/hyb/DweiYpp2N5VRdht+xvXdVVjnWfP3b5VaAZIkVmu4OfTBJk3vUd20sK4dIcfhGhSxLdqMkt6oBgXZqsnU/mEDtqdwUDvwCjWM+MbwaEibnGtawtXtCO3W++UXISTTJV8EFyC7PLzo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077125; c=relaxed/simple; bh=1Hjpnh9dda2ORviudkcMn1du7RIYbpCSvA6mjNRuDvw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=D/ERjoh3f2E510fqG8byN8QQBZBS6LnNsCV+qU4xnJ/JIFGSXgDRCqEdys2I8hzuWaEhpeA6rjclBQcCOLm6ioInH2KLKOqZzEJfuPF2S3Khs0eb69gb4trhyM2E1gW1V3Rd0ZqAaO9uj8QMvDc81W8rLP3qdVOo92xMvSY5atA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0JfW20Y2; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0JfW20Y2" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43cf3168b87so20618305e9.2 for ; Mon, 12 May 2025 12:12:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077121; x=1747681921; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=bY9IzSlLGQPC+pLUaE7gEvrg/6v4J3wqpLjIKooAt2g=; b=0JfW20Y2nlUWjvNVB+qh1BnvYYQI6vAzArQg2A01V++o0nrZrhHs8HA8QCvtX/PPgR VnTLdNVTaytiLQlFPt6BDshIxxxL8uVEhiuQJt7yh2oeHCDxMhH4DdrBgIa4XZV5flHf s7D3WI5Zi21KWfwfAN2BLU6t1/dXNLdvOrQXZPu6aai+dOelg+05ru3I+Da8NiTkGTka VuOzGwvjM/ewYU9l6peD7LZmUQvM1/extqbI6bPmpjPMdIi0TObF3ihgFSas57OlheS9 oncuQQbrx29k2yYjkd1tPmLDmapy18VxucNZYSekIirGdCCOa0sXbQTGmQA1kd7cfTGi EN0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077121; x=1747681921; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bY9IzSlLGQPC+pLUaE7gEvrg/6v4J3wqpLjIKooAt2g=; b=HRDGjV7PccS9AK4t6iWwuHcp7XX66Tjozno9rOFobmdNGsv/bT8Rh7cG+lNmCwk2ri Z2ma7SpAVrOTcebQz7KpPoxk5NirZdl+0Z2B2hh+MK2mXh2QkyQPKjy/Poi1kqZ6yVct JY2eGFZmY/GeGy93NZOWxR8azyN7oEk3NooW5khwn1Qbs7LrLtOhXh3zSZqV4fGghEYf 6HPVV1wSKnMldZsUTn2yHIKrtmZsDVkFdQkHxfxiQdwYEpnXGagEWXlsYSfEcCRWfPFw XMI4Tfd083g2CCCQ1oVgdpLznNq8LWnj2hWlHniN4BY3271q5IW7cdpY/SdepNdglrdq j+mQ== X-Gm-Message-State: AOJu0YyTQaU4PDWxfmK465USWo6+FeEgjbo97mKoIxdciTeBP9htoInS nFn7R4f+5ovL78/CVAEFsp4dcYUxFitcxeb7g752zaOtfOjgjbmky7FYP4JvQM0nsBwsMdJqIHB Ph4uiOhYB0581T7YR8Sz5GK5e2vbjdtl/9Bv8eyG/WTWwty8XTj1NLwWVfweYMErVbPxwsWImnl Hstgq78QHCHxNM7qy+qi8+J4ww7xTOzw== X-Google-Smtp-Source: AGHT+IG6r7Gg70bdS7tcnW+62zSzZoWqv+6NsK7xaxabAud3Z8dqLNSZsfNkRAZ44imeWrkOrJ7kMKGs X-Received: from wmbej7.prod.google.com ([2002:a05:600c:3e87:b0:43d:1873:dbaf]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:450a:b0:441:d437:ed19 with SMTP id 5b1f17b1804b1-442d6d448afmr102359415e9.11.1747077121291; Mon, 12 May 2025 12:12:01 -0700 (PDT) Date: Mon, 12 May 2025 21:08:49 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1036; i=ardb@kernel.org; h=from:subject; bh=Dg3l458uD80s7OT/oBv3zq8dwv/NJq7U/qhuTc4s+G0=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJ3V+2sWte77OvKbdeR09ZJzFxtt2D7waXneIrVtyOf L5G+RNvRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIXyWG/7W3S2ctnjy94q7+ kv+v7ly8ZbBuib1KP8Mht+4reROUBDIY/heJhQnbyH2Q45iyMf7tz7V3bFsW6efZid77nD25YMe aA9wA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-37-ardb+git@google.com> Subject: [RFT PATCH v3 14/21] x86/boot: Provide PIC aliases for 5-level paging related constants From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel For the time being, provide PIC aliases for the global variables related to 5-level paging. Some or all of these are in the process of being removed, but currently, they are still assigned by the startup code. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/head64.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 510fb41f55fc..8c69cea84297 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -53,10 +53,13 @@ pmdval_t early_pmd_flags =3D __PAGE_KERNEL_LARGE & ~(_P= AGE_GLOBAL | _PAGE_NX); =20 #ifdef CONFIG_X86_5LEVEL unsigned int __pgtable_l5_enabled __ro_after_init; +SYM_PIC_ALIAS(__pgtable_l5_enabled); unsigned int pgdir_shift __ro_after_init =3D 39; EXPORT_SYMBOL(pgdir_shift); +SYM_PIC_ALIAS(pgdir_shift); unsigned int ptrs_per_p4d __ro_after_init =3D 1; EXPORT_SYMBOL(ptrs_per_p4d); +SYM_PIC_ALIAS(ptrs_per_p4d); #endif =20 #ifdef CONFIG_DYNAMIC_MEMORY_LAYOUT --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE8F629A330 for ; Mon, 12 May 2025 19:12:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077126; cv=none; b=sbh6WK83yQwXXzSrHDMcyDFjrn2MIeMkiJEHb3jh8m5sa7aQioyz1nzIwrEmUwgKd6Hhp2x0BPsn64SZhItJRbwUnISdi7eWRZCUTHn2HfXhkbfEl6QbOvmPKcBeoSl+ODK2L7pNZEctK5p08XVzweFdysntfq5SiS/e88zFFEU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077126; c=relaxed/simple; bh=UpwjHr7P0UTMrRDdN9ig7iDxvsWOONTSOP6veAaUT9I=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=cDgd4N3lsMr8KWUuHKPD2fWdZEH1NzKUzIVmjKcoWV3r6WTj6tMO0yVh2CxoAb4AgLIvax0gHaKVf28Kyn6uaIQZMmNNYfV72P9jVtY3rMgPrjyX+3iFrS7mP7TrFoPm/8dC3qD/RRDDREVDpJzQgYnMC6R79O5/z4ffD7hBSFc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NPFKUVAL; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NPFKUVAL" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3a0bcaf5f45so1413433f8f.1 for ; Mon, 12 May 2025 12:12:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077123; x=1747681923; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=/nrQ/4XTmJ+KyHu86vIY+wvcxckDvPLq0CZmdp/p5iA=; b=NPFKUVALKtwgU4uLJeOF/BW5llI7HqVGlbkKF4K+LiJQDuqMdEXNJd/YtJmtyTljbs mFwnX6z/AMv02EEHnr2L5D5FW2xIkzS3nb07Cy56GcK1UiIf7SDSJpFAOaLWa+DA5bMf Mio3NVEn7G9XMpeZ5vP4IsI6F7/6YlKZxeAGlq8gUUpx8sXuMHoEcuWbRRli13pCzPBY nAXjP3EdT8TQIJjzuS7lopAPfTB1gwC8vIMM8ZH50d0KUgpAsWEDJsprv8YS0bJmwtL4 AeQjERuHOWt/mpnI67rK7fFXPMGHlXgRyWuckgdV1d1l8ukueJ66csscrLdt/6+KoAF5 D/jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077123; x=1747681923; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/nrQ/4XTmJ+KyHu86vIY+wvcxckDvPLq0CZmdp/p5iA=; b=rfkoZKIU5itELlrAkPAzib6cexdrvpNctDDANCi0DWWVW2KUw3jxGJXOVvVcdYM7Vo SW6GQVCADu9RzetrZrQUU0l8ADHDLPr1vbmKf4n90S6xH1wf50Kb7EPvQDJoWGH4Qvuf rA0vBBZQQK+0727PZfWD1rELSxq42xqKEzXLbva7LOmlODVUxLjMV3tpXiX4mjlW+ERD aaFI4uF5YWqshhT3kDsi+UsIhe2h36oZ6FlECqz6kzO2jE/PDMf9/9UYllh/lDtzqPSB 3my+fPQylJ6j1qV9EY9Laz7CXTJ9iHSseQ1XpKjggdkyL0ULbf3+wsnluthUJoBuWLM4 lx6Q== X-Gm-Message-State: AOJu0YwMCLx/vmAOCEqy7FeNcVOYjrWzLU9GbEuI4oAOvlCIGpNhRYm2 wVKLajAupcmCrvZd/f9/mDDNhwYbgA1rweD1dZhdmIwGS4G6wv2aiTGtU7psQmQkFxoC3LjksfP 3U5HSYmuoXs+CcGBlNXGq+4zzW7BTYs5t7bAGyCMZphNg7j3hfyoqMi4JSpyfP6A0vujVPkceZ6 2y/I7yrKOi/nM7atVXE6bEE1yN44TIxA== X-Google-Smtp-Source: AGHT+IHp/YiG0cb+tt0ySW/3CTLdy8q5aWilPzaE68xQMab/UbwLIitm0QYwgGU2Ch0iBs3weRd0lbVx X-Received: from wmbds13.prod.google.com ([2002:a05:600c:628d:b0:43c:f6c0:3375]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:4b09:0:b0:3a1:fc5b:7389 with SMTP id ffacd0b85a97d-3a1fc5b7445mr8284121f8f.2.1747077123366; Mon, 12 May 2025 12:12:03 -0700 (PDT) Date: Mon, 12 May 2025 21:08:50 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5944; i=ardb@kernel.org; h=from:subject; bh=0c9s8oGSb2OEXkXwx2pR219N0YP69SHhQKlAVq+3foQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJPXCb47/LcV2Ply6YEf10gUd3+fydkcU9gkbHZ9RHJ BxWPafbUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACayZD4jw032/Ron/6SfrQt4 eKnW3dJ2K/NV1yM3V+V2mP/4kryR8TUjw4vydf3RMS9fivyy2F11R8nlyVv9yelbuDatZ/jRkvO llRMA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-38-ardb+git@google.com> Subject: [RFT PATCH v3 15/21] x86/sev: Move __sev_[get|put]_ghcb() into separate noinstr object From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Rename sev-nmi.c to noinstr.c, and move the get/put GHCB routines into it too, which are also annotated as 'noinstr' and suffer from the same problem as the NMI code, i.e., that GCC may ignore the __no_sanitize_address__ function attribute implied by 'noinstr' and insert KASAN instrumentation anyway. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/sev-startup.c | 74 -------------------- arch/x86/coco/sev/Makefile | 6 +- arch/x86/coco/sev/{sev-nmi.c =3D> noinstr.c} | 74 ++++++++++++++++++++ 3 files changed, 77 insertions(+), 77 deletions(-) diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 9dc0e64ef040..b56a585f57ab 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,83 +41,9 @@ #include #include =20 -/* - * Nothing shall interrupt this code path while holding the per-CPU - * GHCB. The backup GHCB is only for NMIs interrupting this path. - * - * Callers must disable local interrupts around it. - */ -noinstr struct ghcb *__sev_get_ghcb(struct ghcb_state *state) -{ - struct sev_es_runtime_data *data; - struct ghcb *ghcb; - - WARN_ON(!irqs_disabled()); - - data =3D this_cpu_read(runtime_data); - ghcb =3D &data->ghcb_page; - - if (unlikely(data->ghcb_active)) { - /* GHCB is already in use - save its contents */ - - if (unlikely(data->backup_ghcb_active)) { - /* - * Backup-GHCB is also already in use. There is no way - * to continue here so just kill the machine. To make - * panic() work, mark GHCBs inactive so that messages - * can be printed out. - */ - data->ghcb_active =3D false; - data->backup_ghcb_active =3D false; - - instrumentation_begin(); - panic("Unable to handle #VC exception! GHCB and Backup GHCB are already= in use"); - instrumentation_end(); - } - - /* Mark backup_ghcb active before writing to it */ - data->backup_ghcb_active =3D true; - - state->ghcb =3D &data->backup_ghcb; - - /* Backup GHCB content */ - *state->ghcb =3D *ghcb; - } else { - state->ghcb =3D NULL; - data->ghcb_active =3D true; - } - - return ghcb; -} - /* Include code shared with pre-decompression boot stage */ #include "sev-shared.c" =20 -noinstr void __sev_put_ghcb(struct ghcb_state *state) -{ - struct sev_es_runtime_data *data; - struct ghcb *ghcb; - - WARN_ON(!irqs_disabled()); - - data =3D this_cpu_read(runtime_data); - ghcb =3D &data->ghcb_page; - - if (state->ghcb) { - /* Restore GHCB from Backup */ - *ghcb =3D *state->ghcb; - data->backup_ghcb_active =3D false; - state->ghcb =3D NULL; - } else { - /* - * Invalidate the GHCB so a VMGEXIT instruction issued - * from userspace won't appear to be valid. - */ - vc_ghcb_invalidate(ghcb); - data->ghcb_active =3D false; - } -} - void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op, diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile index db3255b979bd..53e964a22759 100644 --- a/arch/x86/coco/sev/Makefile +++ b/arch/x86/coco/sev/Makefile @@ -1,9 +1,9 @@ # SPDX-License-Identifier: GPL-2.0 =20 -obj-y +=3D core.o sev-nmi.o vc-handle.o +obj-y +=3D core.o noinstr.o vc-handle.o =20 # Clang 14 and older may fail to respect __no_sanitize_undefined when inli= ning -UBSAN_SANITIZE_sev-nmi.o :=3D n +UBSAN_SANITIZE_noinstr.o :=3D n =20 # GCC may fail to respect __no_sanitize_address when inlining -KASAN_SANITIZE_sev-nmi.o :=3D n +KASAN_SANITIZE_noinstr.o :=3D n diff --git a/arch/x86/coco/sev/sev-nmi.c b/arch/x86/coco/sev/noinstr.c similarity index 61% rename from arch/x86/coco/sev/sev-nmi.c rename to arch/x86/coco/sev/noinstr.c index d8dfaddfb367..b527eafb6312 100644 --- a/arch/x86/coco/sev/sev-nmi.c +++ b/arch/x86/coco/sev/noinstr.c @@ -106,3 +106,77 @@ void noinstr __sev_es_nmi_complete(void) =20 __sev_put_ghcb(&state); } + +/* + * Nothing shall interrupt this code path while holding the per-CPU + * GHCB. The backup GHCB is only for NMIs interrupting this path. + * + * Callers must disable local interrupts around it. + */ +noinstr struct ghcb *__sev_get_ghcb(struct ghcb_state *state) +{ + struct sev_es_runtime_data *data; + struct ghcb *ghcb; + + WARN_ON(!irqs_disabled()); + + data =3D this_cpu_read(runtime_data); + ghcb =3D &data->ghcb_page; + + if (unlikely(data->ghcb_active)) { + /* GHCB is already in use - save its contents */ + + if (unlikely(data->backup_ghcb_active)) { + /* + * Backup-GHCB is also already in use. There is no way + * to continue here so just kill the machine. To make + * panic() work, mark GHCBs inactive so that messages + * can be printed out. + */ + data->ghcb_active =3D false; + data->backup_ghcb_active =3D false; + + instrumentation_begin(); + panic("Unable to handle #VC exception! GHCB and Backup GHCB are already= in use"); + instrumentation_end(); + } + + /* Mark backup_ghcb active before writing to it */ + data->backup_ghcb_active =3D true; + + state->ghcb =3D &data->backup_ghcb; + + /* Backup GHCB content */ + *state->ghcb =3D *ghcb; + } else { + state->ghcb =3D NULL; + data->ghcb_active =3D true; + } + + return ghcb; +} + +noinstr void __sev_put_ghcb(struct ghcb_state *state) +{ + struct sev_es_runtime_data *data; + struct ghcb *ghcb; + + WARN_ON(!irqs_disabled()); + + data =3D this_cpu_read(runtime_data); + ghcb =3D &data->ghcb_page; + + if (state->ghcb) { + /* Restore GHCB from Backup */ + *ghcb =3D *state->ghcb; + data->backup_ghcb_active =3D false; + state->ghcb =3D NULL; + } else { + /* + * Invalidate the GHCB so a VMGEXIT instruction issued + * from userspace won't appear to be valid. + */ + vc_ghcb_invalidate(ghcb); + data->ghcb_active =3D false; + } +} --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E587029A9D3 for ; Mon, 12 May 2025 19:12:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077128; cv=none; b=dORm0vRTHQYOcn7qD945Wj4MckFk3AW+F9ZBS2oemyEAhWEwO3U+an1GntvaVg0qZp0w+8kUA7zaEPY9MRdY+CLrxRqfPtD0ZjTswh2xG3CNMYSMi7rZVwPjZ1j11LWzePF6CfhmvUldCGzPhWcXvhOX3mR/Tkt5puO+e44GKSs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077128; c=relaxed/simple; bh=hrj/f2XMqgf3lgxecBq7szb9aSl6GvUlDkjfdpj7J4Y=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=AxK8pyp+l8TZaEuIkK49oNL9yoLxJc7YfKABfTjlSvWq921UV60L0i7LcaD6RCGQ0WSAzMMhZLaIYFhnMoKFIC+daFhrM2tk6sHPnAE4sSnDaVbHNQ2cIKNT7ySKRGCyCYXGj188w/wMmhhicNqeDuGzwgZk09HrMR9dUi7FRrA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=tTkUha0l; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tTkUha0l" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43d5ca7c86aso22717765e9.0 for ; Mon, 12 May 2025 12:12:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077125; x=1747681925; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=0kBEvFCRHzj3sxKuZiVFkKW45Vr6NzjhFUp7ez1esUg=; b=tTkUha0lqn6tHUEpHG3mD4Ozl+BACe0+agvYfY2PgVka0IX2HqB2ukeZjIi1+KDCqr iU7dUStR7ISUpuZlUj8JWfrvph3xCiFXCR0Fynd2YmW+cnaLKHm65AdWeqncqhOB4Tss 0grQ9xWH5/S+2OcfhIGXfjCaYHBjCprHB5kT9v+fGEkYorG88flVPZImywJwnbUR+CUk 2GwLcQs4kKm34Vv7/E1OhbhRd6PBvKqcbWdWBZQAmaGvtvQILFRXlBHgc1AiLQOZhgm3 7yu7c41oZDf7utqVY8bjtiXFjW2Fs6uBJ3L3lSKOCWxYTg5Wwk3rwsYcTJ8tqjvTAz2X +l6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077125; x=1747681925; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0kBEvFCRHzj3sxKuZiVFkKW45Vr6NzjhFUp7ez1esUg=; b=RNAX+hm/Hy5jYGQgmznqA+AgWpgmuY+BDXE8kVX/GpAnNFgSgCfZu1QjO364gYTgyH 1uJH9DAeFsaXf2ZCtPR3ajSWkHJ8SLpogBXbcXmMFxkB8Yt5vkFPG55qltptFmVFJeFk e4KI6BYh2DRm8bM1fOBGlE3gPBAuGMMfgG3N+aTTN9bQcEn3AqieNS9UXZeicslwC35j d5VTCvbVtZROCaMKINTDdni0FZa9yn3kIstIwAMEL3WS1XSPyEPkUwLD0fOEeXjCvlN2 yF6Ohbcv7eR7w4Guw034nAlQHcTuuBvkiWSfO/MIyPLrhT3mPyPB7gc9Yti17yhu+6uB Mo5A== X-Gm-Message-State: AOJu0YzjnOkkcWcjQ7aIrL5Vx23eM3z9KeNsjP9P5Bf9iRDKbmd9hF0W 8iprYv3J7T3oZjO4KVGR2RSWvQDxwwEQwyJa/0TlJrGcsrjYceFsJbYvz5QcnoY6YrqzFMNlrO6 p2S5QwOKrekz8FseOunk0ofNaGC2/ppjDiIU6ujSd313ktBlK/wl9CWieuEp+kfWqXLX5Cm4m0X k5qt4VBnGJ0J3ca05vgFHK6MNq6fIoZg== X-Google-Smtp-Source: AGHT+IGX7wvkk5NB2UW0lU9LegdtqDep2bQwFWNh4CLHj1aKbk3SjdRqu090wwZ8j+WpgYLve8lzEnGa X-Received: from wmcq3.prod.google.com ([2002:a05:600c:c103:b0:442:dc75:51ef]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3e8c:b0:43d:fa58:81d3 with SMTP id 5b1f17b1804b1-442d6ddf4d7mr102964655e9.32.1747077125389; Mon, 12 May 2025 12:12:05 -0700 (PDT) Date: Mon, 12 May 2025 21:08:51 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1571; i=ardb@kernel.org; h=from:subject; bh=I2NxwJteYinEfH5nIuZqIb0VkWxRZ1JZLhC2mtLZwrQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJPejwKuGY4q9ZLlH/Dzk8uSwdk+L95sAdC6v/05i9d t8RUWLqKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABPRmM/IcHlr27Zld1dpncw4 ObndwF2l/NwqW+36zE0qVflZcxZ6BjEyfM/4FXst5MFMzQzWql+Rj1+uTbBYG6+RtfJvm4oZ03V tPgA= X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-39-ardb+git@google.com> Subject: [RFT PATCH v3 16/21] x86/sev: Export startup routines for later use From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Create aliases that expose routines that are part of the startup code to other code in the core kernel, so that they can be called later as well. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/exports.h | 12 ++++++++++++ arch/x86/kernel/vmlinux.lds.S | 2 ++ 2 files changed, 14 insertions(+) diff --git a/arch/x86/boot/startup/exports.h b/arch/x86/boot/startup/export= s.h new file mode 100644 index 000000000000..00ea376fde33 --- /dev/null +++ b/arch/x86/boot/startup/exports.h @@ -0,0 +1,12 @@ + +/* + * The symbols below are functions that are implemented by the startup cod= e, + * but called at runtime by the SEV code residing in the core kernel. + */ +PROVIDE(early_set_pages_state =3D __pi_early_set_pages_state); +PROVIDE(early_snp_set_memory_private =3D __pi_early_snp_set_memory_private= ); +PROVIDE(early_snp_set_memory_shared =3D __pi_early_snp_set_memory_shared); +PROVIDE(get_hv_features =3D __pi_get_hv_features); +PROVIDE(sev_es_terminate =3D __pi_sev_es_terminate); +PROVIDE(snp_cpuid =3D __pi_snp_cpuid); +PROVIDE(snp_cpuid_get_table =3D __pi_snp_cpuid_get_table); diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 9340c74b680d..4aaa1693b262 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -517,3 +517,5 @@ xen_elfnote_entry_value =3D xen_elfnote_phys32_entry_value =3D ABSOLUTE(xen_elfnote_phys32_entry) + ABSOLUTE(pvh_start_xen - LOAD_OFFSET= ); #endif + +#include "../boot/startup/exports.h" --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D14AD29A9F6 for ; Mon, 12 May 2025 19:12:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077130; cv=none; b=eH4uFrGMNo7q3XsbgXYC4gXwgplDEHWoVJDX8w1zyYZSMtdW1YGLv8Ww3//yp/kxZTVTvNPC+nZVcENUMn5aE8Gu8ggaZIJC7PiYRjpAXhSCiAujruR1Lt0uxL+jXCEOlqX+9a2MjUG+z2HsTUD0CEkGT56LuFoyoHxW7WCtx4E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077130; c=relaxed/simple; bh=nLb2GoSZtpR9hRgQX3nthR4XTwB1sz8GyTZR/BbvSnQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=hUE2wlLR4UDx0GAwDWOvHjgZyFpUIExh188s7ZDwHdr6fY2VovL1oRdSUGdJCU+eljUJxuRH5F/WW1g7ErLG5u1r8Ii1qsvlmDGSJOXqHhrdqJbUbbCeDvfx3fOdyqvBxlY8I/h6gBiV9/aIc1WmKF1vH8SYgzRj8h4Fkw7nsIQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Mvgqp9Xi; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Mvgqp9Xi" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-442dc6f0138so11385155e9.0 for ; Mon, 12 May 2025 12:12:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077127; x=1747681927; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=vFU+uik5okcrdv3ul/dUZXSrsejBmmKKD8RELhV6UJc=; b=Mvgqp9Xid2EADhyGqudy5f2MLol+bCd1p86HHUJfJmZHqwRHrvcumQ+uauxQYCYHzw cqieRMaaurDhtpFkV1QcUqgl5k5y3uDru54L5Y4cTC0fVaW3ZvBCquHsy8nhbl8RNfOm 4c//Vf7IO5eUcsc2MyawmqHawTPz2AagVi1R/Euo3DHsCl/dvIlsVYLsMtNDNVUrWCHY BEbbm1XUazHbPwFW6zH+/eEcbXNaZA//zTBG9sXPbgUN1QMgTOTLA7Xu6V3fUK0Snl8D s7ywNOTmmKQJjXLEFhNdgFOiAg9opy7GH9N7ZdDPfdW99Z+rEvxCsAV0ZXAcMseAiIIG f1Lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077127; x=1747681927; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vFU+uik5okcrdv3ul/dUZXSrsejBmmKKD8RELhV6UJc=; b=XuHbhXM+ma7/fVUr7Br82ou/NNfD0fzivew21Jn98Xi/S5Wj/01IZnpoAx275MVK2J mPN3gT9z6OskGIO5xnOt76WpoAJMMyITybzp6kJ0luLW5f9B3negivtz4uKMy0v2R6hT WqcggmU2fICjSwdoXr+uz2DdUmeoDnFzTQY2ZhGm7bt0DKcM3TTxxm8Uy6pvJ4oh5fvJ wZUjTTeg53El0XhwmOe5C2YWUC2Q2+tcucwAa/8o2uhiLPYRT0YMwu0b4rFe9F/SVptB /RtT3lCOZBK3sTHBDytd9yEMl8jxiU5nh0tFEh7dTmItKS6vGf84GaDvqHP6VJVJ8pz+ fH2Q== X-Gm-Message-State: AOJu0YyRxk1QLoE4Xqd1x0kGG8n+Zv9GzDwNndedzJzqAtuCm0MGLLx2 XrRTyUhLCzpPYwJdsvd2PHT9R10yNM6uYfJ1O/BmX03UwVewJK+TN/invwSsdaCzgTEkjypEPIM BLhvdbW3rr1cLJkfYx2rAnJFuLNB5FCjnAxM/6zJPmRHWK1eDfSac6sW+0lyJfFFgppjtysg1jc c9umK7+3e/O4wIyah3WY/pYI8rHuwnPA== X-Google-Smtp-Source: AGHT+IFybPyhyrcEBjpO37gwnwgXTtDsnJdH4bS+eC4d+9j6zaoTSzgKUGkHPgCQtnhvUn5/T9aSXF/c X-Received: from wmcn15.prod.google.com ([2002:a05:600c:c0cf:b0:43c:fe64:2de3]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:444c:b0:43d:5ec:b2f4 with SMTP id 5b1f17b1804b1-442d6d3dcc8mr143032595e9.10.1747077127331; Mon, 12 May 2025 12:12:07 -0700 (PDT) Date: Mon, 12 May 2025 21:08:52 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6648; i=ardb@kernel.org; h=from:subject; bh=lGtSFbvVrAVzLAbdlbUiAAy8+kIIY7JokVKTdVcZ8QI=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJPcQntNHz3tRgn1q9ozmePBv/lftd4zSdybx+f9Vyl 1OFZrM7SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwES0khkZfknpMJj8beH1njp7 8f4I3i+z72941BWou0z7pLQX12YOJoZ/Ogp8i6dtfr9zUWtlSs3h24371nj8y7rXzsZatev24eJ gXgA= X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-40-ardb+git@google.com> Subject: [RFT PATCH v3 17/21] x86/boot: Create a confined code area for startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel In order to be able to have tight control over which code may execute from the early 1:1 mapping of memory, but still link vmlinux as a single executable, prefix all symbol references in startup code with __pi_, and invoke it from outside using the __pi_ prefix. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 13 +++++++++++++ arch/x86/boot/startup/sev-shared.c | 4 +--- arch/x86/boot/startup/sme.c | 1 - arch/x86/coco/sev/core.c | 2 +- arch/x86/coco/sev/vc-handle.c | 1 - arch/x86/include/asm/setup.h | 1 + arch/x86/include/asm/sev.h | 1 + arch/x86/kernel/head64.c | 2 +- arch/x86/kernel/head_64.S | 8 ++++---- arch/x86/mm/mem_encrypt_boot.S | 6 +++--- 10 files changed, 25 insertions(+), 14 deletions(-) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index b514f7e81332..c7e690091f81 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -28,3 +28,16 @@ lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o # to be linked into the decompressor or the EFI stub but not vmlinux # $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_STANDARD :=3D y + +# +# Confine the startup code by prefixing all symbols with __pi_ (for positi= on +# independent). This ensures that startup code can only call other startup +# code, or code that has explicitly been made accessible to it via a symbol +# alias. +# +$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ +$(obj)/%.pi.o: $(obj)/%.o FORCE + $(call if_changed,objcopy) + +extra-y :=3D $(obj-y) +obj-y :=3D $(patsubst %.o,%.pi.o,$(obj-y)) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 21d5a0e33145..49440955885a 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -11,9 +11,7 @@ =20 #include =20 -#ifndef __BOOT_COMPRESSED -#define error(v) pr_err(v) -#else +#ifdef __BOOT_COMPRESSED #undef WARN #define WARN(condition, format...) (!!(condition)) #endif diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index 0ae04e333f51..ffd0185aaa9d 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -569,7 +569,6 @@ void __head sme_enable(struct boot_params *bp) =20 #ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION /* Local version for startup code, which never operates on user page table= s */ -__weak pgd_t __pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd) { return pgd; diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index ebf1f5ee8386..8e316b09a646 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -270,7 +270,7 @@ static int svsm_perform_call_protocol(struct svsm_call = *call) =20 do { ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); + : __pi_svsm_perform_msr_protocol(call); } while (ret =3D=3D -EAGAIN); =20 if (sev_cfg.ghcbs_initialized) diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c index 3cadaa46b9d7..47991807b231 100644 --- a/arch/x86/coco/sev/vc-handle.c +++ b/arch/x86/coco/sev/vc-handle.c @@ -1060,4 +1060,3 @@ bool __init handle_vc_boot_ghcb(struct pt_regs *regs) =20 sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); } - diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index 6324f4c6c545..895d09faaf83 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -53,6 +53,7 @@ extern void i386_reserve_resources(void); extern unsigned long __startup_64(unsigned long p2v_offset, struct boot_pa= rams *bp); extern void startup_64_setup_gdt_idt(void); extern void startup_64_load_idt(void *vc_handler); +extern void __pi_startup_64_load_idt(void *vc_handler); extern void early_setup_idt(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); =20 diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 17b03a1f5694..4ebdffdc5856 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -534,6 +534,7 @@ struct cpuid_leaf { }; =20 int svsm_perform_msr_protocol(struct svsm_call *call); +int __pi_svsm_perform_msr_protocol(struct svsm_call *call); int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), void *ctx, struct cpuid_leaf *leaf); =20 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 8c69cea84297..1d038ba07f29 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -320,5 +320,5 @@ void early_setup_idt(void) handler =3D vc_boot_ghcb; } =20 - startup_64_load_idt(handler); + __pi_startup_64_load_idt(handler); } diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 069420853304..88cbf932f7c2 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -71,7 +71,7 @@ SYM_CODE_START_NOALIGN(startup_64) xorl %edx, %edx wrmsr =20 - call startup_64_setup_gdt_idt + call __pi_startup_64_setup_gdt_idt =20 /* Now switch to __KERNEL_CS so IRET works reliably */ pushq $__KERNEL_CS @@ -91,7 +91,7 @@ SYM_CODE_START_NOALIGN(startup_64) * subsequent code. Pass the boot_params pointer as the first argument. */ movq %r15, %rdi - call sme_enable + call __pi_sme_enable #endif =20 /* Sanitize CPU configuration */ @@ -111,7 +111,7 @@ SYM_CODE_START_NOALIGN(startup_64) * programmed into CR3. */ movq %r15, %rsi - call __startup_64 + call __pi___startup_64 =20 /* Form the CR3 value being sure to include the CR3 modifier */ leaq early_top_pgt(%rip), %rcx @@ -562,7 +562,7 @@ SYM_CODE_START_NOALIGN(vc_no_ghcb) /* Call C handler */ movq %rsp, %rdi movq ORIG_RAX(%rsp), %rsi - call do_vc_no_ghcb + call __pi_do_vc_no_ghcb =20 /* Unwind pt_regs */ POP_REGS diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index f8a33b25ae86..edbf9c998848 100644 --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -16,7 +16,7 @@ =20 .text .code64 -SYM_FUNC_START(sme_encrypt_execute) +SYM_FUNC_START(__pi_sme_encrypt_execute) =20 /* * Entry parameters: @@ -69,9 +69,9 @@ SYM_FUNC_START(sme_encrypt_execute) ANNOTATE_UNRET_SAFE ret int3 -SYM_FUNC_END(sme_encrypt_execute) +SYM_FUNC_END(__pi_sme_encrypt_execute) =20 -SYM_FUNC_START(__enc_copy) +SYM_FUNC_START_LOCAL(__enc_copy) ANNOTATE_NOENDBR /* * Routine used to encrypt memory in place. --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC5CC29AAE9 for ; Mon, 12 May 2025 19:12:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077133; cv=none; b=V5PSgZQBBGe20fu7/Dt1mUctQjyF9w5xChkHbJ9h+6JVlI79Xi154AcgALWB1YDs/f5dyjiJBXlkxfjKvaSpG7wUVnSQQtGG1fz2f1M7A4Vzsl7tmSBpafcE6r94vQ6X50Vam6+LeNTIa4APPSyJouRmXhNyNxa/vFKsaPvl4m8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077133; c=relaxed/simple; bh=rU+TwznRcBHCFH7MnBGVSjyi/z5s/y0C2yw1ovXBaDs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=dO+LoCgzFeF2Xl2e2geRcb1Q3+7UuGI4q9YC7DlhCjd/97m4sWwt4xU6VWgX0JMHzeg9+26oFTbxSG1dfDvja/7SJmLEJsiXU2bGOtX1a3bhHizOmr4nkYzozb/iQbNNGupWy0nQsdeAlrcnFsyo1JzW4FhizhD+13SwRKJfBcw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Ckfmh2Ks; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Ckfmh2Ks" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43d209dc2d3so23321025e9.3 for ; Mon, 12 May 2025 12:12:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077129; x=1747681929; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=N552s59xbOEiXCvjnWnzGWY8FKK5cMDeJsBikBFtM2M=; b=Ckfmh2KszkR7YaXxmzUrcUebKWyMWGRiPekVOyWTLhrXf/vRvA7XS2NP5LoJkRcz7H ROnFmlNTjbMhi25ELD7evsABN/FyNSgND6UOivy8cNH2+IZUbJKuZZK4TKvKj1XNOBot lEvHDjabIPGf+85h2k8bgMu0OUHOcYC02iOLUmH/QZhrAn9owgal5S/MrG9mimeyoVg8 e+jKyivbRVpC59csmxL+IVM36lUTm23+UHoIKYPmeTWGPUR43x3TUePZe9mYhUqYBYQf blhcudiePZnywtN7F2Lb0MB9oCCTBlxCXb98wZP9qzI7v96wWZzDc9vrZLRT4+++UkUY PucQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077129; x=1747681929; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=N552s59xbOEiXCvjnWnzGWY8FKK5cMDeJsBikBFtM2M=; b=FeOn9vG3Df2rJr691vxqXfqW/yXJAbhXOzlTUjHA/NudC6Ttqbd9xwlWopPAiRYpx5 MKTMTHhg+I1CWYbRbn8po+//Mbn8oYB8ttHd1CVKCq5LsgJWg0v2oBdWLfzCf2eSGmPJ nu37HUAU72sNgv8gJun6YkN5rZWU1RnWMJcyZ52+z1m3ZEJ5cfoE112L3CDgJXZ/Vxtp TwnkzOiZgxvvC+vBy9QJ67O3e1ZhnhVdfS8kG9rMeoHGj3j7KoJ1bj33nrEQlnFzETlH xm/0pHs6v6i1nOTsPib9ZahJjb8Cz4GCXfIxvGoEXRYKMyMIavfoxwDm1qvvIyiUQFHY Cuow== X-Gm-Message-State: AOJu0Yy2HY1WTizRuyn6BajSgcY2+WpEI5p1nm8iZX/fRVRjWx/yIgzZ hxm9I0AipNZAULjm17i1DIG0q9cgYm+JeguSr1QYsH4EyQpjUoIH7FIvOpR8lXFSAuwrQH2/OQ6 rocZiJKDLvqtTLYdzZsFHRLwnbooIKnzGsC6yTuHlZHA166Sj5CSHzg3H/5rY0bUMDzCs6h46HL UWiSJH2kLw6Uel3gt9VxBBEzwnu/W/Fg== X-Google-Smtp-Source: AGHT+IHEVwDsw+AG/riQpdoS4Z2xMV7NSgAPA0IX/hG2WFjkzlI5Pj0OqVBNaZQXFdbBqsgE1IAV1hoo X-Received: from wmbdr11.prod.google.com ([2002:a05:600c:608b:b0:441:d228:3918]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:34d3:b0:43d:ac5:11ed with SMTP id 5b1f17b1804b1-442d6dc530bmr117931755e9.24.1747077129288; Mon, 12 May 2025 12:12:09 -0700 (PDT) Date: Mon, 12 May 2025 21:08:53 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=16708; i=ardb@kernel.org; h=from:subject; bh=+O+UrsC91HAI+PXyY59+K+bmlox0wgmI5ck05CzzrkM=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJPYyzLi/7Uti6Fu8Zwrd77FseT9I1kFm/PPtzudnz3 +IaCes6SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwESmMDD8r/PbErnpomejYc+f BuXwxJf+u1I5HObKZh0TVO679G26AsM//Z2fp1+PPFT9uNubZ82TJ/s+uxea75nVuKJGe+lb623 y7AA= X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-41-ardb+git@google.com> Subject: [RFT PATCH v3 18/21] x86/boot: Move startup code out of __head section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Move startup code out of the __head section, now that this no longer has a special significance. Move everything into .text or .init.text as appropriate, so that startup code is not kept around unnecessarily. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 3 -- arch/x86/boot/startup/gdt_idt.c | 4 +-- arch/x86/boot/startup/map_kernel.c | 4 +-- arch/x86/boot/startup/sev-shared.c | 34 ++++++++++---------- arch/x86/boot/startup/sev-startup.c | 14 ++++---- arch/x86/boot/startup/sme.c | 26 +++++++-------- arch/x86/include/asm/init.h | 6 ---- arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 2 +- arch/x86/platform/pvh/head.S | 2 +- 10 files changed, 44 insertions(+), 53 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 750f08d1c7a1..79309944cb19 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -32,9 +32,6 @@ struct ghcb *boot_ghcb; #undef __init #define __init =20 -#undef __head -#define __head - #define __BOOT_COMPRESSED =20 u8 snp_vmpl; diff --git a/arch/x86/boot/startup/gdt_idt.c b/arch/x86/boot/startup/gdt_id= t.c index a3112a69b06a..d16102abdaec 100644 --- a/arch/x86/boot/startup/gdt_idt.c +++ b/arch/x86/boot/startup/gdt_idt.c @@ -24,7 +24,7 @@ static gate_desc bringup_idt_table[NUM_EXCEPTION_VECTORS] __page_aligned_d= ata; =20 /* This may run while still in the direct mapping */ -void __head startup_64_load_idt(void *vc_handler) +void startup_64_load_idt(void *vc_handler) { struct desc_ptr desc =3D { .address =3D (unsigned long)rip_rel_ptr(bringup_idt_table), @@ -46,7 +46,7 @@ void __head startup_64_load_idt(void *vc_handler) /* * Setup boot CPU state needed before kernel switches to virtual addresses. */ -void __head startup_64_setup_gdt_idt(void) +void __init startup_64_setup_gdt_idt(void) { struct gdt_page *gp =3D rip_rel_ptr((void *)(__force unsigned long)&gdt_p= age); void *handler =3D NULL; diff --git a/arch/x86/boot/startup/map_kernel.c b/arch/x86/boot/startup/map= _kernel.c index 099ae2559336..75b3dd62da50 100644 --- a/arch/x86/boot/startup/map_kernel.c +++ b/arch/x86/boot/startup/map_kernel.c @@ -36,7 +36,7 @@ static inline bool check_la57_support(void) return true; } =20 -static unsigned long __head sme_postprocess_startup(struct boot_params *bp, +static unsigned long __init sme_postprocess_startup(struct boot_params *bp, pmdval_t *pmd, unsigned long p2v_offset) { @@ -90,7 +90,7 @@ static unsigned long __head sme_postprocess_startup(struc= t boot_params *bp, * the 1:1 mapping of memory. Kernel virtual addresses can be determined by * subtracting p2v_offset from the RIP-relative address. */ -unsigned long __head __startup_64(unsigned long p2v_offset, +unsigned long __init __startup_64(unsigned long p2v_offset, struct boot_params *bp) { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D rip_rel_ptr(early_dynamic_pgts); diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 49440955885a..77b34ab6c7d8 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -29,7 +29,7 @@ static u32 cpuid_std_range_max __ro_after_init; static u32 cpuid_hyp_range_max __ro_after_init; static u32 cpuid_ext_range_max __ro_after_init; =20 -void __head __noreturn +void __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { u64 val =3D GHCB_MSR_TERM_REQ; @@ -45,7 +45,7 @@ sev_es_terminate(unsigned int set, unsigned int reason) asm volatile("hlt\n" : : : "memory"); } =20 -static u64 __head get_hv_features(void) +static u64 __init get_hv_features(void) { u64 val; =20 @@ -59,7 +59,7 @@ static u64 __head get_hv_features(void) return GHCB_MSR_HV_FT_RESP_VAL(val); } =20 -u64 __head snp_check_hv_features(void) +u64 __init snp_check_hv_features(void) { /* * SNP is supported in v2 of the GHCB spec which mandates support for HV @@ -186,7 +186,7 @@ const struct snp_cpuid_table *snp_cpuid_get_table(void) * * Return: XSAVE area size on success, 0 otherwise. */ -static u32 __head snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compact= ed) +static u32 snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compacted) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); u64 xfeatures_found =3D 0; @@ -222,7 +222,7 @@ static u32 __head snp_cpuid_calc_xsave_size(u64 xfeatur= es_en, bool compacted) return xsave_size; } =20 -static bool __head +static bool snp_cpuid_get_validated_func(struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); @@ -264,7 +264,7 @@ static void snp_cpuid_hv_no_ghcb(void *ctx, struct cpui= d_leaf *leaf) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); } =20 -static int __head +static int snp_cpuid_postprocess(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), void *ctx, struct cpuid_leaf *leaf) { @@ -360,7 +360,7 @@ snp_cpuid_postprocess(void (*cpuid_hv)(void *ctx, struc= t cpuid_leaf *), * Returns -EOPNOTSUPP if feature not enabled. Any other non-zero return v= alue * should be treated as fatal by caller. */ -int __head +int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), void *ctx, struct cpuid_leaf *leaf) { @@ -404,7 +404,7 @@ snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf= *), * page yet, so it only supports the MSR based communication with the * hypervisor and only the CPUID exit-code. */ -void __head do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) +void do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) { unsigned int subfn =3D lower_bits(regs->cx, 32); unsigned int fn =3D lower_bits(regs->ax, 32); @@ -480,7 +480,7 @@ struct cc_setup_data { * Search for a Confidential Computing blob passed in as a setup_data entry * via the Linux Boot Protocol. */ -static __head +static __init struct cc_blob_sev_info *find_cc_blob_setup_data(struct boot_params *bp) { struct cc_setup_data *sd =3D NULL; @@ -508,7 +508,7 @@ struct cc_blob_sev_info *find_cc_blob_setup_data(struct= boot_params *bp) * mapping needs to be updated in sync with all the changes to virtual mem= ory * layout and related mapping facilities throughout the boot process. */ -static void __head setup_cpuid_table(const struct cc_blob_sev_info *cc_inf= o) +static void __init setup_cpuid_table(const struct cc_blob_sev_info *cc_inf= o) { const struct snp_cpuid_table *cpuid_table_fw, *cpuid_table; int i; @@ -536,8 +536,8 @@ static void __head setup_cpuid_table(const struct cc_bl= ob_sev_info *cc_info) } } =20 -static void __head svsm_pval_4k_page(unsigned long paddr, bool validate, - struct svsm_ca *caa, u64 caa_pa) +static void svsm_pval_4k_page(unsigned long paddr, bool validate, + struct svsm_ca *caa, u64 caa_pa) { struct svsm_pvalidate_call *pc; struct svsm_call call =3D {}; @@ -576,8 +576,8 @@ static void __head svsm_pval_4k_page(unsigned long padd= r, bool validate, native_local_irq_restore(flags); } =20 -static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long pa= ddr, - bool validate, struct svsm_ca *caa, u64 caa_pa) +static void pvalidate_4k_page(unsigned long vaddr, unsigned long paddr, + bool validate, struct svsm_ca *caa, u64 caa_pa) { int ret; =20 @@ -590,8 +590,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, } } =20 -static void __head __page_state_change(unsigned long paddr, enum psc_op op, - struct svsm_ca *caa, u64 caa_pa) +static void __page_state_change(unsigned long paddr, enum psc_op op, + struct svsm_ca *caa, u64 caa_pa) { u64 val; =20 @@ -623,7 +623,7 @@ static void __head __page_state_change(unsigned long pa= ddr, enum psc_op op, * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. */ -static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, +static bool __init svsm_setup_ca(const struct cc_blob_sev_info *cc_info, void *page) { struct snp_secrets_page *secrets_page; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index b56a585f57ab..21424157819c 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -44,7 +44,7 @@ /* Include code shared with pre-decompression boot stage */ #include "sev-shared.c" =20 -void __head +void __init early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op, struct svsm_ca *caa, u64 caa_pa) @@ -64,7 +64,7 @@ early_set_pages_state(unsigned long vaddr, unsigned long = paddr, } } =20 -void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, +void __init early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages) { /* @@ -84,7 +84,7 @@ void __head early_snp_set_memory_private(unsigned long va= ddr, unsigned long padd rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 -void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, +void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, unsigned long npages) { /* @@ -114,7 +114,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr * * Scan for the blob in that order. */ -static __head struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp) +static struct cc_blob_sev_info *__init find_cc_blob(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; =20 @@ -140,7 +140,7 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) return cc_info; } =20 -static __head void svsm_setup(struct cc_blob_sev_info *cc_info) +static void __init svsm_setup(struct cc_blob_sev_info *cc_info) { struct snp_secrets_page *secrets =3D (void *)cc_info->secrets_phys; struct svsm_call call =3D {}; @@ -183,7 +183,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) boot_svsm_caa_pa =3D pa; } =20 -bool __head snp_init(struct boot_params *bp) +bool __init snp_init(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; =20 @@ -212,7 +212,7 @@ bool __head snp_init(struct boot_params *bp) return true; } =20 -void __head __noreturn snp_abort(void) +void __init __noreturn snp_abort(void) { sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index ffd0185aaa9d..846f5d7c24e1 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -91,7 +91,7 @@ struct sme_populate_pgd_data { */ static char sme_workarea[2 * PMD_SIZE] __section(".init.scratch"); =20 -static void __head sme_clear_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; pgd_t *pgd_p; @@ -106,7 +106,7 @@ static void __head sme_clear_pgd(struct sme_populate_pg= d_data *ppd) memset(pgd_p, 0, pgd_size); } =20 -static pud_t __head *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) +static pud_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) { pgd_t *pgd; p4d_t *p4d; @@ -143,7 +143,7 @@ static pud_t __head *sme_prepare_pgd(struct sme_populat= e_pgd_data *ppd) return pud; } =20 -static void __head sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) +static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) { pud_t *pud; pmd_t *pmd; @@ -159,7 +159,7 @@ static void __head sme_populate_pgd_large(struct sme_po= pulate_pgd_data *ppd) set_pmd(pmd, __pmd(ppd->paddr | ppd->pmd_flags)); } =20 -static void __head sme_populate_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) { pud_t *pud; pmd_t *pmd; @@ -185,7 +185,7 @@ static void __head sme_populate_pgd(struct sme_populate= _pgd_data *ppd) set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); } =20 -static void __head __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd_large(ppd); @@ -195,7 +195,7 @@ static void __head __sme_map_range_pmd(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range_pte(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd(ppd); @@ -205,7 +205,7 @@ static void __head __sme_map_range_pte(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range(struct sme_populate_pgd_data *ppd, +static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, pmdval_t pmd_flags, pteval_t pte_flags) { unsigned long vaddr_end; @@ -229,22 +229,22 @@ static void __head __sme_map_range(struct sme_populat= e_pgd_data *ppd, __sme_map_range_pte(ppd); } =20 -static void __head sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } =20 -static void __head sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); } =20 -static void __head sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) +static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); } =20 -static unsigned long __head sme_pgtable_calc(unsigned long len) +static unsigned long __init sme_pgtable_calc(unsigned long len) { unsigned long entries =3D 0, tables =3D 0; =20 @@ -281,7 +281,7 @@ static unsigned long __head sme_pgtable_calc(unsigned l= ong len) return entries + tables; } =20 -void __head sme_encrypt_kernel(struct boot_params *bp) +void __init sme_encrypt_kernel(struct boot_params *bp) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; @@ -485,7 +485,7 @@ void __head sme_encrypt_kernel(struct boot_params *bp) native_write_cr3(__native_read_cr3()); } =20 -void __head sme_enable(struct boot_params *bp) +void __init sme_enable(struct boot_params *bp) { unsigned int eax, ebx, ecx, edx; unsigned long feature_mask; diff --git a/arch/x86/include/asm/init.h b/arch/x86/include/asm/init.h index 8b1b1abcef15..01ccdd168df0 100644 --- a/arch/x86/include/asm/init.h +++ b/arch/x86/include/asm/init.h @@ -2,12 +2,6 @@ #ifndef _ASM_X86_INIT_H #define _ASM_X86_INIT_H =20 -#if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 170000 -#define __head __section(".head.text") __no_sanitize_undefined __no_stack_= protector -#else -#define __head __section(".head.text") __no_sanitize_undefined -#endif - struct x86_mapping_info { void *(*alloc_pgt_page)(void *); /* allocate buf for page table */ void (*free_pgt_page)(void *, void *); /* free buf for page table */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S index 2e42056d2306..5962ff2a189a 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -61,7 +61,7 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE) * any particular GDT layout, because we load our own as soon as we * can. */ -__HEAD + __INIT SYM_CODE_START(startup_32) movl pa(initial_stack),%ecx =09 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 88cbf932f7c2..ac1116f623d3 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -33,7 +33,7 @@ * because we need identity-mapped pages. */ =20 - __HEAD + __INIT .code64 SYM_CODE_START_NOALIGN(startup_64) UNWIND_HINT_END_OF_STACK diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index cfa18ec7d55f..16aa1f018b80 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -24,7 +24,7 @@ #include #include =20 - __HEAD + __INIT =20 /* * Entry point for PVH guests. --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C01C129A330 for ; Mon, 12 May 2025 19:12:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077134; cv=none; b=I2lVqfC9yjSrPUpcJz0WeoZHClWRNyA9GMt5d9o9YSwvCsiU0iBP0A9Bw6YmldYbtpVthNQPttGgwuJp9z8ifS8bXbP4kT0PVaZAupiKZeyqy3NS7oaAQ5oF0Z2LW5Oc7ZYzpbyGr9l/kU/LOhpLyXqWYB9reTQZgXWP1KBT71E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077134; c=relaxed/simple; bh=CHrRMRKAsr4gnOYZa5wIdBBNkBXn0abGtJEueJ4Gpz0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=cLSodxcZBPdNGn2Qp8Nk4FCp5kN1tgkSIK+8wjiGRmO7QpnYv4ol4Jm5hoVV4Tk79+EYZowutksoZH4Ftpc41LmnbMZ5DEcq+bnqUXJh1i5tgkzbr41U2UtPO8QOvpVPxCSklkQdejNofSffFwdND0gW4TT8W98VBDNhsBabx5A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=eC4aub9n; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="eC4aub9n" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43f405810b4so23986405e9.1 for ; Mon, 12 May 2025 12:12:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077131; x=1747681931; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=dMcPqHG+OsNqp0sgBphkpu6UJs8frBdc/nbebN6ySzs=; b=eC4aub9nKHfgfsoHqIecTQ3qBptbLBcBXsBlpq277Y9UhLZRwg7JdZNhdALUnmE+s5 61VpL2dtmNTP7SALl7V0Zne66P0WIY570JPJZdCIVqFh9pyRtrPY4y73DvA2P+43ZHHv 5Rmsl+6WFJdxgYvRbNsWNY37QwDpjGaTiukxUF0ZInoxJASUDCMJbBGT9G6ER0yhxngk 9Uyfz1PPMTrT9xY0UOErgR5Wyep1VKF43RW8FBzc+euPugBANdX6uVKxOL1E5sc43524 eLHLgXhkHJNDNkQobeYW+8/xots0bfJeOeFYeCzQwvMSGBWR48MqujlzadHFYnHxVIil hGzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077131; x=1747681931; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dMcPqHG+OsNqp0sgBphkpu6UJs8frBdc/nbebN6ySzs=; b=AmxssJGdeH0pC5hIRmMlJkYjYwzAOnGHcmCmf+Ce0mf/2fSByTKn9M24FRltgC5nF9 LBG1ku40z4NMZer2yqS2ABqkE86vpZK8z0hXpET1uxLn4385TK1amqBgz5+FIUOoxrv7 JBAn/bImGdYyO+Fhk2VjkfFXC0eqSBmZcgd63BbT0gSZLRoqTJLbD7VHDI7SHveeEC7q 2xkKj7yKzu2l6cKFOozLkyUYn5UHnnH3wTdIauQjop5OlyARJHfARDicSD1md8HuUlL8 gLKPD8xa4T67Fodn/r3dCsYHYoGShBPlrYNzIU+5Ei5ZceX/lwKxO3J7w8/aQTJHIPf7 iPpw== X-Gm-Message-State: AOJu0Yw550CD+ozdQNXy0bZ34xE5D9/ntYIX45q06eqgLJGqGyaNUSgH VrXpGtrCLZ8dTqH15D6rCBLvp/wdg/9Bv/1fLUlSvmTXTCx8pHcucfJEtm/uU6lPATauaybVGZq IHaNN3YM/T5yjmGNev6hPjO99GcRQXCXsIgo7Dq7ExUAgrpDOfPlpDd+T3Oh1RAMXEbM8p1efoy IEut8+5cLlTxKWIzVIIh+reubsR1226Q== X-Google-Smtp-Source: AGHT+IEd8TTSTlWt9D6t/Dm415lV8SeKsldgBtS4Gzixi/S65b+SbQhQ70tnJqv5IA+JnbXnJdoYPwvQ X-Received: from wmqe12.prod.google.com ([2002:a05:600c:4e4c:b0:43d:47b9:bedd]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4e45:b0:43b:cd0d:9466 with SMTP id 5b1f17b1804b1-442d6d44b3cmr122027435e9.9.1747077131179; Mon, 12 May 2025 12:12:11 -0700 (PDT) Date: Mon, 12 May 2025 21:08:54 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1670; i=ardb@kernel.org; h=from:subject; bh=pQDCAaxpkvazvE2Nd2OxQrPwh6fRRJgnquFDar+22pw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJPSLln7xPleHi5fNPGz/6qt+rtDnvzhN2ldb1iyf/7 3wdqeTUUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACYy04KRYdncbXlqB35J515Z WGX6aMWBz7tU5c49Xb6LNWrurcc/vE8x/GJWuxrwLN3NfMaXqlntSxfFmVm8S0zKDz80m+mCTsb idawA X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-42-ardb+git@google.com> Subject: [RFT PATCH v3 19/21] x86/boot: Disallow absolute symbol references in startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Check that the objects built under arch/x86/boot/startup do not contain any absolute symbol reference. Given that the code is built with -fPIC, such references can only be emitted using R_X86_64_64 relocations, so checking that those are absent is sufficient. Note that debug sections and __patchable_funtion_entries section may contain such relocations nonetheless, but these are unnecessary in the startup code, so they can be dropped first. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index c7e690091f81..7b83c8f597ef 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -35,9 +35,17 @@ $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_ST= ANDARD :=3D y # code, or code that has explicitly been made accessible to it via a symbol # alias. # -$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ +$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ --strip-debug \ + --remove-section=3D.rela__patchable_function_entries $(obj)/%.pi.o: $(obj)/%.o FORCE - $(call if_changed,objcopy) + $(call if_changed,piobjcopy) + +quiet_cmd_piobjcopy =3D $(quiet_cmd_objcopy) + cmd_piobjcopy =3D $(cmd_objcopy); \ + if $(READELF) -r $(@) | grep R_X86_64_64; then \ + echo "$@: R_X86_64_64 references not allowed in startup co= de" >&2; \ + /bin/false; \ + fi =20 extra-y :=3D $(obj-y) obj-y :=3D $(patsubst %.o,%.pi.o,$(obj-y)) --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B248229AB0A for ; Mon, 12 May 2025 19:12:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077136; cv=none; b=IGQrDmE9oETXDst5P7jrWzXcUWY92adbGtt6wA5qbPU0S3mdwDnZXsTHAjC1omLZsnAef+zv69GM+ExIIvUMMGb3vcTtalYHR9xrl+6l+rnUtT8xP7SiQLwzov5Gkb8D8kCWWFDPRaz99YsgnSMcofNBR38pBKE+alkSIzBiL9w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077136; c=relaxed/simple; bh=TorHU3D8vzlbLnDF5GG3Z8lBw/d5rL8k173kxpHudfQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=BSp2zsLHy2yS1WTRmSf5PmKCuBDsj2zrrCxXPW/EobYIo6VQ1GwQaTMkfPJwippHqOg0W6pNdujrGkEozDpee/Cx2pKNyamx7eIG6DDnCdR6Vbeh7HoOPGMPZ2i1L2JGC0u5eKOvtX7LEncQBq3NZ5ufEhXQynxgxQoY8rmU5wQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0iOxz77K; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0iOxz77K" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43d0a037f97so25018015e9.2 for ; Mon, 12 May 2025 12:12:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077133; x=1747681933; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=v439pYe/axTRwHMKr6MQIEHe6JUV+bVOJ6eq2XJ3atI=; b=0iOxz77KFxU69GuMWPUbCWgW9VNpO0QySmGBiRoIjTyviRHp6M2K0MgvQ35zf15weo 1zeX82bJdbPduQ+rjfhWQ5Nnj0SsKJ7YiYN2QJhsU4ipU5dSYTj3Ae6nUBgdxLmNOF/6 5owS9NRWLOL5L0h3rfifqjogsbRPC9JNyx80So+ww//gwnN5zCT8CFO+PZACAu8oEW0n SsIaceHb0dah9IvU7jrdl2jdTffCI7fj1SMvSB36y8WFnupn9clK/t+KUTaqHUjYiNKw 0IENPyLCL7AiGG31K5WuNpZ9GGSz/v8iaPrxaTrXWwdmoud1eoBzhW0WVi1rts2t6ZAk Y7Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077133; x=1747681933; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=v439pYe/axTRwHMKr6MQIEHe6JUV+bVOJ6eq2XJ3atI=; b=OsgWOp4hNsDCZN1SRoKMTCYjNk+yhY5l5c4FjmqaBulbDc0hN9Z/OpAW6gHNVP2AEn FgKGD9AhZnn8E42y30GeN9GogtjoqCKqz7B0wqOd769INuXP6KWua6TUA1CkJ2vVbpzw vecmCxiC24yAenWu+vI56BRd8tx3nILNFq4+Tqlw/Y2qgdQ/xjWkQtJhVfnr/oILRh7t hvj71KqLZDibhNIeEI0I+J3X42m/d4kNpfVsV59ZQBHDXHlUyi4r0lRGAbtFliLMiOu0 bNGuMPDTwDT1ZenntkIXBMNeyLiSskTsvO6Xxm26CHPNc7IfMlvkhCbxRDdTBUgyZPuS JWDw== X-Gm-Message-State: AOJu0Yzi6SEI4nb9BoqP4Em1wl3r0F7LYFo9yfJ/UZT+nYpmW4ZQgJEw vQgIzd9yWeXuGSc75nMkMD9LxPXRXkYbazoLmmguRAWsGrQdXXDD1xmNHGlrJq17G8LpMAW0FeT j44U4MjcgDUsPyzHSjHL18P83az8HgEWUiqsoFnRN8E8O2ObOUek/51tzuIKNnfWTYBLJB/gD3c No1Z7KJCNh1cH/IjYY6Yny4SVJH1aNNw== X-Google-Smtp-Source: AGHT+IEMZYndVwREXzsaDO3LVik4Mk0won2pEwZv3DWg+/+jysG1MAjNpnGgjDfRCAkMKKBZbMh+CUx9 X-Received: from wmbem11.prod.google.com ([2002:a05:600c:820b:b0:43b:c450:ea70]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4e45:b0:43b:cd0d:9466 with SMTP id 5b1f17b1804b1-442d6d44b3cmr122027975e9.9.1747077133093; Mon, 12 May 2025 12:12:13 -0700 (PDT) Date: Mon, 12 May 2025 21:08:55 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1439; i=ardb@kernel.org; h=from:subject; bh=XkUgHViP3uJKbwSMBnGo+c2h3KHUCLzDm2JV//00rhk=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJPdKy5iq787yskwwr2n5uPOiQNaejP9rN/vnp52+nc P1bFqXQUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZSZcPwP7+25rde1Srnw/Nq zMt1XAt/JhU/jTE8WWJ39JCikt1FL4b/rhz7vT59+u82febDNTt/9ptGZ4r9N9bUeVTpOWfep6N 2/AA= X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-43-ardb+git@google.com> Subject: [RFT PATCH v3 20/21] x86/boot: Revert "Reject absolute references in .head.text" From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel This reverts commit faf0ed487415f76fe4acf7980ce360901f5e1698. The startup code is checked directly for the absence of absolute symbol references, so checking the .head.text section in the relocs tool is no longer needed. Signed-off-by: Ard Biesheuvel --- arch/x86/tools/relocs.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index 5778bc498415..e5a2b9a912d1 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -740,10 +740,10 @@ static void walk_relocs(int (*process)(struct section= *sec, Elf_Rel *rel, static int do_reloc64(struct section *sec, Elf_Rel *rel, ElfW(Sym) *sym, const char *symname) { - int headtext =3D !strcmp(sec_name(sec->shdr.sh_info), ".head.text"); unsigned r_type =3D ELF64_R_TYPE(rel->r_info); ElfW(Addr) offset =3D rel->r_offset; int shn_abs =3D (sym->st_shndx =3D=3D SHN_ABS) && !is_reloc(S_REL, symnam= e); + if (sym->st_shndx =3D=3D SHN_UNDEF) return 0; =20 @@ -783,12 +783,6 @@ static int do_reloc64(struct section *sec, Elf_Rel *re= l, ElfW(Sym) *sym, break; } =20 - if (headtext) { - die("Absolute reference to symbol '%s' not permitted in .head.text\n", - symname); - break; - } - /* * Relocation offsets for 64 bit kernels are output * as 32 bits and sign extended back to 64 bits when --=20 2.49.0.1045.g170613ef41-goog From nobody Sat Feb 7 11:31:26 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7BE2298C2D for ; Mon, 12 May 2025 19:12:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077138; cv=none; b=Km/a9H42qsp7UsNmxLM6UG84JsOIHnEHQtMbtwHUXCYVIB79SIkKtl0Ay0wYZplk1qVf6TeDerYYH5oXoeYpB4YMJlUVr3QpHIfkpUglNkavgRB7VHKeA/zXvHaZNK7teQdEQ+P6+0JS+pgD0I9dwIDvqL4nzUBxHwPjOb8jfTM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747077138; c=relaxed/simple; bh=oNpZWzxML1Y9AUwsTEbmGl1GQM0zru5fkRJMmLZ/LBs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GCE450xvAtE6vujsmMoBn/PvNHZLV7lbiPkCGULcnIo6Lnf8Xq/9J/4kE81QUXpJncnWXEb6VdBOQLRnYkI58pHNv+GGYQD8btA9dotyyQENkC1K3IZtrJP0T98ditBJ8J4E+Tf+LeUbcW5KU8ICmN9HIX8R7iD+uVxOPcrtBwo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MtsJcUvQ; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MtsJcUvQ" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43ceeaf1524so19129455e9.1 for ; Mon, 12 May 2025 12:12:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747077135; x=1747681935; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=WI3lpf4o3BFZ6Wf9RXkL6mjd94Q743aLN5UBFJjS89I=; b=MtsJcUvQhXAhY2LIUETIUwb+OIdcX1QVmkHNJ0w343mGKoeY5C+rAJeMAL3fQ9nRHb X3sEeS8vFbWrNaV0plKR9x3IX4qbn1srRvgR7umXIuEnQoKDRsksQFtqiImYjqdmNoTm M09AB0uyaPi5dY69XjgXZ5guavtrjJKgfKmiZtYhDbw+PkVXk+iF8+OBpUoUvU99y+X3 66QwzWRHi1825l8Kp8/m15PzRAk6Cx1CQkjHbpqaEAqNzn04y0xJMjjaO9Yg0lgO0HAJ Q/dR8276IIR+39eeVzct4xkJkJ/VS8NeDCaFi9TGEuZ6J78KRrehUptQaiEZ2iLW3VXL UuQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747077135; x=1747681935; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WI3lpf4o3BFZ6Wf9RXkL6mjd94Q743aLN5UBFJjS89I=; b=JdISO1f/3seGCd/uxJAGlFe/nTRFghpfGuWDbuG672mh643EbfT0JXgXTZHPwfvn4j U7UcVU0X1QM/UY42/J2SEt1IwbPs5mWHEiffmrLYfNr410vdC3vaypyOKAo+TnVfgOkX +m828YSPdLdrUJ21ocbZ7YCDTM99vBj686bGh45URub9cFnjZoUJmgvVJiopMcSyyRA8 3znYS1qX3s1qUwGWowrjSotM0VZgpKzdX5PEAR6C8qWiOFCkwNIY4DgEb0ruC2wkuQsT jQAA/b/cnJSLMDLxjl8sY7bg9VjvyAkIfWDjS3Wy2KwSJvvC6pqXMvj33FpK+CekFY6+ BR2A== X-Gm-Message-State: AOJu0YxO/zYLliUW9QhvTxzw5BEc5Ax7IDINrq7hK0WePeXzQ+7Eywpb 7x/tcDXAn+xYrI7YrCxUIqwkTzcsrEFFE+HkFM3OpgAAhMF9bsQmj46az2oCFVhKOMzelrb+/1y 4YLTm/SJiyq84PhPVC+CK/moEY4c1EaVK7y3CHOpuI0Sbu+1JXbeHcecl7lrFXv4Du1ljaJtNme +TV+Ch1ig+O4V5gvmQc61jCt9+8pNlpQ== X-Google-Smtp-Source: AGHT+IGCXNDr+jh6bOr352X5CVhqqUzwrHtlwyq9ZxtmuJ2vjkk6u7svwBp8YAU1ah6nGYR5VkFGnYjf X-Received: from wmbej12.prod.google.com ([2002:a05:600c:3e8c:b0:43d:b30:d2df]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3481:b0:439:9737:675b with SMTP id 5b1f17b1804b1-442eacba7b1mr5246275e9.7.1747077135091; Mon, 12 May 2025 12:12:15 -0700 (PDT) Date: Mon, 12 May 2025 21:08:56 +0200 In-Reply-To: <20250512190834.332684-23-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250512190834.332684-23-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=738; i=ardb@kernel.org; h=from:subject; bh=mya2OfKi8dRdyM/BzZK5KhM5tXbVnj0PSSJLpQKVmKE=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUPJPbrBNeicjUn71hpXK/sM4ZOafjuMfpxY/9nIk4/HT +4bp0tHKQuDGAeDrJgii8Dsv+92np4oVes8SxZmDisTyBAGLk4BmEjKaYb/LgGWLmtaFzQ3CGX8 tUvRCXJm3rvm6ftch41KG3U+N/zrYfjv6VhheMg93PVbFsMto/XvKj5a2Um8Ym9SjL0+O2D1f2M OAA== X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250512190834.332684-44-ardb+git@google.com> Subject: [RFT PATCH v3 21/21] x86/boot: Get rid of the .head.text section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The .head.text section is now empty, so it can be dropped from the linker script. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/vmlinux.lds.S | 5 ----- 1 file changed, 5 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 4aaa1693b262..af8bc4a6f6c3 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -160,11 +160,6 @@ SECTIONS =20 } :text =3D 0xcccccccc =20 - /* bootstrapping code */ - .head.text : AT(ADDR(.head.text) - LOAD_OFFSET) { - HEAD_TEXT - } :text =3D 0xcccccccc - /* End of text section, which should occupy whole number of pages */ _etext =3D .; . =3D ALIGN(PAGE_SIZE); --=20 2.49.0.1045.g170613ef41-goog