From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F3132367AB for ; Wed, 9 Jul 2025 08:11:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048667; cv=none; b=b6J9pzrvHSF7HmThEyplRblcY5e5n/L0EdnkL9q5v7i31byWTUSpsRJSeeQSfc1kx+qx7Ynv90XTtIrCldVN1SwHrfNOLYjSFjjdUKMa2VNte7PuDXXbVzmsXn9qZR95u5GES5azDRWglxN21RufQsfHGQCUBONDG2PmYCetKGk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048667; c=relaxed/simple; bh=rvFUy8VNOP6qgmwC35GsrRDFzZ/g6tUzKy8jPeagLO8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Cvk2vGXTH2GmY3V49rTxWZC76YSBitvGClkEoZi8IG6qu4cni3UupJPd9FJ+BslzBFdKdkJp0L30iuZ7h3x9oIZjsbXvv87Omsh6oqB4sDoI7RAYBNGNtIH4PEFOKIearIOfdKKvX3g6oan/c6uJYBiDLd6Tw0Ph/ZpxL2WpnoQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=VSXcm6Zn; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="VSXcm6Zn" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-451d2037f1eso29992485e9.0 for ; Wed, 09 Jul 2025 01:11:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048664; x=1752653464; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=UelTNJ1ZGFMhoYHsZLPl0KqF4/9p9ZCeI5r05QnvFT0=; b=VSXcm6ZnJlJQh4uIONtSqXp67muCCGYDvK3JSD/TMGMuIEywa4LtBp7NON/mzK6tiK z0tcp9ENFC16dxci9pL8fX+kZKVrIbyiKxuDjivQ/2GhuhBre7pugaHPKQJVynD51itS U1FY34WxImuJBi4HaP6dMDiCuLRBq+XUVWK5pBKs3z7QomLQbL3jNG40B/JjYZnFpD6A WyRfpdE82ZeBPyI6tGJo2MBDlZV35RIxfcTpIc+knxc5N3Ms6bOC+8TqsBZ+lg6XsYsW ifRjPAssGZFHlsEV42WkjNQgM93PyTP+LbZ+NwKteRNbOvQ4kKVhR04KD2uFSFnnNp7+ I1KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048664; x=1752653464; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UelTNJ1ZGFMhoYHsZLPl0KqF4/9p9ZCeI5r05QnvFT0=; b=i/lcRk9PTKt+fGaDKMG47i0Slox6OMHqZaRRjhWbuqPlPESlO2r1I8Za71pO0CR4C2 QaALIo/qZCWt0HR1KLBeY+zb4stY40gLi3APm8eGjXOHT9bWuHtuclO28eb52LJDK6y5 FoY5/BeE8mru4hKdkpgcV9Om3u7mlCn9vqIiitYxVE9cajDasndN2b9+kt6r0/esKRoo L6OdJdNJExYt37USMarX0u8ZJEVeIHpYFa/IU6g0xdawK4kk410oPS+UyroGqUjWRqb9 1SSQxd+EAfCavZEiZJ1PIsokFt4h5DgPr56tStaQ6KRHhli+6GEcSLLRsIfsrqBA3yBg iz1Q== X-Gm-Message-State: AOJu0YxhOfcGbzRd75E8c/d/0RDndFJ8y39w5g6emCGM1A7Cc6MOlbBc bZCQwZ9ZPtVBwsVrVyoeXfL1Id7FEL3dfgvqUNgmarT0VOBoeCMfJN7YWlDydcsQPVxk522Bh4q E2KqFFoc9VtR6skINlI7PU6x1w9zUKfPhl/5eyz9O6QD/DgOc4lbPLsYjr1gLGk93qC6uji+GL+ EqO9mUgtoOkIYA6daAxiFZmBvumLwcgUuqKA== X-Google-Smtp-Source: AGHT+IH1UcgHnwr/ONpvBzCpnESyqEOF32nxkKebiHM9ga71jVmhRDG10vIprcYBoFwAwgG+s3kFaUaN X-Received: from wmbem16.prod.google.com ([2002:a05:600c:8210:b0:450:db34:f21f]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:26c4:b0:3a6:d579:ec21 with SMTP id ffacd0b85a97d-3b5e450b3c4mr967624f8f.12.1752048663820; Wed, 09 Jul 2025 01:11:03 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:42 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7747; i=ardb@kernel.org; h=from:subject; bh=KsJKhc9ZBuFADNQxaFbcPRiKpDH4TotE/4MjeTwLh8g=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPeWKwV6lfkvmd82XXLWMFWV77bhL8cOj0ifAll7/2z DKf6KzUUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACaySpiR4YRwyYL623xhLPGu 315bRGXE7lFysGl9nisv9/ejZtHcSoY//KyGIZMLUuUcts38U8b1L2MKzwTW3rOSBrqnXumvVON iBQA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-27-ardb+git@google.com> Subject: [PATCH v4 01/24] x86/sev: Separate MSR and GHCB based snp_cpuid() via a callback From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel There are two distinct callers of snp_cpuid(): one where the MSR protocol is always used, and one where the GHCB page based interface is always used. The snp_cpuid() logic does not care about the distinction, which only matters at a lower level. But the fact that it supports both interfaces means that the GHCB page based logic is pulled into the early startup code where PA to VA conversions are problematic, given that it runs from the 1:1 mapping of memory. So keep snp_cpuid() itself in the startup code, but factor out the hypervisor calls via a callback, so that the GHCB page handling can be moved out. Code refactoring only - no functional change intended. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/sev-shared.c | 64 ++++---------------- arch/x86/coco/sev/vc-shared.c | 49 ++++++++++++++- arch/x86/include/asm/sev.h | 3 +- 3 files changed, 63 insertions(+), 53 deletions(-) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 7a706db87b93..992abfa50508 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -319,7 +319,7 @@ static int __sev_cpuid_hv(u32 fn, int reg_idx, u32 *reg) return 0; } =20 -static int __sev_cpuid_hv_msr(struct cpuid_leaf *leaf) +static int __sev_cpuid_msr_prot(struct cpuid_leaf *leaf) { int ret; =20 @@ -342,44 +342,7 @@ static int __sev_cpuid_hv_msr(struct cpuid_leaf *leaf) return ret; } =20 -static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) -{ - u32 cr4 =3D native_read_cr4(); - int ret; - - ghcb_set_rax(ghcb, leaf->fn); - ghcb_set_rcx(ghcb, leaf->subfn); - - if (cr4 & X86_CR4_OSXSAVE) - /* Safe to read xcr0 */ - ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK)); - else - /* xgetbv will cause #UD - use reset value for xcr0 */ - ghcb_set_xcr0(ghcb, 1); - - ret =3D sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); - if (ret !=3D ES_OK) - return ret; - - if (!(ghcb_rax_is_valid(ghcb) && - ghcb_rbx_is_valid(ghcb) && - ghcb_rcx_is_valid(ghcb) && - ghcb_rdx_is_valid(ghcb))) - return ES_VMM_ERROR; =20 - leaf->eax =3D ghcb->save.rax; - leaf->ebx =3D ghcb->save.rbx; - leaf->ecx =3D ghcb->save.rcx; - leaf->edx =3D ghcb->save.rdx; - - return ES_OK; -} - -static int sev_cpuid_hv(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct= cpuid_leaf *leaf) -{ - return ghcb ? __sev_cpuid_hv_ghcb(ghcb, ctxt, leaf) - : __sev_cpuid_hv_msr(leaf); -} =20 /* * This may be called early while still running on the initial identity @@ -484,21 +447,20 @@ snp_cpuid_get_validated_func(struct cpuid_leaf *leaf) return false; } =20 -static void snp_cpuid_hv(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struc= t cpuid_leaf *leaf) +static void snp_cpuid_msr_prot(void *ctx, struct cpuid_leaf *leaf) { - if (sev_cpuid_hv(ghcb, ctxt, leaf)) + if (__sev_cpuid_msr_prot(leaf)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); } =20 -static int __head -snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_ctxt *ctxt, - struct cpuid_leaf *leaf) +static int __head snp_cpuid_postprocess(void (*cpuid)(void *ctx, struct cp= uid_leaf *), + void *ctx, struct cpuid_leaf *leaf) { struct cpuid_leaf leaf_hv =3D *leaf; =20 switch (leaf->fn) { case 0x1: - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid(ctx, &leaf_hv); =20 /* initial APIC ID */ leaf->ebx =3D (leaf_hv.ebx & GENMASK(31, 24)) | (leaf->ebx & GENMASK(23,= 0)); @@ -517,7 +479,7 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, break; case 0xB: leaf_hv.subfn =3D 0; - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid(ctx, &leaf_hv); =20 /* extended APIC ID */ leaf->edx =3D leaf_hv.edx; @@ -565,7 +527,7 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, } break; case 0x8000001E: - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid(ctx, &leaf_hv); =20 /* extended APIC ID */ leaf->eax =3D leaf_hv.eax; @@ -586,8 +548,8 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, * Returns -EOPNOTSUPP if feature not enabled. Any other non-zero return v= alue * should be treated as fatal by caller. */ -int __head -snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct cpuid_leaf *l= eaf) +int __head snp_cpuid(void (*cpuid)(void *ctx, struct cpuid_leaf *), void *= ctx, + struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); =20 @@ -621,7 +583,7 @@ snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, s= truct cpuid_leaf *leaf) return 0; } =20 - return snp_cpuid_postprocess(ghcb, ctxt, leaf); + return snp_cpuid_postprocess(cpuid, ctx, leaf); } =20 /* @@ -648,14 +610,14 @@ void __head do_vc_no_ghcb(struct pt_regs *regs, unsig= ned long exit_code) leaf.fn =3D fn; leaf.subfn =3D subfn; =20 - ret =3D snp_cpuid(NULL, NULL, &leaf); + ret =3D snp_cpuid(snp_cpuid_msr_prot, NULL, &leaf); if (!ret) goto cpuid_done; =20 if (ret !=3D -EOPNOTSUPP) goto fail; =20 - if (__sev_cpuid_hv_msr(&leaf)) + if (__sev_cpuid_msr_prot(&leaf)) goto fail; =20 cpuid_done: diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c index 2c0ab0fdc060..776cb90be530 100644 --- a/arch/x86/coco/sev/vc-shared.c +++ b/arch/x86/coco/sev/vc-shared.c @@ -409,15 +409,62 @@ static enum es_result vc_handle_ioio(struct ghcb *ghc= b, struct es_em_ctxt *ctxt) return ret; } =20 +static int __sev_cpuid_ghcb_prot(struct ghcb *ghcb, struct es_em_ctxt *ctx= t, struct cpuid_leaf *leaf) +{ + u32 cr4 =3D native_read_cr4(); + int ret; + + ghcb_set_rax(ghcb, leaf->fn); + ghcb_set_rcx(ghcb, leaf->subfn); + + if (cr4 & X86_CR4_OSXSAVE) + /* Safe to read xcr0 */ + ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK)); + else + /* xgetbv will cause #UD - use reset value for xcr0 */ + ghcb_set_xcr0(ghcb, 1); + + ret =3D sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); + if (ret !=3D ES_OK) + return ret; + + if (!(ghcb_rax_is_valid(ghcb) && + ghcb_rbx_is_valid(ghcb) && + ghcb_rcx_is_valid(ghcb) && + ghcb_rdx_is_valid(ghcb))) + return ES_VMM_ERROR; + + leaf->eax =3D ghcb->save.rax; + leaf->ebx =3D ghcb->save.rbx; + leaf->ecx =3D ghcb->save.rcx; + leaf->edx =3D ghcb->save.rdx; + + return ES_OK; +} + +struct cpuid_ctx { + struct ghcb *ghcb; + struct es_em_ctxt *ctxt; +}; + +static void snp_cpuid_ghcb_prot(void *p, struct cpuid_leaf *leaf) +{ + struct cpuid_ctx *ctx =3D p; + + if (__sev_cpuid_ghcb_prot(ctx->ghcb, ctx->ctxt, leaf)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); +} + static int vc_handle_cpuid_snp(struct ghcb *ghcb, struct es_em_ctxt *ctxt) { + struct cpuid_ctx ctx =3D { ghcb, ctxt }; struct pt_regs *regs =3D ctxt->regs; struct cpuid_leaf leaf; int ret; =20 leaf.fn =3D regs->ax; leaf.subfn =3D regs->cx; - ret =3D snp_cpuid(ghcb, ctxt, &leaf); + ret =3D snp_cpuid(snp_cpuid_ghcb_prot, &ctx, &leaf); if (!ret) { regs->ax =3D leaf.eax; regs->bx =3D leaf.ebx; diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 89075ff19afa..2cabf617de3c 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -552,7 +552,8 @@ struct cpuid_leaf { u32 edx; }; =20 -int snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct cpuid_lea= f *leaf); +int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), + void *ctx, struct cpuid_leaf *leaf); =20 void __noreturn sev_es_terminate(unsigned int set, unsigned int reason); enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C2E70235BE2 for ; Wed, 9 Jul 2025 08:11:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048669; cv=none; b=LxmmS8xhwV/geJBLi9uhWgjT3I1H2snmit3NQEyDOLC3DySeaF868ZFejL6vbborvefH5QmPEcMxdRXWjgEdj83VAGhm0j1hLpAHjqkKLDBGTEkPr/nWiwSn0cJRtdSeA0E2g6tHUBwduufdeZj+Z/apKvQto/epUQoZXP/9SfM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048669; c=relaxed/simple; bh=cJ3lQy2Swj3+MFWaaDWOoZLadXnitJMf7zR1KaamiyQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=oEfWLri4Mf/DiTZTy1LLBTkoMeBZwzLAnJD86H0/vdr7XpajRBRq2DgDjk9nVo9M6P1NPTpw5IeGvpMuhSJ3h60EEj1KXeSeZyd+wS7Oy9gSDGp9+NZ8N5nm8zSl62OcYCUIiVWaDIQu57u+uuNJzhEAM5EmSOWXWUrzZQIJ7uU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=u4iTUb07; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="u4iTUb07" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a4fabcafecso2215400f8f.0 for ; Wed, 09 Jul 2025 01:11:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048666; x=1752653466; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=lkFTmqsf5xM0y0olaKrwlu6ac6INtEIMjHx7vjsV9mg=; b=u4iTUb07HGmZIpIF509dF8/DOSw0plFaMRqKIj43HPU7lA/FUcJN/0/yEa/8ctm6mu hpe3Tw/XVBpi3yJ7MG2AP9nJZyuWRQE1QW+iaqB4xIE2VDfDnresVLmbjYvg43rlaqZs eKd8XSdYLFgFQOX0GX4Ye6QXdGQzc95l4vXaLjkMnsi59xs99Kzwzxg2fUYZ9iiGQYXR qFNppMp7DOoe6u30R70gAvweqp/macgbv4u5Ux0T4w8+f/a9XMv6evzEB0Nwb6I219K5 v4Q/l+w6zwPlhZ8roAIgHhGGqDJJK7yqQkyYxwG7QOyLdbJLDqVX5uFAdFLC1oK0awHI ZpvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048666; x=1752653466; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lkFTmqsf5xM0y0olaKrwlu6ac6INtEIMjHx7vjsV9mg=; b=uDxs+sYtMXrn/2iDdTceswhLcYNtdIFfKW6RZV8bI0Upntq3emnvkSODpGrljk3czi GB61pfim9Ra51laP4aGmwd1Dz0jqdFMz5O4OmwLpkXlznsjEUGA+qHckpwpGcGq+6ntO TlKHs75DEQ+hkbO5Qm+vPH/q9g9356UPpRvwXw4G2kM5LhlewEGRFPQMW3pNxAXwU9op EsLGEBDW7WwfBFOlRwtWqEqQX7E0m919nc/LCw9oS1TDi14UouxesTujE6LsoYGQ9gj0 ioUU80YXo780K9anFDvg5Oca+o3Qq1cNjzByY1gQvyyoLEreVicvfdNWCj2TV2wqceiv Ze8Q== X-Gm-Message-State: AOJu0Yw4v2Zwc6x51jQ4FOTRMj8JRxepGnZFqdCSlPuoLzU4BBhR+y/P +kmGsd4zSgzCL/nsMc7s8gUBEEcgQaLBAWXFZRJ7bJJOz2VLl8n9iVgXzLZfrHOdcD18WMZV54K C9/fUI3R/CWC4u29faVZdEuPprYu+iTc6fdSDz4qT9mQyF+j9YMBorsGZhTuHqcDgsYWVHAaUou doXR7CcKr93g6e+cmlfOl/Jf9+zVMZXHRm/w== X-Google-Smtp-Source: AGHT+IGOZr6el78qKmmrKFemNa0V3BiadGjv1vwBoY2O4ledQQmAr1BG3DO6rNUYHdgMOL++JpU1fyoe X-Received: from wmbbi11.prod.google.com ([2002:a05:600c:3d8b:b0:44a:ebc5:9921]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:5d87:0:b0:3a5:2182:bd11 with SMTP id ffacd0b85a97d-3b5e44ea087mr1102193f8f.20.1752048666066; Wed, 09 Jul 2025 01:11:06 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:43 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1244; i=ardb@kernel.org; h=from:subject; bh=9C+aDfHhanCnCZaffi+nlLG9t5eZ2KFG7bqL9VA5WFo=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPeZpM2RxT/0WvGaW+MMsZtf34N5nNMHa+2+yH/zR5F nVMn3upo5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExE4gsjw6N3dxLsdpyesqJg +wsdyeolyY+aHDbd/nF5nmbgE8+cJjdGhs+MVTU3ewy6s4Xd59cvCF4pfXdh/pzQld3fIlKbVj9 6yQ8A X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-28-ardb+git@google.com> Subject: [PATCH v4 02/24] x86/sev: Use MSR protocol for remapping SVSM calling area From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel As the preceding code comment already indicates, remapping the SVSM calling area occurs long before the GHCB page is configured, and so calling svsm_perform_call_protocol() is guaranteed to result in a call to svsm_perform_msr_protocol(). So just call the latter directly. This allows most of the GHCB based API infrastructure to be moved out of the startup code in a subsequent patch. Signed-off-by: Ard Biesheuvel Reviewed-by: Borislav Petkov (AMD) --- arch/x86/boot/startup/sev-startup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 0b7e3b950183..08b8c24fb469 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -325,7 +325,9 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) call.caa =3D svsm_get_caa(); call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); call.rcx =3D pa; - ret =3D svsm_perform_call_protocol(&call); + do { + ret =3D svsm_perform_msr_protocol(&call); + } while (ret =3D=3D -EAGAIN); if (ret) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CA_REMAP_FAIL); =20 --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B631C239E9E for ; Wed, 9 Jul 2025 08:11:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048671; cv=none; b=bNtQnbbvtx0s6N/TYS+DmVrp8Dsq9LMF3Pmk+OCCv8+rr3jpUcr2O2ZSMZECgHf92w2DfXy3O0inDp5fgcfyoIXcp4oSQqNPRspXzy+6Aa6hLx6WrPJ7K+2aC3eAx1eEAp1s52O8iqN3pd8gQ0eBjLiw4X3Iz6gGbtMZR0jHPss= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048671; c=relaxed/simple; bh=FlsTo1Na0gqk7JnqppoQ3g3pClSByxD+GJ2YmQqbeYY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QtQFP6r1gNvTXXRXuUdsOhGakUnlRLPHraF3bo4hZFWADdTQwVEYdh9OlU62PEa7ltp4/dT2XpuESw8oveoUVuxi04WXunRMVr1AZBOnXpusGVxeJeECSzqPJHg9DAYHI4vUDAYxjpWimxjbF8i+TQO5TZLm88QEKt+AB+7APx0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bLAC5IlE; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bLAC5IlE" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a4eee2398bso2298964f8f.1 for ; Wed, 09 Jul 2025 01:11:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048668; x=1752653468; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=irDKxIOWN/GYN8fC55Fb2miL4MwwqCl9Ulz8cQYfbDQ=; b=bLAC5IlELHKog+SXBybIT/vrIozHAjQj7X6TApxXKKIWIwR5ZN3iCMFC2mJEwQp6Q6 Cyk+ajW+5H/aurSPIRWQxqHFmtcqTTOynymmSEkGwXitlYT6AXOV+dILT+TEaMrY/8fj KfOyycNJAfU51ocEmXeSkxpuf5Z/fQ25vPxcVjgWsNE48KRXHWP2uyD0bDevDR/Fnypl QaFaMB8E2pjki+HLxD3+SeDWYW9NpdEOLrcYXkPZYaQRvPlltJUB9C2KJwinCNJ3WIt5 r3JEY2ewkc9/1CA6wGdifoSHLk6BAqH72dUJvS7KPHvqHv6e4YE49K6ymS9/ERWvoFKm U0aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048668; x=1752653468; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=irDKxIOWN/GYN8fC55Fb2miL4MwwqCl9Ulz8cQYfbDQ=; b=edp/QvIAJqOVy0JvXE0FnlUgQWBTrmNexqBafLgbw1iXPHeq7e8JuJv28902QjFv3E 9+nIDClMSZ8o39jyJemUCTq16d6xF2A9DcPwDK0yPMyFEySAxqfhgr8sA3J/bOXFuB3j EIlRvJyFW87uW3IMxSWMzKWYhfDcEtyJfmj8YaA4W7WD7A7bvlF75dqhqe4vNoDPG0pq ++3vlGIf23Om7DJDWALx4IuypmyUgi5WXEf6bZHkkdPe/XSmjHoO92pZwcYSbKbJD/YI tbRa4BtEwKBK84lPOgUAMqwUcbj2HxBALSjPZuIWm/LfO+6g7TdxJs8KN9pFydM/scPf /jTg== X-Gm-Message-State: AOJu0YwwvC0sSt4hcE8SraPvsOCRr5Bj4gchfeAgL6+D+eDgvkFQEuIw u+fs1rvg3FzL9SXE04SUmmT2VyYvHeJ2YRHw+b8QSPa0darbaIX6BBzXs9ug/Tv714zkDwdA9E7 pl3ry8AerF4ahh0vGE3+PzbgqAVep79+UiCSPld/AJBZ7SsntjVNFXF0JWdFio2tha3MuMN7NFf yMjqsQSH9g0E/CyGPAODRxHtuP3529OZbuag== X-Google-Smtp-Source: AGHT+IE1AbDthtPc79Q4E0+CvLr8kELSkSM5FvPu0zAUmfA29qg7a1zdyotu1oFbfwjeOF/rM/GFqFy7 X-Received: from wrbm15.prod.google.com ([2002:adf:a3cf:0:b0:3a5:75f:1fb7]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:220d:b0:3a4:ed10:c14 with SMTP id ffacd0b85a97d-3b5e44e94damr1081339f8f.14.1752048668183; Wed, 09 Jul 2025 01:11:08 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:44 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2348; i=ardb@kernel.org; h=from:subject; bh=hoadtf7g9eDjkIht+Y1Um5UwMCQL5oJbisXGKydMrJs=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPefZbmfcRZ8Q1E5bYqb9oSIwxqfC2qXjpLuV6wXzfg d0WHyo7SlkYxLgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwERO/mf47yT97PChmISm9GOG cbz1uWbPH85PTU2ZYGjpe3H3d6arFxn+x64wLXoeoOy3KmFlSb7rxbitbtFNf9feuSBZ3lm/xLW QDQA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-29-ardb+git@google.com> Subject: [PATCH v4 03/24] x86/sev: Use MSR protocol only for early SVSM PVALIDATE call From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The early page state change API performs an SVSM call to PVALIDATE each page when running under a SVSM, and this involves either a GHCB page based call or a call based on the MSR protocol. The GHCB page based variant involves VA to PA translation of the GHCB address, and this is best avoided in the startup code, where virtual addresses are ambiguous (1:1 or kernel virtual). As this is the last remaining occurrence of svsm_perform_call_protocol() in the startup code, switch to the MSR protocol exclusively in this particular case, so that the GHCB based plumbing can be moved out of the startup code entirely in a subsequent patch. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 20 -------------------- arch/x86/boot/startup/sev-shared.c | 4 +++- 2 files changed, 3 insertions(+), 21 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index fd1b67dfea22..b71c1ab6a282 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -50,31 +50,11 @@ u64 svsm_get_caa_pa(void) return boot_svsm_caa_pa; } =20 -int svsm_perform_call_protocol(struct svsm_call *call); - u8 snp_vmpl; =20 /* Include code for early handlers */ #include "../../boot/startup/sev-shared.c" =20 -int svsm_perform_call_protocol(struct svsm_call *call) -{ - struct ghcb *ghcb; - int ret; - - if (boot_ghcb) - ghcb =3D boot_ghcb; - else - ghcb =3D NULL; - - do { - ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); - } while (ret =3D=3D -EAGAIN); - - return ret; -} - static bool sev_snp_enabled(void) { return sev_status & MSR_AMD64_SEV_SNP_ENABLED; diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 992abfa50508..1bb4b522dfaa 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -753,7 +753,9 @@ static void __head svsm_pval_4k_page(unsigned long padd= r, bool validate) call.rax =3D SVSM_CORE_CALL(SVSM_CORE_PVALIDATE); call.rcx =3D pc_pa; =20 - ret =3D svsm_perform_call_protocol(&call); + do { + ret =3D svsm_perform_msr_protocol(&call); + } while (ret =3D=3D -EAGAIN); if (ret) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); =20 --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 196D526CE15 for ; Wed, 9 Jul 2025 08:11:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048673; cv=none; b=RNrTXAVPfxcGgBVbba7/rfisDbBzEx0a0LKlcb9qPNs1eg9ZFyrYQyEiSoZnr/L6l7g32yMaAhl1L6zv2RlFU6GgQKYgi0byI4Am0YPJyWQo6CzyoECUxrO5+3JIYNQ2uX1tFYUsX0vZ8dEU42vNrevOMDF/O2Wt8TNnvRwSY+w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048673; c=relaxed/simple; bh=qWa4KWyIEFQ8Dd6SQscBjxL/fkGwoddf/ZnfnynGWHw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MPCSfMFcdotbSoYL2r0mQHgJz9F6rPr+MrgbJCmdtJI36rDmewpIj957v+dbzEI45o04NU7NhiEMc/fZdMhQgwYnAqHFaNHMBbNqbNsnAxgz08+R8/uSzniKviBnoxAchVEm1a57DMZrpqbyOK7bZnxLdxrd+3FT7uzqkNFYGow= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=DQgyu3LC; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="DQgyu3LC" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3a4e713e05bso2211054f8f.3 for ; Wed, 09 Jul 2025 01:11:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048670; x=1752653470; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rrVXr0txl0maG0fRT3Fq2/7vfV6O88A9LJ2P2lv7/Ic=; b=DQgyu3LCHuoNkmo6itt2PiNklNpKkwy0fV9tPYnKaj2KsyICpZAkSr2vSsZlMQOwJv i8Jq/59B5H0dIhcR30Wl+GbM8zeZ/wlvstX3pKhzSdjmNJ7O+Ef8ROBzm8sF1f3XmyCD AKiw8z/imuw87T6iZT4Fwg0dR2nEwosWbr07pQEquJuHhm/qbLyJ6PgULEAgGuxVL8ga 3nrlIOert/Ctgef9ymeAiABSt8DPiBR347hHfTLQaKpYt+C0gI29UPqYKNREGZe4mRGl 7VJRIzApIghFJfsdOI2lmabEjLL7ytwrKUGVtuIUkaGqeQ3YJmmEM9f2q8WyWN8CNKM/ OEMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048670; x=1752653470; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rrVXr0txl0maG0fRT3Fq2/7vfV6O88A9LJ2P2lv7/Ic=; b=TK6ib1JQQRlwUBMIWFFe65BVwZPVhazIugf7mSQ26aXwYbU7QXBtxPsAiSw4Y9WXCK C+cN9+BFQZPHKUG3Lwq9zpyRA/BOJwx9qgwK1Gjbp6qYo0UuzyTwbR7yH0wfqywgWwss 5PCUo+acAPnsWWP4D9hWsz7H3+AJfBz4TAYgkax4rfbgFSGNLlaO6XZIQQLcoF5ewhud R/i7bozh1DpAOh7JOKIon2YUxErTYhAbHOv4Vysj0qjWLLSNR+PxeG04fzchERaUej/X cEd4EK/+5N+1lMk8+yfvMPhnUo62cyD4Gca7lrJeWYAEaMNGSdODSe9GLy8zMxgzVK9G gqXA== X-Gm-Message-State: AOJu0Yw1ZudI2a1T4bLINGXWPNM53fiPN1dxGRLwFVylxIam986/qqgD QmUkvA4bYjc0FVdAI5FlOGi44ETSwXiHpwUPuxh605Rt7lan7do8OK7VGrwSMdJb1So6OdfpcO0 yOIk1hLW212YBoFcoVBUVfxX/zucM8T8e3b3CmnX/Ng7iOMe6Vh11RvPIibXXg7kQRO5RmnwnzI m6Itzppa1KgMBSDQ8cO6x7AE73MZDsZNy5dA== X-Google-Smtp-Source: AGHT+IH8Vmqvxj4egjbDTGPQVIFa8wVBPKNO2w2bGXB5J/wC2urVwU0sKZ0Miv3o7Jkqbm3a+sCakUAy X-Received: from wmpz13.prod.google.com ([2002:a05:600c:a0d:b0:43c:f8ae:4d6c]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:3110:b0:3b4:990a:a0d6 with SMTP id ffacd0b85a97d-3b5e45198b6mr923965f8f.19.1752048670249; Wed, 09 Jul 2025 01:11:10 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:45 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2832; i=ardb@kernel.org; h=from:subject; bh=LUTnKMwKZ8JYr3trlfqDO6e1tedre1n2Ghy/++0ESaI=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPeUG/y3u2hSwiu89dm15oqxO453fdvAk5X66qdKmsi jh4svN4RykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZiIfD4jw96LmvOTo/UCz/GY /JIx0ZZ1nTF/M5PbwavnZ1hd/1RxQ4SRYdp+kSZJic+6vr9UOifVFDL0eLpcm+f2hOmjXu8cps8 beAE= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-30-ardb+git@google.com> Subject: [PATCH v4 04/24] x86/sev: Run RMPADJUST on SVSM calling area page to test VMPL From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Determining the VMPL at which the kernel runs involves performing a RMPADJUST operation on an arbitrary page of memory, and observing whether it succeeds. The use of boot_ghcb_page in the core kernel in this case is completely arbitrary, but results in the need to provide a PIC alias for it. So use boot_svsm_ca_page instead, which already needs this alias for other reasons. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 2 +- arch/x86/boot/startup/sev-shared.c | 5 +++-- arch/x86/boot/startup/sev-startup.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index b71c1ab6a282..3628e9bddc6a 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -327,7 +327,7 @@ static bool early_snp_init(struct boot_params *bp) * running at VMPL0. The CA will be used to communicate with the * SVSM and request its services. */ - svsm_setup_ca(cc_info); + svsm_setup_ca(cc_info, rip_rel_ptr(&boot_ghcb_page)); =20 /* * Pass run-time kernel a pointer to CC info via boot_params so EFI diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 1bb4b522dfaa..db89a55623f8 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -780,7 +780,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. */ -static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info) +static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, + void *page) { struct snp_secrets_page *secrets_page; struct snp_cpuid_table *cpuid_table; @@ -803,7 +804,7 @@ static bool __head svsm_setup_ca(const struct cc_blob_s= ev_info *cc_info) * routine is running identity mapped when called, both by the decompress= or * code and the early kernel code. */ - if (!rmpadjust((unsigned long)rip_rel_ptr(&boot_ghcb_page), RMP_PG_SIZE_4= K, 1)) + if (!rmpadjust((unsigned long)page, RMP_PG_SIZE_4K, 1)) return false; =20 /* diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 08b8c24fb469..0994986be908 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -303,7 +303,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) * running at VMPL0. The CA will be used to communicate with the * SVSM to perform the SVSM services. */ - if (!svsm_setup_ca(cc_info)) + if (!svsm_setup_ca(cc_info, rip_rel_ptr(&boot_svsm_ca_page))) return; =20 /* --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1BA32727E8 for ; Wed, 9 Jul 2025 08:11:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048677; cv=none; b=eU1iGT+hSl3V/I1A+qhgcCMEottY1J+n9FWCV8J15xptZ/xz0EsMWAQqGQ8RexLyyA59RjnisCd/SJCUXnhq9rTxmQva1n206+lmgjY+FSo5hlnrr9IwMDHKYS4q6n7JaRS41Dovy+nt8L3vDdzFAkwUzHtT4+KkzFpOj4ujSmc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048677; c=relaxed/simple; bh=N2lIj3iFOAeUxzsg4EtX7C+IFOslIQpMKitdVfZPAYU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=i3lDkkhF7JY/By/32v8ULKCydSeVAkjMfe/cD8wMNlMty6sYcA36La06+wg3ZoYVoXnJ6z/BWNE7DlrEaiHgJmzaEZz81pDlCoJuAV2l34x6zr/l6mGfXPoK6wFhYdfk6OLdZYN88WiR/Srf6FqXnmJuOatcFLXi3eFbZWca5Xc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=rrWrSa7l; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rrWrSa7l" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-450db029f2aso25507975e9.3 for ; Wed, 09 Jul 2025 01:11:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048672; x=1752653472; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=yPnR4qx9WQNxEEVnbeqIkJZf9kUCt2bPGMQmCuUqu+A=; b=rrWrSa7lcTk0VWj2jKd0KKMcxKOhdmJ7OJUfGigxc374TM1XTXhCyZrSar4mTfN9GR TgHWCAUqcpyPXQHIXzzIR7JX2XfkggkZlk1CwJPaxHq8Z2O393vKV2MGMgYZQcUkYnNw a+Kf6E0hsEYjcaHawfqH3VxfSn6grIBjZoswFdOyQh/5i8bKC95NKyMs3VjC9FiNdx08 Za5iEfpLvm2uFPFqhHifdLueqdaJFTCDq9RbXD+acU+RGR+D4be8Lxyhxz4SUvXsZ6hH Wmm1uOb4WO4lRACetesGpJAbpISdRqKVY6C9LFqTl/2Qzdmlz0JT/9/UXdSueAa3u/BB jl6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048672; x=1752653472; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yPnR4qx9WQNxEEVnbeqIkJZf9kUCt2bPGMQmCuUqu+A=; b=ihWPcxxgJoUr5J/w+X6PphyoZ5BP3v11Zpl140J8tPrkWhu+I+cLU780Oe9gm2S1Xb nuaUOJ3zwBVOhXOSQefFu1uK5pmRWE4v79VUEyEGnZDmHZb8GqesZZu6NAAYtY6+Rrft ePene04/JmooqImYo9iSpBoC/OoiXNwMAGHjpMR5wqgbknikgyczXxN8A8XWKa2mH+st /YSaJMmmiEi6xpizd2Dcf6zWEMf2orqtYWQ6AIyvkVDCC51kqwJrjmlaiWPAFQjKQCBT ra0SrGjBkeByiSrxySJacCjgBQYIZ/QWTDPb4xu3D3oUVZb/MmoFt3wCK0urqU4tndyA 9u+g== X-Gm-Message-State: AOJu0YzbDmcVlLKxA8R/IRsWslsAQ2jDy7WOzbRRn+SGVuaffCE9QdVv sGJws1sQ7FN2hiOLQHF9uZ0hNBYFn627TQ1HVT0t2GDv6CbAQOIoK6tlMk2IIHkVwE82nFHuZ6L YjFwsderW9c61ejtJ4e7ILHka7BzOdVzObxAv8rhBzwm029zNPkyzUELx1KKdpVF98OwkMGd1s+ Koj3VjyiOkikIZv2/aviSzkWfvPX43vbkCFg== X-Google-Smtp-Source: AGHT+IGzRXiOmy594P2Vhot3a7cGWrhLjHeai7Lf4uDq5TKrRxnVo/+tT4PEyqgmndgYIJXfgwK/HtsD X-Received: from wmbdv11.prod.google.com ([2002:a05:600c:620b:b0:442:ddf8:99dc]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b85:b0:450:d367:c385 with SMTP id 5b1f17b1804b1-454d53a660bmr15068515e9.16.1752048672261; Wed, 09 Jul 2025 01:11:12 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:46 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=18266; i=ardb@kernel.org; h=from:subject; bh=hJUFmIFtdNJvsahP7icFHoCzPmQOJZasV222z8HD0Ik=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPeWmD5flKAaZz83nN/qfcXpHnZ7QuRCrSaqbzieYv0 w03uEZ0lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgImYdTAyzLzV9VGbd3Gu8NFU 3SWTLApdTdjW+W5/O9O/N0PJ7e4bV0aGsw3XFwtdMboUa7L52lOdaX9DP8ruWrW1NEZi09QXP3c kMQMA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-31-ardb+git@google.com> Subject: [PATCH v4 05/24] x86/sev: Move GHCB page based HV communication out of startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Both the decompressor and the core kernel implement an early #VC handler, which only deals with CPUID instructions, and full featured one, which can handle any #VC exception. The former communicates with the hypervisor using the MSR based protocol, whereas the latter uses a shared GHCB page, which is configured a bit later during the boot, when the kernel runs from its ordinary virtual mapping, rather than the 1:1 mapping that the startup code uses. Accessing this shared GHCB page from the core kernel's startup code is problematic, because it involves converting the GHCB address provided by the caller to a physical address. In the startup code, virtual to physical address translations are problematic, given that the virtual address might be a 1:1 mapped address, and such translations should therefore be avoided. This means that exposing startup code dealing with the GHCB to callers that execute from the ordinary kernel virtual mapping should be avoided too. So move all GHCB page based communication out of the startup code, now that all communication occurring before the kernel virtual mapping is up relies on the MSR protocol only. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev-handle-vc.c | 3 + arch/x86/boot/startup/sev-shared.c | 143 +------------------- arch/x86/boot/startup/sev-startup.c | 42 ------ arch/x86/coco/sev/core.c | 76 +++++++++++ arch/x86/coco/sev/vc-handle.c | 2 + arch/x86/coco/sev/vc-shared.c | 94 +++++++++++++ arch/x86/include/asm/sev-internal.h | 7 +- arch/x86/include/asm/sev.h | 11 +- 8 files changed, 190 insertions(+), 188 deletions(-) diff --git a/arch/x86/boot/compressed/sev-handle-vc.c b/arch/x86/boot/compr= essed/sev-handle-vc.c index 89dd02de2a0f..7530ad8b768b 100644 --- a/arch/x86/boot/compressed/sev-handle-vc.c +++ b/arch/x86/boot/compressed/sev-handle-vc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 =20 #include "misc.h" +#include "error.h" #include "sev.h" =20 #include @@ -14,6 +15,8 @@ #include =20 #define __BOOT_COMPRESSED +#undef __init +#define __init =20 /* Basic instruction decoding support needed */ #include "../../lib/inat.c" diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index db89a55623f8..7d2415d690c9 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -13,12 +13,9 @@ =20 #ifndef __BOOT_COMPRESSED #define error(v) pr_err(v) -#define has_cpuflag(f) boot_cpu_has(f) #else #undef WARN #define WARN(condition, format...) (!!(condition)) -#undef vc_forward_exception -#define vc_forward_exception(c) panic("SNP: Hypervisor requested exceptio= n\n") #endif =20 /* @@ -39,7 +36,7 @@ u64 boot_svsm_caa_pa __ro_after_init; * * GHCB protocol version negotiated with the hypervisor. */ -static u16 ghcb_version __ro_after_init; +u16 ghcb_version __ro_after_init; =20 /* Copy of the SNP firmware's CPUID page. */ static struct snp_cpuid_table cpuid_table_copy __ro_after_init; @@ -54,16 +51,6 @@ static u32 cpuid_std_range_max __ro_after_init; static u32 cpuid_hyp_range_max __ro_after_init; static u32 cpuid_ext_range_max __ro_after_init; =20 -bool __init sev_es_check_cpu_features(void) -{ - if (!has_cpuflag(X86_FEATURE_RDRAND)) { - error("RDRAND instruction not supported - no trusted source of randomnes= s available\n"); - return false; - } - - return true; -} - void __head __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { @@ -100,72 +87,7 @@ u64 get_hv_features(void) return GHCB_MSR_HV_FT_RESP_VAL(val); } =20 -void snp_register_ghcb_early(unsigned long paddr) -{ - unsigned long pfn =3D paddr >> PAGE_SHIFT; - u64 val; - - sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn)); - VMGEXIT(); - - val =3D sev_es_rd_ghcb_msr(); - - /* If the response GPA is not ours then abort the guest */ - if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_REG_GPA_RESP) || - (GHCB_MSR_REG_GPA_RESP_VAL(val) !=3D pfn)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER); -} - -bool sev_es_negotiate_protocol(void) -{ - u64 val; - - /* Do the GHCB protocol version negotiation */ - sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ); - VMGEXIT(); - val =3D sev_es_rd_ghcb_msr(); - - if (GHCB_MSR_INFO(val) !=3D GHCB_MSR_SEV_INFO_RESP) - return false; - - if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN || - GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX) - return false; - - ghcb_version =3D min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX= ); - - return true; -} - -static enum es_result verify_exception_info(struct ghcb *ghcb, struct es_e= m_ctxt *ctxt) -{ - u32 ret; - - ret =3D ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0); - if (!ret) - return ES_OK; - - if (ret =3D=3D 1) { - u64 info =3D ghcb->save.sw_exit_info_2; - unsigned long v =3D info & SVM_EVTINJ_VEC_MASK; - - /* Check if exception information from hypervisor is sane. */ - if ((info & SVM_EVTINJ_VALID) && - ((v =3D=3D X86_TRAP_GP) || (v =3D=3D X86_TRAP_UD)) && - ((info & SVM_EVTINJ_TYPE_MASK) =3D=3D SVM_EVTINJ_TYPE_EXEPT)) { - ctxt->fi.vector =3D v; - - if (info & SVM_EVTINJ_VALID_ERR) - ctxt->fi.error_code =3D info >> 32; - - return ES_EXCEPTION; - } - } - - return ES_VMM_ERROR; -} - -static inline int svsm_process_result_codes(struct svsm_call *call) +int svsm_process_result_codes(struct svsm_call *call) { switch (call->rax_out) { case SVSM_SUCCESS: @@ -193,7 +115,7 @@ static inline int svsm_process_result_codes(struct svsm= _call *call) * - RAX specifies the SVSM protocol/callid as input and the return co= de * as output. */ -static __always_inline void svsm_issue_call(struct svsm_call *call, u8 *pe= nding) +void svsm_issue_call(struct svsm_call *call, u8 *pending) { register unsigned long rax asm("rax") =3D call->rax; register unsigned long rcx asm("rcx") =3D call->rcx; @@ -216,7 +138,7 @@ static __always_inline void svsm_issue_call(struct svsm= _call *call, u8 *pending) call->r9_out =3D r9; } =20 -static int svsm_perform_msr_protocol(struct svsm_call *call) +int svsm_perform_msr_protocol(struct svsm_call *call) { u8 pending =3D 0; u64 val, resp; @@ -247,63 +169,6 @@ static int svsm_perform_msr_protocol(struct svsm_call = *call) return svsm_process_result_codes(call); } =20 -static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call = *call) -{ - struct es_em_ctxt ctxt; - u8 pending =3D 0; - - vc_ghcb_invalidate(ghcb); - - /* - * Fill in protocol and format specifiers. This can be called very early - * in the boot, so use rip-relative references as needed. - */ - ghcb->protocol_version =3D ghcb_version; - ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; - - ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL); - ghcb_set_sw_exit_info_1(ghcb, 0); - ghcb_set_sw_exit_info_2(ghcb, 0); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - - svsm_issue_call(call, &pending); - - if (pending) - return -EINVAL; - - switch (verify_exception_info(ghcb, &ctxt)) { - case ES_OK: - break; - case ES_EXCEPTION: - vc_forward_exception(&ctxt); - fallthrough; - default: - return -EINVAL; - } - - return svsm_process_result_codes(call); -} - -enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, - struct es_em_ctxt *ctxt, - u64 exit_code, u64 exit_info_1, - u64 exit_info_2) -{ - /* Fill in protocol and format specifiers */ - ghcb->protocol_version =3D ghcb_version; - ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; - - ghcb_set_sw_exit_code(ghcb, exit_code); - ghcb_set_sw_exit_info_1(ghcb, exit_info_1); - ghcb_set_sw_exit_info_2(ghcb, exit_info_2); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - VMGEXIT(); - - return verify_exception_info(ghcb, ctxt); -} - static int __sev_cpuid_hv(u32 fn, int reg_idx, u32 *reg) { u64 val; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 0994986be908..050e071504af 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,15 +41,6 @@ #include #include =20 -/* For early boot hypervisor communication in SEV-ES enabled guests */ -struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); - -/* - * Needs to be in the .data section because we need it NULL before bss is - * cleared - */ -struct ghcb *boot_ghcb __section(".data"); - /* Bitmap of SEV features supported by the hypervisor */ u64 sev_hv_features __ro_after_init; =20 @@ -139,39 +130,6 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state) } } =20 -int svsm_perform_call_protocol(struct svsm_call *call) -{ - struct ghcb_state state; - unsigned long flags; - struct ghcb *ghcb; - int ret; - - /* - * This can be called very early in the boot, use native functions in - * order to avoid paravirt issues. - */ - flags =3D native_local_irq_save(); - - if (sev_cfg.ghcbs_initialized) - ghcb =3D __sev_get_ghcb(&state); - else if (boot_ghcb) - ghcb =3D boot_ghcb; - else - ghcb =3D NULL; - - do { - ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); - } while (ret =3D=3D -EAGAIN); - - if (sev_cfg.ghcbs_initialized) - __sev_put_ghcb(&state); - - native_local_irq_restore(flags); - - return ret; -} - void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index fc59ce78c477..15be9e52848d 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -101,6 +101,15 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); u8 snp_vmpl __ro_after_init; EXPORT_SYMBOL_GPL(snp_vmpl); =20 +/* For early boot hypervisor communication in SEV-ES enabled guests */ +static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); + +/* + * Needs to be in the .data section because we need it NULL before bss is + * cleared + */ +struct ghcb *boot_ghcb __section(".data"); + static u64 __init get_snp_jump_table_addr(void) { struct snp_secrets_page *secrets; @@ -154,6 +163,73 @@ static u64 __init get_jump_table_addr(void) return ret; } =20 +static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call = *call) +{ + struct es_em_ctxt ctxt; + u8 pending =3D 0; + + vc_ghcb_invalidate(ghcb); + + /* + * Fill in protocol and format specifiers. This can be called very early + * in the boot, so use rip-relative references as needed. + */ + ghcb->protocol_version =3D ghcb_version; + ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; + + ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL); + ghcb_set_sw_exit_info_1(ghcb, 0); + ghcb_set_sw_exit_info_2(ghcb, 0); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + + svsm_issue_call(call, &pending); + + if (pending) + return -EINVAL; + + switch (verify_exception_info(ghcb, &ctxt)) { + case ES_OK: + break; + case ES_EXCEPTION: + vc_forward_exception(&ctxt); + fallthrough; + default: + return -EINVAL; + } + + return svsm_process_result_codes(call); +} + +static int svsm_perform_call_protocol(struct svsm_call *call) +{ + struct ghcb_state state; + unsigned long flags; + struct ghcb *ghcb; + int ret; + + flags =3D native_local_irq_save(); + + if (sev_cfg.ghcbs_initialized) + ghcb =3D __sev_get_ghcb(&state); + else if (boot_ghcb) + ghcb =3D boot_ghcb; + else + ghcb =3D NULL; + + do { + ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) + : svsm_perform_msr_protocol(call); + } while (ret =3D=3D -EAGAIN); + + if (sev_cfg.ghcbs_initialized) + __sev_put_ghcb(&state); + + native_local_irq_restore(flags); + + return ret; +} + static inline void __pval_terminate(u64 pfn, bool action, unsigned int pag= e_size, int ret, u64 svsm_ret) { diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c index faf1fce89ed4..9a5e16f70e83 100644 --- a/arch/x86/coco/sev/vc-handle.c +++ b/arch/x86/coco/sev/vc-handle.c @@ -351,6 +351,8 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ct= xt, } =20 #define sev_printk(fmt, ...) printk(fmt, ##__VA_ARGS__) +#define error(v) +#define has_cpuflag(f) boot_cpu_has(f) =20 #include "vc-shared.c" =20 diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c index 776cb90be530..3d44474f46e7 100644 --- a/arch/x86/coco/sev/vc-shared.c +++ b/arch/x86/coco/sev/vc-shared.c @@ -409,6 +409,53 @@ static enum es_result vc_handle_ioio(struct ghcb *ghcb= , struct es_em_ctxt *ctxt) return ret; } =20 +enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt) +{ + u32 ret; + + ret =3D ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0); + if (!ret) + return ES_OK; + + if (ret =3D=3D 1) { + u64 info =3D ghcb->save.sw_exit_info_2; + unsigned long v =3D info & SVM_EVTINJ_VEC_MASK; + + /* Check if exception information from hypervisor is sane. */ + if ((info & SVM_EVTINJ_VALID) && + ((v =3D=3D X86_TRAP_GP) || (v =3D=3D X86_TRAP_UD)) && + ((info & SVM_EVTINJ_TYPE_MASK) =3D=3D SVM_EVTINJ_TYPE_EXEPT)) { + ctxt->fi.vector =3D v; + + if (info & SVM_EVTINJ_VALID_ERR) + ctxt->fi.error_code =3D info >> 32; + + return ES_EXCEPTION; + } + } + + return ES_VMM_ERROR; +} + +enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, + struct es_em_ctxt *ctxt, + u64 exit_code, u64 exit_info_1, + u64 exit_info_2) +{ + /* Fill in protocol and format specifiers */ + ghcb->protocol_version =3D ghcb_version; + ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; + + ghcb_set_sw_exit_code(ghcb, exit_code); + ghcb_set_sw_exit_info_1(ghcb, exit_info_1); + ghcb_set_sw_exit_info_2(ghcb, exit_info_2); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + VMGEXIT(); + + return verify_exception_info(ghcb, ctxt); +} + static int __sev_cpuid_ghcb_prot(struct ghcb *ghcb, struct es_em_ctxt *ctx= t, struct cpuid_leaf *leaf) { u32 cr4 =3D native_read_cr4(); @@ -549,3 +596,50 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghc= b, =20 return ES_OK; } + +void snp_register_ghcb_early(unsigned long paddr) +{ + unsigned long pfn =3D paddr >> PAGE_SHIFT; + u64 val; + + sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn)); + VMGEXIT(); + + val =3D sev_es_rd_ghcb_msr(); + + /* If the response GPA is not ours then abort the guest */ + if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_REG_GPA_RESP) || + (GHCB_MSR_REG_GPA_RESP_VAL(val) !=3D pfn)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER); +} + +bool __init sev_es_check_cpu_features(void) +{ + if (!has_cpuflag(X86_FEATURE_RDRAND)) { + error("RDRAND instruction not supported - no trusted source of randomnes= s available\n"); + return false; + } + + return true; +} + +bool sev_es_negotiate_protocol(void) +{ + u64 val; + + /* Do the GHCB protocol version negotiation */ + sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ); + VMGEXIT(); + val =3D sev_es_rd_ghcb_msr(); + + if (GHCB_MSR_INFO(val) !=3D GHCB_MSR_SEV_INFO_RESP) + return false; + + if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN || + GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX) + return false; + + ghcb_version =3D min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX= ); + + return true; +} diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 3dfd306d1c9e..6199b35a82e4 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -2,7 +2,6 @@ =20 #define DR7_RESET_VALUE 0x400 =20 -extern struct ghcb boot_ghcb_page; extern u64 sev_hv_features; extern u64 sev_secrets_pa; =20 @@ -80,7 +79,8 @@ static __always_inline u64 svsm_get_caa_pa(void) return boot_svsm_caa_pa; } =20 -int svsm_perform_call_protocol(struct svsm_call *call); +enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt); +void vc_forward_exception(struct es_em_ctxt *ctxt); =20 static inline u64 sev_es_rd_ghcb_msr(void) { @@ -97,9 +97,6 @@ static __always_inline void sev_es_wr_ghcb_msr(u64 val) native_wrmsr(MSR_AMD64_SEV_ES_GHCB, low, high); } =20 -void snp_register_ghcb_early(unsigned long paddr); -bool sev_es_negotiate_protocol(void); -bool sev_es_check_cpu_features(void); u64 get_hv_features(void); =20 const struct snp_cpuid_table *snp_cpuid_get_table(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 2cabf617de3c..135e91a17d04 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -503,6 +503,7 @@ static inline int pvalidate(unsigned long vaddr, bool r= mp_psize, bool validate) } =20 void setup_ghcb(void); +void snp_register_ghcb_early(unsigned long paddr); void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, @@ -540,8 +541,6 @@ static __always_inline void vc_ghcb_invalidate(struct g= hcb *ghcb) __builtin_memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitm= ap)); } =20 -void vc_forward_exception(struct es_em_ctxt *ctxt); - /* I/O parameters for CPUID-related helpers */ struct cpuid_leaf { u32 fn; @@ -552,15 +551,23 @@ struct cpuid_leaf { u32 edx; }; =20 +int svsm_perform_msr_protocol(struct svsm_call *call); int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), void *ctx, struct cpuid_leaf *leaf); =20 +void svsm_issue_call(struct svsm_call *call, u8 *pending); +int svsm_process_result_codes(struct svsm_call *call); + void __noreturn sev_es_terminate(unsigned int set, unsigned int reason); enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, struct es_em_ctxt *ctxt, u64 exit_code, u64 exit_info_1, u64 exit_info_2); =20 +bool sev_es_negotiate_protocol(void); +bool sev_es_check_cpu_features(void); + +extern u16 ghcb_version; extern struct ghcb *boot_ghcb; =20 #else /* !CONFIG_AMD_MEM_ENCRYPT */ --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A270B273D84 for ; Wed, 9 Jul 2025 08:11:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048677; cv=none; b=QBfIakdNS8XPb175hmKNCySGQ06YL8iILjbwmPVgp+kKdYU/66R+iZHkXb2Y1pnqm5aj2xXXy4YOuJDoJRzEfUG1uhWzLatm5B3DRyfHOsi/GGz19O+1ASEKawHQhPF6WYsmqJbXXv+he3F3Tqq4Henci8bTQlIDl2Q7B51sMeg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048677; c=relaxed/simple; bh=ItWFSyXoBmB4uVduKx6yBlJXnE8elZdNhG81ejKpu8Y=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CAwseYkNxs+BK0WW/9+Dnx0aaTgk9msVPPWkU7+1DpVQ/k0snA99C/YqbG+M+J0Fj/g2UwzmDbOi89qg84UxGwZaL9JUPqANVYkFqiaWyhdF0MSYBjhzg5/drrbYlQG51FnUjZYSyIKtpca1No8e+neCghEdXvj7RYGe1sPaa48= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NuxZSXdg; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NuxZSXdg" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3b39cb4ca2eso2061961f8f.3 for ; Wed, 09 Jul 2025 01:11:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048674; x=1752653474; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=cJdpIMsXQL2y8bYTX8A03sa5glKmzQX9hVMCSZiBYuo=; b=NuxZSXdgGpmM8wJR/Jbwx1P2tLSk3hs4UzVIvZucN8sudGxULxvfQmb0G532n15ck9 9DHumD5d9uBBEbpzpXst+YBaRnfaHyU0yqFtTA7M5nFhmmxaSzC1tY2iefcWT0TGW2p2 fkp9TiGKUSt/GwTUaCb7Yx407L6ULMS8O1P+eyrsor8nQo6qcCCybk7KoXo+XgN331uD kS1ZoysaRnhhBNWJ5C0JYNIXYSHtm84Ndx3+pRG0PVHW/MwStQEANIiFI4YHEN4C3crU WcU5K/9cpvsXKEnLs7exrtmJ925WovYfmzVnQPhown3MTWhRHU/MHpmX7svjUPJV0alN TU4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048674; x=1752653474; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cJdpIMsXQL2y8bYTX8A03sa5glKmzQX9hVMCSZiBYuo=; b=XloVhigiyTFQ2TKchNZtSsQsT3fbHgI/jzWRJLq3FRk4lHFlgRkSxLXU1GR9nmvFwh Sk33WcBOlzY4+3qLYD9Zmkg3Nzrjy1gRL9Cxv59787WcwDhfFiaUlaF1xJ0qHT3sQRW3 EqXEVFTOb4fJBl1t/Dn19DNyJ0C9QTKxeMpdn4tMlmQUahkSGxX3uIoo9cC8z4iUB8Ui SogjclVr3uvfek6XdcXKgdr+JtfA5dQtWP7E2TGjigvniz5KXIuBk3yR0SZf3Y0ESi3f 6USOmUHWgFPrQWjAkWgBXvG1WBrHqXURQ7RZ+JXDCl0blkZaEnLTZaM+PR+/R24Mfzwn vUHg== X-Gm-Message-State: AOJu0Yw9bAmSvqZCJGKcJjFk+GAV7Ffmu6J9+PDLJuMOMuR6mhEid/rU YN6yPly4W5PBh3H2Or9KCNVdvDSJJ/8+ELYmKq+FZpQsvuizrq/bvqbUPa5nPiafuY3TlCq9WoF hh4H9Rv/x+xUl/fq1wSZUrN4r8KONiS02TbXaRUVYE0IuE0tIsOIXyy5tZUyW0SXBfOKDOw5RP+ 1o83DeyABhH56nALmaYabXtpxiRdbHtJMULw== X-Google-Smtp-Source: AGHT+IGUkfcE4wYRge7y8M2jUPAiCLxtD89dxIjE3JRNPv1cIdMr7lu7RAnGVxFkUwJeCw4PNMtQPbTV X-Received: from wmtk5.prod.google.com ([2002:a05:600c:c4a5:b0:442:fa3c:8612]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:5d87:0:b0:3a8:38b4:1d55 with SMTP id ffacd0b85a97d-3b5e457b3a4mr1138090f8f.28.1752048674228; Wed, 09 Jul 2025 01:11:14 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:47 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6918; i=ardb@kernel.org; h=from:subject; bh=2OVDZ9hILTe0+BgMGrz+LNIKYLNIqrJLUEd2skWOhYM=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPedX2sj1LVH0EW2+LJMVMqVabrdl47Yboonc+un4Hr P4KVc7rKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABOJ8mVk2GW797xPaU2Lu9s5 qbJrTUzXtv3qZL/IuP+wj+/uPqGLRowM1+8vdXN/63qDu4ntxUyNxsQfvXs393CXx9su3vGJvTy cEwA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-32-ardb+git@google.com> Subject: [PATCH v4 06/24] x86/sev: Avoid global variable to store virtual address of SVSM area From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The boottime SVSM calling area is used both by the startup code running from a 1:1 mapping, and potentially later on running from the ordinary kernel mapping. This SVSM calling area is statically allocated, and so its physical address doesn't change. However, its virtual address depends on the calling context (1:1 mapping or kernel virtual mapping), and even though the variable that holds the virtual address of this calling area gets updated from 1:1 address to kernel address during the boot, it is hard to reason about why this is guaranteed to be safe. So instead, take the RIP-relative address of the boottime SVSM calling area whenever its virtual address is required, and only use a global variable for the physical address. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 5 ++--- arch/x86/boot/startup/sev-shared.c | 6 ------ arch/x86/boot/startup/sev-startup.c | 4 ++-- arch/x86/coco/sev/core.c | 9 --------- arch/x86/include/asm/sev-internal.h | 3 +-- arch/x86/include/asm/sev.h | 2 -- arch/x86/mm/mem_encrypt_amd.c | 6 ------ 7 files changed, 5 insertions(+), 30 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 3628e9bddc6a..6c0f91d38595 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -37,12 +37,12 @@ struct ghcb *boot_ghcb; =20 #define __BOOT_COMPRESSED =20 -extern struct svsm_ca *boot_svsm_caa; extern u64 boot_svsm_caa_pa; =20 struct svsm_ca *svsm_get_caa(void) { - return boot_svsm_caa; + /* The decompressor is mapped 1:1 so VA =3D=3D PA */ + return (struct svsm_ca *)boot_svsm_caa_pa; } =20 u64 svsm_get_caa_pa(void) @@ -530,7 +530,6 @@ bool early_is_sevsnp_guest(void) =20 /* Obtain the address of the calling area to use */ boot_rdmsr(MSR_SVSM_CAA, &m); - boot_svsm_caa =3D (void *)m.q; boot_svsm_caa_pa =3D m.q; =20 /* diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 7d2415d690c9..7ca59038269f 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -26,7 +26,6 @@ * early boot, both with identity mapped virtual addresses and proper ke= rnel * virtual addresses. */ -struct svsm_ca *boot_svsm_caa __ro_after_init; u64 boot_svsm_caa_pa __ro_after_init; =20 /* @@ -697,11 +696,6 @@ static bool __head svsm_setup_ca(const struct cc_blob_= sev_info *cc_info, if (caa & (PAGE_SIZE - 1)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CAA); =20 - /* - * The CA is identity mapped when this routine is called, both by the - * decompressor code and the early kernel code. - */ - boot_svsm_caa =3D (struct svsm_ca *)caa; boot_svsm_caa_pa =3D caa; =20 /* Advertise the SVSM presence via CPUID. */ diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 050e071504af..8edf1ba78a48 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -252,6 +252,7 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) =20 static __head void svsm_setup(struct cc_blob_sev_info *cc_info) { + struct snp_secrets_page *secrets =3D (void *)cc_info->secrets_phys; struct svsm_call call =3D {}; int ret; u64 pa; @@ -280,7 +281,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) * RAX =3D 0 (Protocol=3D0, CallID=3D0) * RCX =3D New CA GPA */ - call.caa =3D svsm_get_caa(); + call.caa =3D (struct svsm_ca *)secrets->svsm_caa; call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); call.rcx =3D pa; do { @@ -289,7 +290,6 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) if (ret) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CA_REMAP_FAIL); =20 - boot_svsm_caa =3D (struct svsm_ca *)pa; boot_svsm_caa_pa =3D pa; } =20 diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 15be9e52848d..bea67d017bf0 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1643,15 +1643,6 @@ void sev_show_status(void) pr_cont("\n"); } =20 -void __init snp_update_svsm_ca(void) -{ - if (!snp_vmpl) - return; - - /* Update the CAA to a proper kernel address */ - boot_svsm_caa =3D &boot_svsm_ca_page; -} - #ifdef CONFIG_SYSFS static ssize_t vmpl_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 6199b35a82e4..ffe4755962fe 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -60,7 +60,6 @@ void early_set_pages_state(unsigned long vaddr, unsigned = long paddr, DECLARE_PER_CPU(struct svsm_ca *, svsm_caa); DECLARE_PER_CPU(u64, svsm_caa_pa); =20 -extern struct svsm_ca *boot_svsm_caa; extern u64 boot_svsm_caa_pa; =20 static __always_inline struct svsm_ca *svsm_get_caa(void) @@ -68,7 +67,7 @@ static __always_inline struct svsm_ca *svsm_get_caa(void) if (sev_cfg.use_cas) return this_cpu_read(svsm_caa); else - return boot_svsm_caa; + return rip_rel_ptr(&boot_svsm_ca_page); } =20 static __always_inline u64 svsm_get_caa_pa(void) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 135e91a17d04..f3acbfcdca9a 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -519,7 +519,6 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t e= nd); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); void sev_show_status(void); -void snp_update_svsm_ca(void); int prepare_pte_enc(struct pte_enc_desc *d); void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot_t new_prot); void snp_kexec_finish(void); @@ -600,7 +599,6 @@ static inline void snp_accept_memory(phys_addr_t start,= phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } -static inline void snp_update_svsm_ca(void) { } static inline int prepare_pte_enc(struct pte_enc_desc *d) { return 0; } static inline void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot= _t new_prot) { } static inline void snp_kexec_finish(void) { } diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index faf3a13fb6ba..2f8c32173972 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -536,12 +536,6 @@ void __init sme_early_init(void) x86_init.resources.dmi_setup =3D snp_dmi_setup; } =20 - /* - * Switch the SVSM CA mapping (if active) from identity mapped to - * kernel mapped. - */ - snp_update_svsm_ca(); - if (sev_status & MSR_AMD64_SNP_SECURE_TSC) setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); } --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B9FD0274668 for ; Wed, 9 Jul 2025 08:11:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048679; cv=none; b=g0rrUqEcXF41UkJcpcGOEmP8ZR/o1GQnJtcdbxXn4hH/sTIZ4apAIj/lovznATl2cadQmM+K1SqrcIxEenj0+YMdrDlAAK1EULHIZCY2rjCzmygJtahiTm80ET32qI3UQ1cITp44RPEVjyL5pKTpuVVrMdBEs0Z6aj8i7ukYtoI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048679; c=relaxed/simple; bh=hWBN21MKm0IPBp3lB67br/CdndA3piBjkjD19asoZTg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nz+j6apw6Fd9bSdUrMSRiS/Zn8Tzf7AvFxMInpBYwJPNBU8HVZd4uKb9ugbbRGMxDbZoy07PAhETqTzR0c6zOiOjMS0pvdA0QCUK1jhGTBBmcjq5Iu9VgCLFp0xoUstz2yG2w3pBoMx/kZ5Add4afyZiIGussTvMwyn0KjpD9Is= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=D+Qv85OX; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="D+Qv85OX" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-450db029f2aso25508175e9.3 for ; Wed, 09 Jul 2025 01:11:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048676; x=1752653476; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=SE6ka4hfIkzkzecWjCIdvhn4wRad4vDOCNoAajoetIs=; b=D+Qv85OXDRGQ8oVkjF50tt2UDaG8Gn//FKkbJmXmQPiQQdXVN/odDLyHmkCMFKLVLx eTDqPp3KRVSb5qJDaXswhKjLsJtJimam3X+e8RLhnQAsquSiQap+U705baZH8avBZ5PM 7pm5/VMbyGm0QDZJ3sKgnDq68582E7E5gJFBz+lKO/Cz7HVDlIQ2mrGQBCe3eVsQP/BA t7qHALBh6Lc6I9+veemBdJOChYFsmLJ5RpZHL3OmQBjsrhkntYTpEsnljEN9YVK+FwOc cflheGH/HReTSjIH9/bfW6MWbjafbfd61OpLrYxvSx1P+lBqM2UF8swZb0spNUtEDu1b O4ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048676; x=1752653476; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SE6ka4hfIkzkzecWjCIdvhn4wRad4vDOCNoAajoetIs=; b=IymU0+7tpfoi9QfjbpnbXK1pWp/VPJS1w8Epy39QoeKwK2RBFt1SuYEZjNJR9/kkaS 4pia/XzdpWefBVm2rRybDc/9IrdhjyOzUD2rsHcjqJUSqXz8WTKTsnpfy6qTUv3/+sMv J3XOE67CGThW+DwoUj23ShUQsy0uzltSnfvdNfa+F5cXdqc54Z/O/UDazWGZYe13gnlx fHCFJINZLtHULrkgVsXFzxI3MUIxvm8lGegZ6cR2dA4AaRYqnJkCec4D+l/pFajRh3GC 1zhFfJ5s/jTB6otI+WxkWAzcopSy55yYGumY81JumG5tMf+laELdxvSY7CcxhgGI0JCa 8Jdw== X-Gm-Message-State: AOJu0Yw8IQBy4VP7BQ2MtNtH0kPJUGBfZYmSOphJJUp/8aTJJ+ENtwFp LXe60zZpdvgqqDSkCvOSqW34/IhprRFwISpQvH8lWZt9cM4GPrRRwZhiao3kJbW2TmX6VDkT9Ky Rlg9po7L6NQ79kIGCSH67EXCchDYUF55ShjzZF1qjb0T/I269GaMrycr4ByHSf8Dzq53LmNuaAL aS9eNCr+/qTa2xILzX9fQzqyQrfbL4KEi4ng== X-Google-Smtp-Source: AGHT+IGJXDWMcNvqrB7O9d7CiaGZGGqbY3yFFMTpPjUWz/slPV6Ys9FifTx6bNG83+1JrQQ3gZTiiSJW X-Received: from wmco28.prod.google.com ([2002:a05:600c:a31c:b0:453:f66:5f37]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1e09:b0:44a:b793:9e4f with SMTP id 5b1f17b1804b1-454d53a799emr11312535e9.19.1752048676251; Wed, 09 Jul 2025 01:11:16 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:48 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2568; i=ardb@kernel.org; h=from:subject; bh=MfTuguQkKRk7zPgVN6OJ7MlTRDEEvX8Q+P+1ZFmIP8Y=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPef3SyAvfkifl+T25/461Z4quEPvZ9/VBZ2M/2/cfr orKdm3uKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABN5UMTI0FN28a9cwYFTjqFP s4Rur/dQD896kae+pvceb8LPM19V/jH8rwiVkHpz/O6NA5pXnpndspzBUX2pc4tya15k8YHV6ou 38AAA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-33-ardb+git@google.com> Subject: [PATCH v4 07/24] x86/sev: Move MSR save/restore out of early page state change helper From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The function __page_state_change() in the decompressor is very similar to the loop in early_set_pages_state(), and they can share this code once the MSR save/restore is moved out. This also avoids doing the preserve/restore for each page in a longer sequence unnecessarily. This simplifies subsequent changes, where the APIs used by __page_state_change() are modified for better separation between startup code and ordinary code. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 6c0f91d38595..f00f68175f14 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -71,9 +71,6 @@ static void __page_state_change(unsigned long paddr, enum= psc_op op) if (op =3D=3D SNP_PAGE_STATE_SHARED) pvalidate_4k_page(paddr, paddr, false); =20 - /* Save the current GHCB MSR value */ - msr =3D sev_es_rd_ghcb_msr(); - /* Issue VMGEXIT to change the page state in RMP table. */ sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); VMGEXIT(); @@ -83,9 +80,6 @@ static void __page_state_change(unsigned long paddr, enum= psc_op op) if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); =20 - /* Restore the GHCB MSR value */ - sev_es_wr_ghcb_msr(msr); - /* * Now that page state is changed in the RMP table, validate it so that i= t is * consistent with the RMP entry. @@ -96,18 +90,26 @@ static void __page_state_change(unsigned long paddr, en= um psc_op op) =20 void snp_set_page_private(unsigned long paddr) { + u64 msr; + if (!sev_snp_enabled()) return; =20 + msr =3D sev_es_rd_ghcb_msr(); __page_state_change(paddr, SNP_PAGE_STATE_PRIVATE); + sev_es_wr_ghcb_msr(msr); } =20 void snp_set_page_shared(unsigned long paddr) { + u64 msr; + if (!sev_snp_enabled()) return; =20 + msr =3D sev_es_rd_ghcb_msr(); __page_state_change(paddr, SNP_PAGE_STATE_SHARED); + sev_es_wr_ghcb_msr(msr); } =20 bool early_setup_ghcb(void) @@ -132,8 +134,11 @@ bool early_setup_ghcb(void) =20 void snp_accept_memory(phys_addr_t start, phys_addr_t end) { + u64 msr =3D sev_es_rd_ghcb_msr(); + for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) __page_state_change(pa, SNP_PAGE_STATE_PRIVATE); + sev_es_wr_ghcb_msr(msr); } =20 void sev_es_shutdown_ghcb(void) --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE098274B49 for ; Wed, 9 Jul 2025 08:11:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048681; cv=none; b=Ts1RVvCVU2pTOsD/p5JqgjkDB5/aCTNMFVF3tOJVjFVy0OS5zstbMrRXSpqaTP2MdE8HqT74Ty9yiPqC51K5iSmXLkRBQu3BpcpbJDZ0AsmNk7R6c9NqV9+88NTljIkPwlHEIq1a650hJlC4Y1+tm33SKF+KrcaEilmtFI9SBs8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048681; c=relaxed/simple; bh=c1eiYHsm0Tz2KsIxpnLYcXF0bpFmOusA3a2I4V8AsTk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=aTVDXjrDoiaMZqbiY1DZTUuLJRROFR2mvgc2EAqV+qAbN/Lk6C4o4BiDeZvI26McbwsnafRYzQbgaW+FPaiAfqkFwxnruRpVuyMoPSoflSsPE085jTYZ/sswcEmp+2Soq0Axu0Xy3G42oe1IR5sSsqY3wAoEgMvI5xkjAQJ9KYE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1KzNF86S; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1KzNF86S" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a5281ba3a4so2104506f8f.0 for ; Wed, 09 Jul 2025 01:11:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048678; x=1752653478; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YAh1Kx5HKDyBIKAfUbucXkz5QPRhQgnRRNO4/Xv3I7k=; b=1KzNF86SAilBZi3JzqXcG6sdJsxqGfPNwaG+3M95I2Rs6OO3aPqKOP703UqhhegqwM Rsr7xZ3RUmiHu3E1gNuCzorbbQnSUi68AxRko2pmgcW02x78wm4z9WalpelmLE/6leDz ni7ZVcObs4Y1BF7XCUFbScHmQF0UTok2706upcDWgCoytrZOrIHpMhgz92FPqNuH8mIg ZcPgw9i6qX+DQG//uesxJftOkLVjXCy0DUp+sBblp19JJzseiZFPQJl0l7G2Zi7/r7BZ IlJ0kfo3tlR5Lp2tycHvjxfqUwDMMq03vXBIqkccvDH8dcvrVb8k1qgjek6Z/lS49N1c lZ5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048678; x=1752653478; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YAh1Kx5HKDyBIKAfUbucXkz5QPRhQgnRRNO4/Xv3I7k=; b=izJvlm1mZ8rWfJaVHLPuqCabWwngDx6RjkvMxARFRkePRONSTY5gdh5XsuyJDGhL+W C5UuSi9YUJYN2LYd8+Sh6VgI15sgzuyZi2xYHiKJE2D8Xof/3MyKMlyLAFOFkp7eHiOV s3S1yl4plMi3FpVwIOxS9Fdk/LlJ2NE3Vax7y3ITBxYylxULPzUm4wKi6kQcL2XDdNAb eqybUrg5uWQr7hzny/pD7kp4c670uxlMEf8KoCCpWfd+j8B+J8D8COWMRf6+bTdKy/FN A9iJdihbvGZcURg926OB9eJR5ZCsOonRlFun6txfRjKgCK9vkTaLoABnhLOMbxLW/C1z 7hGA== X-Gm-Message-State: AOJu0YzQZCeftVfoDtcBxOHt7lZoAOFyvWB3cCiBmPFNxqkF0r1QZH65 QsjqUMUV1YMgjOH5vCDyakR6vvG0J751+QOvuSR/gg+ZX+s9lpxOesPIAYZzulmlWZBh+sRrU/J Z35xl9wLfMajETTLcwFncG+b4gqjgUGiGEl/HaePT1Gv0IcAjKq8bC4yaxT7UggVeO5QfWrz/KO YD8jRmRWnEaUmGWutS0vtuRH2GIktofOKPkA== X-Google-Smtp-Source: AGHT+IHC0JXXysIvQHbb2SUNgXZ9Hrv0qtnMBwhcRBmVGp1+NlBDdQFDdb6rcLjLm8dBmzsGr2fQnkrJ X-Received: from wmbbi21.prod.google.com ([2002:a05:600c:3d95:b0:453:5a6:408d]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:470e:b0:3a8:6260:142c with SMTP id ffacd0b85a97d-3b5e4522753mr1118297f8f.59.1752048678178; Wed, 09 Jul 2025 01:11:18 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:49 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5666; i=ardb@kernel.org; h=from:subject; bh=pprdQAqCpx32HnISI4w8qM66RBXLsKFTiE22x4mWR5w=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPecuP0nfZXy1czMRrwuw2Oluv/PdG7ZRTjbvrFjHP7 OowtrqOUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMBFBFoa/YvVZKy4Hl+1L2m92 2+h4d4ByhOA/N71dYbvjpa6LRweWMPxk/Pz/WODL9iP3GNZatJ1f8mty1c3LT2+wcHOsYJHaGHm PAwA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-34-ardb+git@google.com> Subject: [PATCH v4 08/24] x86/sev: Share implementation of MSR-based page state change From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Both the decompressor and the SEV startup code implement the exact same sequence for invoking the MSR based communication protocol to effectuate a page state change. Before tweaking the internal APIs used in both versions, merge them and share them so those tweaks are only needed in a single place. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 34 ++------------------ arch/x86/boot/startup/sev-shared.c | 29 +++++++++++++++++ arch/x86/boot/startup/sev-startup.c | 29 +---------------- 3 files changed, 33 insertions(+), 59 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index f00f68175f14..6d3ed7ed03a4 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -60,34 +60,6 @@ static bool sev_snp_enabled(void) return sev_status & MSR_AMD64_SEV_SNP_ENABLED; } =20 -static void __page_state_change(unsigned long paddr, enum psc_op op) -{ - u64 val, msr; - - /* - * If private -> shared then invalidate the page before requesting the - * state change in the RMP table. - */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(paddr, paddr, false); - - /* Issue VMGEXIT to change the page state in RMP table. */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); - VMGEXIT(); - - /* Read the response of the VMGEXIT. */ - val =3D sev_es_rd_ghcb_msr(); - if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); - - /* - * Now that page state is changed in the RMP table, validate it so that i= t is - * consistent with the RMP entry. - */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(paddr, paddr, true); -} - void snp_set_page_private(unsigned long paddr) { u64 msr; @@ -96,7 +68,7 @@ void snp_set_page_private(unsigned long paddr) return; =20 msr =3D sev_es_rd_ghcb_msr(); - __page_state_change(paddr, SNP_PAGE_STATE_PRIVATE); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE); sev_es_wr_ghcb_msr(msr); } =20 @@ -108,7 +80,7 @@ void snp_set_page_shared(unsigned long paddr) return; =20 msr =3D sev_es_rd_ghcb_msr(); - __page_state_change(paddr, SNP_PAGE_STATE_SHARED); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED); sev_es_wr_ghcb_msr(msr); } =20 @@ -137,7 +109,7 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t e= nd) u64 msr =3D sev_es_rd_ghcb_msr(); =20 for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) - __page_state_change(pa, SNP_PAGE_STATE_PRIVATE); + __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE); sev_es_wr_ghcb_msr(msr); } =20 diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 7ca59038269f..f553268d31d7 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -640,6 +640,35 @@ static void __head pvalidate_4k_page(unsigned long vad= dr, unsigned long paddr, } } =20 +static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, + enum psc_op op) +{ + u64 val; + + /* + * If private -> shared then invalidate the page before requesting the + * state change in the RMP table. + */ + if (op =3D=3D SNP_PAGE_STATE_SHARED) + pvalidate_4k_page(vaddr, paddr, false); + + /* Issue VMGEXIT to change the page state in RMP table. */ + sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); + VMGEXIT(); + + /* Read the response of the VMGEXIT. */ + val =3D sev_es_rd_ghcb_msr(); + if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); + + /* + * Now that page state is changed in the RMP table, validate it so that i= t is + * consistent with the RMP entry. + */ + if (op =3D=3D SNP_PAGE_STATE_PRIVATE) + pvalidate_4k_page(vaddr, paddr, true); +} + /* * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 8edf1ba78a48..2ffd8bf09357 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -135,7 +135,6 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages, enum psc_op op) { unsigned long paddr_end; - u64 val; =20 vaddr =3D vaddr & PAGE_MASK; =20 @@ -143,37 +142,11 @@ early_set_pages_state(unsigned long vaddr, unsigned l= ong paddr, paddr_end =3D paddr + (npages << PAGE_SHIFT); =20 while (paddr < paddr_end) { - /* Page validation must be rescinded before changing to shared */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(vaddr, paddr, false); - - /* - * Use the MSR protocol because this function can be called before - * the GHCB is established. - */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); - VMGEXIT(); - - val =3D sev_es_rd_ghcb_msr(); - - if (GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) - goto e_term; - - if (GHCB_MSR_PSC_RESP_VAL(val)) - goto e_term; - - /* Page validation must be performed after changing to private */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(vaddr, paddr, true); + __page_state_change(vaddr, paddr, op); =20 vaddr +=3D PAGE_SIZE; paddr +=3D PAGE_SIZE; } - - return; - -e_term: - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); } =20 void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACAE0275B09 for ; Wed, 9 Jul 2025 08:11:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048683; cv=none; b=k/GYlo23icglfwPF7jfom331hXzm98ZTvRJOnmhSOFxF+S/Jr5TAlvsOg+DQIgDaliXEOLwnkDf50Jn9jIzXVzZO/aA7yjmGrYGw616+hovr+mFSVbqr3D8YiFZCZJkF57REkiiTtmIcwTmEuOgYAo1T1xHBJH96Yt1FD+1DFvI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048683; c=relaxed/simple; bh=QlJDUa/wmHPCr0L6KQzGEoGR1dDsmu3WJkfxcuEn20g=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=TtmUrL0ZUy1d+LjQarmxaG+sGeQOZ/X/cD632OkgqZ68m8U8ZCRNJV2B+oB/In1RBde6CHmT6xjmQB6yA8T28Wh/J1mGhXgaKWTYJqGSK1+oRn/vUsVHbqB0zE2j5YDGQjHhbt2EWKdGdmKqs03F5DoX7bPH+mwUWtXOaUAz0oY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=A6BDt1Kn; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="A6BDt1Kn" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4538f375e86so43217835e9.3 for ; Wed, 09 Jul 2025 01:11:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048680; x=1752653480; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=p27Yr94wFvVuXSOGu0p6o917P9zN6E8aHq6FENQPHR4=; b=A6BDt1KnbeT0ttpJoikDb1JC36cCteMz6BBOK9dg2BcVG/3TrI5B9qO63V01Si9M/C w+kuU0vtjzZfbd+4znUoFSUPJMMadvlNCn9357KcfTkS7p5taa6N1gOEIJP9y680rptv Nra5AzEatBTNCdfNeM8L4GzKElWeMdoyM9JiheMyqR761m0X60SOux/6wL77lGR6D68i XBKGT2J+YuCv6NT02vVbbdzulefV6id5fagxRvB6uXHF+BmmHwcw6AZYlJYjnWuSIfO9 3vszIYXr5IS63KamcVDuz/r1IcMuZ0zjlktX0uHFx74PdnYor/WuBwFFb7XUIZGdw7ta SUMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048680; x=1752653480; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=p27Yr94wFvVuXSOGu0p6o917P9zN6E8aHq6FENQPHR4=; b=Fd1K4aPelCacPJ+8pIYPOQVGNoBVsyypWgQRbFP4ntxkexEE5iHAwlwnoA8eDRpgr+ JM+co4o70kDTxIZXKmOpazSagKvj6JkFfkZSJeKOTQShiyVdfl8wugh7dkPfZIfUz6uv HLAz8jb3cnbgMAOgg4+Czra67BkX01nj0cy8g4w20VEDyb2EtnYSODLV7knLD7swv6j5 ase7uIIbV73BjKA9YR6ewEZq88NF9PVSNQd1hwdncax7ooTzaCHl3mhu7HvYw59hPpNN klNkqXkjynTm9EnQxakFemLAF/Jt1Pd8mywKU6zyQdxlT0FnLyWj221EHAqwlMugnlNW 0fFg== X-Gm-Message-State: AOJu0YzlqrSWv0OARVKRCGOKOxl7jTq3Qb5QbX59cjsQYC/aBumLnuFp kQaI2fqsdz9W6yyMr+r+GI6+UT9gTpo2QO+EyGlTvFccuNWGLwJJDtPjBeZiXjg5bhEtT237CYC D7Mw0Xa/pNncpB/JcNd4URbDBIn0nTb7/mMRAwjNDXSB2zXvgzS00pHh3tEl4LkhTWSjmUkSz3j MfovfsTvnb9Ks3NsRkPMkMEBaS1uP8dDU34w== X-Google-Smtp-Source: AGHT+IFJKWMf9tSZIxp4IEeq/DNBtQqR89TnbRaz3qEWoh/M+Z1ovU9uB+aXGn+qCSIHdhezwgFHV2UV X-Received: from wmsp42.prod.google.com ([2002:a05:600c:1daa:b0:453:65ee:17c9]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c092:b0:43d:4686:5cfb with SMTP id 5b1f17b1804b1-454d68d5f3cmr6837705e9.27.1752048680298; Wed, 09 Jul 2025 01:11:20 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:50 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7734; i=ardb@kernel.org; h=from:subject; bh=ukg2ikRncZZRH8xxxbNI9IFxpsDcpeTVpwIsEAToVtc=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPeadawJY/DBJCx69MiFnZsjXD0TVw7tL237duH7xom ed4K5Ono5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzkaijDP/XTOg0njmQl1st0 R6rP2eDHre5/fa+2WuDxn7lF1oJsdQz/4/d1VJ6Q/Zb8clXmuqBZcj+7N4eUFLJZNs4/wH89Pf8 JAwA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-35-ardb+git@google.com> Subject: [PATCH v4 09/24] x86/sev: Pass SVSM calling area down to early page state change API From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The early page state change API is mostly only used very early, when only the boot time SVSM calling area is in use. However, this API is also called by the kexec finishing code, which runs very late, and potentially from a different CPU (which uses a different calling area). To avoid pulling the per-CPU SVSM calling area pointers and related SEV state into the startup code, refactor the page state change API so the SVSM calling area virtual and physical addresses can be provided by the caller. No functional change intended. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 12 +++++++++--- arch/x86/boot/startup/sev-shared.c | 17 +++++++++-------- arch/x86/boot/startup/sev-startup.c | 11 +++++++---- arch/x86/coco/sev/core.c | 3 ++- arch/x86/include/asm/sev-internal.h | 3 ++- 5 files changed, 29 insertions(+), 17 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 6d3ed7ed03a4..bc23b3dabf1b 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -68,7 +68,9 @@ void snp_set_page_private(unsigned long paddr) return; =20 msr =3D sev_es_rd_ghcb_msr(); - __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); sev_es_wr_ghcb_msr(msr); } =20 @@ -80,7 +82,9 @@ void snp_set_page_shared(unsigned long paddr) return; =20 msr =3D sev_es_rd_ghcb_msr(); - __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); sev_es_wr_ghcb_msr(msr); } =20 @@ -109,7 +113,9 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t e= nd) u64 msr =3D sev_es_rd_ghcb_msr(); =20 for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) - __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE); + __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); sev_es_wr_ghcb_msr(msr); } =20 diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index f553268d31d7..1f2c4feeafce 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -587,7 +587,8 @@ static void __head setup_cpuid_table(const struct cc_bl= ob_sev_info *cc_info) } } =20 -static void __head svsm_pval_4k_page(unsigned long paddr, bool validate) +static void __head svsm_pval_4k_page(unsigned long paddr, bool validate, + struct svsm_ca *caa, u64 caa_pa) { struct svsm_pvalidate_call *pc; struct svsm_call call =3D {}; @@ -601,10 +602,10 @@ static void __head svsm_pval_4k_page(unsigned long pa= ddr, bool validate) */ flags =3D native_local_irq_save(); =20 - call.caa =3D svsm_get_caa(); + call.caa =3D caa; =20 pc =3D (struct svsm_pvalidate_call *)call.caa->svsm_buffer; - pc_pa =3D svsm_get_caa_pa() + offsetof(struct svsm_ca, svsm_buffer); + pc_pa =3D caa_pa + offsetof(struct svsm_ca, svsm_buffer); =20 pc->num_entries =3D 1; pc->cur_index =3D 0; @@ -627,12 +628,12 @@ static void __head svsm_pval_4k_page(unsigned long pa= ddr, bool validate) } =20 static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long pa= ddr, - bool validate) + bool validate, struct svsm_ca *caa, u64 caa_pa) { int ret; =20 if (snp_vmpl) { - svsm_pval_4k_page(paddr, validate); + svsm_pval_4k_page(paddr, validate, caa, caa_pa); } else { ret =3D pvalidate(vaddr, RMP_PG_SIZE_4K, validate); if (ret) @@ -641,7 +642,7 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, } =20 static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, - enum psc_op op) + enum psc_op op, struct svsm_ca *caa, u64 caa_pa) { u64 val; =20 @@ -650,7 +651,7 @@ static void __head __page_state_change(unsigned long va= ddr, unsigned long paddr, * state change in the RMP table. */ if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(vaddr, paddr, false); + pvalidate_4k_page(vaddr, paddr, false, caa, caa_pa); =20 /* Issue VMGEXIT to change the page state in RMP table. */ sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); @@ -666,7 +667,7 @@ static void __head __page_state_change(unsigned long va= ddr, unsigned long paddr, * consistent with the RMP entry. */ if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(vaddr, paddr, true); + pvalidate_4k_page(vaddr, paddr, true, caa, caa_pa); } =20 /* diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 2ffd8bf09357..e253783f6aa5 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -132,7 +132,8 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state) =20 void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, - unsigned long npages, enum psc_op op) + unsigned long npages, enum psc_op op, + struct svsm_ca *caa, u64 caa_pa) { unsigned long paddr_end; =20 @@ -142,7 +143,7 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, paddr_end =3D paddr + (npages << PAGE_SHIFT); =20 while (paddr < paddr_end) { - __page_state_change(vaddr, paddr, op); + __page_state_change(vaddr, paddr, op, caa, caa_pa); =20 vaddr +=3D PAGE_SIZE; paddr +=3D PAGE_SIZE; @@ -165,7 +166,8 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd * Ask the hypervisor to mark the memory pages as private in the RMP * table. */ - early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE); + early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE, + svsm_get_caa(), svsm_get_caa_pa()); } =20 void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, @@ -181,7 +183,8 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr return; =20 /* Ask hypervisor to mark the memory pages shared in the RMP table. */ - early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); + early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED, + svsm_get_caa(), svsm_get_caa_pa()); } =20 /* diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index bea67d017bf0..7a86a2fe494d 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -585,7 +585,8 @@ static void set_pages_state(unsigned long vaddr, unsign= ed long npages, int op) =20 /* Use the MSR protocol when a GHCB is not available. */ if (!boot_ghcb) - return early_set_pages_state(vaddr, __pa(vaddr), npages, op); + return early_set_pages_state(vaddr, __pa(vaddr), npages, op, + svsm_get_caa(), svsm_get_caa_pa()); =20 vaddr =3D vaddr & PAGE_MASK; vaddr_end =3D vaddr + (npages << PAGE_SHIFT); diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index ffe4755962fe..3b72d8217827 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -55,7 +55,8 @@ DECLARE_PER_CPU(struct sev_es_runtime_data*, runtime_data= ); DECLARE_PER_CPU(struct sev_es_save_area *, sev_vmsa); =20 void early_set_pages_state(unsigned long vaddr, unsigned long paddr, - unsigned long npages, enum psc_op op); + unsigned long npages, enum psc_op op, + struct svsm_ca *ca, u64 caa_pa); =20 DECLARE_PER_CPU(struct svsm_ca *, svsm_caa); DECLARE_PER_CPU(u64, svsm_caa_pa); --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB11B27817A for ; Wed, 9 Jul 2025 08:11:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048685; cv=none; b=DubaZx3/yk8Dif4IMiLW6OnTSryiVqHZRO9d8NO4RDkXvCU4j9iEIyS0iweB/wTTIK4t8nVy6Dqm788u3H9ZWJp1kc1ePVPv2yl/GXfoRP+JuY1Ddkn8Hz9QM67e7Wg+hDm6IcBDmFeUOcN/70X23L6UP41urg6DSRdYMcgAAcQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048685; c=relaxed/simple; bh=VAOnmYQ3SMHzhVxwmk5WbPYCXwepq2DTTWyblYZ56nA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=rejRRVObt6MgIfxh1YzXDZ/0x8gotZ4WO+4GKiyplg4eJS0RrtQiADmeHdP9vnLwZBciXwNCMG4bGUB52PX6wStkiiPVEmzomzj0I5Erza9ksodRSz9UW5kwVKZ25rRc7i46dh3jiNieaA3giQl6yLzhge6jjOcwrKXkvwDI1E4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=St8BGQUE; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="St8BGQUE" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4532ff43376so42938755e9.3 for ; Wed, 09 Jul 2025 01:11:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048682; x=1752653482; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=mlklEssr6PHY4FCf1/KdHvDxuzxyPCLNFCMLVOpB+/U=; b=St8BGQUEEB3YHEwloXvVBgRIDoKienwpp7agk3RHjujqRNVQMH/M3WWwd8CBNvthdK YANVR+vSTuUgPcKvTg5uxz9l3YVT8hcheO9te9GD3JLl8ovFLjDej1EnNPR/iq/VdIgr kWM01oU0IufYsB+xrSDpzS481G5xCbtpVL/Aqi/spDiZcTSUCg7j1TG+PcLehXhDgOxv LaDt1tXy7IxkICadzwESOOjyURGjsnxdBBo3jv+3Dsw7Zd1jOAx8TxSNOS29LkvvURgB 9Ko69vQFzkhCbsQaYiYo/KiNPyPQSdBzkJXdDrcdEXqnWRWe/bIQfSKAbWxgIkHEsLL+ WyZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048682; x=1752653482; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mlklEssr6PHY4FCf1/KdHvDxuzxyPCLNFCMLVOpB+/U=; b=eNE44fpGsxSNS3EJicYqR8bSx4L6YriRcePy5m2/rHnkLpmGlFoFf28bDoIPEcJrWZ hgwWhLi9dXRL8Iee4UL6l6oQBJ+yFskBbCyFob7yXnrAQS8RoGG0VL+yD9wHTQxBv0O7 UEDjnT2rajq6JbBXGhEmN7LMj1R+umOi+Y/wKTU5d7EnrPzPKU1AGueyW3nzDIWxwYMM 1KC3Jb6ZLJT2BLT465oneEvi4jwflwhM77iPGkzeqjNwunBv1GMuhl65CHKnoKl/R3kA i38J/87Nrb5nfBcZ7iKUZGJz3nNTrhVnsi70UjRL8TWUrMO2shI2ZcgIlT2IYfx51hb7 jF1w== X-Gm-Message-State: AOJu0Yy92JKoH06ZdeRybo54KE7X/66xkLyKF0ZS30hom/qfdO1t2C8o ljsgz8oHzDy0nVCSgaK5Hr9ru2S8kZV9xPnsXEDK2ZeuX3l8tdQe+9XQslGaGbvsr52n/ZOk1VH EzPJ0Zw1mg3ZRrO5MDSxhp9McTPYw77ITqsJyVUx/el5ZQP5mlmHgfj5mYGtpnsVJpe6SCb3B56 /9JncOMtszdeW1KSYUr3UshEYvl3JutfbHvg== X-Google-Smtp-Source: AGHT+IEQzVn/RrbZ5/xlZ32eVwUyzq1Nwx7Y3Fd7L2k7qxKx8b1dfb2qwWjr+wIc3+aHUtdnQ39jTjMV X-Received: from wmbdv17.prod.google.com ([2002:a05:600c:6211:b0:451:edc8:7816]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:5c01:0:b0:3a4:db49:94aa with SMTP id ffacd0b85a97d-3b5e4513287mr875885f8f.21.1752048682243; Wed, 09 Jul 2025 01:11:22 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:51 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5481; i=ardb@kernel.org; h=from:subject; bh=sqtiD2Pgws6Z85gNpALOI39gz8WJANhOWEDVEVl7+KQ=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPed+G8u72JbMjBaYkqR/2cmLhtdnAJ17mWfDknZrd6 0V63w52lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgImsymZk+Ds1ahuLyJwZSjV6 ovcaXUI3nApInVf3+1nmdQ9N+Y/axYwME/tq+bbnrHzgfZbp9cYyialfw+LfnX+2IZiZp/Ofz8p qLgA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-36-ardb+git@google.com> Subject: [PATCH v4 10/24] x86/sev: Use boot SVSM CA for all startup and init code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel To avoid having to reason about whether or not to use the per-CPU SVSM calling area when running startup and init code on the boot CPU, reuse the boot SVSM calling area as the per-CPU area for CPU #0. This removes the need to make the per-CPU variables and associated state in sev_cfg accessible to the startup code once confined. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 13 ------ arch/x86/boot/startup/sev-startup.c | 7 +-- arch/x86/coco/sev/core.c | 47 +++++++++----------- arch/x86/include/asm/sev-internal.h | 16 ------- 4 files changed, 24 insertions(+), 59 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index bc23b3dabf1b..e67413bc78fd 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -37,19 +37,6 @@ struct ghcb *boot_ghcb; =20 #define __BOOT_COMPRESSED =20 -extern u64 boot_svsm_caa_pa; - -struct svsm_ca *svsm_get_caa(void) -{ - /* The decompressor is mapped 1:1 so VA =3D=3D PA */ - return (struct svsm_ca *)boot_svsm_caa_pa; -} - -u64 svsm_get_caa_pa(void) -{ - return boot_svsm_caa_pa; -} - u8 snp_vmpl; =20 /* Include code for early handlers */ diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index e253783f6aa5..cba4fb4cace0 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -50,9 +50,6 @@ u64 sev_secrets_pa __ro_after_init; /* For early boot SVSM communication */ struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); =20 -DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); -DEFINE_PER_CPU(u64, svsm_caa_pa); - /* * Nothing shall interrupt this code path while holding the per-CPU * GHCB. The backup GHCB is only for NMIs interrupting this path. @@ -167,7 +164,7 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd * table. */ early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE, - svsm_get_caa(), svsm_get_caa_pa()); + rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, @@ -184,7 +181,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr =20 /* Ask hypervisor to mark the memory pages shared in the RMP table. */ early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED, - svsm_get_caa(), svsm_get_caa_pa()); + rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 /* diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 7a86a2fe494d..4fe0928bc0ad 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -46,6 +46,25 @@ #include #include =20 +DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); +DEFINE_PER_CPU(u64, svsm_caa_pa); + +static inline struct svsm_ca *svsm_get_caa(void) +{ + if (sev_cfg.use_cas) + return this_cpu_read(svsm_caa); + else + return rip_rel_ptr(&boot_svsm_ca_page); +} + +static inline u64 svsm_get_caa_pa(void) +{ + if (sev_cfg.use_cas) + return this_cpu_read(svsm_caa_pa); + else + return boot_svsm_caa_pa; +} + /* AP INIT values as documented in the APM2 section "Processor Initializa= tion State" */ #define AP_INIT_CS_LIMIT 0xffff #define AP_INIT_DS_LIMIT 0xffff @@ -1287,7 +1306,8 @@ static void __init alloc_runtime_data(int cpu) struct svsm_ca *caa; =20 /* Allocate the SVSM CA page if an SVSM is present */ - caa =3D memblock_alloc_or_panic(sizeof(*caa), PAGE_SIZE); + caa =3D cpu ? memblock_alloc_or_panic(sizeof(*caa), PAGE_SIZE) + : &boot_svsm_ca_page; =20 per_cpu(svsm_caa, cpu) =3D caa; per_cpu(svsm_caa_pa, cpu) =3D __pa(caa); @@ -1341,32 +1361,9 @@ void __init sev_es_init_vc_handling(void) init_ghcb(cpu); } =20 - /* If running under an SVSM, switch to the per-cpu CA */ - if (snp_vmpl) { - struct svsm_call call =3D {}; - unsigned long flags; - int ret; - - local_irq_save(flags); - - /* - * SVSM_CORE_REMAP_CA call: - * RAX =3D 0 (Protocol=3D0, CallID=3D0) - * RCX =3D New CA GPA - */ - call.caa =3D svsm_get_caa(); - call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); - call.rcx =3D this_cpu_read(svsm_caa_pa); - ret =3D svsm_perform_call_protocol(&call); - if (ret) - panic("Can't remap the SVSM CA, ret=3D%d, rax_out=3D0x%llx\n", - ret, call.rax_out); - + if (snp_vmpl) sev_cfg.use_cas =3D true; =20 - local_irq_restore(flags); - } - sev_es_setup_play_dead(); =20 /* Secondary CPUs use the runtime #VC handler */ diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 3b72d8217827..bdfe008120f3 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -63,22 +63,6 @@ DECLARE_PER_CPU(u64, svsm_caa_pa); =20 extern u64 boot_svsm_caa_pa; =20 -static __always_inline struct svsm_ca *svsm_get_caa(void) -{ - if (sev_cfg.use_cas) - return this_cpu_read(svsm_caa); - else - return rip_rel_ptr(&boot_svsm_ca_page); -} - -static __always_inline u64 svsm_get_caa_pa(void) -{ - if (sev_cfg.use_cas) - return this_cpu_read(svsm_caa_pa); - else - return boot_svsm_caa_pa; -} - enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt); void vc_forward_exception(struct es_em_ctxt *ctxt); =20 --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4C6C2797AB for ; Wed, 9 Jul 2025 08:11:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048687; cv=none; b=DuLGi7YX1ah1oUmaQrbvFfxkzQl6J5D7hqHtqNVgeCmtO9Oh/jM5/fd0z1csD3aLQ8HlhaNe0VxgWfq79/XSVywt/2/ur6W4IhLIFBe4HsrlQ8hZECKB82dyVc7Sv+ygiugLtVoEs7cqGRWYS9+GosnvFn+fZdl+NDdKae8AHRI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048687; c=relaxed/simple; bh=fJcYtM8/fGIml+gUrbA3B9+0tJv6sto5kDQD5ecvJe0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DbTJl4WGVuwA05qbzUdNjYxk9lsORvBr5eveiE06Nvx0TlvJBEiG/e1yvelM8W38WL9Yszo0mkeAHI8XQxlR90hDIZEBknkcWxkADuSHhpNxPREfT91oOPGD0RNjsM5KiLarhNT0ItKxwHrbKMjqm1QIU2aHxb+grvSRXyKtwdg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=VPLb7UuJ; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="VPLb7UuJ" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-451d7de4ae3so30898365e9.2 for ; Wed, 09 Jul 2025 01:11:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048684; x=1752653484; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=u8S6FutNEGZVTbNW/QSpeSjkaYrVTk312wjGqKvvjtA=; b=VPLb7UuJW2U0Znht67/nqUKBT5V5jajgLgSsjiJbKnk/R4KEagP6dfD/XcndrxSyKK xhjFhB/78PFmWYOXZMpTJfHXWO/ZtlDGjOb07DU34g4jrXHGv3doI09zkSH+m++7tlfv 3zc90yng2d7v1ROo7FcrEAhMaVgIJrUzJGVLL9FPa10BivV9h7qMwCpmStW9R8KOleu/ t3OKySvNOsUM4aM41DldRxVh2BRhwKEQwlFSZEZszG6pe+g/1Gv0jQkRZzcBcVZbkTo4 uw4UdZrgYgZDYwfprlU8DNEd5gjQANAwj/MUVTDWiaAFvU0JIvnNmwSsEHGOoWFJtMdO pdDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048684; x=1752653484; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u8S6FutNEGZVTbNW/QSpeSjkaYrVTk312wjGqKvvjtA=; b=jy7ZDmzj8EtEEUgV9kim1x2FE6tEU/sXcnVqnMqD2N4EgV758qYnpBW6Vr8KkK0FVT 7UllF3gLlRU2bM8tWkqaYl6q71fwwN4QoX32/RmGw3YYXeLay/PnIVphZkOtWsnqKCgF iJ6hMQGPqcYwdffsu0TmG0njbzgWSjsGy54d9lk7JMIAAQ3JV6HfClmHVSsLr5IxJo2e GgNeL2UESG0/AYx+ksr+YyR9aG0t+pN2QKpOVtT+NKzcsTPZaZK0DCXedj6dBZKReKgu y4EPorW2/MAtJqsC7gXZXbLeeXFoq10YAR2Kb961zirGnbkbymaJxd8aNcLotO2r2K9E aWwQ== X-Gm-Message-State: AOJu0YxqCL8D5XqY8RUMoYUp5jb2Nra7DVlS7nO+Bw/tnCTsFJsfd0Ys 34BBjsNN0n+kfr+Ka/HULDds6kj/CUWaB/kIXnWq1e4k3l90u+qWt18WyXROjyapJju08JEexaI X6golTsya3gyEsn35tCcmDXxCc0XTm8GIbr9T9y6PMKSbGB1HrLQdZ208y8u9kIpj22eN2eEz3R 3N4tTW/es0YWLGMqk/YPuLKKcv7PVXX10rSw== X-Google-Smtp-Source: AGHT+IF/2oywNPmCVy8OoEg72uth/Vh3PkO8Uqu0n7ROrVBRePm5C9JPNG28JMAa/5gdGZSO3vYKXFfj X-Received: from wmco28.prod.google.com ([2002:a05:600c:a31c:b0:453:f66:5f37]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1d1a:b0:453:9bf:6f79 with SMTP id 5b1f17b1804b1-454d53d6b7dmr10896575e9.26.1752048684215; Wed, 09 Jul 2025 01:11:24 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:52 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2029; i=ardb@kernel.org; h=from:subject; bh=Ei8Zz3GyIokIv9Nrhza17wU0/expoVh33nG8ypvaKpk=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+bCKulUPl3zGhVtJjnV7hGbJ2Arv+tp4pLY2clfHF AMtE72OUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJFaXYb/7ocsstkVNT02Nt32 4u/fLH5UxlbvndHkkG2NzboV9zNjGRn2BVluT+tYpL5c/Ftm9vwJl59ln1WftNbjsovyk4eFv7e yAQA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-37-ardb+git@google.com> Subject: [PATCH v4 11/24] x86/boot: Drop redundant RMPADJUST in SEV SVSM presence check From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel snp_vmpl will be assigned a non-zero value when executing at a VMPL other than 0, and this is inferred from a call to RMPADJUST, which only works when running at VMPL0. This means that testing snp_vmpl is sufficient, and there is no need to perform the same check again. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index e67413bc78fd..5fd51f51e55c 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -403,30 +403,16 @@ void sev_enable(struct boot_params *bp) */ if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { u64 hv_features; - int ret; =20 hv_features =3D get_hv_features(); if (!(hv_features & GHCB_HV_FT_SNP)) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); =20 /* - * Enforce running at VMPL0 or with an SVSM. - * - * Use RMPADJUST (see the rmpadjust() function for a description of - * what the instruction does) to update the VMPL1 permissions of a - * page. If the guest is running at VMPL0, this will succeed. If the - * guest is running at any other VMPL, this will fail. Linux SNP guests - * only ever run at a single VMPL level so permission mask changes of a - * lesser-privileged VMPL are a don't-care. + * Running at VMPL0 is required unless an SVSM is present and + * the hypervisor supports the required SVSM GHCB events. */ - ret =3D rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1); - - /* - * Running at VMPL0 is not required if an SVSM is present and the hyperv= isor - * supports the required SVSM GHCB events. - */ - if (ret && - !(snp_vmpl && (hv_features & GHCB_HV_FT_SNP_MULTI_VMPL))) + if (snp_vmpl > 0 && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); } =20 --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2438C27A47A for ; Wed, 9 Jul 2025 08:11:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048689; cv=none; b=E/LDs1YdYxkEr26vOAzQKZ2WkyCNk0au4pDOdctx+Dz9rgS2nBIrR4hpGgvhm+VbRVIl4bwlP9WiXZbn1axL5Jtec6sjlBcl0+IA4guUYkURlrSkqPPiLrkYiW7BLN5RgQK9jYFm7o3EBKayawnNlYHfkhjdr6f9FCkQdKEzeBU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048689; c=relaxed/simple; bh=MIn0obE2Tdl0yDybRtiPWZ2ex9nM1vepzOAqEYPobN4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=oLFaURwDfJfjiOEwSG0UeRP7qjcp7+GDNlRyTZRMrtyzzJhEnpLrgexlmEv64q1kWqYL/mVbWdszArjQ1XYWL0UA7LSMX9B9JplpbIKUpE4nWd1lPBP2x+aVBmcj+UirhT8aBMhCl3ntEqEYmNrFUNMELWGdqT4o99u+inml6Lw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=w/hRQjTN; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="w/hRQjTN" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a6df0c67a6so3122235f8f.3 for ; Wed, 09 Jul 2025 01:11:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048686; x=1752653486; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=82AjK2Mr78LnVWeN6ZzoHpTnv0/ttUqkcA2ueyW5d70=; b=w/hRQjTNNGPwi1Ea8kXSqWNEeFi5tlUBmA7cLpf3CTxU2MvKAg/37TrXD9rd0aj+oh 6L3wBDPWUdTai60+vsyDvpAzd5lUd5m5XczCFMfDaQTW2a3JIETLMnRAf3PkHI1HwmvP zoUzn1opjSEPyoWnsPHBvqPioZr4oIQ2ki3sQDgdz8PvSyMp3RuCnbm5eVfgXCm0HvLD l+HCyemwnEJDjUqlqpbYBi/wcx+V7x955UthdUPJKVoqUzV5/PiRnLG+MnmlYHUftQG1 RoSsQ0L3ZcfBtWL5NTuk7/EmNigx/i2nQSKBLHmDpEQJRCpvWR1PuRzxwbI42ZZTUhv0 V4Kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048686; x=1752653486; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=82AjK2Mr78LnVWeN6ZzoHpTnv0/ttUqkcA2ueyW5d70=; b=JYhgrUw2YhP+et/bKMiGdwjSlkieIRS6wges6P0JPR7HlFN+j//DQjb9Xauh6DXm0p sLKGP7Tij20QNR86PRQjgxOg1eF2hk8WeQdEJFjMln19N9nNzp7NEYx33VR8wfJlC4F8 Ax6UzJ+7A3UAIk+4bGFQatU7YVMTAAse42QNH5ptKRwLvTHej4ElSue6bwN6XOZaiscz Qd+GGHupn8bE/hhsE3XbtflZaQPr4xyP1YBcd7TWlji0FYXIfdvnCjKRr/jlfIFzl6i8 CG5oa6HzNR1lz884838REgjBVxBVPFBQbRhI16WI3xipCmi+M5SPyLL3z+pSnqwBW1so rTYA== X-Gm-Message-State: AOJu0Yx2yGaV7WUz2Mf82fvM4+4qMrooebcX7GfP3Wr72joQdrTlzDkO sQfNLm7XQA23fZ8fPKr156+gFC3ACVutZeQVXq0uqaIWGr8kO4B5PT+01CR2TYPc6YbdheSbJS2 werqoRILXHXvy81vhLDhvNBx6zPlV+YIuhMkRZJxbsCvtYXYnEBL9qLf05Q1gYFG/+A/0Krr3qk +oSq/kGWt3sicRLaxXLkn2cNtF9Vvr4Antvg== X-Google-Smtp-Source: AGHT+IH4sOcxdqnSwJ1caH7J7j0f/jFWQf/gNmdL+Xr2ICC6qvy/5dCj/UsmVMdkF6+eHQfBXKXYOh7/ X-Received: from wmos4.prod.google.com ([2002:a05:600c:45c4:b0:440:60ac:3f40]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2008:b0:3a4:fcc3:4a14 with SMTP id ffacd0b85a97d-3b5e453803amr1054391f8f.34.1752048686562; Wed, 09 Jul 2025 01:11:26 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:53 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6080; i=ardb@kernel.org; h=from:subject; bh=9jJdcVhQ0yW0f61+vt5kfMq0QB/TwojdgAvB3ZGZ6Bk=; b=kA0DAAoWMG4JVi59LVwByyZiAGhuI8ihzOqdwrWUUecyM3c0cwzMxOxTATRVaIMW2Zl1toHoc 4h1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmhuI8gACgkQMG4JVi59LVx/BgEAp0EI /JO/QIt1G4SCWKKYhVPTWSkaXqeUaekVkVDK6C8BAIoDNrEjRdQys2VWVM4RnO+9wxqHJu9uTFN 8g1b5Ub8B X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-38-ardb+git@google.com> Subject: [PATCH v4 12/24] x86/sev: Unify SEV-SNP hypervisor feature check From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The decompressor and the core kernel both check the hypervisor feature mask exposed by the hypervisor, but test it in slightly different ways. This disparity seems unintentional, and simply a result of the fact that the decompressor and the core kernel evolve differently over time when it comes to setting up the SEV-SNP execution context. So move the HV feature check into a helper function and call that instead. For the core kernel, move the check to an earlier boot stage, right after the point where it is established that the guest is executing in SEV-SNP mode. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 19 +------------ arch/x86/boot/startup/sev-shared.c | 30 +++++++++++++++++--- arch/x86/boot/startup/sme.c | 2 ++ arch/x86/coco/sev/core.c | 11 ------- arch/x86/include/asm/sev-internal.h | 2 +- arch/x86/include/asm/sev.h | 2 ++ 6 files changed, 32 insertions(+), 34 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 5fd51f51e55c..4bd7b45562ed 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -397,24 +397,7 @@ void sev_enable(struct boot_params *bp) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_PROT_UNSUPPORTED); } =20 - /* - * SNP is supported in v2 of the GHCB spec which mandates support for HV - * features. - */ - if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { - u64 hv_features; - - hv_features =3D get_hv_features(); - if (!(hv_features & GHCB_HV_FT_SNP)) - sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); - - /* - * Running at VMPL0 is required unless an SVSM is present and - * the hypervisor supports the required SVSM GHCB events. - */ - if (snp_vmpl > 0 && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); - } + snp_check_hv_features(); =20 if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) error("SEV-SNP supported indicated by CC blob, but not SEV status MSR."); diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 1f2c4feeafce..a1d27a418421 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -66,10 +66,7 @@ sev_es_terminate(unsigned int set, unsigned int reason) asm volatile("hlt\n" : : : "memory"); } =20 -/* - * The hypervisor features are available from GHCB version 2 onward. - */ -u64 get_hv_features(void) +static u64 __head get_hv_features(void) { u64 val; =20 @@ -86,6 +83,31 @@ u64 get_hv_features(void) return GHCB_MSR_HV_FT_RESP_VAL(val); } =20 +u64 __head snp_check_hv_features(void) +{ + /* + * SNP is supported in v2 of the GHCB spec which mandates support for HV + * features. + */ + if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { + u64 hv_features; + + hv_features =3D get_hv_features(); + if (!(hv_features & GHCB_HV_FT_SNP)) + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); + + /* + * Running at VMPL0 is required unless an SVSM is present and + * the hypervisor supports the required SVSM GHCB events. + */ + if (snp_vmpl > 0 && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); + + return hv_features; + } + return 0; +} + int svsm_process_result_codes(struct svsm_call *call) { switch (call->rax_out) { diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index 70ea1748c0a7..529090e20d2a 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -533,6 +533,8 @@ void __head sme_enable(struct boot_params *bp) if (snp_en ^ !!(msr & MSR_AMD64_SEV_SNP_ENABLED)) snp_abort(); =20 + sev_hv_features =3D snp_check_hv_features(); + /* Check if memory encryption is enabled */ if (feature_mask =3D=3D AMD_SME_BIT) { if (!(bp->hdr.xloadflags & XLF_MEM_ENCRYPTION)) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 4fe0928bc0ad..f73dea313f55 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1344,17 +1344,6 @@ void __init sev_es_init_vc_handling(void) if (!sev_es_check_cpu_features()) panic("SEV-ES CPU Features missing"); =20 - /* - * SNP is supported in v2 of the GHCB spec which mandates support for HV - * features. - */ - if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) { - sev_hv_features =3D get_hv_features(); - - if (!(sev_hv_features & GHCB_HV_FT_SNP)) - sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); - } - /* Initialize per-cpu GHCB pages */ for_each_possible_cpu(cpu) { alloc_runtime_data(cpu); diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index bdfe008120f3..f0bfa46f3407 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -81,6 +81,6 @@ static __always_inline void sev_es_wr_ghcb_msr(u64 val) native_wrmsr(MSR_AMD64_SEV_ES_GHCB, low, high); } =20 -u64 get_hv_features(void); +void check_hv_features(void); =20 const struct snp_cpuid_table *snp_cpuid_get_table(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index f3acbfcdca9a..f20860187fe9 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -438,6 +438,7 @@ struct svsm_call { #ifdef CONFIG_AMD_MEM_ENCRYPT =20 extern u8 snp_vmpl; +extern u64 sev_hv_features; =20 extern void __sev_es_ist_enter(struct pt_regs *regs); extern void __sev_es_ist_exit(void); @@ -513,6 +514,7 @@ void snp_set_memory_private(unsigned long vaddr, unsign= ed long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); +u64 snp_check_hv_features(void); void snp_dmi_setup(void); int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct = svsm_attest_call *input); void snp_accept_memory(phys_addr_t start, phys_addr_t end); --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB16027AC44 for ; Wed, 9 Jul 2025 08:11:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048692; cv=none; b=pXD5OmqInNURdcG4GdEy58Ny4rmWkVPw5ivfF2/xulaZV0bBUrmRAWeICyDC2UuqGC3zYa3isg+0cXF4QCVD5C3efdXxgdwTdiZ2EAXRleNb38rDhKqqjmR3YRFR+mhk0vQN5PENUx77o5PvxheUhTiZw25a3b6YjalrHZNJsNg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048692; c=relaxed/simple; bh=88wIbnPP1a1dLhlXMR2D52W04CjhXmRtjIuSBBT1WeQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=paCsr9CV5r8sctTYkc9iOzgw/IFiEYrRxpmw2yh0FXlSLOzwa8Fqm48fEjfxidKV0iTTgAVivXyz7m6IsnE4sTjwHJO/ALOLxheZuRA3V2jGYTT+Sitd4d4biAXv/Vx6i1T23ZzUCuMJjV3e2mff/HUi1bCh1JAou0i0/begcxg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=yXT1r9OM; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="yXT1r9OM" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-450df53d461so41022175e9.1 for ; Wed, 09 Jul 2025 01:11:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048689; x=1752653489; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=AgqR5avhQu9i9Y4o0xvmYEmE5OaurZWopQxiw2YEL3s=; b=yXT1r9OM9XSmEey+sXhRWQbjTji7xFD6dj1F+NU4R3BSnm3d8+OKSKUYcCUu/woDb5 WQmdiLjNGTcaiWcATUi48GAsVAmOovb9sT/sj6UQ0wzCqyFYYWsxumrLxktuMIC9vgLV OYxFOkhqplX+CDsLirpG75ikEXvCU36mx4TYuIk+J9DR8NtyPBlku+SxPB3gbmknzOWZ WpK8/XDrrdPKt5vMY1PQDfGB+uDfpkp4ua5dn/sjWFkwjnXWetRZ145RFeFZdKDbi8tk 7H8j/kIAo28e4JhsZ820R5j0vw+V2lwzGx+SAN2m0taoHmkBXYX3ER+mS3Kjza6AWFl6 sPsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048689; x=1752653489; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AgqR5avhQu9i9Y4o0xvmYEmE5OaurZWopQxiw2YEL3s=; b=A4ghBg1/3rhuUUcLkfyZ6InfwtXQd8vtToLbz0IZKDD7UImjNVjlu+lb7ZEVBAIXNq TZkNZ14Pj6RmXEDUE7s5xnjULSmpmS5yHKqNsuLdgcAGlbeqMIFiODDvvZ2yx6IiaZRY b1YbjRA8h7s9yGT+vonzX/hPraZL0HfuIubcZMwUm4sURx5sG0/yyHI3jN5kd/asq1VI JnLxtESZYL56SXyypt2EOAbfC7tknIG0AWCo19aHS+i24i3fOQHX/iu0LEfvh3lPNJ/m bbzfxSOPsbmZsKCQ82C9Pkj56+X+tM2W3KYqpUuW+L67oekrq+KxkU+5VRP0CkCrNx9u uNqw== X-Gm-Message-State: AOJu0YxqWv7WTGgCKRBkplGjZhQ2hH4olf+9LLiWnBLqCYV+o4oVAv2a 0d7OpxEH6ya1uMixE2QvNQUrn8cabczzjqmktOgj34nRq4z+hXRcsZ7yHBkJmVAjvcLl5yDzoLp STDPBEZFnAhieZNsBrOAy7tHhKvlKOMgy4XZUzjErOGqHMRw7tSC04Uwv9JHKg9UlqAtOV17wBR eQyDYgkAIbbKmnbShMQ6WtOH5n9P2Ap05PIQ== X-Google-Smtp-Source: AGHT+IGg6JhKIjYqWZjqpvcm0fMrhJX3E6RFfYQaE8mjB5Sp3xJAcUDn5PSDoCSI73gGlSa4MUaZwNiq X-Received: from wmte16.prod.google.com ([2002:a05:600c:8b30:b0:450:dd18:ef0a]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:45c7:b0:43d:3df:42d8 with SMTP id 5b1f17b1804b1-454d52d2dd7mr12749565e9.6.1752048689062; Wed, 09 Jul 2025 01:11:29 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:54 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1051; i=ardb@kernel.org; h=from:subject; bh=/aZ0V2A8zhGGvGqcdFjf+IBZLj2TZ6Tesp02RBGOQMc=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+ewksbCNoclTNQ+fOvXZTM6qdrb3jR4Rkz1MdzxSA yyvpR7uKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNxfMHwT3OFZuF//1O1Emsb s+V3MGeFJoSxHCzbeG3tB84Er/tmLxn+V2jdENFO4+Zij3c84F++xsm5TORQc47ulPh1bB0OjWs YAQ== X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-39-ardb+git@google.com> Subject: [PATCH v4 13/24] x86/boot: Provide PIC aliases for 5-level paging related constants From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Provide PIC aliases for the global variables related to 5-level paging, so that the startup code can access them in order to populate the kernel page tables. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/head64.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 533fcf5636fc..1bc40d0785ee 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -52,10 +52,13 @@ SYM_PIC_ALIAS(next_early_pgt); pmdval_t early_pmd_flags =3D __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_= NX); =20 unsigned int __pgtable_l5_enabled __ro_after_init; +SYM_PIC_ALIAS(__pgtable_l5_enabled); unsigned int pgdir_shift __ro_after_init =3D 39; EXPORT_SYMBOL(pgdir_shift); +SYM_PIC_ALIAS(pgdir_shift); unsigned int ptrs_per_p4d __ro_after_init =3D 1; EXPORT_SYMBOL(ptrs_per_p4d); +SYM_PIC_ALIAS(ptrs_per_p4d); =20 unsigned long page_offset_base __ro_after_init =3D __PAGE_OFFSET_BASE_L4; EXPORT_SYMBOL(page_offset_base); --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1F8E27C175 for ; Wed, 9 Jul 2025 08:11:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048694; cv=none; b=OzEXPIlGC75AkfOSWgrtduamnjF6uGPTad13NNIL3DZ6QEPFM5NByCG6tZHtHXxvFvV+Pngtv9uDPvzSlEoWEB7aC0ShlQ9dQBAPwvTpWKosKnnF3tOc+X9bQkHxP/KtRC1uFAGU+vRR7JUxfdo8epDPQxPVm6jrgw3E8pk/RtM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048694; c=relaxed/simple; bh=jvdJzaCEv0k/GcxYI/bLqbb+kNCSjp0cy3X3jI0kiIU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=HdOqpm6GWJSjmHDsiZCciIvpoRLKSWgv4VTI0kZyU5T3N3Y4ShxVwA+wm0uMTjrwwn+KbsoOIa3Bhsl8xlT8ItUerha/KJ5FZoe6rTdOctTyVFyt9vggbMnfUOblV9Z5wTID0UZc34/63Y3QCP10atBmiS+t9wmCDzggwuv0w6I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Y1pDunto; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Y1pDunto" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45311704d1fso34468565e9.1 for ; Wed, 09 Jul 2025 01:11:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048691; x=1752653491; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=C8zEEV0k0V04hhlMfC1WwEc4eqVxDysgmOU00FHLTTo=; b=Y1pDuntoOc34H91LbwnI3A32faFc4wdrP6cGoKzFPctOgJVvGtCw7aNvdQ0BLRL8Nt 2OPmFBTcbAcjnhmDCeyldEwrA6JE5NJjXyfceadZ4i1r3n+8FGFtro6/GiPXp3vQd1aw v7LGVBuF88ptT5rOr6jo/IkvMrVCkTNWMxqVxKfKYgJsxnfPlqpcVweq5p58v269IURz MDOTlKlH95GbYxigVNY7KOOU9DSBVrO9KWGw7b8JC9XyTFaxlbE5BUhcqI4LnBSqEb98 ouJY977ED/h2KKba4nZOeWWqnh2bwZxQcLcladBAAVl2qAHT7ec/ITdf8qziTF3AxEep DYIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048691; x=1752653491; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=C8zEEV0k0V04hhlMfC1WwEc4eqVxDysgmOU00FHLTTo=; b=SbnwJ9x9PImJXJz10CHVV1AOIHyTGVif0s3wMrbcdH2Vw0eqYJT37ecrkvQGWabcPO 305LibqsMGYcc4KYvuuE9zQQsKgRv9zfzVr65WOkzzRGbGtDG/HgwJLYuJtSZ0h7K8Ru INPWMBjXpYtWa2flMccsNc05Uc2BBGd1pRvnoe9D37vHWnURweWdrgEHac6NFE1KGeFi 0jEffO2BBAX9red16HtkCS5ENdoFJZMly8LcfHnv2ndM5HyXE2cYix+/25YQljm+0num rFM6cPr/tD0rOvEx3sxUWnNVS0manmWRQ0ltnp5DV2ABjSfWVAVn4ebMP4oNHy8TJASS NrEg== X-Gm-Message-State: AOJu0YxtNfhRs7BxMG+sXBsMDxmnI9iQX6/2AtTYWojqG+7Of90W6NDQ yQ5H+y/iDAwNKrgIfROwWYqmzV039hQts5Y9mFcDfT6Qo4O577n0uZhBCF5MY51RyDfmiT2eh/2 WNAA4qhABsRfAm9vcrZF5A/Ex5eDOPSwhRYVwX/bPiDu2WIcwaehzf3lvIc/t67ObBN/PxLxzvg AYRc4Opg3Ilk9RBdDLrt+uUO7jl8QNvX+jXQ== X-Google-Smtp-Source: AGHT+IEdZORNPphu+mvo+KEMZneLj4yaAV2b0INhZrtb4dCFEIZhRclR5jpzQvG4KiAoT8kk4rgHJSlc X-Received: from wmbh3.prod.google.com ([2002:a05:600c:a103:b0:442:dc75:51ef]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:6989:b0:43c:f629:66f4 with SMTP id 5b1f17b1804b1-454d523bbd6mr13706085e9.0.1752048691396; Wed, 09 Jul 2025 01:11:31 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:55 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5030; i=ardb@kernel.org; h=from:subject; bh=tvzBcQkTV7J9OoV2SLp4+keidchj+zYgpljjyN1cVzA=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+VLWxAtFc/9nVagFNAsvvJFimJCVktfebPsxJKzgj LXjxd8dpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCK3TzH8L96Z8XXuloVPmczV jH64OWgaKPTOPndifaqQ3MrMpv42EYb/CTZnFJiq4rQ4rgtIh221bqx4aCgwV3PzbPXlF17GlmY yAQA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-40-ardb+git@google.com> Subject: [PATCH v4 14/24] x86/sev: Provide PIC aliases for SEV related data objects From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Provide PIC aliases for data objects that are shared between the SEV startup code and the SEV code that executes later. This is needed so that the confined startup code is permitted to access them. This requires some of these variables to be moved into a source file that is not part of the startup code, as the PIC alias is already implied, and exporting variables in the opposite direction is not supported. Move ghcb_version as well, but don't provide a PIC alias as it is not actually needed. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 3 ++ arch/x86/boot/startup/sev-shared.c | 19 ----------- arch/x86/boot/startup/sev-startup.c | 9 ------ arch/x86/coco/sev/core.c | 34 ++++++++++++++++++++ 4 files changed, 37 insertions(+), 28 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 4bd7b45562ed..5e0fa165e10b 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -38,6 +38,9 @@ struct ghcb *boot_ghcb; #define __BOOT_COMPRESSED =20 u8 snp_vmpl; +u16 ghcb_version; + +u64 boot_svsm_caa_pa; =20 /* Include code for early handlers */ #include "../../boot/startup/sev-shared.c" diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index a1d27a418421..042eef7b3a2a 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -18,25 +18,6 @@ #define WARN(condition, format...) (!!(condition)) #endif =20 -/* - * SVSM related information: - * During boot, the page tables are set up as identity mapped and later - * changed to use kernel virtual addresses. Maintain separate virtual and - * physical addresses for the CAA to allow SVSM functions to be used dur= ing - * early boot, both with identity mapped virtual addresses and proper ke= rnel - * virtual addresses. - */ -u64 boot_svsm_caa_pa __ro_after_init; - -/* - * Since feature negotiation related variables are set early in the boot - * process they must reside in the .data section so as not to be zeroed - * out when the .bss section is later cleared. - * - * GHCB protocol version negotiated with the hypervisor. - */ -u16 ghcb_version __ro_after_init; - /* Copy of the SNP firmware's CPUID page. */ static struct snp_cpuid_table cpuid_table_copy __ro_after_init; =20 diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index cba4fb4cace0..0eb31bf81899 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,15 +41,6 @@ #include #include =20 -/* Bitmap of SEV features supported by the hypervisor */ -u64 sev_hv_features __ro_after_init; - -/* Secrets page physical address from the CC blob */ -u64 sev_secrets_pa __ro_after_init; - -/* For early boot SVSM communication */ -struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); - /* * Nothing shall interrupt this code path while holding the per-CPU * GHCB. The backup GHCB is only for NMIs interrupting this path. diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index f73dea313f55..71a76fde3102 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -46,6 +46,29 @@ #include #include =20 +/* Bitmap of SEV features supported by the hypervisor */ +u64 sev_hv_features __ro_after_init; +SYM_PIC_ALIAS(sev_hv_features); + +/* Secrets page physical address from the CC blob */ +u64 sev_secrets_pa __ro_after_init; +SYM_PIC_ALIAS(sev_secrets_pa); + +/* For early boot SVSM communication */ +struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); +SYM_PIC_ALIAS(boot_svsm_ca_page); + +/* + * SVSM related information: + * During boot, the page tables are set up as identity mapped and later + * changed to use kernel virtual addresses. Maintain separate virtual and + * physical addresses for the CAA to allow SVSM functions to be used dur= ing + * early boot, both with identity mapped virtual addresses and proper ke= rnel + * virtual addresses. + */ +u64 boot_svsm_caa_pa __ro_after_init; +SYM_PIC_ALIAS(boot_svsm_caa_pa); + DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); DEFINE_PER_CPU(u64, svsm_caa_pa); =20 @@ -119,6 +142,17 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); */ u8 snp_vmpl __ro_after_init; EXPORT_SYMBOL_GPL(snp_vmpl); +SYM_PIC_ALIAS(snp_vmpl); + +/* + * Since feature negotiation related variables are set early in the boot + * process they must reside in the .data section so as not to be zeroed + * out when the .bss section is later cleared. + * + * GHCB protocol version negotiated with the hypervisor. + */ +u16 ghcb_version __ro_after_init; +SYM_PIC_ALIAS(ghcb_version); =20 /* For early boot hypervisor communication in SEV-ES enabled guests */ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4BEDE27E075 for ; Wed, 9 Jul 2025 08:11:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048697; cv=none; b=UfQxHPNbAJUhRUEKC7r9TJ9MVwic17BY9OWItzBAyQQgU9erMyC1ELo+rnu8d+UYHDaDMn2CQvp9qRxtHdNbbFX66Qy8cHPtkrWGG41PSJZH/WZdQgmYgsIyg2tkcs7FXsVxowID12jyPpJNM2dqMa0PBHZHOOkSvBriLf872CQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048697; c=relaxed/simple; bh=AGlT/LHl9MzaxEHKXhO2ZblurSiOn1h3jOfRwltt3DE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eEJc2jJBx7g8pem2hMCnwipUmK+s0YhDRDTHWue86QF2PRO+XuGbSGxH5FoEQYrrmPN8bwIyQnzcySBWEboO2tjtD6qLBMILKBO2sbgYLAA+F0bqqItu8+kBtxtu/LghYyC0O+qIdvxFluCff8Bdzu8p5bBGnSDg+qE7TTgsnVg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RGv04oiW; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RGv04oiW" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3a4eec544c6so2610266f8f.0 for ; Wed, 09 Jul 2025 01:11:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048693; x=1752653493; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=QRshuuEn2F0BA39jgtC7SgNobx9rRUXOK9J99LRFaaY=; b=RGv04oiW9qkqNiGeIiOUS+AOGt9O5y7CqdXLYDoS1sa9vC1MmsbEBNtAUQWP0Ejfe1 3f7uEnd0mxQSmbgLdfJhefQuCMnexrnLX3CTh7okSCxIZ2FcX4Cn0vwLazizAN2SMN1T Y63fIomyl5VXWs+S1HyK+8FPtLkt/Lh5nHj73h2O2JODGarREBP6AL5hqByvJFcjC/47 EdU8jjlSWRpLv/cmidUyxBgHxmia8FmYYcSKGFZCEbnHUA5xCc4SLuj97Q/+qbYlC6ZS Qeu+VtBs1E+eLRy4gLxp8ha2vlvxLUfBVxusL9IybOjCw6HXpT95wqLOwVf+M9vlSfLI TyHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048693; x=1752653493; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QRshuuEn2F0BA39jgtC7SgNobx9rRUXOK9J99LRFaaY=; b=af7fsid39DBR6+yhRc2NrRuv1uv/Zdj7iE8c9XQ33xZY8CKoqrZP7FvZKo40RJht80 cJp5ZUx8VqyK49W942Dyw7PlNEV1zIYYKQYFY38o3jlseXpLU7L4SnF77PxDFkbENmHm +3wzJLZB6OiROIlCRoIJK5wdSCjhI92/QFoZ2y5uWAMN0NIhSKhs07pqfee90TcYDNAF q8pBKk0ZsUKA8VAyRsIjQfZMRpML29NBm5wbME+By099IRG1RVkJX0D5GBmrhVJ//MZy +4YYrwiyd6IGeV8PGJAG7rlhGe5jPu8SS1HZinML3eOCTuI1fE3xczjAw0cBTckUcAPb f6WA== X-Gm-Message-State: AOJu0Yz9sFE4a4P4lknTovumgsaqjoz8T+rw10mMw+OC7Iz8PaYwuIxO KyFVGD7R3kR8BvU6AE65XY0mbj/6koqk7VlxL3wPm4OQzJ3WPo651MDHZJRZ33zCzUlmahG2AT8 RL0yN74LOgEz7ItZJH9Ue+CbkP8D3v3D06xGjT1pp34bzKPx4wIvD988z8Yp4jqqLBdxbA1ICXp vPwJXJhfHxzfNi/u8eL44b24itHelAeYA4/Q== X-Google-Smtp-Source: AGHT+IFd2w5ZVTesfahbSSpkA4eCTiy1GduNxDCSOX0kEFz7Oc4RxGEnkxKU1qGXDl9LhGmdhRDN5Uwb X-Received: from wmor11.prod.google.com ([2002:a05:600c:458b:b0:454:d826:7fb8]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2006:b0:3a4:f939:b53 with SMTP id ffacd0b85a97d-3b5e4530f3fmr842887f8f.38.1752048693596; Wed, 09 Jul 2025 01:11:33 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:56 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5947; i=ardb@kernel.org; h=from:subject; bh=MKTGMdpJelTrHMYhuGbfBV3otCAWViTYIYy9a8cgjMY=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+fr15drB8cKFti/PCe9btVbMf0rmqkczb7Fm+Pbbf /L81LOio5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzE0ZGRoTORx7RR+95FgQfF 657fmLTrcB3D/cs57H5XizUbLTmdrjP8FXyT0P13pgvPwtd2wbGK7oELGN/+OxC4frLdgv5PB1/ /ZQcA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-41-ardb+git@google.com> Subject: [PATCH v4 15/24] x86/sev: Move __sev_[get|put]_ghcb() into separate noinstr object From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Rename sev-nmi.c to noinstr.c, and move the get/put GHCB routines into it too, which are also annotated as 'noinstr' and suffer from the same problem as the NMI code, i.e., that GCC may ignore the __no_sanitize_address__ function attribute implied by 'noinstr' and insert KASAN instrumentation anyway. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/sev-startup.c | 74 -------------------- arch/x86/coco/sev/Makefile | 6 +- arch/x86/coco/sev/{sev-nmi.c =3D> noinstr.c} | 74 ++++++++++++++++++++ 3 files changed, 77 insertions(+), 77 deletions(-) diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 0eb31bf81899..0fd80e63b639 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,83 +41,9 @@ #include #include =20 -/* - * Nothing shall interrupt this code path while holding the per-CPU - * GHCB. The backup GHCB is only for NMIs interrupting this path. - * - * Callers must disable local interrupts around it. - */ -noinstr struct ghcb *__sev_get_ghcb(struct ghcb_state *state) -{ - struct sev_es_runtime_data *data; - struct ghcb *ghcb; - - WARN_ON(!irqs_disabled()); - - data =3D this_cpu_read(runtime_data); - ghcb =3D &data->ghcb_page; - - if (unlikely(data->ghcb_active)) { - /* GHCB is already in use - save its contents */ - - if (unlikely(data->backup_ghcb_active)) { - /* - * Backup-GHCB is also already in use. There is no way - * to continue here so just kill the machine. To make - * panic() work, mark GHCBs inactive so that messages - * can be printed out. - */ - data->ghcb_active =3D false; - data->backup_ghcb_active =3D false; - - instrumentation_begin(); - panic("Unable to handle #VC exception! GHCB and Backup GHCB are already= in use"); - instrumentation_end(); - } - - /* Mark backup_ghcb active before writing to it */ - data->backup_ghcb_active =3D true; - - state->ghcb =3D &data->backup_ghcb; - - /* Backup GHCB content */ - *state->ghcb =3D *ghcb; - } else { - state->ghcb =3D NULL; - data->ghcb_active =3D true; - } - - return ghcb; -} - /* Include code shared with pre-decompression boot stage */ #include "sev-shared.c" =20 -noinstr void __sev_put_ghcb(struct ghcb_state *state) -{ - struct sev_es_runtime_data *data; - struct ghcb *ghcb; - - WARN_ON(!irqs_disabled()); - - data =3D this_cpu_read(runtime_data); - ghcb =3D &data->ghcb_page; - - if (state->ghcb) { - /* Restore GHCB from Backup */ - *ghcb =3D *state->ghcb; - data->backup_ghcb_active =3D false; - state->ghcb =3D NULL; - } else { - /* - * Invalidate the GHCB so a VMGEXIT instruction issued - * from userspace won't appear to be valid. - */ - vc_ghcb_invalidate(ghcb); - data->ghcb_active =3D false; - } -} - void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op, diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile index db3255b979bd..53e964a22759 100644 --- a/arch/x86/coco/sev/Makefile +++ b/arch/x86/coco/sev/Makefile @@ -1,9 +1,9 @@ # SPDX-License-Identifier: GPL-2.0 =20 -obj-y +=3D core.o sev-nmi.o vc-handle.o +obj-y +=3D core.o noinstr.o vc-handle.o =20 # Clang 14 and older may fail to respect __no_sanitize_undefined when inli= ning -UBSAN_SANITIZE_sev-nmi.o :=3D n +UBSAN_SANITIZE_noinstr.o :=3D n =20 # GCC may fail to respect __no_sanitize_address when inlining -KASAN_SANITIZE_sev-nmi.o :=3D n +KASAN_SANITIZE_noinstr.o :=3D n diff --git a/arch/x86/coco/sev/sev-nmi.c b/arch/x86/coco/sev/noinstr.c similarity index 61% rename from arch/x86/coco/sev/sev-nmi.c rename to arch/x86/coco/sev/noinstr.c index d8dfaddfb367..b527eafb6312 100644 --- a/arch/x86/coco/sev/sev-nmi.c +++ b/arch/x86/coco/sev/noinstr.c @@ -106,3 +106,77 @@ void noinstr __sev_es_nmi_complete(void) =20 __sev_put_ghcb(&state); } + +/* + * Nothing shall interrupt this code path while holding the per-CPU + * GHCB. The backup GHCB is only for NMIs interrupting this path. + * + * Callers must disable local interrupts around it. + */ +noinstr struct ghcb *__sev_get_ghcb(struct ghcb_state *state) +{ + struct sev_es_runtime_data *data; + struct ghcb *ghcb; + + WARN_ON(!irqs_disabled()); + + data =3D this_cpu_read(runtime_data); + ghcb =3D &data->ghcb_page; + + if (unlikely(data->ghcb_active)) { + /* GHCB is already in use - save its contents */ + + if (unlikely(data->backup_ghcb_active)) { + /* + * Backup-GHCB is also already in use. There is no way + * to continue here so just kill the machine. To make + * panic() work, mark GHCBs inactive so that messages + * can be printed out. + */ + data->ghcb_active =3D false; + data->backup_ghcb_active =3D false; + + instrumentation_begin(); + panic("Unable to handle #VC exception! GHCB and Backup GHCB are already= in use"); + instrumentation_end(); + } + + /* Mark backup_ghcb active before writing to it */ + data->backup_ghcb_active =3D true; + + state->ghcb =3D &data->backup_ghcb; + + /* Backup GHCB content */ + *state->ghcb =3D *ghcb; + } else { + state->ghcb =3D NULL; + data->ghcb_active =3D true; + } + + return ghcb; +} + +noinstr void __sev_put_ghcb(struct ghcb_state *state) +{ + struct sev_es_runtime_data *data; + struct ghcb *ghcb; + + WARN_ON(!irqs_disabled()); + + data =3D this_cpu_read(runtime_data); + ghcb =3D &data->ghcb_page; + + if (state->ghcb) { + /* Restore GHCB from Backup */ + *ghcb =3D *state->ghcb; + data->backup_ghcb_active =3D false; + state->ghcb =3D NULL; + } else { + /* + * Invalidate the GHCB so a VMGEXIT instruction issued + * from userspace won't appear to be valid. + */ + vc_ghcb_invalidate(ghcb); + data->ghcb_active =3D false; + } +} --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 794A827E05A for ; Wed, 9 Jul 2025 08:11:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048699; cv=none; b=sXHTXvJlwqBmdXdfczHlklLuR+KPjMM/XXf2JG7w3m3Tz4+azjlFlabCNFkYYT6/mK2HIb5MlEaFrIEiAeefY5TJ7ea5XQ/KZ9z38j3BxJEp9MVxuI36n6bNxww1xJVATrjyO8MEOSLV/E+Rc8i5uL8b3BZALZuK5diHPWaYS/M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048699; c=relaxed/simple; bh=AziSCYrqEKp3iXhsTCzhbJczPEzyYFFzm0EbdakEq+k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=E+IFvWc3oOtHR/ehw87vhCOYLQs+zEBSTB4E86G2xpnSgvC/sdlYRSVvh/EetKyXZ8/Kmr7LPtd6QlV8VyDN1nXn26W+kS30bEp53xECFhBIa6qmw2jZpGG4j4nxvf9iSS7VPW/GVzzH1yAO5k6pT5V6ZT+duS18WsO/i/XY9o8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=KvnoRvHg; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KvnoRvHg" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45359bfe631so28182175e9.0 for ; Wed, 09 Jul 2025 01:11:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048696; x=1752653496; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=mW4f9PE0jE0e9wTTI8oFMDAAeEX2PGjVbeFJW21fiSw=; b=KvnoRvHgTTDmGDEFjxvc9fkCkKa4b41HXfAWjk+FQPooRmj4sUtl6oxRhutPzEtNIE LrLUP9ffD5j8EyddbfR30kMOKj2YtwXU0aP+0LZ3zldqjgFHZiIQit2f8nE+SJFxr+Zq x0r1rDp65bIeBmolYPkzlzxWvHJIw8+USVfW36wckdx/Ke8Q5j70w2Q/KxHbwnJzPgj+ M0aYmeUHtr2qAtCOb+OVAC9Km47CmmeenJ/uB2HUu2QcY1kJI4823foceEzwboxin2Ur mfN81dtNit7zW59oUfvHVv4R3biT/Dr35dWAETL1fyCciZ1XYJl0EG5uDacV1siUcHKF q6oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048696; x=1752653496; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mW4f9PE0jE0e9wTTI8oFMDAAeEX2PGjVbeFJW21fiSw=; b=bKnQ9SNIYsxeW/xUjbUM9YsMycnDmaXAvs9CmpYWelRA8BzjjRbmzTHkCteM8IfsAM Azql/7ip1Rvxn+WlylVTecCpHcp9P0dzqZcwlSLAhkIrbwXmFI1GHlgrIsSJxiwAvyMy c8r7xo5N444d1fbH9fwGi9tvR1POnHT0BA/swyUDoG0R0LQQbVbcfpflQ7wosd0cCBbL oDXtdgs8JIy8pg5RVLbuLEHe+hE6X5v7D7q1VWZtSFlZVi29/Fj9HenAChOEGPHWPMGU 3QY++I9j0E51tYEwwr8xYTznGP02rwNPDTObdT8qAcD/KYkGuOOpN+cXIJOoHxJosPLl dhMg== X-Gm-Message-State: AOJu0Yw2C0BGaU+1CioTTcoggsFUJQdRR86cyuBr4YmgAzvjX2/X5Y8k 9qhEE/rW1I7CnmUdojqOry/EHXx1QRs+cMP7sZt6AzfvE2IPlfmBf4LdNbmU7VTmU7jzWJojWZT VdGD5oYBe/WZat7yFtb5fRLFqHISM/1RrfhL+fNOtibDBsXjGrUO4h2ksuqYoXcUJ8qtW9kxRBj hPa8Ot4ZEsj8oW5KQI3+HdquE38kPSKOCCGw== X-Google-Smtp-Source: AGHT+IFYnMWunOkuwZilhgJj8CBhve/N6rClwHekltMlTHywqNLrvtHoe8epebqPwqikRuScN1ldq4Iw X-Received: from wmqd14.prod.google.com ([2002:a05:600c:34ce:b0:453:86cc:7393]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8b88:b0:441:ac58:ead5 with SMTP id 5b1f17b1804b1-454d53f34bfmr14215915e9.31.1752048695741; Wed, 09 Jul 2025 01:11:35 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:57 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1696; i=ardb@kernel.org; h=from:subject; bh=kOQMYaSiu+ZXQWR7MbRw268I2y+/O3YrdyRKP8LesAE=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+Y6M88n9Sbzbf+1YeWOdnNHSbVutr83/+Jjr9Feb8 59Mpy5m7ChlYRDjYpAVU2QRmP333c7TE6VqnWfJwsxhZQIZwsDFKQATeZTEyNBzosrq8PFTS/dk qy1K7WH7de3V8dzX3dnRGdryNiFT9MIYGd67Rhms+RsQlJ3PlX/mdfsJ+ZO/6isKP66u4tJTaQj Yzw8A X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-42-ardb+git@google.com> Subject: [PATCH v4 16/24] x86/sev: Export startup routines for later use From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Create aliases that expose routines that are part of the startup code to other code in the core kernel, so that they can be called later as well. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/exports.h | 14 ++++++++++++++ arch/x86/kernel/vmlinux.lds.S | 2 ++ 2 files changed, 16 insertions(+) diff --git a/arch/x86/boot/startup/exports.h b/arch/x86/boot/startup/export= s.h new file mode 100644 index 000000000000..01d2363dc445 --- /dev/null +++ b/arch/x86/boot/startup/exports.h @@ -0,0 +1,14 @@ + +/* + * The symbols below are functions that are implemented by the startup cod= e, + * but called at runtime by the SEV code residing in the core kernel. + */ +PROVIDE(early_set_pages_state =3D __pi_early_set_pages_state); +PROVIDE(early_snp_set_memory_private =3D __pi_early_snp_set_memory_private= ); +PROVIDE(early_snp_set_memory_shared =3D __pi_early_snp_set_memory_shared); +PROVIDE(get_hv_features =3D __pi_get_hv_features); +PROVIDE(sev_es_terminate =3D __pi_sev_es_terminate); +PROVIDE(snp_cpuid =3D __pi_snp_cpuid); +PROVIDE(snp_cpuid_get_table =3D __pi_snp_cpuid_get_table); +PROVIDE(svsm_issue_call =3D __pi_svsm_issue_call); +PROVIDE(svsm_process_result_codes =3D __pi_svsm_process_result_codes); diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 4fa0be732af1..5d5e3a95e1f9 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -535,3 +535,5 @@ xen_elfnote_entry_value =3D xen_elfnote_phys32_entry_value =3D ABSOLUTE(xen_elfnote_phys32_entry) + ABSOLUTE(pvh_start_xen - LOAD_OFFSET= ); #endif + +#include "../boot/startup/exports.h" --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B97C27F007 for ; Wed, 9 Jul 2025 08:11:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048701; cv=none; b=fIyb+/LK/0pI7s+Gzxl6TNhMifhpF4UsXBklEJyr4Pi+kROqWhQn7ppCaxNqsb5wncn0cOOOAsb7tsTYYiUO2BZcRcvmo2VeMI69kC+4r/mxbwVvtEmXG6csbr4OPF6NRMR1IB/LnZWuQO4RE5KJHs8DQs5WRavfCYRjjivGZGA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048701; c=relaxed/simple; bh=p335xwuasxivJxSfBt/bfL85xn1YPYtMa/fdyX2hkYw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=oI0oBfRhoBi2ZHIao48budWnzw1lqXhht6cOQwNbhhmxHMTtzxf6PrOC9XzccnKCHqcpXbacoyWlB/uniUx/PRHOW+QGjq4a8CFpYyxa0J0EpD54hASZZKH89pXxN/yl1bNfnmTOEgdKrYsTghYVFprWwDi7z4LT/k+fU22JNPk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FjMb8MvM; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FjMb8MvM" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-450d290d542so31039565e9.1 for ; Wed, 09 Jul 2025 01:11:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048698; x=1752653498; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=7khiFAj4YK22cn2aUX5ZXvNOvqbYT8yOs+hBn2ZA7n4=; b=FjMb8MvMN6Z8d3d6JKvLN2/K3uX1IA/wLMumoeMYN3fuJbIdrayIDh2pr8I1hTTV2Z CQT2u9R0Ot1O5ZtwRobMDvbdjOkFiQ4TdebgjP+/u9RjYyGl8YDZjbJuFMxRDe4yLl4L HO3v+7dIvaFdHXfVaPh1wLrhnj+9iwjaBg/1vZfoxmkMo8c7c/INKFIZFmfqSARwl1zP h0gRhgw6efzfMRZKoZDaC21CsqOX010aSeQDkyLO681MyNvSrALK10wN4oTc3r0Mx+Lj gD0nrG92DYAN2DZeNviIQdghvFZXbFMQY3TmdKyF1MBuRzbas6e04dH4ZtCxrZJmBgDP /HjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048698; x=1752653498; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7khiFAj4YK22cn2aUX5ZXvNOvqbYT8yOs+hBn2ZA7n4=; b=uy1vVWHshv1fAKjSMVaRsChHXCEcG93n696Vg2ZKP5iQzUWYCK5JPiE5qDWOhL+ts1 q6i2IGYYCGWm7pLFWORyDBHOGDT7esyK0Lo/wn3C9+zmr4e8GVUx3wYx9jYBUGbZli9g cj5CLBUtUxKofkXitARbH3lO6jntXpNO2kT/ZEguPYrxw90NXEpQ3DL3zYrMHPUcKsrv l618Je/dr9UcZg24aZZjQ7hEedrG3nXEtBoTsvetL1KgqKyuDCiMQ1FbgoCGkPRYOp2R NVSEH+eK6vltSB9M/Rk9b/OZogxWdONXevsDnUNMKbd/dBP8E4Yi8urJCbJg0cJ9Q4QG h0/Q== X-Gm-Message-State: AOJu0Yw7FYhbmJk1LpPE7pAS666fu4uh+KBcHWSUk98nEQiY4FNJLZl9 waoL/A/0d58fnMnkQacly0/nX2XgZrElnt2swKl+CRlWmUfMyWkxqm4AlkybudfYzdZiHQ4WUO+ 7FONYlRVb1e9BBiDXzzcJVhYYyvljOB4gsAUXQtpMo1cDcQucvrDoXjudhDdWHUIzRrVNI0rMnK OKuFHmyyd19Nf68Lq8lTGc0tZ/r/x3LB+UMw== X-Google-Smtp-Source: AGHT+IF5DUabQ3kFzAcOpaKBVnbx9hhMKiKf3QcPiAI8GaVKBMOAXsGuBglhrmgVGqPExy2SpbhqWBBf X-Received: from wmbej6.prod.google.com ([2002:a05:600c:3e86:b0:451:deba:e06f]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1d08:b0:453:5c30:a1fd with SMTP id 5b1f17b1804b1-454d532899dmr11995105e9.8.1752048697860; Wed, 09 Jul 2025 01:11:37 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:58 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3473; i=ardb@kernel.org; h=from:subject; bh=KBpdtqnvzVD886mHANAPiui8pBP4bXCHS8Bbbn2shFU=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+eE7u952lj1TOq6udIjvyT3iy6V1UIOp+F2b3vHqX xsFtxzpKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABMpYmVk2LODn3Hl7OK5c/SP P7uRq8i4XJd9hl1raJDBNKPL9zy4OBn+1/dsfJEpFrLa2LZfc5eFbEJ9womEVh/r2aZf0uweF71 nAgA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-43-ardb+git@google.com> Subject: [PATCH v4 17/24] objtool: Add action to check for absence of absolute relocations From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The x86 startup code must not use absolute references to code or data, as it executes before the kernel virtual mapping is up. Add an action to objtool to check all allocatable sections (with the exception of __patchable_function_entries, which uses absolute references for nebulous reasons) and raise an error if any absolute references are found. Note that debug sections typically contain lots of absolute references too, but those are not allocatable so they will be ignored. Signed-off-by: Ard Biesheuvel --- tools/objtool/builtin-check.c | 2 ++ tools/objtool/check.c | 36 ++++++++++++++++++++ tools/objtool/include/objtool/builtin.h | 1 + 3 files changed, 39 insertions(+) diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c index 80239843e9f0..0f6b197cfcb0 100644 --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -87,6 +87,7 @@ static const struct option check_options[] =3D { OPT_BOOLEAN('t', "static-call", &opts.static_call, "annotate static calls= "), OPT_BOOLEAN('u', "uaccess", &opts.uaccess, "validate uaccess rules for SM= AP"), OPT_BOOLEAN(0 , "cfi", &opts.cfi, "annotate kernel control flow integrit= y (kCFI) function preambles"), + OPT_BOOLEAN(0 , "noabs", &opts.noabs, "reject absolute references in all= ocatable sections"), OPT_CALLBACK_OPTARG(0, "dump", NULL, NULL, "orc", "dump metadata", parse_= dump), =20 OPT_GROUP("Options:"), @@ -162,6 +163,7 @@ static bool opts_valid(void) opts.hack_noinstr || opts.ibt || opts.mcount || + opts.noabs || opts.noinstr || opts.orc || opts.retpoline || diff --git a/tools/objtool/check.c b/tools/objtool/check.c index d967ac001498..5d1d38404892 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -4643,6 +4643,39 @@ static void disas_warned_funcs(struct objtool_file *= file) disas_funcs(funcs); } =20 +static int check_abs_references(struct objtool_file *file) +{ + struct section *sec; + struct reloc *reloc; + int ret =3D 0; + + for_each_sec(file, sec) { + /* absolute references in non-loadable sections are fine */ + if (!(sec->sh.sh_flags & SHF_ALLOC)) + continue; + + /* section must have an associated .rela section */ + if (!sec->rsec) + continue; + + /* + * Special case for compiler generated metadata that is not + * consumed until after boot. + */ + if (!strcmp(sec->name, "__patchable_function_entries")) + continue; + + for_each_reloc(sec->rsec, reloc) { + if (reloc_type(reloc) =3D=3D R_ABS64) { + WARN("section %s has absolute relocation at offset 0x%lx", + sec->name, reloc_offset(reloc)); + ret++; + } + } + } + return ret; +} + struct insn_chunk { void *addr; struct insn_chunk *next; @@ -4776,6 +4809,9 @@ int check(struct objtool_file *file) goto out; } =20 + if (opts.noabs) + warnings +=3D check_abs_references(file); + if (opts.orc && nr_insns) { ret =3D orc_create(file); if (ret) diff --git a/tools/objtool/include/objtool/builtin.h b/tools/objtool/includ= e/objtool/builtin.h index 6b08666fa69d..ab22673862e1 100644 --- a/tools/objtool/include/objtool/builtin.h +++ b/tools/objtool/include/objtool/builtin.h @@ -26,6 +26,7 @@ struct opts { bool uaccess; int prefix; bool cfi; + bool noabs; =20 /* options: */ bool backtrace; --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6BF7327E075 for ; Wed, 9 Jul 2025 08:11:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048703; cv=none; b=DqBlnzTvGoS2sqq0+zP7TDTEddLgRgjL4+EXLkkvYNVZtSYG/fFQYEPiEYQVDdW9d1afKA3coXOT/n6zXI5p+p49f59BBFcAj7XgVTYgFQOGTAt+xMct+Uyf4wyRpT0pH8Xt/5ALeAP/Rw15RNKJWPi64PY/J+PhTxbJk1+uEuU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048703; c=relaxed/simple; bh=L0nuKM1iOS5J1LrRXwl6oFJ2k3UoNAHOTrQqnHSBepc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=e+jxb6Mox+EPsRgBV0TOs9qjESuEhtr9byctlKGcClK7gZSbMm8K2R2kmlcIkqo6RH1wnezsgwEfiKnyY0lP8ZrMzuscNomqET1lpJJN0VDv0Ma92qHSsXJpSGA2yPoVc4aX/4zOrr5PteTXSwmE7gV+Kh8mLLPnQpDiC1NpxOA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bN6nKz8q; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bN6nKz8q" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-454d910ea8dso83565e9.3 for ; Wed, 09 Jul 2025 01:11:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048700; x=1752653500; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=AJj7BKcgkJOUpVILvlutzG3sQyBRFRydGJczKsiTn/M=; b=bN6nKz8qQeWLT8ZgRQ9DTyT1cDWLWiUmGJxyJsUEPk+zGAFLd4usEfNd2Oj+XfAJhj Uki7MMQ7o1Xt85tEUTp60/lz9GeYcAuOjRI8F8FVGZEowNpFKLpf0Jls+DnkhZ+7hsvT ZPHhn5M/AzHPmYd2OoAqJp7HZSEk5sqgqS6XndtWwJfM+T8im6XaqWvN1BIEN0ThnYzi OLld4lxfDIhb2/IUxp8ELW4Kp9MlJtaTaryVgDSQl6AzMjYWMOzl1Ndtz39wvZ0NNtvY Aiqadd9jz9IzLG+dirP6PLPLAJkYHm3i7mqytTGE0YNCf3AlFROxaZE9IlHV/pOtnd4Q bj1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048700; x=1752653500; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AJj7BKcgkJOUpVILvlutzG3sQyBRFRydGJczKsiTn/M=; b=vetkN3Y93KHCsZGesRneeFu8yFuq56fFTAokt/g/7NP6zeAJuGki/+2Hy2D+UR7p2r THRS20JengxS4bsjqLLD42FyF7qQjvMkltumGQMuAIaQE04Kje3ZJBQk/QJgoW+LzYxN 0/AwD7YGCX9Knnd+YAuxerTOYoTgkul0VARE7zag6qFY3LOGtyCT5DqF70bH6ZSOUwjU 0QtkfMrVIfg2kpIpc/5tHo0o9D3Waku+tuFuBucCIBDjQ5uR9nn946l/vnT8eoC4LKKt JM+i2CswsGyL5l7JYxPBo1ekWCFKBb8bQ46d1ET9TgFhcZOL2Ag5HTFaOEBUHeI2Pn8s p3Jg== X-Gm-Message-State: AOJu0YyEhSaCHJt/Mninvz72Z0y8J4/Jr3C5GbeypazyNXzfxeVSLZoi fe+0WbU12a0qsdN5SgF3dxnwBxVrHw56bZBandbIw4pvqZtxaoNIZXt+e+c5ggN2Hh4vthyPFf8 O+rU7597e5T7vTZbn7rCX10B+dExSZPJk3ReXuEdBwEp+uIEywwfWUUiCS02bWkqMNv01Ln0lDF +zXkVFCEvoNSLGkS2Dp4THiJukBOTT43IMAA== X-Google-Smtp-Source: AGHT+IEPZp1VCmwNurBlUBLL5R2bEvNSuc5tGGEyVsOauyKXnhxJ0yeJAX3G1Kl1wdJ6ycwIpaQHUeFq X-Received: from wmbfa23.prod.google.com ([2002:a05:600c:5197:b0:453:8b14:6e00]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:a407:b0:453:dbe:7574 with SMTP id 5b1f17b1804b1-454d5c8d44dmr8602395e9.12.1752048699898; Wed, 09 Jul 2025 01:11:39 -0700 (PDT) Date: Wed, 9 Jul 2025 10:08:59 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1894; i=ardb@kernel.org; h=from:subject; bh=L4jffg2+Vf1ZB+P16ZYKMMQDycf2VYvq95i2j0U/b58=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+VmFo4ujna9JaX+z4FKNR2WPIq71tO+/tuedpeOpj 6pP9vztKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABOZWMvI8Fo45c/lmIBarub+ 3F2Z2ed8svOP+nRdTAxPS1yYHLNwEcMfrpA4bZ7zX6beaX0UcbRXw+4NQyvL7Lyj2wMuvJ9lvym OGQA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-44-ardb+git@google.com> Subject: [PATCH v4 18/24] x86/boot: Check startup code for absence of absolute relocations From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Invoke objtool on each startup code object individually to check for the absence of absolute relocations. This is needed because this code will be invoked from the 1:1 mapping of memory before those absolute virtual addresses (which are derived from the kernel virtual base address provided to the linker and possibly shifted at boot) are mapped. Only objects built under arch/x86/boot/startup/ have this restriction, and once they have been incorporated into vmlinux.o, this distinction is difficult to make. So force the invocation of objtool for each object file individually, even if objtool is deferred to vmlinux.o for the rest of the build. In the latter case, only pass --noabs and nothing else; otherwise, append it to the existing objtool command line. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index b514f7e81332..32737f4ab5a8 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -19,6 +19,7 @@ KCOV_INSTRUMENT :=3D n =20 obj-$(CONFIG_X86_64) +=3D gdt_idt.o map_kernel.o obj-$(CONFIG_AMD_MEM_ENCRYPT) +=3D sme.o sev-startup.o +pi-objs :=3D $(patsubst %.o,$(obj)/%.o,$(obj-y)) =20 lib-$(CONFIG_X86_64) +=3D la57toggle.o lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o @@ -28,3 +29,10 @@ lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o # to be linked into the decompressor or the EFI stub but not vmlinux # $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_STANDARD :=3D y + +# +# Invoke objtool for each object individually to check for absolute +# relocations, even if other objtool actions are being deferred. +# +$(pi-objs): objtool-enabled =3D 1 +$(pi-objs): objtool-args =3D $(if $(delay-objtool),,$(objtool-args-y)) --n= oabs --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D09927FD72 for ; Wed, 9 Jul 2025 08:11:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048705; cv=none; b=u2hMFseqoOLSxV3CMz1iqw+wLY3gfzOjIiM0bLM5OEldKWnGqwAUnhig7tLYvTH0Ji4gtYh0CEPJBLSSRDMDx+AZMoJZ2WZedPMzXugTBJqS/JmE+rXjb9z2XiusJ2t82RNB5Ch21dACfQI5a2/+33PVAMgWVtM0DinaTMJ2QrU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048705; c=relaxed/simple; bh=AmlKbu8zJYacssviYCi6dbWYnFwBdiRVNUViWOcbTcY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QozXsoD20szr4p2aOTbPJgDFkJGKNrBTRTNVE2vWZQsXpWdbXLVXNw1bWma+z4XjdCtSv3bIpdqrHDMbtdyX3Khh/dQJrQoTcVDIkUyXOhc2I+G0QYDpb6pA8SZqdfrsNyXCZJTrnsPYJ/CdOZcUtLKweahz2ykkjz+ZTWJlUo8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=OyvTHlzn; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OyvTHlzn" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45320bfc18dso3447995e9.1 for ; Wed, 09 Jul 2025 01:11:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048702; x=1752653502; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1hVGKhMjRai/1mEd80T8Cu2AXSEmjXsghMoyzlOM7Mo=; b=OyvTHlznYRwb3FcLgB+Y8dAP+sppZj1EoH15js029H4FHR6LBysnb+WW7h2VAHCB2t m6YbS6f2U0Ml2QzE0Q8NEZKG/5gcHR8WeAQeLvNajtuThOcvhSylMYBQ2S3FlD+tTGjA Srmy8ScidVCtMkqS1Y73j+1S2N01It2+DdjL7O9qrPWIjeW43pRPHyM8Q7r8pTXFR5JR lBkWLzuzLwaobFOJhc886Yh9yIwK0LCxTVihV9ZJHp2w7UKjjsr6itpdOmmtqYJQNhXc o2PGiwDzUqqxLIjf2En6ci+sy2Tf9UhaUgkuBSzTvaXSQsld7sijrx2Ion9+al2F4cS6 79lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048702; x=1752653502; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1hVGKhMjRai/1mEd80T8Cu2AXSEmjXsghMoyzlOM7Mo=; b=VHOyfBMMt9u3l7QJXWhWNaMHZVdvHfW4dcncwBty5Igg2ngOtS/LMpP6mhrB8S0Du2 1ZRKb+QioNwWas5coKk1+pB3v5RF7avBbGpXF+j6oZ0VNNdL3rXVTFAwIDkpyTfbetGv htB8FpamidNGz98J6gIfqc122gZM1aOspJxAPY9OT5rQ7gNypCr/NrDPx+dpUxIo3and Xb8bsYAdGn8tLdxYTJ0h5tZH2pmnSd6D+H9ycooiLSayIWahW5kia++z9eZGa07Hm/rn NZLRdR2NpzpRzFcvIxksFfFoTDyoHhtg9gaXkKAye15xdhdwmhdwDgTq5r6A9D2xPnIW pl8Q== X-Gm-Message-State: AOJu0Yz/zU3tL5G3RsyNwhaH7fCdy0VyVq/P/cYNHjLKrqAk+mViuduQ CbyBUL34kshUV2Cps8yeYBpezi0KARUEgMAjJ7I859bdaBEjmzdncKiWipJQEAD+cYsdlXE+VRr uIQc3m7tbl5VUB1HxiHv18EQb2A1RCg2mWWgEE/QSup2iYjpkO51k8uI9iWVW3ls8yB3oRduNpz Bv/I+ZcPjF5Dy9bvS5M8nO1X5UAoW59rDGuw== X-Google-Smtp-Source: AGHT+IEyIquEbQEH2XQgM9Am5j5CZttft0M/G9q4PjYLZ2kIJId4RLfw2srVlXtXccp038ubTmGePia6 X-Received: from wmsn39.prod.google.com ([2002:a05:600c:3ba7:b0:447:e492:6959]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b0f:b0:453:aca:4d08 with SMTP id 5b1f17b1804b1-454d545fc59mr12700495e9.1.1752048701933; Wed, 09 Jul 2025 01:11:41 -0700 (PDT) Date: Wed, 9 Jul 2025 10:09:00 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1469; i=ardb@kernel.org; h=from:subject; bh=KDAfcfWDoK0sbR/OM+7rDP0GR1LPKwd+fvJZ7QocPEE=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+fWkQgan7xqbSkIF0hdzz6n3zFXxXK64M+1k127F+ AqLpwc6SlkYxLgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwESunGRkeBHxgD1SbWKvmJTS g7wb4sWWzrZ1SltiynIL/Df6dM9fw8hw/hD/VsVwre6C1Pfrxa5nal3/tWL1QZeW9znB+78qLnr CBAA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-45-ardb+git@google.com> Subject: [PATCH v4 19/24] x86/boot: Revert "Reject absolute references in .head.text" From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel This reverts commit faf0ed487415 ("x86/boot: Reject absolute references in .head.text") The startup code is checked directly for the absence of absolute symbol references, so checking the .head.text section in the relocs tool is no longer needed. Signed-off-by: Ard Biesheuvel --- arch/x86/tools/relocs.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index 5778bc498415..e5a2b9a912d1 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -740,10 +740,10 @@ static void walk_relocs(int (*process)(struct section= *sec, Elf_Rel *rel, static int do_reloc64(struct section *sec, Elf_Rel *rel, ElfW(Sym) *sym, const char *symname) { - int headtext =3D !strcmp(sec_name(sec->shdr.sh_info), ".head.text"); unsigned r_type =3D ELF64_R_TYPE(rel->r_info); ElfW(Addr) offset =3D rel->r_offset; int shn_abs =3D (sym->st_shndx =3D=3D SHN_ABS) && !is_reloc(S_REL, symnam= e); + if (sym->st_shndx =3D=3D SHN_UNDEF) return 0; =20 @@ -783,12 +783,6 @@ static int do_reloc64(struct section *sec, Elf_Rel *re= l, ElfW(Sym) *sym, break; } =20 - if (headtext) { - die("Absolute reference to symbol '%s' not permitted in .head.text\n", - symname); - break; - } - /* * Relocation offsets for 64 bit kernels are output * as 32 bits and sign extended back to 64 bits when --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E0B49281356 for ; Wed, 9 Jul 2025 08:11:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048707; cv=none; b=Xkyt78H9JkSYud13AOYJbGHfybaGbFRZ+NHaowf0HK31/21JhC+tR2RI/rqe73qiVR2IhfACReEgoGYi7OcZbQjwPAVXvH3xIOZ2lumSj5S9ReSIu2MqyemGG4ItaWWrTxHThlxKRHms7E6qkxJizxEqr09Xp+du10yR77EI0n4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048707; c=relaxed/simple; bh=qi/XSlH/3m0Py+I72AmudGPp6EWjqjC8xYfnH6HfggU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=bT0XrdphGDOJUBP7HNuxi4Kfwk/NtMUttYS8avGSDBZIg/6UExFiyv8HkIQMAJQlc8yaTkifRSwwBB9Gj5p7vWs1p25SMhQTxsMx/Ozi3gJF7DGCojc4fuuN5XUKdUSPPyEtPjCA08aTP0ejxRytZNR8y274vgi9FrStsnoJCM4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=lmsns526; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lmsns526" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-451d3f03b74so29360715e9.3 for ; Wed, 09 Jul 2025 01:11:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048704; x=1752653504; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HHREQvw4opT+z1wL8T5wjMmNHsYkeJcC/ePiz2KgcJA=; b=lmsns526Vn841vt125Re8EpFuomcLyrhwrWhhY0oodEN2h4psd9OUH5XcIm5JDinBG oDtUvjK3MGFAWNVcUqvTp1XvkDQtuP5r72PCDiScIb993jsFbsMWLjBn1KdNhwXiRnkF q0ScSNVooEdVYRIp4KmqQbEn09S5+35b5PY62n1EeB6+chCCGoa81h4Qb9ctOqhvV6fM cmH9WbhNL9fqzKHAuxNyLRYlToe2lsQMmsS3U6OV4oDa7+bfZ8PGn60jJtJp8fhISOTo 2FsSQIdoRcYML2HVVXG0pW9oDdKPsL0ZUx4JdwBijzRJrGrA4yw4svOmtP5OzNsDbx5W V4qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048704; x=1752653504; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HHREQvw4opT+z1wL8T5wjMmNHsYkeJcC/ePiz2KgcJA=; b=uwufhmQz7ZetNYC4GUKQ/grwiCRL6Lcu32I12D0DA6M9+aV6hNUj3/tsn3yoc9EBcC 0F+me/PwU8tERBygsVZL9zwEgsU8UyrpXfRlsp/VQ9NeUXu40UPqzSYmvDRZ68yyesRs 9gUfxjCwgV5U/UjeCUpziPfh1Zkmx7wA1vCWjyftt1YzNHbzQsxlP1feP/KEs2CVWanb LpL7K/ruq6JhVMer+e2OHX64YbEMuYCRo7llQfgQ+rvn+ABtEwsAbyH9enqQxATwXLAf 68rgXEteHX79O8VrrFjzdJ/J1WoO74HvAkalUgbGg6FeLR3VQYskD5GoyrFx9oOtaNJ/ Y49g== X-Gm-Message-State: AOJu0YzIXHkVKzknoCOJQUEbUvo2lSrodCibN7jnnClFbGnmEuK7U3n8 9v0IOdGDyuVELaSijzNZLLcCXA1gLPEcFVn6RG6CzVr6DvTemQ9R9OCcrQrNt4bt6tjYTFV23+f 7SAUux7Fc5eooEmfdaqRA5oxbrc7SbXtxQglRRXo8GUPx1f36ik1y9A/kQ5/OhwE+QA2PfnfDCj eBIG330s5Cw4BqoiZtEXDwA2YPdovPlvsXMg== X-Google-Smtp-Source: AGHT+IFnk8h8lBB50G/cuaeMT5OTtpgPGVLvIZYOcvSH0WdrMvNgDjuEnE6eplN0N6G86HVwp/VovBxt X-Received: from wmsz10.prod.google.com ([2002:a05:600c:c16a:b0:453:9528:81e3]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3154:b0:43c:fceb:91a with SMTP id 5b1f17b1804b1-454d53584f5mr12455985e9.11.1752048704221; Wed, 09 Jul 2025 01:11:44 -0700 (PDT) Date: Wed, 9 Jul 2025 10:09:01 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1689; i=ardb@kernel.org; h=from:subject; bh=N6Uq2lVfV25Jk1mFXhfGvG4B+EmaRioUjXHyXI14Co0=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+cP2HZmrn0YdLv3GUvkjNmKXRvDZ3VM+ii77lLF5k 4iTRvmGjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjARF2tGhr+vezeYaOm1VX9x 4dg4pZmxcc6G3M8qNxie3N7ra+t5uJ2R4ffiR9/bgsTP2T7kT3vH/OKrNc8rw/dlOiUzl7Ps/ar izAEA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-46-ardb+git@google.com> Subject: [PATCH v4 20/24] x86/kbuild: Incorporate boot/startup/ via Kbuild makefile From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Using core-y is not the correct way to get kbuild to descend into arch/x86/boot/startup. For instance, building an individual object does not work as expected when the pattern rule is local to the Makefile $ make arch/x86/boot/startup/map_kernel.pi.o GEN Makefile CALL /home/ardb/linux/scripts/checksyscalls.sh DESCEND objtool INSTALL libsubcmd_headers make[3]: *** No rule to make target 'arch/x86/boot/startup/map_kernel.pi.= o'. Stop. make[2]: *** [/home/ardb/linux/scripts/Makefile.build:461: arch/x86] Erro= r 2 make[1]: *** [/home/ardb/linux/Makefile:2011: .] Error 2 make: *** [/home/ardb/linux/Makefile:248: __sub-make] Error 2 So use obj-y from arch.x86/Kbuild instead, which makes things work as expected. Signed-off-by: Ard Biesheuvel --- arch/x86/Kbuild | 2 ++ arch/x86/Makefile | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kbuild b/arch/x86/Kbuild index f7fb3d88c57b..36b985d0e7bf 100644 --- a/arch/x86/Kbuild +++ b/arch/x86/Kbuild @@ -3,6 +3,8 @@ # Branch profiling isn't noinstr-safe. Disable it for arch/x86/* subdir-ccflags-$(CONFIG_TRACE_BRANCH_PROFILING) +=3D -DDISABLE_BRANCH_PROF= ILING =20 +obj-y +=3D boot/startup/ + obj-$(CONFIG_ARCH_HAS_CC_PLATFORM) +=3D coco/ =20 obj-y +=3D entry/ diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 1913d342969b..9b76e77ff7f7 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -286,7 +286,6 @@ archprepare: $(cpufeaturemasks.hdr) ### # Kernel objects =20 -core-y +=3D arch/x86/boot/startup/ libs-y +=3D arch/x86/lib/ =20 # drivers-y are linked after core-y --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D986626CE3F for ; Wed, 9 Jul 2025 08:11:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048709; cv=none; b=S3xFGXshTry8bA/s8YEpQmoqi7iuVf1INBd2ays+qRuiAKqFu0jx6Esvx+Cf8gw5mxkIWckPE/fKD90WNhnfDT+hOytFFPRfPWv4/Nf9ynHImB8itswzD0/DOH+P9DaptnTsk77co/ZrUZYQQz8NJsEKHIdrRgNZ6trqTjbamlw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048709; c=relaxed/simple; bh=LEYOztMn5rjTBYuGcJlOC0cNKm0OwLFwapdlWk2Wg2c=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MPQUX36//Nn+6g24y1eeDHwlZxxIOw05ahJwudgEYu/5nrS3MzwzKlmG8WnK7f8ArPmlUilg0Pa+JOQnibotc9Z19RuPI6KuDaiXPjoq42LR/ps0fg4VwsCV38U1VtDxkVi06uCKNcN2JPj0YxMGzG4OjIdIqCt9NZHNl4dBiAk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=IuexBqWS; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IuexBqWS" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4539b44e7b1so32956725e9.1 for ; Wed, 09 Jul 2025 01:11:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048706; x=1752653506; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hIvLiJ3LEx5MrxcJRef/JzAT5WlSZ9Iu8kKRbhtDQM8=; b=IuexBqWS0bWk8mFV43d9S3TcOPWd272BcOsB9UJ+FT3453Gh9B6meCA24nJ+7jbTJZ GHVaPQuQrV2oGqOyLFLRzDcU4ep/gllt9hNp3OlMZB8ctpbrBAHhb+E8YMHTqrr0G/Iq wk9Zk8hXcA/l/EEGZiPt+v6igwtIJz9NZNESk8PuMJU0/JJAaB2gvsPW5EOm6zr4bR2n PyIJXSQ+Mv1x649FsfbhzPKa50QiN/Sfa7W+QI/U3RAOuMjaLLp/IIVPGH9awPE0Q1r5 nxNqlp1lWN+7hHs5yWIeDRmr1v66OhWhN7MdH0zYUjl3wHXl+On7YKkFP56If7DNGNXn gHNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048706; x=1752653506; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hIvLiJ3LEx5MrxcJRef/JzAT5WlSZ9Iu8kKRbhtDQM8=; b=mNnrr+HqMcqNt/6Ky2jSgEjkiQrM6ifV702doJBZIqlt6WEvdWcuGMM8u2VEoQON4k LRzLMeCxIyiw1zM5ZAqnaOc+MKZWpkAxY0gaxbjqDq1fSotm504pScXCbeRgHqDwA3+B oIoCgw1Kc7Nfah7Vp2+F7oJT+G6M+TxKV9xyBqe+IuESo6Ur2qIgnhpTttBSdp7twyWf XfnwwYjQlKW3nVAJpT4IJYeKddyTd+xbsixW/10OFMrqaDl2JZAiajXDs0gMNJxY/q3D 5w7MgmRVDI4Ahhm7QxwxC5kVxwhx0R9v3tAo4LCxPpZ6f752yCxW1488nuzM3YTYIEpC alCw== X-Gm-Message-State: AOJu0YyuNUcJ3gEF9v9iiH40YK2/o3k46zGTrDnqgIOAE9dxvBOOFlMt 5EmGOy4mGV7UniENhTF/vcCBUqpE5Fy9pp5qMzX9Cf2t3s0qC2NfzUKs8E5V2YrFh1OioVIHJmK +GOknN1/9qSF0TJoyhkBkNpoFy7dCc20VZO+Yjr8G35+rrgxhRTHq8+XEv4My5uQZW9mlKw69iy v8gXQloZ1Xjnm/Ed7SqgGCynibCwgKqH8vew== X-Google-Smtp-Source: AGHT+IFDw2inQIrVxyeqsdLnBw/rnK6gmnGpAqm9OhpKV9RKqeDpSF5xajlB2OZZ9vMusICp86ENB7nE X-Received: from wmbha11.prod.google.com ([2002:a05:600c:860b:b0:453:b96:8ef9]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b17:b0:453:8042:ba47 with SMTP id 5b1f17b1804b1-454d53eef80mr10771405e9.19.1752048706216; Wed, 09 Jul 2025 01:11:46 -0700 (PDT) Date: Wed, 9 Jul 2025 10:09:02 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7464; i=ardb@kernel.org; h=from:subject; bh=j6wXIngHyHrlAPTskD54bLUCjXFuDU0Aadgaba9ZznI=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+euZLOX5Gw5H6D8yfdV64N0LtaMvjlhYsFfc3Kofd vfqLVGNjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRTDZGht9zy9Ndb1/PmbbJ qYZl/b863grjhIPNj0o+LtG63Rf9dj7D/4xHZ7/ay8pHiiu6fj7dbi++fqtAZNHBCdkL725w+zr FjgUA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-47-ardb+git@google.com> Subject: [PATCH v4 21/24] x86/boot: Create a confined code area for startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel In order to be able to have tight control over which code may execute from the early 1:1 mapping of memory, but still link vmlinux as a single executable, prefix all symbol references in startup code with __pi_, and invoke it from outside using the __pi_ prefix. Use objtool to check that no absolute symbol references are present in the startup code, as these cannot be used from code running from the 1:1 mapping. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 14 ++++++++++++++ arch/x86/boot/startup/sev-shared.c | 4 +--- arch/x86/boot/startup/sme.c | 1 - arch/x86/coco/sev/core.c | 2 +- arch/x86/include/asm/setup.h | 1 + arch/x86/include/asm/sev.h | 1 + arch/x86/kernel/head64.c | 2 +- arch/x86/kernel/head_64.S | 8 ++++---- arch/x86/mm/mem_encrypt_boot.S | 6 +++--- tools/objtool/check.c | 3 ++- 10 files changed, 28 insertions(+), 14 deletions(-) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index 32737f4ab5a8..e8fdf020b422 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -4,6 +4,7 @@ KBUILD_AFLAGS +=3D -D__DISABLE_EXPORTS KBUILD_CFLAGS +=3D -D__DISABLE_EXPORTS -mcmodel=3Dsmall -fPIC \ -Os -DDISABLE_BRANCH_PROFILING \ $(DISABLE_STACKLEAK_PLUGIN) \ + $(DISABLE_LATENT_ENTROPY_PLUGIN) \ -fno-stack-protector -D__NO_FORTIFY \ -fno-jump-tables \ -include $(srctree)/include/linux/hidden.h @@ -36,3 +37,16 @@ $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_ST= ANDARD :=3D y # $(pi-objs): objtool-enabled =3D 1 $(pi-objs): objtool-args =3D $(if $(delay-objtool),,$(objtool-args-y)) --n= oabs + +# +# Confine the startup code by prefixing all symbols with __pi_ (for positi= on +# independent). This ensures that startup code can only call other startup +# code, or code that has explicitly been made accessible to it via a symbol +# alias. +# +$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ +$(obj)/%.pi.o: $(obj)/%.o FORCE + $(call if_changed,objcopy) + +targets +=3D $(obj-y) +obj-y :=3D $(patsubst %.o,%.pi.o,$(obj-y)) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 042eef7b3a2a..223eafa56d9d 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -11,9 +11,7 @@ =20 #include =20 -#ifndef __BOOT_COMPRESSED -#define error(v) pr_err(v) -#else +#ifdef __BOOT_COMPRESSED #undef WARN #define WARN(condition, format...) (!!(condition)) #endif diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index 529090e20d2a..56dde8c53139 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -569,7 +569,6 @@ void __head sme_enable(struct boot_params *bp) =20 #ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION /* Local version for startup code, which never operates on user page table= s */ -__weak pgd_t __pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd) { return pgd; diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 71a76fde3102..c5d70dd835c7 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -272,7 +272,7 @@ static int svsm_perform_call_protocol(struct svsm_call = *call) =20 do { ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); + : __pi_svsm_perform_msr_protocol(call); } while (ret =3D=3D -EAGAIN); =20 if (sev_cfg.ghcbs_initialized) diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index 692af46603a1..914eb32581c7 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -53,6 +53,7 @@ extern void i386_reserve_resources(void); extern unsigned long __startup_64(unsigned long p2v_offset, struct boot_pa= rams *bp); extern void startup_64_setup_gdt_idt(void); extern void startup_64_load_idt(void *vc_handler); +extern void __pi_startup_64_load_idt(void *vc_handler); extern void early_setup_idt(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); =20 diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index f20860187fe9..e50736d15e02 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -553,6 +553,7 @@ struct cpuid_leaf { }; =20 int svsm_perform_msr_protocol(struct svsm_call *call); +int __pi_svsm_perform_msr_protocol(struct svsm_call *call); int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), void *ctx, struct cpuid_leaf *leaf); =20 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 1bc40d0785ee..fd28b53dbac5 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -319,5 +319,5 @@ void early_setup_idt(void) handler =3D vc_boot_ghcb; } =20 - startup_64_load_idt(handler); + __pi_startup_64_load_idt(handler); } diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 3e9b3a3bd039..d219963ecb60 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -71,7 +71,7 @@ SYM_CODE_START_NOALIGN(startup_64) xorl %edx, %edx wrmsr =20 - call startup_64_setup_gdt_idt + call __pi_startup_64_setup_gdt_idt =20 /* Now switch to __KERNEL_CS so IRET works reliably */ pushq $__KERNEL_CS @@ -91,7 +91,7 @@ SYM_CODE_START_NOALIGN(startup_64) * subsequent code. Pass the boot_params pointer as the first argument. */ movq %r15, %rdi - call sme_enable + call __pi_sme_enable #endif =20 /* Sanitize CPU configuration */ @@ -111,7 +111,7 @@ SYM_CODE_START_NOALIGN(startup_64) * programmed into CR3. */ movq %r15, %rsi - call __startup_64 + call __pi___startup_64 =20 /* Form the CR3 value being sure to include the CR3 modifier */ leaq early_top_pgt(%rip), %rcx @@ -562,7 +562,7 @@ SYM_CODE_START_NOALIGN(vc_no_ghcb) /* Call C handler */ movq %rsp, %rdi movq ORIG_RAX(%rsp), %rsi - call do_vc_no_ghcb + call __pi_do_vc_no_ghcb =20 /* Unwind pt_regs */ POP_REGS diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index f8a33b25ae86..edbf9c998848 100644 --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -16,7 +16,7 @@ =20 .text .code64 -SYM_FUNC_START(sme_encrypt_execute) +SYM_FUNC_START(__pi_sme_encrypt_execute) =20 /* * Entry parameters: @@ -69,9 +69,9 @@ SYM_FUNC_START(sme_encrypt_execute) ANNOTATE_UNRET_SAFE ret int3 -SYM_FUNC_END(sme_encrypt_execute) +SYM_FUNC_END(__pi_sme_encrypt_execute) =20 -SYM_FUNC_START(__enc_copy) +SYM_FUNC_START_LOCAL(__enc_copy) ANNOTATE_NOENDBR /* * Routine used to encrypt memory in place. diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 5d1d38404892..f43bd598d928 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -3563,7 +3563,8 @@ static int validate_branch(struct objtool_file *file,= struct symbol *func, if (func && insn_func(insn) && func !=3D insn_func(insn)->pfunc) { /* Ignore KCFI type preambles, which always fall through */ if (!strncmp(func->name, "__cfi_", 6) || - !strncmp(func->name, "__pfx_", 6)) + !strncmp(func->name, "__pfx_", 6) || + !strncmp(func->name, "__pi___pfx_", 11)) return 0; =20 if (file->ignore_unreachables) --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC3212836B5 for ; Wed, 9 Jul 2025 08:11:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048711; cv=none; b=YLRKjHTth8RZoLv4HKADJVEuqcSKEnuGTfclCQcP47H571Zv/DUbqDvE6gVUvwbh4kp47ftq3oEpy0sb1Vqg3zVar3VU0OeMbJEimxm+PEDjRdSFI4o7w2v/aNk4f2k6A0DC1X/QWTH68ainRv9fAsRiUZdKlyrBDjAi6S8RP3c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048711; c=relaxed/simple; bh=RfO7bxnrvkm3EAfuN+XVxgry6A3ikIVlIqCUVBjfqOE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tMWRGkEUvV6Ur5riVylS+sDmTxCU5+mUbZCn70fepnweLZyfBK0fXC7Y8vedu31QKp9m/g257mvGo+U3Z2Q0jXyIDPVDKR/Aseyp5z9Tv07/ipJ/WtXlN5IEmTjqoB6FsyjAWxt8AeKfmR+T7gikKQKE/tROB4DLWo2sctYbUfw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=BF0F/l0v; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="BF0F/l0v" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-451ac1b43c4so29620055e9.0 for ; Wed, 09 Jul 2025 01:11:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048708; x=1752653508; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=9nImemBj0j8fFHCvjMkwHMba165ZYb0Bk8vw2Jekgh0=; b=BF0F/l0voutOibePlEIE5JRLptxl3XWBsPUiWM/FASmIwXZKTe26D/TwH/4X52jwC0 kC9q7bkO7LcL2IpFXd10ixxhdsEUOM3Z2azF4ofRSDYpHrGKZq3Uy43MdJoy053Ce1MA eH/CboXi4XqqHY84dgDXzw61XqqDwxw+2esadpE4sDBCievpik1L7a0LjqZhbB1Sxawe JOHEfg2gn5jSTOyrzIwN40pRJZMKef33UmE/FK/LHQhB49st+wKS2Qe+ABBvPucAdJVI n8meyIsJZSkCkxVnIAjA/AR8/FXVDjD7seTQdcWVhWQGgoHHw2hJdTXeObJM6hFgawIy yKsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048708; x=1752653508; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9nImemBj0j8fFHCvjMkwHMba165ZYb0Bk8vw2Jekgh0=; b=peJpJlKYnz2q3kvT+f+EJZNk8hcvsFNCAhguHZg8XRCg2DK9qH8cYNorwYc4BJcfev t2NtjR/hFZgEzmx6sojaaC8TG9VqZisjTuc8X/ZmScXjEQOxutBBCIsXAzh5hbPhM+Vq TCN3/VNEDMyfNdAfSuifH8gbBaJNDlJBgJZC9+72e7rLXo2/NaqEHHSbhjEieY9GcdrS +Ghx7LBlA8/szGUIcNLh3WwZHByHN09QQeCa0TaVl+CgPl1JkcAEJrpGMoYUvuY80vtl NjdVYJlNsZBZk9OXUc9mQQNLNgHgC6upZajdaE8GPnKWgF/Uwjh32Mb8d0fD1PgHmcZm Tc+g== X-Gm-Message-State: AOJu0YxKvtlK0r6CgRFTRJw0NtVVekdV0UXC8D2JEVyKOmYxOUkPVd6M 8mHDhO/XNqCjgxdwwCfpfVQfLjteO2kwnrXI8eyzq4YPM7XyAL5nHljmsfyNykyj8H9ZpPAJIFi YthV1RBdxS1wEDL3xGstlSIsRWyV+NbeK+8SeK00oRTfSRad7e3AHX78d9wtoacDqDNBmmHDNF1 vzBpbrO7RaBRFPE5hySrAnP3Z5KyGCxjHmiQ== X-Google-Smtp-Source: AGHT+IGLcUgjlVQRyaqCjajb+1CDBAcCjlCAfDiidGnK4vOl/dkPaC7j+KCthgTqkmrDKKS5Sll6dSeP X-Received: from wmbdz10.prod.google.com ([2002:a05:600c:670a:b0:43c:ef7b:ffac]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:6090:b0:453:483b:6272 with SMTP id 5b1f17b1804b1-454d52f5000mr12473315e9.7.1752048708249; Wed, 09 Jul 2025 01:11:48 -0700 (PDT) Date: Wed, 9 Jul 2025 10:09:03 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3785; i=ardb@kernel.org; h=from:subject; bh=GtM5Ky3cWjJjWfzB1UFTM+fqdT7qquH5JBfrdp2rkyg=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+dfMCbvLrIrClJuMlGRn2KplntZQi+Z87D3b1OO4X NiBKyodpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCJfrjD8L/f/+CZ8z8/ma778 SidtJtnH3mlqEb67SWHdyWtvXXm/2zH8FfaMXjB59Vndd75tV/5Ge7I6WbWVqT5gfxp4++yzA27 7uAE= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-48-ardb+git@google.com> Subject: [PATCH v4 22/24] efistub/x86: Remap inittext read-execute when needed From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Recent EFI x86 systems are more strict when it comes to mapping boot images, and require that mappings are either read-write or read-execute. Now that the boot code is being cleaned up and refactored, most of it is being moved into .init.text [where it arguably belongs] but that implies that when booting on such strict EFI firmware, we need to take care to map .init.text (and the .altinstr_aux section that follows it) read-execute as well. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 2 ++ arch/x86/include/asm/boot.h | 2 ++ arch/x86/kernel/vmlinux.lds.S | 2 ++ drivers/firmware/efi/libstub/x86-stub.c | 4 +++- 5 files changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/M= akefile index 3a38fdcdb9bd..74657589264d 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -73,7 +73,7 @@ LDFLAGS_vmlinux +=3D -T hostprogs :=3D mkpiggy HOST_EXTRACFLAGS +=3D -I$(srctree)/tools/include =20 -sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__start_r= odata\|__bss_start\|_end\)$$/\#define VO_\2 _AC(0x\1,UL)/p' +sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__start_r= odata\|_sinittext\|__inittext_end\|__bss_start\|_end\)$$/\#define VO_\2 _AC= (0x\1,UL)/p' =20 quiet_cmd_voffset =3D VOFFSET $@ cmd_voffset =3D $(NM) $< | sed -n $(sed-voffset) > $@ diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/mis= c.c index 94b5991da001..0f41ca0e52c0 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -332,6 +332,8 @@ static size_t parse_elf(void *output) } =20 const unsigned long kernel_text_size =3D VO___start_rodata - VO__text; +const unsigned long kernel_inittext_offset =3D VO__sinittext - VO__text; +const unsigned long kernel_inittext_size =3D VO___inittext_end - VO__sinit= text; const unsigned long kernel_total_size =3D VO__end - VO__text; =20 static u8 boot_heap[BOOT_HEAP_SIZE] __aligned(4); diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h index 02b23aa78955..f7b67cb73915 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h @@ -82,6 +82,8 @@ #ifndef __ASSEMBLER__ extern unsigned int output_len; extern const unsigned long kernel_text_size; +extern const unsigned long kernel_inittext_offset; +extern const unsigned long kernel_inittext_size; extern const unsigned long kernel_total_size; =20 unsigned long decompress_kernel(unsigned char *outbuf, unsigned long virt_= addr, diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 5d5e3a95e1f9..4277efb26358 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -227,6 +227,8 @@ SECTIONS */ .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { *(.altinstr_aux) + . =3D ALIGN(PAGE_SIZE); + __inittext_end =3D .; } =20 INIT_DATA_SECTION(16) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi= /libstub/x86-stub.c index cafc90d4caaf..0d05eac7c72b 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -788,7 +788,9 @@ static efi_status_t efi_decompress_kernel(unsigned long= *kernel_entry, =20 *kernel_entry =3D addr + entry; =20 - return efi_adjust_memory_range_protection(addr, kernel_text_size); + return efi_adjust_memory_range_protection(addr, kernel_text_size) ?: + efi_adjust_memory_range_protection(addr + kernel_inittext_offset, + kernel_inittext_size); } =20 static void __noreturn enter_kernel(unsigned long kernel_addr, --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A465F283FC2 for ; Wed, 9 Jul 2025 08:11:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048714; cv=none; b=F9yOQKoPbtyperSNKjrVlg/qB2u/hCnz6UVcKKOZZ3UvfzAbirmoEbyE7iMKiLVglK4fxH5QXDg+D0wsP4phbivFXy8CzK4WFpW4gKOlrYe3ZUXhNWBPNHthJhAPY4PoXlwFMOlHu5YmrTSyaTyBsSHGOveXM4o7ofQp9LngIss= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048714; c=relaxed/simple; bh=WGwIkv2HoHKkBaOjhcVk3mbrAUVX1oehUhPVE8wILEg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PS2BToL51DGhpvFcK+XESxlYyhlDTC9wgnatnCZRATcYmfNoUwtXzpjinR/ojeNRgpU39qfVpSsM04Pcm9kGhfK7+Pgfa7adIjdXOU55O5dCe9B3Nfxj3eXM4YY8YGBftrjCP695mwDka72Y5oHiHyPITdNYLn6Moo6MR8ZepRk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=J9fUBOFi; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="J9fUBOFi" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-451d3f03b74so29361445e9.3 for ; Wed, 09 Jul 2025 01:11:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048710; x=1752653510; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=QtY6TW2swfcp0EdgG0Ej8ocrIPU2TlSXZ3AIyIGaUEQ=; b=J9fUBOFiL0GRrf15Z5A8dHoHD56tPXBj6o+dHZ8lc3EYaxWBVf4DG0vXmHkdcCATDw DJZQe3AO9vxNb9+Im8irFKKjqHn7OAlIQj5kNrnO/jtsWuDH7/Y7ZbfDIqvIblP+SDuO t6WnHAsGaFk/sAEDf4jhzbtjmU/LWf/DpxR7DJy8zrpQNJdgcOYRyt1n2tDReQy+Jrbm KoNUE74/Jhm+UJWBAquujTPbu9T3pjvP5XB7jXXlQe0gIu45U2PXUzmXDtBmjzvMCRzp hXb7sE0710kW6v3eRoQGvfeInhMVPlGe/pKajJXTRiiyVOOA24X/DYK+bnkxTQRhSwHD UVlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048710; x=1752653510; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QtY6TW2swfcp0EdgG0Ej8ocrIPU2TlSXZ3AIyIGaUEQ=; b=cUuM/h1JKLqqBepYB18vNgu2va4eonTJasrMGlBt0Y7tsVydIUvu8oY+9FPPzP1qoN au3oTCtSA+6C6CDEOqxlWBWz4lVRJYUgR5mQiX+JJjkEWxhZmn0U4u3l3l3AZVVAkehe 84Xj65pALyLq7J+DmEgQinMOlqItgPI1IHDeNI4/zbug8Z+FGNW5teE7Gqq18O/HfPsv NpGzBUSFG8kBHcB+vuELCbqSaGnItZzKnX8ql/XYpoZq8ER2SHVoHbhbyDiqyAPjtLzv gadsj2Ga3U8di6bvlkKZ/jB+ICjr9Gg9jz9I/7HPAFWtqYaELvfiSGZURrw9+0xxcFoA eqvQ== X-Gm-Message-State: AOJu0YxmpsgLtJEjp+KiqUAexB2gLZS0oH62BqjkSHq8SRHNANuzmXDa gbVdjghRS6ZiwDPdbnmIjKaoGDuHRRDJLFTS221umHPwwRl3bgwPr64FJ7zAiJC3GYNDcOU71OH WbPZXp2+ex9gClQNEpYSPypR/nJZGhPKKjSQbQyuizCrXmvpFC1MFbX0I2FeWsVBRjCHpVM6B7J TmLUrA8vbDv4D9aMs9JxtleiYQ+IV7xDS5eg== X-Google-Smtp-Source: AGHT+IEo0Zs1aRfb0XdlhBfcu5zos1s6HgqDKfUdbpmWc4cSBsae2Ic5q1IiSHApumdXV137tFiczZd9 X-Received: from wmti11.prod.google.com ([2002:a05:600c:8b8b:b0:450:cfda:ece7]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:64ce:0:b0:3a5:8600:7cff with SMTP id ffacd0b85a97d-3b5e44e409bmr1163856f8f.1.1752048710261; Wed, 09 Jul 2025 01:11:50 -0700 (PDT) Date: Wed, 9 Jul 2025 10:09:04 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=17091; i=ardb@kernel.org; h=from:subject; bh=ekxrTB4CqLIayaSSG8sjj/rSFBXz5ufFFA/oHyVBUNY=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNP+f+lNZE/HNYcsfL48Thkf+m3qGiN9+7t+3SmWN7cJ crR5fS4o5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzEZQrDP7MDMfyFH39E2Xlv nhKRuUN8crm4w5oX8aylclcvBTyauJPhv5t3/Pxn9tt9w7N4TZMcwzNmtnvm6HMkSC36r/Pret1 XHgA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-49-ardb+git@google.com> Subject: [PATCH v4 23/24] x86/boot: Move startup code out of __head section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Move startup code out of the __head section, now that this no longer has a special significance. Move everything into .text or .init.text as appropriate, so that startup code is not kept around unnecessarily. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 3 -- arch/x86/boot/startup/gdt_idt.c | 4 +-- arch/x86/boot/startup/map_kernel.c | 4 +-- arch/x86/boot/startup/sev-shared.c | 38 ++++++++++---------- arch/x86/boot/startup/sev-startup.c | 14 ++++---- arch/x86/boot/startup/sme.c | 26 +++++++------- arch/x86/include/asm/init.h | 6 ---- arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 2 +- arch/x86/platform/pvh/head.S | 2 +- 10 files changed, 46 insertions(+), 55 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 5e0fa165e10b..6521530fb701 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -32,9 +32,6 @@ struct ghcb *boot_ghcb; #undef __init #define __init =20 -#undef __head -#define __head - #define __BOOT_COMPRESSED =20 u8 snp_vmpl; diff --git a/arch/x86/boot/startup/gdt_idt.c b/arch/x86/boot/startup/gdt_id= t.c index a3112a69b06a..d16102abdaec 100644 --- a/arch/x86/boot/startup/gdt_idt.c +++ b/arch/x86/boot/startup/gdt_idt.c @@ -24,7 +24,7 @@ static gate_desc bringup_idt_table[NUM_EXCEPTION_VECTORS] __page_aligned_d= ata; =20 /* This may run while still in the direct mapping */ -void __head startup_64_load_idt(void *vc_handler) +void startup_64_load_idt(void *vc_handler) { struct desc_ptr desc =3D { .address =3D (unsigned long)rip_rel_ptr(bringup_idt_table), @@ -46,7 +46,7 @@ void __head startup_64_load_idt(void *vc_handler) /* * Setup boot CPU state needed before kernel switches to virtual addresses. */ -void __head startup_64_setup_gdt_idt(void) +void __init startup_64_setup_gdt_idt(void) { struct gdt_page *gp =3D rip_rel_ptr((void *)(__force unsigned long)&gdt_p= age); void *handler =3D NULL; diff --git a/arch/x86/boot/startup/map_kernel.c b/arch/x86/boot/startup/map= _kernel.c index 332dbe6688c4..83ba98d61572 100644 --- a/arch/x86/boot/startup/map_kernel.c +++ b/arch/x86/boot/startup/map_kernel.c @@ -30,7 +30,7 @@ static inline bool check_la57_support(void) return true; } =20 -static unsigned long __head sme_postprocess_startup(struct boot_params *bp, +static unsigned long __init sme_postprocess_startup(struct boot_params *bp, pmdval_t *pmd, unsigned long p2v_offset) { @@ -84,7 +84,7 @@ static unsigned long __head sme_postprocess_startup(struc= t boot_params *bp, * the 1:1 mapping of memory. Kernel virtual addresses can be determined by * subtracting p2v_offset from the RIP-relative address. */ -unsigned long __head __startup_64(unsigned long p2v_offset, +unsigned long __init __startup_64(unsigned long p2v_offset, struct boot_params *bp) { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D rip_rel_ptr(early_dynamic_pgts); diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 223eafa56d9d..ce11bab57d4f 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -29,7 +29,7 @@ static u32 cpuid_std_range_max __ro_after_init; static u32 cpuid_hyp_range_max __ro_after_init; static u32 cpuid_ext_range_max __ro_after_init; =20 -void __head __noreturn +void __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { u64 val =3D GHCB_MSR_TERM_REQ; @@ -45,7 +45,7 @@ sev_es_terminate(unsigned int set, unsigned int reason) asm volatile("hlt\n" : : : "memory"); } =20 -static u64 __head get_hv_features(void) +static u64 __init get_hv_features(void) { u64 val; =20 @@ -62,7 +62,7 @@ static u64 __head get_hv_features(void) return GHCB_MSR_HV_FT_RESP_VAL(val); } =20 -u64 __head snp_check_hv_features(void) +u64 __init snp_check_hv_features(void) { /* * SNP is supported in v2 of the GHCB spec which mandates support for HV @@ -240,7 +240,7 @@ const struct snp_cpuid_table *snp_cpuid_get_table(void) * * Return: XSAVE area size on success, 0 otherwise. */ -static u32 __head snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compact= ed) +static u32 snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compacted) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); u64 xfeatures_found =3D 0; @@ -276,7 +276,7 @@ static u32 __head snp_cpuid_calc_xsave_size(u64 xfeatur= es_en, bool compacted) return xsave_size; } =20 -static bool __head +static bool snp_cpuid_get_validated_func(struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); @@ -318,8 +318,8 @@ static void snp_cpuid_msr_prot(void *ctx, struct cpuid_= leaf *leaf) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); } =20 -static int __head snp_cpuid_postprocess(void (*cpuid)(void *ctx, struct cp= uid_leaf *), - void *ctx, struct cpuid_leaf *leaf) +static int snp_cpuid_postprocess(void (*cpuid)(void *ctx, struct cpuid_lea= f *), + void *ctx, struct cpuid_leaf *leaf) { struct cpuid_leaf leaf_hv =3D *leaf; =20 @@ -413,8 +413,8 @@ static int __head snp_cpuid_postprocess(void (*cpuid)(v= oid *ctx, struct cpuid_le * Returns -EOPNOTSUPP if feature not enabled. Any other non-zero return v= alue * should be treated as fatal by caller. */ -int __head snp_cpuid(void (*cpuid)(void *ctx, struct cpuid_leaf *), void *= ctx, - struct cpuid_leaf *leaf) +int snp_cpuid(void (*cpuid)(void *ctx, struct cpuid_leaf *), void *ctx, + struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); =20 @@ -456,7 +456,7 @@ int __head snp_cpuid(void (*cpuid)(void *ctx, struct cp= uid_leaf *), void *ctx, * page yet, so it only supports the MSR based communication with the * hypervisor and only the CPUID exit-code. */ -void __head do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) +void do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) { unsigned int subfn =3D lower_bits(regs->cx, 32); unsigned int fn =3D lower_bits(regs->ax, 32); @@ -532,7 +532,7 @@ struct cc_setup_data { * Search for a Confidential Computing blob passed in as a setup_data entry * via the Linux Boot Protocol. */ -static __head +static __init struct cc_blob_sev_info *find_cc_blob_setup_data(struct boot_params *bp) { struct cc_setup_data *sd =3D NULL; @@ -560,7 +560,7 @@ struct cc_blob_sev_info *find_cc_blob_setup_data(struct= boot_params *bp) * mapping needs to be updated in sync with all the changes to virtual mem= ory * layout and related mapping facilities throughout the boot process. */ -static void __head setup_cpuid_table(const struct cc_blob_sev_info *cc_inf= o) +static void __init setup_cpuid_table(const struct cc_blob_sev_info *cc_inf= o) { const struct snp_cpuid_table *cpuid_table_fw, *cpuid_table; int i; @@ -588,8 +588,8 @@ static void __head setup_cpuid_table(const struct cc_bl= ob_sev_info *cc_info) } } =20 -static void __head svsm_pval_4k_page(unsigned long paddr, bool validate, - struct svsm_ca *caa, u64 caa_pa) +static void svsm_pval_4k_page(unsigned long paddr, bool validate, + struct svsm_ca *caa, u64 caa_pa) { struct svsm_pvalidate_call *pc; struct svsm_call call =3D {}; @@ -628,8 +628,8 @@ static void __head svsm_pval_4k_page(unsigned long padd= r, bool validate, native_local_irq_restore(flags); } =20 -static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long pa= ddr, - bool validate, struct svsm_ca *caa, u64 caa_pa) +static void pvalidate_4k_page(unsigned long vaddr, unsigned long paddr, + bool validate, struct svsm_ca *caa, u64 caa_pa) { int ret; =20 @@ -642,8 +642,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, } } =20 -static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, - enum psc_op op, struct svsm_ca *caa, u64 caa_pa) +static void __page_state_change(unsigned long vaddr, unsigned long paddr, + enum psc_op op, struct svsm_ca *caa, u64 caa_pa) { u64 val; =20 @@ -675,7 +675,7 @@ static void __head __page_state_change(unsigned long va= ddr, unsigned long paddr, * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. */ -static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, +static bool __init svsm_setup_ca(const struct cc_blob_sev_info *cc_info, void *page) { struct snp_secrets_page *secrets_page; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 0fd80e63b639..f2fb5674283d 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -44,7 +44,7 @@ /* Include code shared with pre-decompression boot stage */ #include "sev-shared.c" =20 -void __head +void __init early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op, struct svsm_ca *caa, u64 caa_pa) @@ -64,7 +64,7 @@ early_set_pages_state(unsigned long vaddr, unsigned long = paddr, } } =20 -void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, +void __init early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages) { /* @@ -84,7 +84,7 @@ void __head early_snp_set_memory_private(unsigned long va= ddr, unsigned long padd rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 -void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, +void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, unsigned long npages) { /* @@ -114,7 +114,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr * * Scan for the blob in that order. */ -static __head struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp) +static struct cc_blob_sev_info *__init find_cc_blob(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; =20 @@ -140,7 +140,7 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) return cc_info; } =20 -static __head void svsm_setup(struct cc_blob_sev_info *cc_info) +static void __init svsm_setup(struct cc_blob_sev_info *cc_info) { struct snp_secrets_page *secrets =3D (void *)cc_info->secrets_phys; struct svsm_call call =3D {}; @@ -183,7 +183,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) boot_svsm_caa_pa =3D pa; } =20 -bool __head snp_init(struct boot_params *bp) +bool __init snp_init(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; =20 @@ -212,7 +212,7 @@ bool __head snp_init(struct boot_params *bp) return true; } =20 -void __head __noreturn snp_abort(void) +void __init __noreturn snp_abort(void) { sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index 56dde8c53139..c3eff6d5102c 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -91,7 +91,7 @@ struct sme_populate_pgd_data { */ static char sme_workarea[2 * PMD_SIZE] __section(".init.scratch"); =20 -static void __head sme_clear_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; pgd_t *pgd_p; @@ -106,7 +106,7 @@ static void __head sme_clear_pgd(struct sme_populate_pg= d_data *ppd) memset(pgd_p, 0, pgd_size); } =20 -static pud_t __head *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) +static pud_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) { pgd_t *pgd; p4d_t *p4d; @@ -143,7 +143,7 @@ static pud_t __head *sme_prepare_pgd(struct sme_populat= e_pgd_data *ppd) return pud; } =20 -static void __head sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) +static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) { pud_t *pud; pmd_t *pmd; @@ -159,7 +159,7 @@ static void __head sme_populate_pgd_large(struct sme_po= pulate_pgd_data *ppd) set_pmd(pmd, __pmd(ppd->paddr | ppd->pmd_flags)); } =20 -static void __head sme_populate_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) { pud_t *pud; pmd_t *pmd; @@ -185,7 +185,7 @@ static void __head sme_populate_pgd(struct sme_populate= _pgd_data *ppd) set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); } =20 -static void __head __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd_large(ppd); @@ -195,7 +195,7 @@ static void __head __sme_map_range_pmd(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range_pte(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd(ppd); @@ -205,7 +205,7 @@ static void __head __sme_map_range_pte(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range(struct sme_populate_pgd_data *ppd, +static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, pmdval_t pmd_flags, pteval_t pte_flags) { unsigned long vaddr_end; @@ -229,22 +229,22 @@ static void __head __sme_map_range(struct sme_populat= e_pgd_data *ppd, __sme_map_range_pte(ppd); } =20 -static void __head sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } =20 -static void __head sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); } =20 -static void __head sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) +static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); } =20 -static unsigned long __head sme_pgtable_calc(unsigned long len) +static unsigned long __init sme_pgtable_calc(unsigned long len) { unsigned long entries =3D 0, tables =3D 0; =20 @@ -281,7 +281,7 @@ static unsigned long __head sme_pgtable_calc(unsigned l= ong len) return entries + tables; } =20 -void __head sme_encrypt_kernel(struct boot_params *bp) +void __init sme_encrypt_kernel(struct boot_params *bp) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; @@ -485,7 +485,7 @@ void __head sme_encrypt_kernel(struct boot_params *bp) native_write_cr3(__native_read_cr3()); } =20 -void __head sme_enable(struct boot_params *bp) +void __init sme_enable(struct boot_params *bp) { unsigned int eax, ebx, ecx, edx; unsigned long feature_mask; diff --git a/arch/x86/include/asm/init.h b/arch/x86/include/asm/init.h index 8b1b1abcef15..01ccdd168df0 100644 --- a/arch/x86/include/asm/init.h +++ b/arch/x86/include/asm/init.h @@ -2,12 +2,6 @@ #ifndef _ASM_X86_INIT_H #define _ASM_X86_INIT_H =20 -#if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 170000 -#define __head __section(".head.text") __no_sanitize_undefined __no_stack_= protector -#else -#define __head __section(".head.text") __no_sanitize_undefined -#endif - struct x86_mapping_info { void *(*alloc_pgt_page)(void *); /* allocate buf for page table */ void (*free_pgt_page)(void *, void *); /* free buf for page table */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S index 76743dfad6ab..437effb1ef03 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -61,7 +61,7 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE) * any particular GDT layout, because we load our own as soon as we * can. */ -__HEAD + __INIT SYM_CODE_START(startup_32) movl pa(initial_stack),%ecx =09 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index d219963ecb60..21816b48537c 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -33,7 +33,7 @@ * because we need identity-mapped pages. */ =20 - __HEAD + __INIT .code64 SYM_CODE_START_NOALIGN(startup_64) UNWIND_HINT_END_OF_STACK diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index 1d78e5631bb8..344030c1a81d 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -24,7 +24,7 @@ #include #include =20 - __HEAD + __INIT =20 /* * Entry point for PVH guests. --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Tue Oct 7 14:08:24 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BBBE283FE5 for ; Wed, 9 Jul 2025 08:11:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048715; cv=none; b=gQ74xhqMf99O0uDMJ3sdxmEufaLVwLPXzFHkE8jzSWPmOWsVeHEvQ53WHzTryXQoMEHceKgATTWe6dsOchLk9HuzAaTkS2Qn7x6dEMdbSAduMdGtjvQMwEZSUvtiWJMMpri4S3yrtwYf6CXvbRiJO7jYRJweJWIoR/3Ccy3ODWw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752048715; c=relaxed/simple; bh=MlIRBxRaja7ZlU2OXFrbRrUPNNl74/HsMd4o37sL9hE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Gjxd841Md3L2n58n3LwUFHtH3zQcQ+8cfKQndOgsrkOOjyaSX+uu5mX5HVP6tQdUpx2NX9tzzwlz/70uvHvHAF9oIIjdYdPi0qXe/eHr2S/YgfjuyOvRR8nXhbo8YdDvAL85+r3nrwVzOr7EqJQnLKVpVp8L0YgDh6bL9T8DNEM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4P40U50b; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4P40U50b" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-451d5600a54so41828215e9.2 for ; Wed, 09 Jul 2025 01:11:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752048712; x=1752653512; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=sRQugI64DfH4l5motO7Op00/v3FgIyII8TOhMD/41k4=; b=4P40U50bRnG4ZrUEJERMgmwO4STUGsDxTltcezUNosQQpaXyro0mT4rDHtVaLj0Gfj DivkdZFzXvkVkbJRPphkFBials+IH26Mu2+9ZpsLh4WaQcEB7AwB29+xfD2dMOWD4KBo ETYLD8bKdyp9g0FeuAQDwuX+av2qHIO8uDERzYwAa36HwamiJjUNOmBKRzuIVK4dlGIG MBD0w+BkueG7cxg4+XVPZK5rSXt9eujtMo2ZDSkZNA8B9BkcP9Znv93mj4Z5T0caBnZH H0oBi4V67+bteOcje6Gh73LoN58YXstB1lCAeDXOQnHVwFI6NEiL26M139LNDmmaZa06 KEgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752048712; x=1752653512; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sRQugI64DfH4l5motO7Op00/v3FgIyII8TOhMD/41k4=; b=go+dn+Qd+OIJZWiGr13vWnwxW4mcKh8e1qmlwXBXHsg8ZfbeGlMn/zalwjNXWOh4bK nr02fXoy1WrQ0ptJESeUKiTLUHAi12j/UQrVF+R4yoQUj89AdV0nAd1VEesOGP9RlB9P 4Uof1Je/fXFWfJVvQtkqJZlgpPo7VCQxgYlqb2PVM3Rzu/8l1kog3tTvmzCH79xaUjiw kKEr5YUIp5B8Sz0HXKkBANcwA1dFFK7yNUVTzuqfituLG9qJwR07PFRkUuXweYK2ZOxO 2AMaSLw6hsu6wpjYRgAlvhrUd5bNWtX1R51f2ASDBUY285wfDF/xXAjAz9EL4UKhK7lw 2BdA== X-Gm-Message-State: AOJu0YxLqjEd6tJE5lhuGgMMrBToGe25mrb1VXiLNxuYosjxAOV/G42S KWTuMEnRAjFDlT6e7DCRHtpGLtA7kOMQptCT/JJO8+9T0tCi2JpvXqbhkcrL9JEWJq6RyUbgCbR F1UROJ/ByumQBsUWfFnW/9C2IYSX5GBC+5G0ZyUM75A/VNBpUyU0D2UjGqDEtAdRT3lLiPdDH0J YtCHAtlvyh6owG+HIvv2i2NzySp7jrZoJZEA== X-Google-Smtp-Source: AGHT+IGSJGX/pEHs6QWpVjrof537fmpAF9vkUHI44VaBcW8UIx6L7uDKveEm9eWEJjArZ+KCIFi3vL06 X-Received: from wmbea14.prod.google.com ([2002:a05:600c:674e:b0:43e:9aac:5a49]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:5309:b0:43c:efed:733e with SMTP id 5b1f17b1804b1-454d5327ef4mr13878735e9.14.1752048712259; Wed, 09 Jul 2025 01:11:52 -0700 (PDT) Date: Wed, 9 Jul 2025 10:09:05 +0200 In-Reply-To: <20250709080840.2233208-26-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250709080840.2233208-26-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=737; i=ardb@kernel.org; h=from:subject; bh=2wDANTljMa+3l9R4Cw8PAic5NzJMQu4mfQTgCSM10MY=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JISNPheUX9+Kv8/UmBnls2hwsZnLF65Plcca6y0LPlX8/q zgfkTOjo5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEwkN5SRYUPj3MiwRQ//pe6+ f3ff28PP/KIMOK6u32gX8iJ019HvehGMDAtWynwt99Jrzsjzj78V1Lt+4vrPdw3KnyYGRT1pXV9 wmgEA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250709080840.2233208-50-ardb+git@google.com> Subject: [PATCH v4 24/24] x86/boot: Get rid of the .head.text section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Dionna Amalie Glaze , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The .head.text section is now empty, so it can be dropped from the linker script. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/vmlinux.lds.S | 5 ----- 1 file changed, 5 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 4277efb26358..d7af4a64c211 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -160,11 +160,6 @@ SECTIONS =20 } :text =3D 0xcccccccc =20 - /* bootstrapping code */ - .head.text : AT(ADDR(.head.text) - LOAD_OFFSET) { - HEAD_TEXT - } :text =3D 0xcccccccc - /* End of text section, which should occupy whole number of pages */ _etext =3D .; . =3D ALIGN(PAGE_SIZE); --=20 2.50.0.727.gbf7dc18ff4-goog