From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD5031D88AC for ; Wed, 16 Jul 2025 03:22:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636151; cv=none; b=hFlqK5/OQE6MXc53oMWu2M2WHnwlBhizZwQufVRE2V2kbn1qSeHBYR11E7JeDPp6TcUVUFW/UCdMemMgMq0XfRHuhhjt8qXnAMWhiwpFgSmDR4H9BFgzn131cr/MvygmjJ4Ov2PumzDUBpuP0jxSpJWwtinaxBxbHhHYeWjF33A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636151; c=relaxed/simple; bh=y7ZqIPfzZjjineUnECWqLBqlDGZnJoXywp+4TUmHp9o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Iab3+/j2jVcFBjJzb9bYbcaDGgyso0H7K7KH6s6POgOilZg9fR3O9s2iA+9dBC4cYPdxodE0dYaAGU5vJe+KwcgU/yU2Rvz5HN4T9YGU6SZJmfLFgR7200OZmQN0xhp+nJ4gy8rM+vbWpT7CjLQYc/CZGI1wE/7kR1GwlRfE3+c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=SJ7n264n; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="SJ7n264n" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a5780e8137so187770f8f.1 for ; Tue, 15 Jul 2025 20:22:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636148; x=1753240948; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=/0fjCI0G736hAl1WDZx4JeO72oXnyOHjec7DN5JofkU=; b=SJ7n264nk4rI0pqCt/PDJhWTK55zo5agUaLdhWaL+h40PRzGaVG0BaH5iYsrd2+JQ9 6Mn8NDrZNGGHKs2gnzWrnZMxxfWJtg4CmwJMZaWxcsn+iLWWSzkld3W4Y7ijRauJBdRQ GrC5NcuGrzw0/V7/I80LEVbnAehA9Khk8fzc+hZfchAODLd8/IcSF2YFT+lp3umzWl5e p+TSokEhuvVHbelvmvh/kuLYG4Oy/169Ybg6RY3H3Ux/f1YIzISjtk6EDWgFatdDSvMM 5p8CzKXstdgFtViwACNp6oqV3NVntJ+VL4We7cBXlCHZ6wof7tEVmUCCzgtDjt6GkDpK 9oSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636148; x=1753240948; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/0fjCI0G736hAl1WDZx4JeO72oXnyOHjec7DN5JofkU=; b=aYSpm5VlzrEKxw4Jm1vNJ9+VxBswmXmkJZ+57N2bvegRBEg0mYoiJcrYUcmxiiuxuN yZEK5QzknxiY97e46xaHzxs+nXOUJg/Vl1QbSYoG/dy/F80SgtBpubcreDqJ+Ss6dC3D awdajViZHCW+EB6/MJIRUM6TvNlCBoH0roD26PyuCRgwOK3cdy0vNgD2MAAXxNPZRPil xvaKuqSX++TsshelrVlqWc6Sm+yTZcPS/fd/2zEu5CaoeVej8HR4oKn1KqcJCdHFymx7 T+r0LWDKjganz7P1MdUbdqgLd3T1xmQRsRxVn0SSaWX+1K6nHdmtOFwRdq/iKOph0WQ5 EIEA== X-Gm-Message-State: AOJu0YzIj9LamS7Y4pgpjhStbMBJl13TnSavsUBN/jUgRjQzeJeuvRJk HqVb8lYmJG7tDYDS0udCzNak67hDu4xxWJybD9zFlsGcGkZH2mLMRNtfC3JYuA1TR9GiQR4Bg8o 7EKNo4KPUtPqzY1+XacsXr55NyW5kj9AxKIfoDnzr9+m33M/CN7RHAM+okGsbDutJVE6GFtUUX+ V4R+RT9tGtR9ujOAbCk+RiNunUCE3QzEl7Jw== X-Google-Smtp-Source: AGHT+IHZsh8QXDncu61aFGu0BfFlm2IHVc/aAaVB89BaHUimD0u4dpZbcZwRvH2egJwuE4R/GKNncjW4 X-Received: from wmtf7.prod.google.com ([2002:a05:600c:8b47:b0:454:d702:f3c2]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:3104:b0:3b5:f6f9:e803 with SMTP id ffacd0b85a97d-3b60953aa6bmr4933891f8f.14.1752636148059; Tue, 15 Jul 2025 20:22:28 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:16 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7370; i=ardb@kernel.org; h=from:subject; bh=yhK4qsChfODRjxrHDoe+/mi4JoskP7s/+110xhLEhCc=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcivlAs3ipz8LFTkeXzNZ+fc+j58OH/W8+Z0+2lT3g4 9ly4t2JjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCR0+8ZGZrPrSxi9TmreeK0 27SDDzQaL/2JFvdfY+nmry0Tcvm7tTYjw6eK+4KXjLb9dQhf5PFL8oupV96+pQ6bnCP2d3t8Xn0 snhMA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-25-ardb+git@google.com> Subject: [PATCH v5 01/22] x86/sev: Separate MSR and GHCB based snp_cpuid() via a callback From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel There are two distinct callers of snp_cpuid(): one where the MSR protocol is always used, and one where the GHCB page based interface is always used. The snp_cpuid() logic does not care about the distinction, which only matters at a lower level. But the fact that it supports both interfaces means that the GHCB page based logic is pulled into the early startup code where PA to VA conversions are problematic, given that it runs from the 1:1 mapping of memory. So keep snp_cpuid() itself in the startup code, but factor out the hypervisor calls via a callback, so that the GHCB page handling can be moved out. Code refactoring only - no functional change intended. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/startup/sev-shared.c | 60 ++++---------------- arch/x86/coco/sev/vc-shared.c | 49 +++++++++++++++- arch/x86/include/asm/sev.h | 3 +- 3 files changed, 61 insertions(+), 51 deletions(-) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 7a706db87b93..c401d0391537 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -342,44 +342,7 @@ static int __sev_cpuid_hv_msr(struct cpuid_leaf *leaf) return ret; } =20 -static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) -{ - u32 cr4 =3D native_read_cr4(); - int ret; - - ghcb_set_rax(ghcb, leaf->fn); - ghcb_set_rcx(ghcb, leaf->subfn); - - if (cr4 & X86_CR4_OSXSAVE) - /* Safe to read xcr0 */ - ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK)); - else - /* xgetbv will cause #UD - use reset value for xcr0 */ - ghcb_set_xcr0(ghcb, 1); - - ret =3D sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); - if (ret !=3D ES_OK) - return ret; - - if (!(ghcb_rax_is_valid(ghcb) && - ghcb_rbx_is_valid(ghcb) && - ghcb_rcx_is_valid(ghcb) && - ghcb_rdx_is_valid(ghcb))) - return ES_VMM_ERROR; =20 - leaf->eax =3D ghcb->save.rax; - leaf->ebx =3D ghcb->save.rbx; - leaf->ecx =3D ghcb->save.rcx; - leaf->edx =3D ghcb->save.rdx; - - return ES_OK; -} - -static int sev_cpuid_hv(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct= cpuid_leaf *leaf) -{ - return ghcb ? __sev_cpuid_hv_ghcb(ghcb, ctxt, leaf) - : __sev_cpuid_hv_msr(leaf); -} =20 /* * This may be called early while still running on the initial identity @@ -484,21 +447,20 @@ snp_cpuid_get_validated_func(struct cpuid_leaf *leaf) return false; } =20 -static void snp_cpuid_hv(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struc= t cpuid_leaf *leaf) +static void snp_cpuid_hv_msr(void *ctx, struct cpuid_leaf *leaf) { - if (sev_cpuid_hv(ghcb, ctxt, leaf)) + if (__sev_cpuid_hv_msr(leaf)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); } =20 -static int __head -snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_ctxt *ctxt, - struct cpuid_leaf *leaf) +static int __head snp_cpuid_postprocess(void (*cpuid_fn)(void *ctx, struct= cpuid_leaf *), + void *ctx, struct cpuid_leaf *leaf) { struct cpuid_leaf leaf_hv =3D *leaf; =20 switch (leaf->fn) { case 0x1: - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_fn(ctx, &leaf_hv); =20 /* initial APIC ID */ leaf->ebx =3D (leaf_hv.ebx & GENMASK(31, 24)) | (leaf->ebx & GENMASK(23,= 0)); @@ -517,7 +479,7 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, break; case 0xB: leaf_hv.subfn =3D 0; - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_fn(ctx, &leaf_hv); =20 /* extended APIC ID */ leaf->edx =3D leaf_hv.edx; @@ -565,7 +527,7 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, } break; case 0x8000001E: - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_fn(ctx, &leaf_hv); =20 /* extended APIC ID */ leaf->eax =3D leaf_hv.eax; @@ -586,8 +548,8 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, * Returns -EOPNOTSUPP if feature not enabled. Any other non-zero return v= alue * should be treated as fatal by caller. */ -int __head -snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct cpuid_leaf *l= eaf) +int __head snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *), voi= d *ctx, + struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); =20 @@ -621,7 +583,7 @@ snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, s= truct cpuid_leaf *leaf) return 0; } =20 - return snp_cpuid_postprocess(ghcb, ctxt, leaf); + return snp_cpuid_postprocess(cpuid_fn, ctx, leaf); } =20 /* @@ -648,7 +610,7 @@ void __head do_vc_no_ghcb(struct pt_regs *regs, unsigne= d long exit_code) leaf.fn =3D fn; leaf.subfn =3D subfn; =20 - ret =3D snp_cpuid(NULL, NULL, &leaf); + ret =3D snp_cpuid(snp_cpuid_hv_msr, NULL, &leaf); if (!ret) goto cpuid_done; =20 diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c index 2c0ab0fdc060..b4688f69102e 100644 --- a/arch/x86/coco/sev/vc-shared.c +++ b/arch/x86/coco/sev/vc-shared.c @@ -409,15 +409,62 @@ static enum es_result vc_handle_ioio(struct ghcb *ghc= b, struct es_em_ctxt *ctxt) return ret; } =20 +static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) +{ + u32 cr4 =3D native_read_cr4(); + int ret; + + ghcb_set_rax(ghcb, leaf->fn); + ghcb_set_rcx(ghcb, leaf->subfn); + + if (cr4 & X86_CR4_OSXSAVE) + /* Safe to read xcr0 */ + ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK)); + else + /* xgetbv will cause #UD - use reset value for xcr0 */ + ghcb_set_xcr0(ghcb, 1); + + ret =3D sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); + if (ret !=3D ES_OK) + return ret; + + if (!(ghcb_rax_is_valid(ghcb) && + ghcb_rbx_is_valid(ghcb) && + ghcb_rcx_is_valid(ghcb) && + ghcb_rdx_is_valid(ghcb))) + return ES_VMM_ERROR; + + leaf->eax =3D ghcb->save.rax; + leaf->ebx =3D ghcb->save.rbx; + leaf->ecx =3D ghcb->save.rcx; + leaf->edx =3D ghcb->save.rdx; + + return ES_OK; +} + +struct cpuid_ctx { + struct ghcb *ghcb; + struct es_em_ctxt *ctxt; +}; + +static void snp_cpuid_hv_ghcb(void *p, struct cpuid_leaf *leaf) +{ + struct cpuid_ctx *ctx =3D p; + + if (__sev_cpuid_hv_ghcb(ctx->ghcb, ctx->ctxt, leaf)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); +} + static int vc_handle_cpuid_snp(struct ghcb *ghcb, struct es_em_ctxt *ctxt) { + struct cpuid_ctx ctx =3D { ghcb, ctxt }; struct pt_regs *regs =3D ctxt->regs; struct cpuid_leaf leaf; int ret; =20 leaf.fn =3D regs->ax; leaf.subfn =3D regs->cx; - ret =3D snp_cpuid(ghcb, ctxt, &leaf); + ret =3D snp_cpuid(snp_cpuid_hv_ghcb, &ctx, &leaf); if (!ret) { regs->ax =3D leaf.eax; regs->bx =3D leaf.ebx; diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 89075ff19afa..2cabf617de3c 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -552,7 +552,8 @@ struct cpuid_leaf { u32 edx; }; =20 -int snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct cpuid_lea= f *leaf); +int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), + void *ctx, struct cpuid_leaf *leaf); =20 void __noreturn sev_es_terminate(unsigned int set, unsigned int reason); enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE93F27586A for ; Wed, 16 Jul 2025 03:22:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636152; cv=none; b=PSo9SQi21b+/PSavfG8tfzSSaPzoztRaR8Dy0Ns2Ad2ieKST3M+/hQVWmF9gyhtBTgLNLh1n9EesV3HsMrc9LqafjJ7L7WxqSFhssxzZtvc56bLHZGey83WZD63/AQLuipRPrNhDNa/CRc9xv1hHa+FYkkIa5cgRSCo4ijc4sq4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636152; c=relaxed/simple; bh=ksqWJ3zxF7ccoNVNsSR6rr7unDZsJqUNnB8JaSiF94I=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=V1IbbhvtOxCmtQNQ1NKVSWAwwqqkGi3RrAPtQ6g0cR7C+/GywBznBhwvPmZqi5+QOfa581/tWwR7GUYNSJdvU1DcnefkzYqo6XDTzNpScUty1IKy6peAeUry2Y+8+G7hQz1j4NLRVaSwMsZBsnpk1Dm9dxxs+skrHB263ZMpAeU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bxijrMbv; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bxijrMbv" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4538a2f4212so34417245e9.2 for ; Tue, 15 Jul 2025 20:22:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636149; x=1753240949; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=XTk1fL+3FlyyPzsp+eM/RsxBcL9vy8XaYmuNj1GdoaE=; b=bxijrMbvIyPsEypqb3PJnnPZ3PUJSzzbVBqoXuZwbIC096HuNNxzLfnH/giavg/L8j x6tIZ/j/DGVWlkpPAeUOwZnYV5Uph9Js74K8x0Krgrfzze5Qo8eYt9nyZqum0DsTpg8+ DbQWnkrRpDOLfM3u8Y5qdwekA2uwkepLnI6/AdUJGkakLxkECvfCB9hg3CTniRYhSvPO /OjsrUkU2ENpSoVbfdmFAX4X0k91xeK8X2IcWEvG1SSvPOU901SOEfRlkI1wLGRxvbdT EV9TJNlOPJMKq/W7SMEA6exwDxMZohPsy3rYnXvN8iMXr31ax7wvUZyIaWFI3GkIeJ3X FyzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636149; x=1753240949; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XTk1fL+3FlyyPzsp+eM/RsxBcL9vy8XaYmuNj1GdoaE=; b=sf6mtKDYrqDUBPRC/I0JaH4lQv1hTgY9mber65NZ3eu5ZTE4y1ovdBImipgyHzykne xrYdIrigA4I1MJq3+x0ST/lnMJtgZNv/tWJsZO34v5ERycDOp4Igns2VaKZLNC0gVyu4 J/sIe+tWVKewBBF6DfbziZ6oJC6jAt7fvUjbAQTWzqAzMeYIs/y+/s5H5Cbb3Z9Ghtmm Lv1TIvSjnwN4fIpbGW3UUkY8MiM6YMUGVsjWDkn2TrkO7w0Y4ycQQ7eigA3R4w/EFHSW GA/z8I6fqxWBAHyilf9X2XE6S7bygU3OiYy7hFHEU7vEOIyJmazCH5ETKgY+FyCAKXve LbRQ== X-Gm-Message-State: AOJu0YwlWGQ8fOayJSNQVZz8lwTnwEwImewsfJKqGEDCOEaWw4eYhpSJ ZQ9rmOt5K0ALtEJOvXPW4xvuwQHeOjnr8SDVp4lvnKuRFz7ma3hqKynAR3myrCvNcaQAdLG2iR9 gcKighy2OLugxZmmjxSCFb+um4xn/j8eAEAMjdJQehvE9jPHu4gq4tiwBcUnkwa8IdEaWfquxQO GrStIzJ8VMdeUSDdq1JVeQkEO7+dhLpB6S5g== X-Google-Smtp-Source: AGHT+IFp+4uK6QUco7HVxh+/dkaikaA7IPLW4LLCd2U9UQFsz5HQ4F8+CtS88XHIISeuYdyCOJ0T39EC X-Received: from wmtf7.prod.google.com ([2002:a05:600c:8b47:b0:454:d702:f3c2]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c0f:b0:43d:42b:e186 with SMTP id 5b1f17b1804b1-4562f9c0876mr1263275e9.8.1752636149110; Tue, 15 Jul 2025 20:22:29 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:17 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2218; i=ardb@kernel.org; h=from:subject; bh=R+TJW1Povli2/3VdKghDcG09D4Rob9ApANRJpivezCs=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcisMwU9ndWZrxDVv6OvO/l+pub405wv5g7wT9fOFT2 6a2P+boKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABN5JMbIMGG23d/LOVdNTFjv uV5cE3a2bq/EvOO+Zg4LFjjIX/XwjGX4pxb7jCm3o/nWIqPV32ruHfef6jN1cc0r/zqVx7uafAo 4eAA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-26-ardb+git@google.com> Subject: [PATCH v5 02/22] x86/sev: Use MSR protocol for remapping SVSM calling area From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel As the preceding code comment already indicates, remapping the SVSM calling area occurs long before the GHCB page is configured, and so calling svsm_perform_call_protocol() is guaranteed to result in a call to svsm_perform_msr_protocol(). So just call the latter directly. This allows most of the GHCB based API infrastructure to be moved out of the startup code in a subsequent patch. Signed-off-by: Ard Biesheuvel Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Tom Lendacky --- arch/x86/boot/startup/sev-shared.c | 11 +++++++++++ arch/x86/boot/startup/sev-startup.c | 5 ++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index c401d0391537..60ab09b3149d 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -723,6 +723,17 @@ static void __head setup_cpuid_table(const struct cc_b= lob_sev_info *cc_info) } } =20 +static int __head svsm_call_msr_protocol(struct svsm_call *call) +{ + int ret; + + do { + ret =3D svsm_perform_msr_protocol(call); + } while (ret =3D=3D -EAGAIN); + + return ret; +} + static void __head svsm_pval_4k_page(unsigned long paddr, bool validate) { struct svsm_pvalidate_call *pc; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 0b7e3b950183..c30e0eed0131 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -295,7 +295,6 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) static __head void svsm_setup(struct cc_blob_sev_info *cc_info) { struct svsm_call call =3D {}; - int ret; u64 pa; =20 /* @@ -325,8 +324,8 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) call.caa =3D svsm_get_caa(); call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); call.rcx =3D pa; - ret =3D svsm_perform_call_protocol(&call); - if (ret) + + if (svsm_perform_msr_protocol(&call)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CA_REMAP_FAIL); =20 boot_svsm_caa =3D (struct svsm_ca *)pa; --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB15A279358 for ; Wed, 16 Jul 2025 03:22:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636154; cv=none; b=H3+mCmq9ULRX3fyuNxe8oGnDxOVcYmFpqHgJt1prYO57jowSMZGnc0wTPaQRAT/9t5VA4gHooJM6Y1JzaSU25TLdZ//yb/sjrZlVFurdYTEgQXrzLHrZHPDhkO9XFhN4+weDK+9P1F54zMGb+GuLFmHSCJuIbyAmC8H0hGLTX4s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636154; c=relaxed/simple; bh=v49A8oJS6XIvuwuTx1VFy54/JzeUn5KIraycKxlteqs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=RQlU9LaytuPdTpjJ7/PMZkbs8j49vGy9ttL281Rp5VTKw1+9n3X5skyTc8jK2IVTe6SdbkZBkmXL64cGEnCO/PmReOeIexBdEe24QnnC9RWGawAJOt3LsIl3PlLWGaFOi8Tp3H2GAOmOFh5AgeBcj11ZCsn3M+6oYQIZK9OFz2M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WTuR8Lya; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WTuR8Lya" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3a4eec544c6so2750929f8f.0 for ; Tue, 15 Jul 2025 20:22:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636150; x=1753240950; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Mi64TGEjZdXwCQTgfas3h0zEj8AJDhCG3MKZkP4tXPw=; b=WTuR8LyaEUuWQw1nIrAX9f/q+NvaSlLGFU/D54Epxf3AgDow0pHNs/ijgiTMg45B8/ DEolqd+jx0HEWC4JGDURI6WMQuywAriCtF6/w3sPkHaT9rMOL8UOGJZL2ale9EgrpcHC CWeAhcAYVTqEmptqNZSiwuqE2KIB3Iz6LvpmkRMlyf46IiAZVr1TRevg4m1Emq/FZbmc AsZSOlSS1w+cvUn8xqX+oprtyy/vx+aTwc39XRY9Y60AW3omdvmclpazyEA1asZTeiNQ 1zMkTy4vqif2/rHT6SfwLmHNOr7BCmnUaT4zvARwe5dTkv5+uLxbEGinvTYIlYnhLdJt XQfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636150; x=1753240950; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Mi64TGEjZdXwCQTgfas3h0zEj8AJDhCG3MKZkP4tXPw=; b=KCUsC9h0u5XoHoltNKQDLpSrSFnp8AayKVyAJf2M7zm/r938SmLBwUqiS5Z4VY/txL ahRs7VtWbb6ril14KI3Du5WbQ2hrKjcg7dGZPW2eOk4oeECgw4E7hSjn4eUraNMIcJNX fUlEXac4LPZlEPJ2yBFvz5AgbvLBCb1f1tDlSaVJq24HXm6ktLD+vHC6F8SPvGVI8+WF hz2ETCa7XWYXTfGkVFvXzXo6j2tfp5CyoH6UJNsxXUPeTphpDCpDGM9ZvA1gmtyKb2Jy yWBi94fZh17LyROalhkftEHICcHsJj1zTFUQxtGOqwLNskR0+KxYWIVB0MFx1JSdpcIp bLLQ== X-Gm-Message-State: AOJu0YzxLMrucET9BWovQYFcWoz0LXMFE+AgkEddyDMk+RdCTAix6Qba S8d+w5nb+cdbJgsrEkZU73YqBoSRRJElZRpaGyy59JOlULcdJ8tBsnQUJbGCrN9cBuNgTVnMoMO Brc2vivXuul+lWCH8BHxDuIdq8H/fpqdlQf71rQCy3Gb8a7Deb0MLZhQrot2xZiX2RmUbyNnVsa yi5PdhVqBaxcaqbue/CkK8+OwcMdgbw5LhbA== X-Google-Smtp-Source: AGHT+IFvD4STBOnkjJYNd4Id+yAHrRPbfs07BpcSGB5HyjYmjd9G5CHucDREwE65rbGFj24wuyPeA5D0 X-Received: from wmsr24.prod.google.com ([2002:a05:600c:8b18:b0:456:1194:a7e7]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2d81:b0:3a3:63d3:369a with SMTP id ffacd0b85a97d-3b60dd5644bmr605053f8f.25.1752636150405; Tue, 15 Jul 2025 20:22:30 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:18 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2785; i=ardb@kernel.org; h=from:subject; bh=ITSBnwqgCdNtJ0pcaAFCwSDtx+3Mc2gbtLjwRHRy5Ig=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcivdTPWeG2tS5vf3JJh1plUu1YqZccrjmWvHD3lTnt /yb+487SlkYxLgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwETsNzL8M3qzacMNx+snTxQc 3+/EvFny1Ra+orYXczivLhV/UfVz1keG3yxXtv6ZdE2I+/HpM6fsVl17KqxQYjO/QPTts1qf8Mb Qh2wA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-27-ardb+git@google.com> Subject: [PATCH v5 03/22] x86/sev: Use MSR protocol only for early SVSM PVALIDATE call From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The early page state change API performs an SVSM call to PVALIDATE each page when running under a SVSM, and this involves either a GHCB page based call or a call based on the MSR protocol. The GHCB page based variant involves VA to PA translation of the GHCB address, and this is best avoided in the startup code, where virtual addresses are ambiguous (1:1 or kernel virtual). As this is the last remaining occurrence of svsm_perform_call_protocol() in the startup code, switch to the MSR protocol exclusively in this particular case, so that the GHCB based plumbing can be moved out of the startup code entirely in a subsequent patch. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 20 -------------------- arch/x86/boot/startup/sev-shared.c | 9 ++++++--- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index fd1b67dfea22..b71c1ab6a282 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -50,31 +50,11 @@ u64 svsm_get_caa_pa(void) return boot_svsm_caa_pa; } =20 -int svsm_perform_call_protocol(struct svsm_call *call); - u8 snp_vmpl; =20 /* Include code for early handlers */ #include "../../boot/startup/sev-shared.c" =20 -int svsm_perform_call_protocol(struct svsm_call *call) -{ - struct ghcb *ghcb; - int ret; - - if (boot_ghcb) - ghcb =3D boot_ghcb; - else - ghcb =3D NULL; - - do { - ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); - } while (ret =3D=3D -EAGAIN); - - return ret; -} - static bool sev_snp_enabled(void) { return sev_status & MSR_AMD64_SEV_SNP_ENABLED; diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 60ab09b3149d..d9c0c64d80fe 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -740,7 +740,6 @@ static void __head svsm_pval_4k_page(unsigned long padd= r, bool validate) struct svsm_call call =3D {}; unsigned long flags; u64 pc_pa; - int ret; =20 /* * This can be called very early in the boot, use native functions in @@ -764,8 +763,12 @@ static void __head svsm_pval_4k_page(unsigned long pad= dr, bool validate) call.rax =3D SVSM_CORE_CALL(SVSM_CORE_PVALIDATE); call.rcx =3D pc_pa; =20 - ret =3D svsm_perform_call_protocol(&call); - if (ret) + /* + * Use the MSR protocol exclusively, so that this code is usable in + * startup code where VA/PA translations of the GHCB page's address may + * be problematic. + */ + if (svsm_call_msr_protocol(&call)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); =20 native_local_irq_restore(flags); --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 415C9279DD3 for ; Wed, 16 Jul 2025 03:22:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636155; cv=none; b=A2YQQ6LkJWoRuZQC0Soy3YzSicoYMN6Q/zUX8s17MHqh+1QjyBFeP0K2+JFpPHAWczphnt3yfKLgb1vWZNLg3QJvRHgJfqQxO8Vrq3ee4XqmFGI3Lf3ka2cAzidSw1dzeeM3RXYmwUyMpxKnGR+udJ3KSANVBWInfh3eTz4JHMA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636155; c=relaxed/simple; bh=dwWCVYWLxvz5MeaLqdk6rU+JPa17U0A/FyYg+rIEEKA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=dtcfE83+ylnfjG829VNAboqGptqhNpHnFQ/A/nN3PEuG3N+8kfsqvABHry0OkaHVfguVCYmmQ2+QKXzXNTm/4O3vZyKwBo6jUnXimHEgoDd3Fflfti7tK8e48JC9bG3iF8q5F4Bebg+EwxLFSU8RRzEyfK7NI5BOn5H0gv6+N4E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3jkSRlII; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3jkSRlII" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a50816cc58so2116645f8f.3 for ; Tue, 15 Jul 2025 20:22:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636151; x=1753240951; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=/jHar7LpfB+CDDd+fbj3NyAJt7qq3hvz0nbJoCsOjz0=; b=3jkSRlIIIEjeccQ7+2f8VkIpyVTLuFr7Wof1AoczY8rPZUiDn06w8qyPpXnO8Levkp izybGnGL+n47HpQl05Px8ZSf3vcqzLuvaNM2SXCGLaIl6ochR3kMVLMBqcxOwuGstDq9 mC0202lvEcTqYVtBYKuHy6q1bpjgBdvZMYTgpjVNe74tjauj53uRuLQp+pen2XszYEiQ 2tBGboxWCYF35aYajxNuLVwouDkurTJkIB7AON7PCnxUJTvhQPUnPbxIv2zy1s2M1jT2 xMs07XXZ6rB+DVBnLrvyce5Ul0b1LKN0/1b9Om/i3zELiDsws2P5MXCOyh28u5Ecq3RL kfqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636151; x=1753240951; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/jHar7LpfB+CDDd+fbj3NyAJt7qq3hvz0nbJoCsOjz0=; b=mVJZspJ696sB5+g0G1tRCcGWmkOcpqyYpJ3XinM+hCrSM0+8XY94CUe2wsLArCTo6C mFFjHDSn8Narn0dnaMYiDKcmJ/8cj06Dq1hy2hqtkvTpswoI/hst300fnKtEHELQrKFJ nFei7lhypLxwpSgosDY6DVKaTObPu+j5y6YcokeYUeEO8QzyaO0CpIOQTY15ulUCvgR2 Z7DFJbrpg4zFZ7Avs7c/2PoHIhrY8Oc2qB1jj0aqGfNXPA+XrxJYQA6ySVNPMgJEeH70 ZjJEwWC6HwKEmEX2hZSe64YTlarB3PT//txhu1Htubll87+vV/6FCD5q6+X9d6FDcHmF iH3g== X-Gm-Message-State: AOJu0Yz8zhXRUhEY13mSGdiUsrS+PzCSqbFzIr4h2ms1HAoGVSNtLHAM Hj3rKxnfwWXpXbgwsUSZPWijzNNIBicYsA020KPx+zilud7A7rWxFK31w0zwr5YEmLvbNCiOuC4 997vOrcDW0F1nEGT1LpoeXn37uETMRpZNMYGQmXJamNn/EqhkNmEu/78Zlow9D0Y6oa3sjh9SqM BZQYgZLzsDfB1nIOa52dWbYiDxK/02oUvCXg== X-Google-Smtp-Source: AGHT+IFEuJ4DENIJrP3qoayaohC8oM7ZFjNQPr9UUJ7+oEl5naP+4gZNWHLaAp+vi1pyt3SJfKEIVuCG X-Received: from wroy15.prod.google.com ([2002:adf:f14f:0:b0:3b2:14c1:2180]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:4412:b0:3a4:dd8e:e16b with SMTP id ffacd0b85a97d-3b60dd5520cmr677901f8f.20.1752636151576; Tue, 15 Jul 2025 20:22:31 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:19 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2885; i=ardb@kernel.org; h=from:subject; bh=Ooeu1U7xEvLSy0dm4Twfp3IBY3u7/SJY928wtFYKXhs=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcSmg9T0VvQUvpihn79b/dE/D8erhkl12zu9idkn0n2 qcFOTl3lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgImcb2Bk2CPVwHhwod1reaFH vWyxl09x+cyv/bcp/Nm3K2VPzzHdO8fwv8jQ/ldvSuv2iSedGUqUF0yKVhbl57suHOE7YYrxMQ8 ZBgA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-28-ardb+git@google.com> Subject: [PATCH v5 04/22] x86/sev: Run RMPADJUST on SVSM calling area page to test VMPL From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Determining the VMPL at which the kernel runs involves performing a RMPADJUST operation on an arbitrary page of memory, and observing whether it succeeds. The use of boot_ghcb_page in the core kernel in this case is completely arbitrary, but results in the need to provide a PIC alias for it. So use boot_svsm_ca_page instead, which already needs this alias for other reasons. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 2 +- arch/x86/boot/startup/sev-shared.c | 5 +++-- arch/x86/boot/startup/sev-startup.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index b71c1ab6a282..3628e9bddc6a 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -327,7 +327,7 @@ static bool early_snp_init(struct boot_params *bp) * running at VMPL0. The CA will be used to communicate with the * SVSM and request its services. */ - svsm_setup_ca(cc_info); + svsm_setup_ca(cc_info, rip_rel_ptr(&boot_ghcb_page)); =20 /* * Pass run-time kernel a pointer to CC info via boot_params so EFI diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index d9c0c64d80fe..cbf26466e0da 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -792,7 +792,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. */ -static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info) +static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, + void *page) { struct snp_secrets_page *secrets_page; struct snp_cpuid_table *cpuid_table; @@ -815,7 +816,7 @@ static bool __head svsm_setup_ca(const struct cc_blob_s= ev_info *cc_info) * routine is running identity mapped when called, both by the decompress= or * code and the early kernel code. */ - if (!rmpadjust((unsigned long)rip_rel_ptr(&boot_ghcb_page), RMP_PG_SIZE_4= K, 1)) + if (!rmpadjust((unsigned long)page, RMP_PG_SIZE_4K, 1)) return false; =20 /* diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index c30e0eed0131..4b9e8ccc0e91 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -302,7 +302,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) * running at VMPL0. The CA will be used to communicate with the * SVSM to perform the SVSM services. */ - if (!svsm_setup_ca(cc_info)) + if (!svsm_setup_ca(cc_info, rip_rel_ptr(&boot_svsm_ca_page))) return; =20 /* --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E50931E766F for ; Wed, 16 Jul 2025 03:22:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636156; cv=none; b=bM2egPaqiTE9/BmhoGmhNeZ5xQEG1y/AF+3vrQhboxX4YFXbaEC3DyJvOeGzrnzp9zUHS8zi+pJBb/Xs96pJWosXrReN+vVGXtvkQNUEMBoHaz0wG6Eem2pFU3H6vuI5GxrRscsaduMZZPvhv1Wqks+osN3CjhI9t6VD2awkGCs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636156; c=relaxed/simple; bh=J3cxhlu3On4of7n2HvsEm34PTAi5UR6mEhNOIujjIOQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MzJQUu8eejbI4cBh9weYLwWwq/qxumlhZJjjcz8mqJSO/DN2KTIjX5lDFN3kC6YaYQBQTCtb+RDG1BiXUifTYv8suemVVgO2nAlktqJ0qQXl0pEDhq+PgyPcM1CkArR1v9rKYTccMIUpVaApNNeNqyMu6yqNuN+JyTL8pVjTVrI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Z1g3y5Dt; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Z1g3y5Dt" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a4eec544c6so2750942f8f.0 for ; Tue, 15 Jul 2025 20:22:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636152; x=1753240952; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=bmmrO7tQfY/HcImyemNJXdiUbAAcOcUOCoEKJbVOy/A=; b=Z1g3y5DtbLHSJ79Jm3yOEgEXpP8asCKEAtTnEZp5Rmv0qB9tjioaFlTW2ebh7aa1oW fgPcUNyAiJdjB0A0jnwmq/BO7T6FLK+aK2SsnxrlJ36x9yoBilcpjppJNTUZ6mgQgEpK ootn1cBgG6FszKxF2kf9fYhci+eQyPTazMTGkZZTjQo6xUOGuKl39JI/ncyefGpPT3ud FXYY7uZTnGUWjPP8cfXAVE6MEd2xI9tmCTVd1PIT1YzL1GLSrKARZXJVHTmG7l+Za1iK e9fTjV7ofndlrLwG0wtQ3LUoQ0GqZWIaGCY+1kJFL11LIOLfsxGTF3jZf7rQxJN1MBo2 uhrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636152; x=1753240952; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bmmrO7tQfY/HcImyemNJXdiUbAAcOcUOCoEKJbVOy/A=; b=etttLm7bISaKjwMIcqGryaC38IKMZKSv3v2JIpmtgqjio5tEC8y/RZ1lO866jxV9Hg B3+ZlDsVl/+JAOwJSEFky00IiPQvNZn5WNdlfQ9MHdcJu7exH6HwoX89z4jf3uKoer4C +5Hs5b770lN0crfZzUZlWMlyyEM55qaDR3l03o5rjSU7RCXIK+IrPy07WVgX9jOdKOcF HlHz1ZzrNYkPPZD45lfTrAp6pug290D43A5B7UqPyr66VyoWRI6296Cvcwi5gdUDsZpv XNa/iCUlynj09ht+fGkb8zb6TfWoSA3RpG8CWFC6TOZ7Sah0eMh9DLRzm3JXVYp5Oi5j NcEA== X-Gm-Message-State: AOJu0Yy6LkL3yguzcYjuEK8ah+1JlkjC5mU4pPRFcFnsUA5hZ89Gm/3C 174eVIaqLABY9PkNK39rbj+gOmhdoOxq+qf8jyc5y7ypSm8tAduBYWpSsUznvt3zCMzeVdLtIcO 9R4OBYCYSZJ0akN6SseZztHc76FHc9T8whRzrRn7NjQ93BSoTvG8LXCj10oBeaouT+xRM5XilPK fR70UoSx8op/XUxXkKbNYotFO3nId0wayb2w== X-Google-Smtp-Source: AGHT+IE+4JvfCNOgb6OzXq6p3kPKXy2jWAS9laxS/8ckYHL2Y6KsuFxyv0gsEXdAoO+os+1vhembSZ2Z X-Received: from wmth16.prod.google.com ([2002:a05:600c:8b70:b0:456:2003:32a5]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:6492:0:b0:3b5:f165:14e1 with SMTP id ffacd0b85a97d-3b60dd7f8a4mr644271f8f.38.1752636152461; Tue, 15 Jul 2025 20:22:32 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:20 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=18264; i=ardb@kernel.org; h=from:subject; bh=oVXx6knbQaFRfu6vL/pNXNJ6cvQZHT172apJcrZi6H0=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcSlzk0qYX/zU9rbm0bx1Wf5Xme2dnB5/2tereEt07K suSQt53lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgInkmzMyzHE78OCFzvv3Lr/8 FV7t6JvbdpjdPdHq2d9mDZnmHO+zRYwMG4KFep0XpX5+Otk9Wu1+edeq1YECl8++fXneOF+NV76 FGQA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-29-ardb+git@google.com> Subject: [PATCH v5 05/22] x86/sev: Move GHCB page based HV communication out of startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Both the decompressor and the core kernel implement an early #VC handler, which only deals with CPUID instructions, and full featured one, which can handle any #VC exception. The former communicates with the hypervisor using the MSR based protocol, whereas the latter uses a shared GHCB page, which is configured a bit later during the boot, when the kernel runs from its ordinary virtual mapping, rather than the 1:1 mapping that the startup code uses. Accessing this shared GHCB page from the core kernel's startup code is problematic, because it involves converting the GHCB address provided by the caller to a physical address. In the startup code, virtual to physical address translations are problematic, given that the virtual address might be a 1:1 mapped address, and such translations should therefore be avoided. This means that exposing startup code dealing with the GHCB to callers that execute from the ordinary kernel virtual mapping should be avoided too. So move all GHCB page based communication out of the startup code, now that all communication occurring before the kernel virtual mapping is up relies on the MSR protocol only. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev-handle-vc.c | 3 + arch/x86/boot/startup/sev-shared.c | 143 +------------------- arch/x86/boot/startup/sev-startup.c | 42 ------ arch/x86/coco/sev/core.c | 76 +++++++++++ arch/x86/coco/sev/vc-handle.c | 2 + arch/x86/coco/sev/vc-shared.c | 94 +++++++++++++ arch/x86/include/asm/sev-internal.h | 7 +- arch/x86/include/asm/sev.h | 11 +- 8 files changed, 190 insertions(+), 188 deletions(-) diff --git a/arch/x86/boot/compressed/sev-handle-vc.c b/arch/x86/boot/compr= essed/sev-handle-vc.c index 89dd02de2a0f..7530ad8b768b 100644 --- a/arch/x86/boot/compressed/sev-handle-vc.c +++ b/arch/x86/boot/compressed/sev-handle-vc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 =20 #include "misc.h" +#include "error.h" #include "sev.h" =20 #include @@ -14,6 +15,8 @@ #include =20 #define __BOOT_COMPRESSED +#undef __init +#define __init =20 /* Basic instruction decoding support needed */ #include "../../lib/inat.c" diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index cbf26466e0da..f9de8b33de6c 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -13,12 +13,9 @@ =20 #ifndef __BOOT_COMPRESSED #define error(v) pr_err(v) -#define has_cpuflag(f) boot_cpu_has(f) #else #undef WARN #define WARN(condition, format...) (!!(condition)) -#undef vc_forward_exception -#define vc_forward_exception(c) panic("SNP: Hypervisor requested exceptio= n\n") #endif =20 /* @@ -39,7 +36,7 @@ u64 boot_svsm_caa_pa __ro_after_init; * * GHCB protocol version negotiated with the hypervisor. */ -static u16 ghcb_version __ro_after_init; +u16 ghcb_version __ro_after_init; =20 /* Copy of the SNP firmware's CPUID page. */ static struct snp_cpuid_table cpuid_table_copy __ro_after_init; @@ -54,16 +51,6 @@ static u32 cpuid_std_range_max __ro_after_init; static u32 cpuid_hyp_range_max __ro_after_init; static u32 cpuid_ext_range_max __ro_after_init; =20 -bool __init sev_es_check_cpu_features(void) -{ - if (!has_cpuflag(X86_FEATURE_RDRAND)) { - error("RDRAND instruction not supported - no trusted source of randomnes= s available\n"); - return false; - } - - return true; -} - void __head __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { @@ -100,72 +87,7 @@ u64 get_hv_features(void) return GHCB_MSR_HV_FT_RESP_VAL(val); } =20 -void snp_register_ghcb_early(unsigned long paddr) -{ - unsigned long pfn =3D paddr >> PAGE_SHIFT; - u64 val; - - sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn)); - VMGEXIT(); - - val =3D sev_es_rd_ghcb_msr(); - - /* If the response GPA is not ours then abort the guest */ - if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_REG_GPA_RESP) || - (GHCB_MSR_REG_GPA_RESP_VAL(val) !=3D pfn)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER); -} - -bool sev_es_negotiate_protocol(void) -{ - u64 val; - - /* Do the GHCB protocol version negotiation */ - sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ); - VMGEXIT(); - val =3D sev_es_rd_ghcb_msr(); - - if (GHCB_MSR_INFO(val) !=3D GHCB_MSR_SEV_INFO_RESP) - return false; - - if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN || - GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX) - return false; - - ghcb_version =3D min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX= ); - - return true; -} - -static enum es_result verify_exception_info(struct ghcb *ghcb, struct es_e= m_ctxt *ctxt) -{ - u32 ret; - - ret =3D ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0); - if (!ret) - return ES_OK; - - if (ret =3D=3D 1) { - u64 info =3D ghcb->save.sw_exit_info_2; - unsigned long v =3D info & SVM_EVTINJ_VEC_MASK; - - /* Check if exception information from hypervisor is sane. */ - if ((info & SVM_EVTINJ_VALID) && - ((v =3D=3D X86_TRAP_GP) || (v =3D=3D X86_TRAP_UD)) && - ((info & SVM_EVTINJ_TYPE_MASK) =3D=3D SVM_EVTINJ_TYPE_EXEPT)) { - ctxt->fi.vector =3D v; - - if (info & SVM_EVTINJ_VALID_ERR) - ctxt->fi.error_code =3D info >> 32; - - return ES_EXCEPTION; - } - } - - return ES_VMM_ERROR; -} - -static inline int svsm_process_result_codes(struct svsm_call *call) +int svsm_process_result_codes(struct svsm_call *call) { switch (call->rax_out) { case SVSM_SUCCESS: @@ -193,7 +115,7 @@ static inline int svsm_process_result_codes(struct svsm= _call *call) * - RAX specifies the SVSM protocol/callid as input and the return co= de * as output. */ -static __always_inline void svsm_issue_call(struct svsm_call *call, u8 *pe= nding) +void svsm_issue_call(struct svsm_call *call, u8 *pending) { register unsigned long rax asm("rax") =3D call->rax; register unsigned long rcx asm("rcx") =3D call->rcx; @@ -216,7 +138,7 @@ static __always_inline void svsm_issue_call(struct svsm= _call *call, u8 *pending) call->r9_out =3D r9; } =20 -static int svsm_perform_msr_protocol(struct svsm_call *call) +int svsm_perform_msr_protocol(struct svsm_call *call) { u8 pending =3D 0; u64 val, resp; @@ -247,63 +169,6 @@ static int svsm_perform_msr_protocol(struct svsm_call = *call) return svsm_process_result_codes(call); } =20 -static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call = *call) -{ - struct es_em_ctxt ctxt; - u8 pending =3D 0; - - vc_ghcb_invalidate(ghcb); - - /* - * Fill in protocol and format specifiers. This can be called very early - * in the boot, so use rip-relative references as needed. - */ - ghcb->protocol_version =3D ghcb_version; - ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; - - ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL); - ghcb_set_sw_exit_info_1(ghcb, 0); - ghcb_set_sw_exit_info_2(ghcb, 0); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - - svsm_issue_call(call, &pending); - - if (pending) - return -EINVAL; - - switch (verify_exception_info(ghcb, &ctxt)) { - case ES_OK: - break; - case ES_EXCEPTION: - vc_forward_exception(&ctxt); - fallthrough; - default: - return -EINVAL; - } - - return svsm_process_result_codes(call); -} - -enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, - struct es_em_ctxt *ctxt, - u64 exit_code, u64 exit_info_1, - u64 exit_info_2) -{ - /* Fill in protocol and format specifiers */ - ghcb->protocol_version =3D ghcb_version; - ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; - - ghcb_set_sw_exit_code(ghcb, exit_code); - ghcb_set_sw_exit_info_1(ghcb, exit_info_1); - ghcb_set_sw_exit_info_2(ghcb, exit_info_2); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - VMGEXIT(); - - return verify_exception_info(ghcb, ctxt); -} - static int __sev_cpuid_hv(u32 fn, int reg_idx, u32 *reg) { u64 val; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 4b9e8ccc0e91..7b38085c7218 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,15 +41,6 @@ #include #include =20 -/* For early boot hypervisor communication in SEV-ES enabled guests */ -struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); - -/* - * Needs to be in the .data section because we need it NULL before bss is - * cleared - */ -struct ghcb *boot_ghcb __section(".data"); - /* Bitmap of SEV features supported by the hypervisor */ u64 sev_hv_features __ro_after_init; =20 @@ -139,39 +130,6 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state) } } =20 -int svsm_perform_call_protocol(struct svsm_call *call) -{ - struct ghcb_state state; - unsigned long flags; - struct ghcb *ghcb; - int ret; - - /* - * This can be called very early in the boot, use native functions in - * order to avoid paravirt issues. - */ - flags =3D native_local_irq_save(); - - if (sev_cfg.ghcbs_initialized) - ghcb =3D __sev_get_ghcb(&state); - else if (boot_ghcb) - ghcb =3D boot_ghcb; - else - ghcb =3D NULL; - - do { - ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); - } while (ret =3D=3D -EAGAIN); - - if (sev_cfg.ghcbs_initialized) - __sev_put_ghcb(&state); - - native_local_irq_restore(flags); - - return ret; -} - void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index fc59ce78c477..15be9e52848d 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -101,6 +101,15 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); u8 snp_vmpl __ro_after_init; EXPORT_SYMBOL_GPL(snp_vmpl); =20 +/* For early boot hypervisor communication in SEV-ES enabled guests */ +static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); + +/* + * Needs to be in the .data section because we need it NULL before bss is + * cleared + */ +struct ghcb *boot_ghcb __section(".data"); + static u64 __init get_snp_jump_table_addr(void) { struct snp_secrets_page *secrets; @@ -154,6 +163,73 @@ static u64 __init get_jump_table_addr(void) return ret; } =20 +static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call = *call) +{ + struct es_em_ctxt ctxt; + u8 pending =3D 0; + + vc_ghcb_invalidate(ghcb); + + /* + * Fill in protocol and format specifiers. This can be called very early + * in the boot, so use rip-relative references as needed. + */ + ghcb->protocol_version =3D ghcb_version; + ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; + + ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL); + ghcb_set_sw_exit_info_1(ghcb, 0); + ghcb_set_sw_exit_info_2(ghcb, 0); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + + svsm_issue_call(call, &pending); + + if (pending) + return -EINVAL; + + switch (verify_exception_info(ghcb, &ctxt)) { + case ES_OK: + break; + case ES_EXCEPTION: + vc_forward_exception(&ctxt); + fallthrough; + default: + return -EINVAL; + } + + return svsm_process_result_codes(call); +} + +static int svsm_perform_call_protocol(struct svsm_call *call) +{ + struct ghcb_state state; + unsigned long flags; + struct ghcb *ghcb; + int ret; + + flags =3D native_local_irq_save(); + + if (sev_cfg.ghcbs_initialized) + ghcb =3D __sev_get_ghcb(&state); + else if (boot_ghcb) + ghcb =3D boot_ghcb; + else + ghcb =3D NULL; + + do { + ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) + : svsm_perform_msr_protocol(call); + } while (ret =3D=3D -EAGAIN); + + if (sev_cfg.ghcbs_initialized) + __sev_put_ghcb(&state); + + native_local_irq_restore(flags); + + return ret; +} + static inline void __pval_terminate(u64 pfn, bool action, unsigned int pag= e_size, int ret, u64 svsm_ret) { diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c index faf1fce89ed4..9a5e16f70e83 100644 --- a/arch/x86/coco/sev/vc-handle.c +++ b/arch/x86/coco/sev/vc-handle.c @@ -351,6 +351,8 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ct= xt, } =20 #define sev_printk(fmt, ...) printk(fmt, ##__VA_ARGS__) +#define error(v) +#define has_cpuflag(f) boot_cpu_has(f) =20 #include "vc-shared.c" =20 diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c index b4688f69102e..9b01c9ad81be 100644 --- a/arch/x86/coco/sev/vc-shared.c +++ b/arch/x86/coco/sev/vc-shared.c @@ -409,6 +409,53 @@ static enum es_result vc_handle_ioio(struct ghcb *ghcb= , struct es_em_ctxt *ctxt) return ret; } =20 +enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt) +{ + u32 ret; + + ret =3D ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0); + if (!ret) + return ES_OK; + + if (ret =3D=3D 1) { + u64 info =3D ghcb->save.sw_exit_info_2; + unsigned long v =3D info & SVM_EVTINJ_VEC_MASK; + + /* Check if exception information from hypervisor is sane. */ + if ((info & SVM_EVTINJ_VALID) && + ((v =3D=3D X86_TRAP_GP) || (v =3D=3D X86_TRAP_UD)) && + ((info & SVM_EVTINJ_TYPE_MASK) =3D=3D SVM_EVTINJ_TYPE_EXEPT)) { + ctxt->fi.vector =3D v; + + if (info & SVM_EVTINJ_VALID_ERR) + ctxt->fi.error_code =3D info >> 32; + + return ES_EXCEPTION; + } + } + + return ES_VMM_ERROR; +} + +enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, + struct es_em_ctxt *ctxt, + u64 exit_code, u64 exit_info_1, + u64 exit_info_2) +{ + /* Fill in protocol and format specifiers */ + ghcb->protocol_version =3D ghcb_version; + ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; + + ghcb_set_sw_exit_code(ghcb, exit_code); + ghcb_set_sw_exit_info_1(ghcb, exit_info_1); + ghcb_set_sw_exit_info_2(ghcb, exit_info_2); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + VMGEXIT(); + + return verify_exception_info(ghcb, ctxt); +} + static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) { u32 cr4 =3D native_read_cr4(); @@ -549,3 +596,50 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghc= b, =20 return ES_OK; } + +void snp_register_ghcb_early(unsigned long paddr) +{ + unsigned long pfn =3D paddr >> PAGE_SHIFT; + u64 val; + + sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn)); + VMGEXIT(); + + val =3D sev_es_rd_ghcb_msr(); + + /* If the response GPA is not ours then abort the guest */ + if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_REG_GPA_RESP) || + (GHCB_MSR_REG_GPA_RESP_VAL(val) !=3D pfn)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER); +} + +bool __init sev_es_check_cpu_features(void) +{ + if (!has_cpuflag(X86_FEATURE_RDRAND)) { + error("RDRAND instruction not supported - no trusted source of randomnes= s available\n"); + return false; + } + + return true; +} + +bool sev_es_negotiate_protocol(void) +{ + u64 val; + + /* Do the GHCB protocol version negotiation */ + sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ); + VMGEXIT(); + val =3D sev_es_rd_ghcb_msr(); + + if (GHCB_MSR_INFO(val) !=3D GHCB_MSR_SEV_INFO_RESP) + return false; + + if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN || + GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX) + return false; + + ghcb_version =3D min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX= ); + + return true; +} diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 3dfd306d1c9e..6199b35a82e4 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -2,7 +2,6 @@ =20 #define DR7_RESET_VALUE 0x400 =20 -extern struct ghcb boot_ghcb_page; extern u64 sev_hv_features; extern u64 sev_secrets_pa; =20 @@ -80,7 +79,8 @@ static __always_inline u64 svsm_get_caa_pa(void) return boot_svsm_caa_pa; } =20 -int svsm_perform_call_protocol(struct svsm_call *call); +enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt); +void vc_forward_exception(struct es_em_ctxt *ctxt); =20 static inline u64 sev_es_rd_ghcb_msr(void) { @@ -97,9 +97,6 @@ static __always_inline void sev_es_wr_ghcb_msr(u64 val) native_wrmsr(MSR_AMD64_SEV_ES_GHCB, low, high); } =20 -void snp_register_ghcb_early(unsigned long paddr); -bool sev_es_negotiate_protocol(void); -bool sev_es_check_cpu_features(void); u64 get_hv_features(void); =20 const struct snp_cpuid_table *snp_cpuid_get_table(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 2cabf617de3c..135e91a17d04 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -503,6 +503,7 @@ static inline int pvalidate(unsigned long vaddr, bool r= mp_psize, bool validate) } =20 void setup_ghcb(void); +void snp_register_ghcb_early(unsigned long paddr); void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, @@ -540,8 +541,6 @@ static __always_inline void vc_ghcb_invalidate(struct g= hcb *ghcb) __builtin_memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitm= ap)); } =20 -void vc_forward_exception(struct es_em_ctxt *ctxt); - /* I/O parameters for CPUID-related helpers */ struct cpuid_leaf { u32 fn; @@ -552,15 +551,23 @@ struct cpuid_leaf { u32 edx; }; =20 +int svsm_perform_msr_protocol(struct svsm_call *call); int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), void *ctx, struct cpuid_leaf *leaf); =20 +void svsm_issue_call(struct svsm_call *call, u8 *pending); +int svsm_process_result_codes(struct svsm_call *call); + void __noreturn sev_es_terminate(unsigned int set, unsigned int reason); enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, struct es_em_ctxt *ctxt, u64 exit_code, u64 exit_info_1, u64 exit_info_2); =20 +bool sev_es_negotiate_protocol(void); +bool sev_es_check_cpu_features(void); + +extern u16 ghcb_version; extern struct ghcb *boot_ghcb; =20 #else /* !CONFIG_AMD_MEM_ENCRYPT */ --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70AF2278E67 for ; Wed, 16 Jul 2025 03:22:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636157; cv=none; b=o1P0SkZquJr4PNLEkaPrzwtz9NVIxJeXcWhMU/2z2kAJY/ebmzrlSfC5vOdietk2r9BPwW6T/XmwmE893oLwo1SYE9tC57IeK/ItOncthsTFdoRV0DhXonGuTJaJLCsjBfBjxsdO03ymK4Kb40zMKI3v+OysvINknNWJsg2QEnM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636157; c=relaxed/simple; bh=oVYYVV7IM+oCaa8Iy2yVxJ/iXoqxeBe54KqLk1DrQiI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ges2T93/Yk/jQ5JnTDaiDuWCtmZH1Fx3UX6oswLq+3cBWKgm/qOg5QgUAmAZXd3PD50qai/dOBj0JAslCI80JMCEFNEeUzZi3aons6afsj7AxDVNF1W2HlrWU+eDFxauYq1RaNErd/FZkZ4kSeXq/kcTN4hHHGCzE1xUGpsWex8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=QZZHrIEy; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QZZHrIEy" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3a5281ba3a4so2283988f8f.0 for ; Tue, 15 Jul 2025 20:22:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636153; x=1753240953; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=jByEiSvZS6IwUNhPGQBR23wRpe9FzYy/zZntI8BuAY8=; b=QZZHrIEykoZfF9HG/Akh9C/t1PkbtGO0l53+76TS7oYY8OXRsEpFKnXfIwPTSuRyNb j10NJA2KUW7rWVr5v9ODkHPz0m979ktzOQqJWOOtDN+gMANQRsPq84tyq9VWuaJ/n/00 vWYK2qtlvxaIy2MCKi4604YtlQJ64O5LW2UWP7ypWxpHqiJakT4dR1IldITE5PTqrOeG zYhoiEE6U5bHGFfq9I9V6sLvYgQ2Gkq5WvLQnMCQME9AmTCyNoFz5uy+rEoQLAdzrtGD JWBIOmKexhp+hYXasUHlgXEuhm63L+ho/xmUv8SKGZrcw4TBlk/wRZZqD23sdyr3CQ1y ll9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636153; x=1753240953; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jByEiSvZS6IwUNhPGQBR23wRpe9FzYy/zZntI8BuAY8=; b=NVX7wcoRPjRHorv2+dORQsdZYmQ2FGoJ0UCKn+g1lgJeZorP1YWomrXD3I534UI0wu 6+9A92PDXRKOYxDsrSXPPjmZARUEu5pPbtuSI56JuX3GOB+BoE+8NZ3LD7JK1z9805A8 RTqSuwZaHcO+GfpQz5XoFHP4+HnkK0jTsc8UixaaIASH3s5NsNFn1+IpdppkcmIE3EZ6 FVzcnQucktjoxiEHr12atwYWwZt/g492XBrf2iVNQxEkIx05yr3LIbE6DBMz56JJQ8NB I6D2KaV4pu35QEIGbXG9DaCt8oJq6uONILGpgFTffiS6Qp/ed0Mtj5Ofvvo9vFeqiiSL lchA== X-Gm-Message-State: AOJu0Yx33z6EaFveJlg1dIVWLSuC4nXAYU2kiv5tP8EXeqNhrtlz3E16 k9J8wuRcrVOBKpL0+EjRX8p1pAy7wC9frzM81jyw7YiUsvRuMzMD9t6GQPGJ3ZlU8dnosUKt1lx iQrpLa2v/o/nFYDMTSeSX6YmSvdk8d5u1dv3WIFCOvf+/SDlwxPKiYdV0gnQxQqHZhuH/D8hmkV k+JGtp/qB9Z+wvJ5rvkGY7w550UeeRGsTuig== X-Google-Smtp-Source: AGHT+IGY9nciXK+vatFpkWpVbsEnraCy8r+SHWAeZXPOzd+toVAnbbhja82L4vuBpWVxvhWcuVAt8L74 X-Received: from wrpd2.prod.google.com ([2002:adf:f2c2:0:b0:3a6:d8f2:be99]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2888:b0:3b6:de9:8079 with SMTP id ffacd0b85a97d-3b60de980b8mr922638f8f.0.1752636153422; Tue, 15 Jul 2025 20:22:33 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:21 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7326; i=ardb@kernel.org; h=from:subject; bh=JFjboX8rs6+vF/XKHgjFlUmhvXqsb1ZceclwpiVnh5Q=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcSkbi/MW1d0/evG89RzBUfuahjbaeEbmrFuywL8j3c nDRm9rTUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACayU43hn+1MyzuuqVxPRDQF J0r4e4uzLMtc6fVUVn2/qWGKHvuP54wMHx4E9IRbcXbwLnsvqW0eqezlI8MiZt37tU2SjTFFNJA JAA== X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-30-ardb+git@google.com> Subject: [PATCH v5 06/22] x86/sev: Avoid global variable to store virtual address of SVSM area From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The boottime SVSM calling area is used both by the startup code running from a 1:1 mapping, and potentially later on running from the ordinary kernel mapping. This SVSM calling area is statically allocated, and so its physical address doesn't change. However, its virtual address depends on the calling context (1:1 mapping or kernel virtual mapping), and even though the variable that holds the virtual address of this calling area gets updated from 1:1 address to kernel address during the boot, it is hard to reason about why this is guaranteed to be safe. So instead, take the RIP-relative address of the boottime SVSM calling area whenever its virtual address is required, and only use a global variable for the physical address. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 5 ++--- arch/x86/boot/startup/sev-shared.c | 6 ------ arch/x86/boot/startup/sev-startup.c | 9 +++++---- arch/x86/coco/sev/core.c | 9 --------- arch/x86/include/asm/sev-internal.h | 3 +-- arch/x86/include/asm/sev.h | 2 -- arch/x86/mm/mem_encrypt_amd.c | 6 ------ 7 files changed, 8 insertions(+), 32 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 3628e9bddc6a..6c0f91d38595 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -37,12 +37,12 @@ struct ghcb *boot_ghcb; =20 #define __BOOT_COMPRESSED =20 -extern struct svsm_ca *boot_svsm_caa; extern u64 boot_svsm_caa_pa; =20 struct svsm_ca *svsm_get_caa(void) { - return boot_svsm_caa; + /* The decompressor is mapped 1:1 so VA =3D=3D PA */ + return (struct svsm_ca *)boot_svsm_caa_pa; } =20 u64 svsm_get_caa_pa(void) @@ -530,7 +530,6 @@ bool early_is_sevsnp_guest(void) =20 /* Obtain the address of the calling area to use */ boot_rdmsr(MSR_SVSM_CAA, &m); - boot_svsm_caa =3D (void *)m.q; boot_svsm_caa_pa =3D m.q; =20 /* diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index f9de8b33de6c..51f2110bc509 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -26,7 +26,6 @@ * early boot, both with identity mapped virtual addresses and proper ke= rnel * virtual addresses. */ -struct svsm_ca *boot_svsm_caa __ro_after_init; u64 boot_svsm_caa_pa __ro_after_init; =20 /* @@ -709,11 +708,6 @@ static bool __head svsm_setup_ca(const struct cc_blob_= sev_info *cc_info, if (caa & (PAGE_SIZE - 1)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CAA); =20 - /* - * The CA is identity mapped when this routine is called, both by the - * decompressor code and the early kernel code. - */ - boot_svsm_caa =3D (struct svsm_ca *)caa; boot_svsm_caa_pa =3D caa; =20 /* Advertise the SVSM presence via CPUID. */ diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 7b38085c7218..f3e247d205b7 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -252,6 +252,7 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) =20 static __head void svsm_setup(struct cc_blob_sev_info *cc_info) { + struct snp_secrets_page *secrets =3D (void *)cc_info->secrets_phys; struct svsm_call call =3D {}; u64 pa; =20 @@ -272,21 +273,21 @@ static __head void svsm_setup(struct cc_blob_sev_info= *cc_info) pa =3D (u64)rip_rel_ptr(&boot_svsm_ca_page); =20 /* - * Switch over to the boot SVSM CA while the current CA is still - * addressable. There is no GHCB at this point so use the MSR protocol. + * Switch over to the boot SVSM CA while the current CA is still 1:1 + * mapped and thus addressable with VA =3D=3D PA. There is no GHCB at this + * point so use the MSR protocol. * * SVSM_CORE_REMAP_CA call: * RAX =3D 0 (Protocol=3D0, CallID=3D0) * RCX =3D New CA GPA */ - call.caa =3D svsm_get_caa(); + call.caa =3D (struct svsm_ca *)secrets->svsm_caa; call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); call.rcx =3D pa; =20 if (svsm_perform_msr_protocol(&call)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CA_REMAP_FAIL); =20 - boot_svsm_caa =3D (struct svsm_ca *)pa; boot_svsm_caa_pa =3D pa; } =20 diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 15be9e52848d..bea67d017bf0 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1643,15 +1643,6 @@ void sev_show_status(void) pr_cont("\n"); } =20 -void __init snp_update_svsm_ca(void) -{ - if (!snp_vmpl) - return; - - /* Update the CAA to a proper kernel address */ - boot_svsm_caa =3D &boot_svsm_ca_page; -} - #ifdef CONFIG_SYSFS static ssize_t vmpl_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 6199b35a82e4..ffe4755962fe 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -60,7 +60,6 @@ void early_set_pages_state(unsigned long vaddr, unsigned = long paddr, DECLARE_PER_CPU(struct svsm_ca *, svsm_caa); DECLARE_PER_CPU(u64, svsm_caa_pa); =20 -extern struct svsm_ca *boot_svsm_caa; extern u64 boot_svsm_caa_pa; =20 static __always_inline struct svsm_ca *svsm_get_caa(void) @@ -68,7 +67,7 @@ static __always_inline struct svsm_ca *svsm_get_caa(void) if (sev_cfg.use_cas) return this_cpu_read(svsm_caa); else - return boot_svsm_caa; + return rip_rel_ptr(&boot_svsm_ca_page); } =20 static __always_inline u64 svsm_get_caa_pa(void) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 135e91a17d04..f3acbfcdca9a 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -519,7 +519,6 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t e= nd); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); void sev_show_status(void); -void snp_update_svsm_ca(void); int prepare_pte_enc(struct pte_enc_desc *d); void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot_t new_prot); void snp_kexec_finish(void); @@ -600,7 +599,6 @@ static inline void snp_accept_memory(phys_addr_t start,= phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } -static inline void snp_update_svsm_ca(void) { } static inline int prepare_pte_enc(struct pte_enc_desc *d) { return 0; } static inline void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot= _t new_prot) { } static inline void snp_kexec_finish(void) { } diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index faf3a13fb6ba..2f8c32173972 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -536,12 +536,6 @@ void __init sme_early_init(void) x86_init.resources.dmi_setup =3D snp_dmi_setup; } =20 - /* - * Switch the SVSM CA mapping (if active) from identity mapped to - * kernel mapped. - */ - snp_update_svsm_ca(); - if (sev_status & MSR_AMD64_SNP_SECURE_TSC) setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); } --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5532A285C99 for ; Wed, 16 Jul 2025 03:22:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636158; cv=none; b=RfquylO3XfsM24NF3fpe1kaWjrL8qck9KfABcU4VqnYI6QhGWfF+95bOoRg9r41XBLQenlqJas2+DC1tT7uHMp/GV8HVzM0Cw0ranw/+0j4M6kvVUdWcQp36lxR3okf6SBqufHRKbeEnrItp60nbm52iD6GjaBYn9NmUo7JC5QY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636158; c=relaxed/simple; bh=i67cWVaRAQ4eZncAXRCO/Umn964BhuZwxdzxTjLCZn0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SnDql9722GQTnvqrTlA5iBbvwsEfBXQQt7a8VZgQ7uhuGJsDCqzayeyCWDUGDa3DFJJB+mY3VH2pD+q0D+QRKE9tJUPqgRcFxDYbD3TtOCvKTmw39WxvzjuQuL53mARCZqtjuKtXDF4T39jOZj+fDwOC7ilK8OTV0E+8CtTpWIE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YOZV9nPg; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YOZV9nPg" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4562985ac6aso11420955e9.3 for ; Tue, 15 Jul 2025 20:22:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636155; x=1753240955; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=seVu/hlbGGJBqxPsPWxmSZOLbCHmT574aFbdl34TIuA=; b=YOZV9nPg1eOKq/2jcw/cm2yC8/ckNbiJYeiyty0WlEUEspoAvvIimhSeQ+voAzcZx9 e9/CLZycssResE9/Hg6Rbbs7f1H7szf5xZUFqYpiqJHjExf5T9SbupsHOAJ0BOH/ICfv BLNhZoKSY8aa+XmOYTShbLu5UXOzj1G59mLxNN66JK6ZTVUVdRgR2MVTyvi7K/1IAc3Z GDNdW2kiVSotV+tocZKG++UPbx6qStfyvBrPbpnHt60+ttCxJ8kL1bwXtXKCCtXvr2f3 3v3chVp5uaCwuhbY8DITZMHZf1Wtz+/Ro88bdkQpeSBb9aIUacbAQt6NJPbb2zOYGmZO cegw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636155; x=1753240955; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=seVu/hlbGGJBqxPsPWxmSZOLbCHmT574aFbdl34TIuA=; b=U+C7Tc8h0Zs/mKlwuzU+amtnAS8YCcZhMNXhz+luRMxbFUPEllqE3HfQv9W6jeQgYV nnNN8XRp8kg/wpCPx5G5MY5nQr+ZEPru4xkic07hlmlGR+WhvXjkSZS09PnPAmkmfdNv EGUKX/JMTVp/6mK4rzbdtiKNPmzl61Me0K2ovTGiNsSnl4i2uqOTKhHUi96GLCfs2QL0 5Uzq1FURnzXzNWW7Noxer26LGxYDLRS6VMWXuKVLdQ55rbIPswy8iuSVyXQljemSyI6Z Ef8YgWBaQid38VJiqKapmxjHBlIXNHSidJaF5lqoY5/l58Rb0bcZjEgBwq8Xx7wGmy3Q GSQQ== X-Gm-Message-State: AOJu0YzrsSh33jxb+jaoY92K+LIrTcvcopXOEkKzINOu06+Pg2DYfnwc tIwQjBGs9FyCHYMrfpDqGErMbtrTcIXvUR6FOfwnhZPMIHe2CKwXwdo/zAmWjygikTizL/jDTc2 uny/NUUNYAU5lBSJR19pbkYEt+VaQH9WrcGWkIjkMLBz/1oidiTng77NX4v/tPfuez9dwmBSD4t 5LwPuo1fuM+vK52bMvMxU/vxXA/ILr7/PCtg== X-Google-Smtp-Source: AGHT+IEEAn03r+iGo9sigkqWkvIUH1Lj6tDW+jx257/yXet6x8gb1hLrJBMp58icz2d+qcCpiwuD3bQS X-Received: from wmte15.prod.google.com ([2002:a05:600c:8b2f:b0:453:ec2:c7bd]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:5025:b0:441:b698:3431 with SMTP id 5b1f17b1804b1-4562ee4428amr3525365e9.28.1752636154796; Tue, 15 Jul 2025 20:22:34 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:22 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5890; i=ardb@kernel.org; h=from:subject; bh=llU6Zxgjbah9Zu77ptLCMjXMIAerw/AmqN3d/AjoSzs=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcSnHDWcU0Aa8rOwyc7D49Vbg2bduhedcbsu+YPhfim /6ltbW7o5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzk1WOG/yHPGwviIs8W3lLp Fw/3YI882tfAH3fzp0Si8o8Onsua8YwM64QyWFc8TPl992HphYRjZ439zPjrX1QdiP5aFxc054s JOwA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-31-ardb+git@google.com> Subject: [PATCH v5 07/22] x86/sev: Share implementation of MSR-based page state change From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Both the decompressor and the SEV startup code implement the exact same sequence for invoking the MSR based communication protocol to effectuate a page state change. Before tweaking the internal APIs used in both versions, merge them and share them so those tweaks are only needed in a single place. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 40 ++------------------ arch/x86/boot/startup/sev-shared.c | 35 +++++++++++++++++ arch/x86/boot/startup/sev-startup.c | 29 +------------- 3 files changed, 39 insertions(+), 65 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 6c0f91d38595..f714235d3222 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -60,46 +60,12 @@ static bool sev_snp_enabled(void) return sev_status & MSR_AMD64_SEV_SNP_ENABLED; } =20 -static void __page_state_change(unsigned long paddr, enum psc_op op) -{ - u64 val, msr; - - /* - * If private -> shared then invalidate the page before requesting the - * state change in the RMP table. - */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(paddr, paddr, false); - - /* Save the current GHCB MSR value */ - msr =3D sev_es_rd_ghcb_msr(); - - /* Issue VMGEXIT to change the page state in RMP table. */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); - VMGEXIT(); - - /* Read the response of the VMGEXIT. */ - val =3D sev_es_rd_ghcb_msr(); - if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); - - /* Restore the GHCB MSR value */ - sev_es_wr_ghcb_msr(msr); - - /* - * Now that page state is changed in the RMP table, validate it so that i= t is - * consistent with the RMP entry. - */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(paddr, paddr, true); -} - void snp_set_page_private(unsigned long paddr) { if (!sev_snp_enabled()) return; =20 - __page_state_change(paddr, SNP_PAGE_STATE_PRIVATE); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE); } =20 void snp_set_page_shared(unsigned long paddr) @@ -107,7 +73,7 @@ void snp_set_page_shared(unsigned long paddr) if (!sev_snp_enabled()) return; =20 - __page_state_change(paddr, SNP_PAGE_STATE_SHARED); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED); } =20 bool early_setup_ghcb(void) @@ -133,7 +99,7 @@ bool early_setup_ghcb(void) void snp_accept_memory(phys_addr_t start, phys_addr_t end) { for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) - __page_state_change(pa, SNP_PAGE_STATE_PRIVATE); + __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE); } =20 void sev_es_shutdown_ghcb(void) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 51f2110bc509..eb241ff1156d 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -652,6 +652,41 @@ static void __head pvalidate_4k_page(unsigned long vad= dr, unsigned long paddr, } } =20 +static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, + enum psc_op op) +{ + u64 val, msr; + + /* + * If private -> shared then invalidate the page before requesting the + * state change in the RMP table. + */ + if (op =3D=3D SNP_PAGE_STATE_SHARED) + pvalidate_4k_page(vaddr, paddr, false); + + /* Save the current GHCB MSR value */ + msr =3D sev_es_rd_ghcb_msr(); + + /* Issue VMGEXIT to change the page state in RMP table. */ + sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); + VMGEXIT(); + + /* Read the response of the VMGEXIT. */ + val =3D sev_es_rd_ghcb_msr(); + if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); + + /* Restore the GHCB MSR value */ + sev_es_wr_ghcb_msr(msr); + + /* + * Now that page state is changed in the RMP table, validate it so that i= t is + * consistent with the RMP entry. + */ + if (op =3D=3D SNP_PAGE_STATE_PRIVATE) + pvalidate_4k_page(vaddr, paddr, true); +} + /* * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index f3e247d205b7..b4e2cb7bc44a 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -135,7 +135,6 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages, enum psc_op op) { unsigned long paddr_end; - u64 val; =20 vaddr =3D vaddr & PAGE_MASK; =20 @@ -143,37 +142,11 @@ early_set_pages_state(unsigned long vaddr, unsigned l= ong paddr, paddr_end =3D paddr + (npages << PAGE_SHIFT); =20 while (paddr < paddr_end) { - /* Page validation must be rescinded before changing to shared */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(vaddr, paddr, false); - - /* - * Use the MSR protocol because this function can be called before - * the GHCB is established. - */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); - VMGEXIT(); - - val =3D sev_es_rd_ghcb_msr(); - - if (GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) - goto e_term; - - if (GHCB_MSR_PSC_RESP_VAL(val)) - goto e_term; - - /* Page validation must be performed after changing to private */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(vaddr, paddr, true); + __page_state_change(vaddr, paddr, op); =20 vaddr +=3D PAGE_SIZE; paddr +=3D PAGE_SIZE; } - - return; - -e_term: - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); } =20 void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84989286880 for ; Wed, 16 Jul 2025 03:22:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636159; cv=none; b=d3IfvEl1qFJ097kpVFmNUElwOvwuQifVJCJ+fgVVBd5ZqW9n1qkL8XAYJRlnDnlz2PUK9LqBYAAbA9rNF1Vj399rHH48GW3LHwZH/eneMvy0yI3sxK6J12LmoT5G1SbwlRREyJTU5YNtJlkAY5ewmRphFWLj1qAA4ZtuKyRZtSM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636159; c=relaxed/simple; bh=hyOCEHD2BP/BHB/wXZzexTCfs17VdhN8Xct7u6Z/6TQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SW3OTdCKO7DJi7ToT/a+JL6HQshuaUxX7ebGLTQtV7FJs1styx3lymc06VhdBvOWc8rK116Q+/wKIIgEEQINns8s6YPCogWS1WxHVPlJYDj0SAsy7E3esGov4tPGQlZuBLNCcEhEv256IIx9GR7sFeyjDKUKHf/lPgWs+UgRzuc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MPNNShgM; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MPNNShgM" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-456175dba68so22662555e9.2 for ; Tue, 15 Jul 2025 20:22:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636156; x=1753240956; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Ie7ghjTAXJ1RjJATnR0+RLls6HNvil6BXsqkKY03oqo=; b=MPNNShgMVzBAwX8hvo0Vyr1Z/3QCpWPW101KdoziurF/I06Lf0CKjEUhYx3Rr8FuLq b1cu05ngGtymzeCRH55On40MJ3dgxbPS8/t1TXhXeoOnbmvjIy5nKfGFu8G+BGO3P2wb Lwh17do0CiT125c11GyMKbZaurMICS/HWYsXYBTbT3kQMtM+/WEokBz7oitcjD4HOZun EWyHbk6uGXUEamLk9Bvm/5kDnW69pZdWdF8Qb+aCxj8yPSj97Nnx4Rgae/qvLLrSdk6Y egp7RLCF1OJF/04TEtgbzX9mN8iXgxxr9TDuEk5tk/dLwk6E54wnaGXVPqeI0BoTQQPc JZRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636156; x=1753240956; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Ie7ghjTAXJ1RjJATnR0+RLls6HNvil6BXsqkKY03oqo=; b=uMxyXxiAKI0PK57YIjrWjuWsAJWHg9Y9DbddLDm104hG3EiNKyTl6GYF61VbVmvExA WHljSk4HV4dXyKvQCvcNCD6dgwPkgL9q3vv5YrXOnwZyvcu8/R7eXB7NV5V2ecVEjBJ+ XuYm6UNw6P5B8WCI8Jaq7ktkewTwGLNpq6nvwQXjLHTZ7Eqi014XWkVSHh8lMuv7SY00 XMR20Ve/iIraf5ilgfoohxRztEfmNzlVE2Os+tccHST8/7QSaPKGkoxhMP4fFDw4nNkY AZC3hldg0jEu7q2sA+FSeLaz82bwY9Al+qQ1+pGQzN2QTas1jIdGIiEOMt5w3052pZ71 qEgA== X-Gm-Message-State: AOJu0Yw0fcUx6ZksL/aA0FapDYbJDzIojskbeXw3h4XLEfGtG3278zqL czaLEim9M3P3tyJiKQAND0MzRhcPaGJSnhqAvaeZA39B7SRT7V5Oks+J+10TEX9F449M2kFBXro VIJSgmwhq+2l/J1PJuL3hEODCt2GiB8OSwO9y8JwcfvYa6wsuio9vweKyvQUtPzWkDG5XMM+nD8 sAiBeCd1GQK2Q9dQnSjKc9GWplL+Umriy1zQ== X-Google-Smtp-Source: AGHT+IFWEjTGKJC0P+l/6U1ojJjIwXduaOUN+ZHQZNlS4h1A3hUnAS0bLiY0kzHEFrxpEU9mloI1sYNT X-Received: from wmsr5.prod.google.com ([2002:a05:600c:8b05:b0:456:15bd:a297]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1d20:b0:43c:e70d:44f0 with SMTP id 5b1f17b1804b1-4562e36c6d3mr7961485e9.19.1752636156038; Tue, 15 Jul 2025 20:22:36 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:23 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7692; i=ardb@kernel.org; h=from:subject; bh=Dgsh787GUJSIpiPFllr2H7qbaHO4zGl5ERrfzXk+iCw=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcSq26R/SC4a5fzd5rHNdKcs52YuM+4layV+nWcbeDr 31WtKt3lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIls/sXwz/Ki78XyI6FvFkvu ULS+nP12H2PjfI0jL944fQw8+VeKW5Lhr3xO+dlShp1cwvkFkob//WZ8kNoc5xMlI2KQaFDyYNl rDgA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-32-ardb+git@google.com> Subject: [PATCH v5 08/22] x86/sev: Pass SVSM calling area down to early page state change API From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The early page state change API is mostly only used very early, when only the boot time SVSM calling area is in use. However, this API is also called by the kexec finishing code, which runs very late, and potentially from a different CPU (which uses a different calling area). To avoid pulling the per-CPU SVSM calling area pointers and related SEV state into the startup code, refactor the page state change API so the SVSM calling area virtual and physical addresses can be provided by the caller. No functional change intended. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 12 +++++++++--- arch/x86/boot/startup/sev-shared.c | 17 +++++++++-------- arch/x86/boot/startup/sev-startup.c | 11 +++++++---- arch/x86/coco/sev/core.c | 3 ++- arch/x86/include/asm/sev-internal.h | 3 ++- 5 files changed, 29 insertions(+), 17 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index f714235d3222..18b0ccf517eb 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -65,7 +65,9 @@ void snp_set_page_private(unsigned long paddr) if (!sev_snp_enabled()) return; =20 - __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); } =20 void snp_set_page_shared(unsigned long paddr) @@ -73,7 +75,9 @@ void snp_set_page_shared(unsigned long paddr) if (!sev_snp_enabled()) return; =20 - __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); } =20 bool early_setup_ghcb(void) @@ -99,7 +103,9 @@ bool early_setup_ghcb(void) void snp_accept_memory(phys_addr_t start, phys_addr_t end) { for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) - __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE); + __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa); } =20 void sev_es_shutdown_ghcb(void) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index eb241ff1156d..83ca97df0808 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -598,7 +598,8 @@ static int __head svsm_call_msr_protocol(struct svsm_ca= ll *call) return ret; } =20 -static void __head svsm_pval_4k_page(unsigned long paddr, bool validate) +static void __head svsm_pval_4k_page(unsigned long paddr, bool validate, + struct svsm_ca *caa, u64 caa_pa) { struct svsm_pvalidate_call *pc; struct svsm_call call =3D {}; @@ -611,10 +612,10 @@ static void __head svsm_pval_4k_page(unsigned long pa= ddr, bool validate) */ flags =3D native_local_irq_save(); =20 - call.caa =3D svsm_get_caa(); + call.caa =3D caa; =20 pc =3D (struct svsm_pvalidate_call *)call.caa->svsm_buffer; - pc_pa =3D svsm_get_caa_pa() + offsetof(struct svsm_ca, svsm_buffer); + pc_pa =3D caa_pa + offsetof(struct svsm_ca, svsm_buffer); =20 pc->num_entries =3D 1; pc->cur_index =3D 0; @@ -639,12 +640,12 @@ static void __head svsm_pval_4k_page(unsigned long pa= ddr, bool validate) } =20 static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long pa= ddr, - bool validate) + bool validate, struct svsm_ca *caa, u64 caa_pa) { int ret; =20 if (snp_vmpl) { - svsm_pval_4k_page(paddr, validate); + svsm_pval_4k_page(paddr, validate, caa, caa_pa); } else { ret =3D pvalidate(vaddr, RMP_PG_SIZE_4K, validate); if (ret) @@ -653,7 +654,7 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, } =20 static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, - enum psc_op op) + enum psc_op op, struct svsm_ca *caa, u64 caa_pa) { u64 val, msr; =20 @@ -662,7 +663,7 @@ static void __head __page_state_change(unsigned long va= ddr, unsigned long paddr, * state change in the RMP table. */ if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(vaddr, paddr, false); + pvalidate_4k_page(vaddr, paddr, false, caa, caa_pa); =20 /* Save the current GHCB MSR value */ msr =3D sev_es_rd_ghcb_msr(); @@ -684,7 +685,7 @@ static void __head __page_state_change(unsigned long va= ddr, unsigned long paddr, * consistent with the RMP entry. */ if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(vaddr, paddr, true); + pvalidate_4k_page(vaddr, paddr, true, caa, caa_pa); } =20 /* diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index b4e2cb7bc44a..7aabda0b378e 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -132,7 +132,8 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state) =20 void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, - unsigned long npages, enum psc_op op) + unsigned long npages, enum psc_op op, + struct svsm_ca *caa, u64 caa_pa) { unsigned long paddr_end; =20 @@ -142,7 +143,7 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, paddr_end =3D paddr + (npages << PAGE_SHIFT); =20 while (paddr < paddr_end) { - __page_state_change(vaddr, paddr, op); + __page_state_change(vaddr, paddr, op, caa, caa_pa); =20 vaddr +=3D PAGE_SIZE; paddr +=3D PAGE_SIZE; @@ -165,7 +166,8 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd * Ask the hypervisor to mark the memory pages as private in the RMP * table. */ - early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE); + early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE, + svsm_get_caa(), svsm_get_caa_pa()); } =20 void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, @@ -181,7 +183,8 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr return; =20 /* Ask hypervisor to mark the memory pages shared in the RMP table. */ - early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); + early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED, + svsm_get_caa(), svsm_get_caa_pa()); } =20 /* diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index bea67d017bf0..7a86a2fe494d 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -585,7 +585,8 @@ static void set_pages_state(unsigned long vaddr, unsign= ed long npages, int op) =20 /* Use the MSR protocol when a GHCB is not available. */ if (!boot_ghcb) - return early_set_pages_state(vaddr, __pa(vaddr), npages, op); + return early_set_pages_state(vaddr, __pa(vaddr), npages, op, + svsm_get_caa(), svsm_get_caa_pa()); =20 vaddr =3D vaddr & PAGE_MASK; vaddr_end =3D vaddr + (npages << PAGE_SHIFT); diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index ffe4755962fe..3b72d8217827 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -55,7 +55,8 @@ DECLARE_PER_CPU(struct sev_es_runtime_data*, runtime_data= ); DECLARE_PER_CPU(struct sev_es_save_area *, sev_vmsa); =20 void early_set_pages_state(unsigned long vaddr, unsigned long paddr, - unsigned long npages, enum psc_op op); + unsigned long npages, enum psc_op op, + struct svsm_ca *ca, u64 caa_pa); =20 DECLARE_PER_CPU(struct svsm_ca *, svsm_caa); DECLARE_PER_CPU(u64, svsm_caa_pa); --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A31D8287257 for ; Wed, 16 Jul 2025 03:22:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636160; cv=none; b=t1z1Zbh+37ZUQW1uhQbStNYWAf7LX15toOLWppOuuxockIHhfVdkxQj9IQAgfvp+C00IOCwtp2k5z0J5mx4i9ry6/mrGmId6IM02Wy/xG4IQUAQHOvT+/j6JXArbbY9Or/XgpbTu603wlRqVHsb8cyBnFrEQGkrtfavwb8vtzR8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636160; c=relaxed/simple; bh=c6F8U57CNwQO9LBMP2pJv8Ns/R2toG/98czmofLbweE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=aCiVs/U6Fk2LKZsqZfdxykA8raOXExzuCSAUV1Ay72q+M2KWAIB31w20I2eAxRf6O+y3ZYbyzcumbXYxjQWJybsK30vaOUxoDx4bjwWEwmrHFnpEyw59ZLX+TNwyBZCW8qUebRiUGkNyRhSGjemFtDhgn3IChUOsEIOrVyv7k4k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=j1yuh360; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="j1yuh360" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-456175dba68so22662655e9.2 for ; Tue, 15 Jul 2025 20:22:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636157; x=1753240957; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=my9gyPV7GpUhZ0j1D85su1Gd7h1qi/PaVo/yjWf1hSg=; b=j1yuh360uLJkLKerY0MTIVLVui4kUsnlJmu6oVFwHrwbkPtsrr4SyIo+HpbyluBG1D 1g6TjwxUBMDevQGRrjQVWMIhl3YLEYyUFnHmCr3t7y1qDHC6wytA1qYUgwTwQdTSIUx3 tKzrpc65HyqvkWyARsbwr+QdWxntw9n3tc/1bThJmjr5BeGLmCRq6CmOSMQIda2j9NsK EeHV9WbXwBcht9MkBXU3W8PduI8NGGr1MHm9Fp9Z4a2Dn1zBf2g6hHxI1EG527BT6pFx DCv2NCnlx1lVjv9AOEMLDw8tXJktFJ+8ITwA361dnsMwwKtlNJ9jygDCLaiifY9xWz8s JH0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636157; x=1753240957; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=my9gyPV7GpUhZ0j1D85su1Gd7h1qi/PaVo/yjWf1hSg=; b=CwQkcB5KPCBpJBf/dsMh0gKFfo7jxh7Nn9KlEDYSQpUR6Rp/9f+TmOV3SxBZSl091l u2GwKqbUDg1IRhTeY5aTERNZBX8+AYDEo4RxosAs2eiRp1VbEVUJBz5DztYObKRuiAz2 U7SBrkk9YW2CbvO3vnd0kRM7+5jBTOh909tnR4rrEt7VgI76aUNEjhnssBcN9CWn12RG moODHTkpA6XW9EWJvN5cMZfhqd53qWn1G6iGuj/9fdvhpzh/Z08BYH/bCuwDHGgpZMwE gXb8Dg7eicQxOIQpXGuyOQCAznSHVBWNrk514PTYSG/uyJCcmrom+zkjm1yHGA3HXhXe IDgQ== X-Gm-Message-State: AOJu0YwUdJ3Pk0I2U3hmHpg9FTTbvZgoAl+8lHXcgRoSS5Ajsk/YiHK/ BY2YO/JzyVppkm5Xwf0TBzBLaCUHNGp+BYIGju/9LvYr+tJXooQEsIZHsnWPWi4xRWY1OnxU148 RKhPxUq+Y30GP/IZqOjZdVpdwaUxmODeynr9On4m9ZfAYd3sRcjnnPbTGDeNp9uHh8zaebCQY/M SjVttBfC/47wLxkfqCbIM1iScNdElv6KpWBA== X-Google-Smtp-Source: AGHT+IGslqQ23Wi8fxCMq+Pc6u3PM8vlZFV0M8FN7RcONMrupNbWvmshZEZh+3xpbkolkKhaXNe4Bgof X-Received: from wmrn13.prod.google.com ([2002:a05:600c:500d:b0:456:1d9b:2a5d]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:64ce:b0:455:f59e:fd79 with SMTP id 5b1f17b1804b1-4562e33d64emr8756805e9.11.1752636157081; Tue, 15 Jul 2025 20:22:37 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:24 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5481; i=ardb@kernel.org; h=from:subject; bh=CWmGYplgo2z5qlfvc2ln3Mz6KFj9XYcKFlTVXqEMNjg=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcSvs7Z4JTaMLj76+4J5wQy3utepUlOVFfQd1hT0PJU TdXI/eOUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMBGHSob/Uc8XmW3JXa40wZrl +ZQfpcJ8V2vXJ4u7L7SN/dCclDEzmJHh2gnnOx87JV/wNnH23LO00O02y/rDc79moqX0kh8pF9R 4AA== X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-33-ardb+git@google.com> Subject: [PATCH v5 09/22] x86/sev: Use boot SVSM CA for all startup and init code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel To avoid having to reason about whether or not to use the per-CPU SVSM calling area when running startup and init code on the boot CPU, reuse the boot SVSM calling area as the per-CPU area for CPU #0. This removes the need to make the per-CPU variables and associated state in sev_cfg accessible to the startup code once confined. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 13 ------ arch/x86/boot/startup/sev-startup.c | 7 +-- arch/x86/coco/sev/core.c | 47 +++++++++----------- arch/x86/include/asm/sev-internal.h | 16 ------- 4 files changed, 24 insertions(+), 59 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 18b0ccf517eb..4bdf5595ed96 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -37,19 +37,6 @@ struct ghcb *boot_ghcb; =20 #define __BOOT_COMPRESSED =20 -extern u64 boot_svsm_caa_pa; - -struct svsm_ca *svsm_get_caa(void) -{ - /* The decompressor is mapped 1:1 so VA =3D=3D PA */ - return (struct svsm_ca *)boot_svsm_caa_pa; -} - -u64 svsm_get_caa_pa(void) -{ - return boot_svsm_caa_pa; -} - u8 snp_vmpl; =20 /* Include code for early handlers */ diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 7aabda0b378e..8e804369cc60 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -50,9 +50,6 @@ u64 sev_secrets_pa __ro_after_init; /* For early boot SVSM communication */ struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); =20 -DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); -DEFINE_PER_CPU(u64, svsm_caa_pa); - /* * Nothing shall interrupt this code path while holding the per-CPU * GHCB. The backup GHCB is only for NMIs interrupting this path. @@ -167,7 +164,7 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd * table. */ early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE, - svsm_get_caa(), svsm_get_caa_pa()); + rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, @@ -184,7 +181,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr =20 /* Ask hypervisor to mark the memory pages shared in the RMP table. */ early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED, - svsm_get_caa(), svsm_get_caa_pa()); + rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 /* diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 7a86a2fe494d..4fe0928bc0ad 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -46,6 +46,25 @@ #include #include =20 +DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); +DEFINE_PER_CPU(u64, svsm_caa_pa); + +static inline struct svsm_ca *svsm_get_caa(void) +{ + if (sev_cfg.use_cas) + return this_cpu_read(svsm_caa); + else + return rip_rel_ptr(&boot_svsm_ca_page); +} + +static inline u64 svsm_get_caa_pa(void) +{ + if (sev_cfg.use_cas) + return this_cpu_read(svsm_caa_pa); + else + return boot_svsm_caa_pa; +} + /* AP INIT values as documented in the APM2 section "Processor Initializa= tion State" */ #define AP_INIT_CS_LIMIT 0xffff #define AP_INIT_DS_LIMIT 0xffff @@ -1287,7 +1306,8 @@ static void __init alloc_runtime_data(int cpu) struct svsm_ca *caa; =20 /* Allocate the SVSM CA page if an SVSM is present */ - caa =3D memblock_alloc_or_panic(sizeof(*caa), PAGE_SIZE); + caa =3D cpu ? memblock_alloc_or_panic(sizeof(*caa), PAGE_SIZE) + : &boot_svsm_ca_page; =20 per_cpu(svsm_caa, cpu) =3D caa; per_cpu(svsm_caa_pa, cpu) =3D __pa(caa); @@ -1341,32 +1361,9 @@ void __init sev_es_init_vc_handling(void) init_ghcb(cpu); } =20 - /* If running under an SVSM, switch to the per-cpu CA */ - if (snp_vmpl) { - struct svsm_call call =3D {}; - unsigned long flags; - int ret; - - local_irq_save(flags); - - /* - * SVSM_CORE_REMAP_CA call: - * RAX =3D 0 (Protocol=3D0, CallID=3D0) - * RCX =3D New CA GPA - */ - call.caa =3D svsm_get_caa(); - call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); - call.rcx =3D this_cpu_read(svsm_caa_pa); - ret =3D svsm_perform_call_protocol(&call); - if (ret) - panic("Can't remap the SVSM CA, ret=3D%d, rax_out=3D0x%llx\n", - ret, call.rax_out); - + if (snp_vmpl) sev_cfg.use_cas =3D true; =20 - local_irq_restore(flags); - } - sev_es_setup_play_dead(); =20 /* Secondary CPUs use the runtime #VC handler */ diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 3b72d8217827..bdfe008120f3 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -63,22 +63,6 @@ DECLARE_PER_CPU(u64, svsm_caa_pa); =20 extern u64 boot_svsm_caa_pa; =20 -static __always_inline struct svsm_ca *svsm_get_caa(void) -{ - if (sev_cfg.use_cas) - return this_cpu_read(svsm_caa); - else - return rip_rel_ptr(&boot_svsm_ca_page); -} - -static __always_inline u64 svsm_get_caa_pa(void) -{ - if (sev_cfg.use_cas) - return this_cpu_read(svsm_caa_pa); - else - return boot_svsm_caa_pa; -} - enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt); void vc_forward_exception(struct es_em_ctxt *ctxt); =20 --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 168332877E9 for ; Wed, 16 Jul 2025 03:22:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636161; cv=none; b=fircc64RKAKvo44VoWgvueMTX6Jw80hR9kYS38ZAuyPqOXK+m7Ux/k2JqPgFR+NMlD2SEg6qOOtQuzY1JmxopdaBN6IuKDYK6sAlfrbDfKHU76hgydPqso9a181XUbR+6Ud0/eUe1euVCQ7JsimiZa4QhzP6MjRBdhlcpk3IH+8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636161; c=relaxed/simple; bh=P+SavC1Q4loaZ05B2JeU5aX7Yb4NSzAVm0w85qvgUIE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qM6/GuVDs8IptCQRlpsy1NyBPes+0Y337M2KYYCAPoX+gGpFTTYlDcQjvDRAlYC86T2HeYnRNZbUkr0fGpVDSrcmMhaGsDzXAzqQnTbkKmYM6CsAsoNH2sNnILjGiDzBJvaaTOJV4/NCDdJolusgoxtpJZZEKLT6btEwvds94lg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=KGD4YYrR; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KGD4YYrR" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4538f375e86so51833405e9.3 for ; Tue, 15 Jul 2025 20:22:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636158; x=1753240958; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=STRKiSzXX1+CE+9MYrQYA3rHLqTvbwqnLZ3WYtaLrpw=; b=KGD4YYrRe+RhjINa4f8sTjMtnhp4VgSR+J2pEzFDQGLqcSB2o0wKqCBdkAlpzu0AHU X43VmZ2943vFQHLV64LIC1d68d6z4pmfOnC8vew6sYy2uhVjyr71BXJi3sToXAgktxiA 8QvZJnEqe1na3dltd7iA/OyY9Pao9S+4SH3zvFs6HZM/UJ1+07ISw2oEQZcNaNQHQgtg iANFBTI+Ao5SRAfkkpJFIpnDAopunBmIjRRWc8Mhcsf9mwGZIBMO9A5DnxrTj9Kmdibr hTQykUGGH9emWttWJZHxjT5okwm7mUku9+vufIHqM4KJK/RupemCkR4kUXndalWaOR1S LzIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636158; x=1753240958; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=STRKiSzXX1+CE+9MYrQYA3rHLqTvbwqnLZ3WYtaLrpw=; b=pHgYK879EOBiqfQxGpuEZ4ktp9+CuKm53w2gMGDhf0koQFYjibm0fmq9rf82SXPdsA 57ZO46Uc94Ftb29mejIrrE+CKTdStG7UghPqO6iDv8kiAeAxCbaZllLfSG/Iu2BhADEB JC/qKrcXTPdueagOxY1zwuMhygdNWELWh0qdHqi5hFj1BZa9Zy3oZd3JxxJmpGq+zjMx wSScufVDmm4327cw3ud6ZXVLO4u6rkPIHg4x3ZE9RjgInOeZ4sNilIy6Q+afT5x87WK4 WPjLJkbWIZt3ZXfjJZZDpZ4bKj1Dznfy5by0KxlMNORGNjbilqJ71vmsdfuusiLloUxZ zXdA== X-Gm-Message-State: AOJu0Yx+pO2gebXBCIilmNdCNkTfWnwfO+MujamJjtKB+7n9q36YWNZX WGVgaSD8CejrtSJjbQAFbM76+/fnYWzbIUNPi8e8lbRScbNKdGEE4bzqrc5oHqL5gLuybl4PjaM Uj/M2XsyvXmJePKAYakPZFg8rD8/gMKffbGyl4nIlYLWROFa1q4EVrQox0DhEkDu4yIQxY27aN8 CZ/lmqknvdv/1kI6pCYqkuAI4XoW3ObzJ9OQ== X-Google-Smtp-Source: AGHT+IFPtHqFsyPB7SnHo472sOiQwDH0pE144RfQ4GvbZtbdPdxGjdDEtCZ71M3K619iO+uMevP/SLF9 X-Received: from wmtk5.prod.google.com ([2002:a05:600c:c4a5:b0:456:d19:9bcb]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1ca9:b0:450:b240:aaab with SMTP id 5b1f17b1804b1-4562e044fd0mr9185345e9.8.1752636158484; Tue, 15 Jul 2025 20:22:38 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:25 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2029; i=ardb@kernel.org; h=from:subject; bh=G4tJuVGhrB+QDvBjEiKr0P/IsteAttDK9B09Q2K0XSU=; b=kA0DAAoWMG4JVi59LVwByyZiAGh3GjCg/nam2Ohsxh3Tt6drdPM2tZgpWjGEl6V6qivK94zT3 Ih1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmh3GjAACgkQMG4JVi59LVyHoAEA6iK5 UO/aCvOhfd9kAeE02HOQzJgQZDBAZCiVfYviihgA/Rz/7V1bSNvHBkDwxzr2+effXbJmef11q4I NJ5syU7sE X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-34-ardb+git@google.com> Subject: [PATCH v5 10/22] x86/boot: Drop redundant RMPADJUST in SEV SVSM presence check From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel snp_vmpl will be assigned a non-zero value when executing at a VMPL other than 0, and this is inferred from a call to RMPADJUST, which only works when running at VMPL0. This means that testing snp_vmpl is sufficient, and there is no need to perform the same check again. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 4bdf5595ed96..d62722dd2de1 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -392,30 +392,16 @@ void sev_enable(struct boot_params *bp) */ if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { u64 hv_features; - int ret; =20 hv_features =3D get_hv_features(); if (!(hv_features & GHCB_HV_FT_SNP)) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); =20 /* - * Enforce running at VMPL0 or with an SVSM. - * - * Use RMPADJUST (see the rmpadjust() function for a description of - * what the instruction does) to update the VMPL1 permissions of a - * page. If the guest is running at VMPL0, this will succeed. If the - * guest is running at any other VMPL, this will fail. Linux SNP guests - * only ever run at a single VMPL level so permission mask changes of a - * lesser-privileged VMPL are a don't-care. + * Running at VMPL0 is required unless an SVSM is present and + * the hypervisor supports the required SVSM GHCB events. */ - ret =3D rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1); - - /* - * Running at VMPL0 is not required if an SVSM is present and the hyperv= isor - * supports the required SVSM GHCB events. - */ - if (ret && - !(snp_vmpl && (hv_features & GHCB_HV_FT_SNP_MULTI_VMPL))) + if (snp_vmpl > 0 && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); } =20 --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A598E288C14 for ; Wed, 16 Jul 2025 03:22:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636163; cv=none; b=qb+5iYdYamQyAogvW3pKSB6IDeUNEojs6Zhykbr3Y8dusV3bpcfg3OfPMYpszXi1FelmWb4uEg66PT7ziDa1GITWw4H/hPl+UJoo7r4eb6dJKYhvE0opAiRgg3Pzt7DrIJ+9Q4vFAr2tVhtPOdOEMgCVOMcUGvePKmTXGWQ8t9g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636163; c=relaxed/simple; bh=88wIbnPP1a1dLhlXMR2D52W04CjhXmRtjIuSBBT1WeQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ga+depN6NIi7hsNc6BS3QNMNjLey7+Vw0YcTqFaVRzpGMg7hjGM9uq5U8kzVkANREPIi9OSXzDWlBnP4aDf6PJqyApsK5D0NhdD2Xn/IpNkWMVJQybqHnpYCcOJTuCVNN1gkqyzRXtIagZs6Rp9vltMr1bHWxKo4o49hEorJaVQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=aJeJ2FM9; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="aJeJ2FM9" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45624f0be48so9618235e9.3 for ; Tue, 15 Jul 2025 20:22:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636160; x=1753240960; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=AgqR5avhQu9i9Y4o0xvmYEmE5OaurZWopQxiw2YEL3s=; b=aJeJ2FM9fETy7xnWMpSIbYdTcaykDQLVz48CzV495GcV7FEoJBZPRlpTxwLFZygLNj nHLkEE380ShGkuswi8bsgaQuR9U9s3gi0eqjKRt/fFGnZ3H2gYEv6rFMvkabCXGpv3IN MYkPvSjvB671Ek5zFsRBXGT01+xEEq7u26p7PEVEqgV5VQH/w0aG8Siz46hF24xknNUs MBYrSfbqNPdbFnhvsdvMJJFOv6BaoGBVxc3zClWrgGTv1+8cEsuVQ29FUlRGwMLek/un rgaanECvG3DnaI23BuhiHJ4ptmEeg3tCgSV57p0NUNvvL/T08kUAiGGUFvYPdT5QfoXf AVUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636160; x=1753240960; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AgqR5avhQu9i9Y4o0xvmYEmE5OaurZWopQxiw2YEL3s=; b=Vj4kBPZwMFTHF/1oWEYnqQe8frqpj6SRnEJBFoJkf5Xo7iIT+pULiv1GY60E40J3bR QkXWDeYin6lldIUfWsO9LyNLiTjT4QVDjbnkVqjRt0qzeNnc/r0nPKeTF6n//qjfBIoh ikDBMRsA4Fh7p1+NVxQn7gEF5Ur147rjKhGHWcpKGYOwJsxorS1GDodPXsi+YUVPM2CL GH2qg0SGgW6P2ULndbcx/M20+JaaxpHY078Jv62P1Pv/8wvqGS0I16trxs+GfQ/ILqoe 8YBgodXozZSGhwXGXoCFu8TEfqo4hJqZoaZfJ0FYGPFijJYdMvqWzAq8bTwqXFwbvpQ5 HESQ== X-Gm-Message-State: AOJu0YwWJKs25F8apo2Md8aLecLKPjHyfu9+nNt7rWsxA/2L8+4HtJdO w4PEEiv6hViA/8NvNW11LGEhGOKyVxq/sIRXxsR4/v0CB4SZTtCgcAAwV72C7zXy6prUzfWAS5N 4MIlbler3l3t/Dgc99+y09CqwarGa5KtIvqnrXntTuuZvno57nmnRyd49iRWbBdPjBQyMQlQ7p4 +XHB+1s7ZEfsNEKesh6GA02etPwPPytrTuHA== X-Google-Smtp-Source: AGHT+IGNDfT93GRklSDbt/V6sAfbq3BH1L4gJ6IzPmLpDANp7jhdkluNQYfT0JK8YTD3ck/cxXvNFxpd X-Received: from wmdd25.prod.google.com ([2002:a05:600c:a219:b0:456:ddf:4040]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c11:b0:43b:ca39:6c75 with SMTP id 5b1f17b1804b1-4562e274934mr9819455e9.16.1752636159879; Tue, 15 Jul 2025 20:22:39 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:26 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1051; i=ardb@kernel.org; h=from:subject; bh=/aZ0V2A8zhGGvGqcdFjf+IBZLj2TZ6Tesp02RBGOQMc=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcynSSWNjG0OSpmodPnfpsJmdVO9v7Ro+IyR6mOx6pA ZbXUg93lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIlY9zEyTFwfynm7M295v5Bb n1qk2Grm85Yyc81vpJX9qgsRYbGayPC/flrFU51MW+4dlUs2RKbff5KuVah2Wp3/5+R6Z+7p/LN YAQ== X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-35-ardb+git@google.com> Subject: [PATCH v5 11/22] x86/boot: Provide PIC aliases for 5-level paging related constants From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Provide PIC aliases for the global variables related to 5-level paging, so that the startup code can access them in order to populate the kernel page tables. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/head64.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 533fcf5636fc..1bc40d0785ee 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -52,10 +52,13 @@ SYM_PIC_ALIAS(next_early_pgt); pmdval_t early_pmd_flags =3D __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_= NX); =20 unsigned int __pgtable_l5_enabled __ro_after_init; +SYM_PIC_ALIAS(__pgtable_l5_enabled); unsigned int pgdir_shift __ro_after_init =3D 39; EXPORT_SYMBOL(pgdir_shift); +SYM_PIC_ALIAS(pgdir_shift); unsigned int ptrs_per_p4d __ro_after_init =3D 1; EXPORT_SYMBOL(ptrs_per_p4d); +SYM_PIC_ALIAS(ptrs_per_p4d); =20 unsigned long page_offset_base __ro_after_init =3D __PAGE_OFFSET_BASE_L4; EXPORT_SYMBOL(page_offset_base); --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C5BB288C9D for ; Wed, 16 Jul 2025 03:22:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636164; cv=none; b=uNPWpuMhkUJTpVUuhSXTFK+GuiFXf++Y/1xV9eGHZbFqbYX6/cy5Qx0g1eZ/W9/sTcC7+iO55fSpef3WTpOModbHf1vhpY9jMWeW/l7l90sT8/MXXjr4QiiRTSgj2Zxh27aShftrXq79NpeBDOj4Y8Z4L0YtWE6zeKOP8NI/XwE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636164; c=relaxed/simple; bh=VEmHl5eiHKjwgdYjJ41tk7HeKba97yajAex44kETR3w=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=EIKM3eGkocW6JR+SZ8XEgvk4rM41o/dpJi0S4GgS/lSVnVhihlUfqLgi4IxxIGgqS+3swZ7BcVm0so3V+QELNiDUAmK8Q4aKTbsvvL12v7XMySquv9Tz0lhkVs81P/L6RXmi6P2BWaQI1beW5YMbIHhyVh8c3PIBV2UTjsh8Wm4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1Dle8e/v; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1Dle8e/v" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-451d2037f1eso39193565e9.0 for ; Tue, 15 Jul 2025 20:22:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636161; x=1753240961; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=7boTv+di5Ys4QdIKdCT0u82t02k9U3NlxmHSylt/GQM=; b=1Dle8e/vafGySLS0GVnlCsesX6lXi3yjUM7lxUJ9ocIapW5Vp12xBOvc6fYJCPgSUK oiAsUDCBD4rci4IQxma/nPqr6c42EizYsaft0/Sw12GlFCVlxepKSglG9piNCI33+J0+ 3cj3ohTPy6jDlc1ktuNj9slQgI2gBwzG+mq6af6SsX/cYk7REPDeG+nWab/LnUNOg1Bu Mv/cUUEk6Y6qgboCSYAfS45jl59ONNW1f2HrSqrWmvZnHJoCZvmqrwMw++Uns+aSEjpC LCOtMFpre2Mo3Xye8A6cPKgw7OemVuwWABQq+7yoNekRVSFV5u3e22YAXw9Mt5+v98YC 0HDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636161; x=1753240961; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7boTv+di5Ys4QdIKdCT0u82t02k9U3NlxmHSylt/GQM=; b=M9l+2jCGKl1Unvdp2nvlNqSllBWS0fihRINhg6CgVZCcBbp0UyfRFgzsxTv3sOO+Vb ubnqx8jdi4qdATr4Angjj3Ip2W68VzJFLzV91/t4EI3ubpxDLjUR0FkG1DQUF9V1rv1R XJZOyQbkLDDn6Np6O/UMB0nzMm1jwhpztOTXZIUWiOI+7Q0hVYISaLd6nayxQ7X0A0K7 u729hxZAphcm2hslZKBgCTDOJZHVZkrc68EF0Z7zTt/ZKUqu7W//Q4qguGqEU73dy4F4 gA3aMJRf5QjlsX4Z3uDd7f3MFzDnd4vKtwl7Jfx2TMNfh6VhVmd5uFcT3HNkhHqGPU1P hR8g== X-Gm-Message-State: AOJu0YwFnc0Q6OKAAM+RNouiKBTxGLMAlmBfAPN4QjBTY8TWi0/fxdL+ XZjsIDhY+kBLlsyYb9QvPcKm7bnEVTUnbBmbZmEUTWITfVwoQDvyUzlE33q89oMRHLOP5tJaK3I 19i8GI96a3+aPgCgX6lDpW6GwidKDM9eyT+mlfjeRRBqSB7mzjh+6Kqt3ttoRHGGxDh8qZw8XVR KZF0ZrTuLtJnJu75RustJoh+9faUQNvS+4OA== X-Google-Smtp-Source: AGHT+IH77E+ebL2o5oHmwxdvizom2S9q1B2UD3+cGjn1cupv6iIWwMw6UXkcZvT1rxmNQEZ8YngR9wJI X-Received: from wmbgz1.prod.google.com ([2002:a05:600c:8881:b0:456:506:259c]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8b2f:b0:456:27a4:50ad with SMTP id 5b1f17b1804b1-4562e3a222cmr6986065e9.33.1752636160825; Tue, 15 Jul 2025 20:22:40 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:27 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5030; i=ardb@kernel.org; h=from:subject; bh=5/30+kFJeHe02LNM3vgGQ9Nc+FkodkG4zNIUYg/FT98=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcyorVfn2neu8KznZ2e6vVm+WEs02NtU/wvb8XeNWWK 233pJKOUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMBGRJwz/NNza1/godJxaXf36 +MzMpAA3tQdfSg49l1FibD4m76fXysiwTJCrgqeCye7cCtk6txTFrT0ccf99FMPnzD/Kn3Kp0YI BAA== X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-36-ardb+git@google.com> Subject: [PATCH v5 12/22] x86/sev: Provide PIC aliases for SEV related data objects From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Provide PIC aliases for data objects that are shared between the SEV startup code and the SEV code that executes later. This is needed so that the confined startup code is permitted to access them. This requires some of these variables to be moved into a source file that is not part of the startup code, as the PIC alias is already implied, and exporting variables in the opposite direction is not supported. Move ghcb_version as well, but don't provide a PIC alias as it is not actually needed. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 3 ++ arch/x86/boot/startup/sev-shared.c | 19 ----------- arch/x86/boot/startup/sev-startup.c | 9 ------ arch/x86/coco/sev/core.c | 34 ++++++++++++++++++++ 4 files changed, 37 insertions(+), 28 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index d62722dd2de1..faa6cc2f9990 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -38,6 +38,9 @@ struct ghcb *boot_ghcb; #define __BOOT_COMPRESSED =20 u8 snp_vmpl; +u16 ghcb_version; + +u64 boot_svsm_caa_pa; =20 /* Include code for early handlers */ #include "../../boot/startup/sev-shared.c" diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 83ca97df0808..cc14daf816e8 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -18,25 +18,6 @@ #define WARN(condition, format...) (!!(condition)) #endif =20 -/* - * SVSM related information: - * During boot, the page tables are set up as identity mapped and later - * changed to use kernel virtual addresses. Maintain separate virtual and - * physical addresses for the CAA to allow SVSM functions to be used dur= ing - * early boot, both with identity mapped virtual addresses and proper ke= rnel - * virtual addresses. - */ -u64 boot_svsm_caa_pa __ro_after_init; - -/* - * Since feature negotiation related variables are set early in the boot - * process they must reside in the .data section so as not to be zeroed - * out when the .bss section is later cleared. - * - * GHCB protocol version negotiated with the hypervisor. - */ -u16 ghcb_version __ro_after_init; - /* Copy of the SNP firmware's CPUID page. */ static struct snp_cpuid_table cpuid_table_copy __ro_after_init; =20 diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 8e804369cc60..733491482cbb 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,15 +41,6 @@ #include #include =20 -/* Bitmap of SEV features supported by the hypervisor */ -u64 sev_hv_features __ro_after_init; - -/* Secrets page physical address from the CC blob */ -u64 sev_secrets_pa __ro_after_init; - -/* For early boot SVSM communication */ -struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); - /* * Nothing shall interrupt this code path while holding the per-CPU * GHCB. The backup GHCB is only for NMIs interrupting this path. diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 4fe0928bc0ad..be89f0a4a28f 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -46,6 +46,29 @@ #include #include =20 +/* Bitmap of SEV features supported by the hypervisor */ +u64 sev_hv_features __ro_after_init; +SYM_PIC_ALIAS(sev_hv_features); + +/* Secrets page physical address from the CC blob */ +u64 sev_secrets_pa __ro_after_init; +SYM_PIC_ALIAS(sev_secrets_pa); + +/* For early boot SVSM communication */ +struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); +SYM_PIC_ALIAS(boot_svsm_ca_page); + +/* + * SVSM related information: + * During boot, the page tables are set up as identity mapped and later + * changed to use kernel virtual addresses. Maintain separate virtual and + * physical addresses for the CAA to allow SVSM functions to be used dur= ing + * early boot, both with identity mapped virtual addresses and proper ke= rnel + * virtual addresses. + */ +u64 boot_svsm_caa_pa __ro_after_init; +SYM_PIC_ALIAS(boot_svsm_caa_pa); + DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); DEFINE_PER_CPU(u64, svsm_caa_pa); =20 @@ -119,6 +142,17 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); */ u8 snp_vmpl __ro_after_init; EXPORT_SYMBOL_GPL(snp_vmpl); +SYM_PIC_ALIAS(snp_vmpl); + +/* + * Since feature negotiation related variables are set early in the boot + * process they must reside in the .data section so as not to be zeroed + * out when the .bss section is later cleared. + * + * GHCB protocol version negotiated with the hypervisor. + */ +u16 ghcb_version __ro_after_init; +SYM_PIC_ALIAS(ghcb_version); =20 /* For early boot hypervisor communication in SEV-ES enabled guests */ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3CC3928935F for ; Wed, 16 Jul 2025 03:22:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636165; cv=none; b=QI/r5y50waq/lfVMboNgHrfbUQ6X79tPJMgN9TGBSRyrarhcIfG2oFER3oBi/98Tb9wj/ipFMPhtYCmRtSrKkZpFqBUiOpxWbZkbkQYo48J7jam2SuWadvb2sSmhKSbohVtHslGU9VMcSIFlV5gwreDPCygKRq8uIHpZqwfrQ5k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636165; c=relaxed/simple; bh=og78V1Zb+PcEV7AazoH73d5dq2n03AsVv6Eth60PTqA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=j8fPLYS5LYsiDxF9y3NzPSmmrT6WMBQBTU6uzrlo/pNcoC+jMFXs0VNa7Zma0WfCydvFpAbMdZfRm9uFVJ7GPUXLaqkh0kCFN9O8XhMrrMAnIj9PITj3LL6JO9otjYySgGvw4T6pSYmCRnwcLF/eo4JjxGLYd84OUyu96vxUmwQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Ng/EiWLF; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Ng/EiWLF" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45626532e27so10025985e9.1 for ; Tue, 15 Jul 2025 20:22:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636162; x=1753240962; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Cpx4NiyNbT4MxlvP8PPoGquIm/1aTybUx8Yhuvtnt6I=; b=Ng/EiWLFLwu97Y2GEKBpMLikSprFT0ExTfGPfilYTqTjW95/hftKxjh2+S14pxuVQ6 n+0cKoNFV8c8we+9uQ3qL1vvXlx9exVKkdM0ejO1zunJAohcwdW4xx0oWkUSF2Tn44Tm 4+329XDRgJ2VVDIAGYikjaJ4t7wThGxBl/mUekahH9P8xuHXceyZNi2eImu9s/XZrq99 LUocuyPhwshZ/FMNeNmff6rDbw2M+hhDXz1w+U3DdcR8JH68MolxcvLeGxKDRjvl4AcH nCVZ8KNmukm6dhojTZHLbByIh2DEduW4ZYxB4oqjBhfx0G/y09KnyY1tgJ3TdVmoNvJV 4PFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636162; x=1753240962; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Cpx4NiyNbT4MxlvP8PPoGquIm/1aTybUx8Yhuvtnt6I=; b=swy5KM6c42HAUim+XWW7Cd5V+F3CZRN1V0blCyJtA4Xhxgylk+QF3r3LqIlaiqp7Hz nnR+Jw1aUTvD7IrjP8+F88ZnAmHC9+J0kRooazxFVmGH9NWkrxnWU7UaGeTY8wxVullj Jlq+XlkufggUvgjVvcjRXLBKNxA2QfCq5ftsPU3VD7WaF86fcaREsAVN2i2xbCZuZ+C7 Qv5DaQx73Wlho5xgULK3G2jsBMRxzyUK0qNeJDIlQqFXEqszPO0oOt4ic5uML/6mTebu SPP+OmP/vavziGF5VbyDPi3lMd6Sm7T5ihUsNynx3TgzwgMX0TyEIQx6b+qNViTTqfnL xRZw== X-Gm-Message-State: AOJu0Yy6wTX44joS78GixQgR3OgA+Kx83SyiGtLIo0AkJphj/Zylh8St tyFdZ7HP3vyOdCmEAzZEDFCutARlYa2QeeEWtKlSeQlbbl6ylnOLL21ow/HxeAFC9uKYhWniosn VGKP+80fn9BvxY/uCIxkT5/WiA4DtAenLBRnER8h6Uf2qZsoNimjRB1rNKTc8FhPVl/dzN3bWHO G8+CAZmMTwLaE7HjRUXqu+w5sU5AO4MgjlSA== X-Google-Smtp-Source: AGHT+IEfYtUbrbDDEmuTIbU4xaNSUCVc+LvthUFdglmYj/mvBHEHohZwX/i7QJlhPBy05B80p2bFqbzn X-Received: from wmth21.prod.google.com ([2002:a05:600c:8b75:b0:456:f62:301d]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3596:b0:445:1984:2479 with SMTP id 5b1f17b1804b1-4562e031df5mr7797245e9.5.1752636161856; Tue, 15 Jul 2025 20:22:41 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:28 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5947; i=ardb@kernel.org; h=from:subject; bh=Kgx6kkml75xrQvDgw+PvuVkStDU185KdttsrkQOiuu4=; b=kA0DAAoWMG4JVi59LVwByyZiAGh3Gj+isMUfeVAkYvn9LHKa15sacYooHRq270MbMgOfQc2N0 Ih1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmh3Gj8ACgkQMG4JVi59LVzHHQEAg4hp Woqan4eC+zx7lYWd8ePiULk9zkE8n6xKagj2E7YBAIl1ZgaVKzDBg6IqVdQNPeY/Q6wXhdcclu0 Aanou90UI X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-37-ardb+git@google.com> Subject: [PATCH v5 13/22] x86/sev: Move __sev_[get|put]_ghcb() into separate noinstr object From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Rename sev-nmi.c to noinstr.c, and move the get/put GHCB routines into it too, which are also annotated as 'noinstr' and suffer from the same problem as the NMI code, i.e., that GCC may ignore the __no_sanitize_address__ function attribute implied by 'noinstr' and insert KASAN instrumentation anyway. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/sev-startup.c | 74 -------------------- arch/x86/coco/sev/Makefile | 6 +- arch/x86/coco/sev/{sev-nmi.c =3D> noinstr.c} | 74 ++++++++++++++++++++ 3 files changed, 77 insertions(+), 77 deletions(-) diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 733491482cbb..e9238149f2cf 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,83 +41,9 @@ #include #include =20 -/* - * Nothing shall interrupt this code path while holding the per-CPU - * GHCB. The backup GHCB is only for NMIs interrupting this path. - * - * Callers must disable local interrupts around it. - */ -noinstr struct ghcb *__sev_get_ghcb(struct ghcb_state *state) -{ - struct sev_es_runtime_data *data; - struct ghcb *ghcb; - - WARN_ON(!irqs_disabled()); - - data =3D this_cpu_read(runtime_data); - ghcb =3D &data->ghcb_page; - - if (unlikely(data->ghcb_active)) { - /* GHCB is already in use - save its contents */ - - if (unlikely(data->backup_ghcb_active)) { - /* - * Backup-GHCB is also already in use. There is no way - * to continue here so just kill the machine. To make - * panic() work, mark GHCBs inactive so that messages - * can be printed out. - */ - data->ghcb_active =3D false; - data->backup_ghcb_active =3D false; - - instrumentation_begin(); - panic("Unable to handle #VC exception! GHCB and Backup GHCB are already= in use"); - instrumentation_end(); - } - - /* Mark backup_ghcb active before writing to it */ - data->backup_ghcb_active =3D true; - - state->ghcb =3D &data->backup_ghcb; - - /* Backup GHCB content */ - *state->ghcb =3D *ghcb; - } else { - state->ghcb =3D NULL; - data->ghcb_active =3D true; - } - - return ghcb; -} - /* Include code shared with pre-decompression boot stage */ #include "sev-shared.c" =20 -noinstr void __sev_put_ghcb(struct ghcb_state *state) -{ - struct sev_es_runtime_data *data; - struct ghcb *ghcb; - - WARN_ON(!irqs_disabled()); - - data =3D this_cpu_read(runtime_data); - ghcb =3D &data->ghcb_page; - - if (state->ghcb) { - /* Restore GHCB from Backup */ - *ghcb =3D *state->ghcb; - data->backup_ghcb_active =3D false; - state->ghcb =3D NULL; - } else { - /* - * Invalidate the GHCB so a VMGEXIT instruction issued - * from userspace won't appear to be valid. - */ - vc_ghcb_invalidate(ghcb); - data->ghcb_active =3D false; - } -} - void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op, diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile index db3255b979bd..53e964a22759 100644 --- a/arch/x86/coco/sev/Makefile +++ b/arch/x86/coco/sev/Makefile @@ -1,9 +1,9 @@ # SPDX-License-Identifier: GPL-2.0 =20 -obj-y +=3D core.o sev-nmi.o vc-handle.o +obj-y +=3D core.o noinstr.o vc-handle.o =20 # Clang 14 and older may fail to respect __no_sanitize_undefined when inli= ning -UBSAN_SANITIZE_sev-nmi.o :=3D n +UBSAN_SANITIZE_noinstr.o :=3D n =20 # GCC may fail to respect __no_sanitize_address when inlining -KASAN_SANITIZE_sev-nmi.o :=3D n +KASAN_SANITIZE_noinstr.o :=3D n diff --git a/arch/x86/coco/sev/sev-nmi.c b/arch/x86/coco/sev/noinstr.c similarity index 61% rename from arch/x86/coco/sev/sev-nmi.c rename to arch/x86/coco/sev/noinstr.c index d8dfaddfb367..b527eafb6312 100644 --- a/arch/x86/coco/sev/sev-nmi.c +++ b/arch/x86/coco/sev/noinstr.c @@ -106,3 +106,77 @@ void noinstr __sev_es_nmi_complete(void) =20 __sev_put_ghcb(&state); } + +/* + * Nothing shall interrupt this code path while holding the per-CPU + * GHCB. The backup GHCB is only for NMIs interrupting this path. + * + * Callers must disable local interrupts around it. + */ +noinstr struct ghcb *__sev_get_ghcb(struct ghcb_state *state) +{ + struct sev_es_runtime_data *data; + struct ghcb *ghcb; + + WARN_ON(!irqs_disabled()); + + data =3D this_cpu_read(runtime_data); + ghcb =3D &data->ghcb_page; + + if (unlikely(data->ghcb_active)) { + /* GHCB is already in use - save its contents */ + + if (unlikely(data->backup_ghcb_active)) { + /* + * Backup-GHCB is also already in use. There is no way + * to continue here so just kill the machine. To make + * panic() work, mark GHCBs inactive so that messages + * can be printed out. + */ + data->ghcb_active =3D false; + data->backup_ghcb_active =3D false; + + instrumentation_begin(); + panic("Unable to handle #VC exception! GHCB and Backup GHCB are already= in use"); + instrumentation_end(); + } + + /* Mark backup_ghcb active before writing to it */ + data->backup_ghcb_active =3D true; + + state->ghcb =3D &data->backup_ghcb; + + /* Backup GHCB content */ + *state->ghcb =3D *ghcb; + } else { + state->ghcb =3D NULL; + data->ghcb_active =3D true; + } + + return ghcb; +} + +noinstr void __sev_put_ghcb(struct ghcb_state *state) +{ + struct sev_es_runtime_data *data; + struct ghcb *ghcb; + + WARN_ON(!irqs_disabled()); + + data =3D this_cpu_read(runtime_data); + ghcb =3D &data->ghcb_page; + + if (state->ghcb) { + /* Restore GHCB from Backup */ + *ghcb =3D *state->ghcb; + data->backup_ghcb_active =3D false; + state->ghcb =3D NULL; + } else { + /* + * Invalidate the GHCB so a VMGEXIT instruction issued + * from userspace won't appear to be valid. + */ + vc_ghcb_invalidate(ghcb); + data->ghcb_active =3D false; + } +} --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-ej1-f73.google.com (mail-ej1-f73.google.com [209.85.218.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C590728A1E0 for ; Wed, 16 Jul 2025 03:22:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636166; cv=none; b=Htgd8Xb6/pDem7Ljf7A+Bf5B9LTBNt0em5z3WqQkqgfNRMHuoezOnx9pF8ND7T7srl/Z8sOgaI2fdm5ub26qijhItBElLd++vPs0M4oroCQb/lZDDJK2OkBpSRmCK76NshM/q6jTezLwnVkmJ4rGUcMQHeYI/t+Q9NsdM6cLrmk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636166; c=relaxed/simple; bh=AziSCYrqEKp3iXhsTCzhbJczPEzyYFFzm0EbdakEq+k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eAy0BkAKReL4n7rgMA7j1Q0jcB5k2PLalgZ6pXwhOJQDzy3BkeL1u+80tk9EGcCHl3kOWpVDIYaISm6VP+0Rr6GUQEXBjPmjXNp5GpYAcfLSbJFNB+451N5ZTFUP39TImYemUNPfAk34wPjU3fjesBo/PzjW2DxEglwHsdPKwQc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=D6BOr5OS; arc=none smtp.client-ip=209.85.218.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="D6BOr5OS" Received: by mail-ej1-f73.google.com with SMTP id a640c23a62f3a-ae6d6b8eacbso448479766b.0 for ; Tue, 15 Jul 2025 20:22:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636163; x=1753240963; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=mW4f9PE0jE0e9wTTI8oFMDAAeEX2PGjVbeFJW21fiSw=; b=D6BOr5OSEEp8RjKo8O9GIPnwLbToRM/OKdGFf00h/4gCbOOqOwL7pVWKfCtTjczNmy VGqh2g7cZUvFvFVJqxJ7ArEvZ+b/BacZ7TyMdk9RK/o9jX2QWrHrmo0F+LBtbzBVnLjr miNPk9zU9ASM5PSoWNIIG0AIV9F29YEGzjrCXFmeii151VtusED8az1fBzRNyWF58JdZ TRx3QdgcccGWkgefsYoaTHlXsXvnMWLwfFd88r46d+n8qDR+nWQSgO2eZpFBq32xrYnZ JTMbprJDOUIBAnxf1Yet77oBP4bk3S6AG6cbAZ+GZ4qx4f7mtp3aATKVW8Pptq99HhRg p9eQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636163; x=1753240963; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mW4f9PE0jE0e9wTTI8oFMDAAeEX2PGjVbeFJW21fiSw=; b=pnx571U7ScNYmnB8U1klkIr2JmwkWEbRKpewoZZo48ZfawqrDe5o8E5481kQMp4LM2 Y0X3OfB1H+7ZzHv6Dva4RO9ORmykJyQquqoD5CYuk6uAVYx2I44YhOJpULfWHN5qHBNe QVUmFX6fdLz62XfeYM2c28IVHVnps8jPYi3j7GJ737xWSzGI3ZZmO+G7jrm9jKvrIhdM lAJ8umRfxHUtUGtJqd6FLuX9RZgAiGhXBHJWn2pRkXP2LdAfKoXDiqyTFRmdAngpztVH t9Fjauy8eTwHzfOkYxoh3EF4HziRTCFSJM8vaZBE5koeNwLeiGq+iR9ZlG3+J/EZDzdZ 3DAw== X-Gm-Message-State: AOJu0YwXWYbu5r9KNMeHdlV7BKY6EQBZnK3v583VBGPYXUsBPsTLTG60 luA/DkEcyI3hhfGNbWHscbuIJpggO+B3lmz0OF4ZTV4mE5dIVYo7P2p5XupKM7sbgsYrqFwE5dD IggqsbjRFDnoS8pg91geKZ0HEPO9iHB/A3BH3ttbhGXHGx1wK6zQoSbClvwzGj/W/1rWBFr4Nnu a/akUPmcw16Qfi7lN6u9wEDO0IbhI4MV85qg== X-Google-Smtp-Source: AGHT+IE7qRfZXV6AQa5Rrh4wuwhw8RG3x5M0O419fRKdLvQpXtzHUAeYhnuO3NVA7apJKno6n8plR4nk X-Received: from ejbgk8.prod.google.com ([2002:a17:907:90c8:b0:ae0:c308:ee88]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a17:906:8913:b0:ade:484d:1518 with SMTP id a640c23a62f3a-ae9cde5aba4mr66713166b.26.1752636163052; Tue, 15 Jul 2025 20:22:43 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:29 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1696; i=ardb@kernel.org; h=from:subject; bh=kOQMYaSiu+ZXQWR7MbRw268I2y+/O3YrdyRKP8LesAE=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcykXG+eT+JN7tv3asvLFOzmjptq3W1+Z/fMx1+qvN+ U+mUxczdpSyMIhxMciKKbIIzP77bufpiVK1zrNkYeawMoEMYeDiFICJLGRmZHihb5b9iGv9tVe1 0Xd/cDQqv83QvRnMJyOetS0vU+TeGluG/yWawrdaVtyYF3p+GfuhRxoWzNv/7PoWIxJx4IiTlEi YMTcA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-38-ardb+git@google.com> Subject: [PATCH v5 14/22] x86/sev: Export startup routines for later use From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Create aliases that expose routines that are part of the startup code to other code in the core kernel, so that they can be called later as well. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/exports.h | 14 ++++++++++++++ arch/x86/kernel/vmlinux.lds.S | 2 ++ 2 files changed, 16 insertions(+) diff --git a/arch/x86/boot/startup/exports.h b/arch/x86/boot/startup/export= s.h new file mode 100644 index 000000000000..01d2363dc445 --- /dev/null +++ b/arch/x86/boot/startup/exports.h @@ -0,0 +1,14 @@ + +/* + * The symbols below are functions that are implemented by the startup cod= e, + * but called at runtime by the SEV code residing in the core kernel. + */ +PROVIDE(early_set_pages_state =3D __pi_early_set_pages_state); +PROVIDE(early_snp_set_memory_private =3D __pi_early_snp_set_memory_private= ); +PROVIDE(early_snp_set_memory_shared =3D __pi_early_snp_set_memory_shared); +PROVIDE(get_hv_features =3D __pi_get_hv_features); +PROVIDE(sev_es_terminate =3D __pi_sev_es_terminate); +PROVIDE(snp_cpuid =3D __pi_snp_cpuid); +PROVIDE(snp_cpuid_get_table =3D __pi_snp_cpuid_get_table); +PROVIDE(svsm_issue_call =3D __pi_svsm_issue_call); +PROVIDE(svsm_process_result_codes =3D __pi_svsm_process_result_codes); diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 4fa0be732af1..5d5e3a95e1f9 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -535,3 +535,5 @@ xen_elfnote_entry_value =3D xen_elfnote_phys32_entry_value =3D ABSOLUTE(xen_elfnote_phys32_entry) + ABSOLUTE(pvh_start_xen - LOAD_OFFSET= ); #endif + +#include "../boot/startup/exports.h" --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B11DE2877E9 for ; Wed, 16 Jul 2025 03:22:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636167; cv=none; b=RhSCdW9Sul8C/rakarzoyhnT2mhFERRLYSr8qK/k5cp8xxbKebDsIUndBl/7BX7T6u3gAdZN32vTqhEj4YhiPmXrNhVZnbxkasTnam8U7P2Q+oFVS8OTPxzdsNiBPK6Q/5Uw/ShcQ9kCbC8Kf4kmiCyyFNWhTYjgiusieb3EHCY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636167; c=relaxed/simple; bh=p335xwuasxivJxSfBt/bfL85xn1YPYtMa/fdyX2hkYw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=S5gPl7TtYMBmhPmJMd8jQ0dkWOOH9sqrqSE/GfBgt0qoRRWWT8VZG8t0gf3fSN3UKb4pdinS8Rm6WJdYPJhk6Ue0g/Mhih0NzYpq1rfhEXtTn7WvtlukozNx5E4Uu9phN0Oo+6q6msJLHp8CIGikt/fs0BSA6j3d907Nd6maLUo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Wy7hDKte; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Wy7hDKte" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3a4f8192e2cso3455020f8f.3 for ; Tue, 15 Jul 2025 20:22:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636164; x=1753240964; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=7khiFAj4YK22cn2aUX5ZXvNOvqbYT8yOs+hBn2ZA7n4=; b=Wy7hDKtewLa95R3bMrcRvGcCPLYFSF0VfKW+F53l793YvqyerPrAby0ee2/iOMC2DT N1/Hbhz5lIgeyxBypAxInJ55x7jKQ+UZvDLDdgkIdTYD/3R81KmZtzQ2slO9x+dcJMhe E6e11Ei46rjZmdedUsowQysDqjvMnbwoSP4bLP5cpKR8dxgjnETlX3Fkwtr8XZ1+nOP6 WVcEIfRvJRxG1av08OAgiL5Jm1sQIhVpMbWsLkodQJSvTl0D9COXsMDI2Wr4wlc1SUsZ 1cFcqayq1ZTYnWV8GFW/GYHKiE4CjdJwf+2LQn03B7aKHKTshRldenPi0OrhXrjwpKG3 XXmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636164; x=1753240964; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7khiFAj4YK22cn2aUX5ZXvNOvqbYT8yOs+hBn2ZA7n4=; b=bSlVNGsOC9jQtB3VXZOEJH89cuG6YLiuFTQO9Zqdz715xF6ojqso8bN1EFPEHlYVlF mdvm8+UwcowQR0331qZw4iAHJzkGPMhfKamrljZv5p8RZTd4SRzOmzHxbCifFhkzAftU 2PmYy/hC9zXQms+ed5GhmzmP5+fLA60tkKL5wbF3dYr5JiD7oSLEzHGw5rjabEDXDJ2K TRmvziFYYgrCUafbRDUGa6PV/PUZTkSqnNxu0A2n5vC/p6ubiRu9Cnnns1A4ug5G+TlV 1NoHdGBwAH2k5O7skqemnByti07d8Y+4o4adovO7xAtxY1tXMRWvauWRtfpMlhOsqe/A Ormg== X-Gm-Message-State: AOJu0YyX31NxJNKPC/0dkDxuKt+RyCiwBULYLLlQj0pU6PDReAvT33Qe gJK3e+2n4rItCmFuWS+VFlPqgxy4iaYurmE+3RwLtAFXj1bBuLj8S1vY4d4x6rhWLlhZ625sIl2 V909FYoQ8l8gS1UGfCNdSyqKW1yQcD8uP73/qUIWqyjB3W81U9SHUd58AZIyDA5lwE3WFQzsJS0 kzmg/gcGdsbG/G/zIiSm4uAsSrIf/H/DODiQ== X-Google-Smtp-Source: AGHT+IF2AGaO+mQScvryfHxDgCsObx0+rN9u21M6fulSWt9WhnXfRhnsuC2XAjckP/jNJ1QVu3osBtif X-Received: from wmrn36.prod.google.com ([2002:a05:600c:5024:b0:456:24b4:ebc3]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:64e9:0:b0:3b5:e084:283b with SMTP id ffacd0b85a97d-3b60e4c1e2fmr532728f8f.17.1752636164149; Tue, 15 Jul 2025 20:22:44 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:30 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3473; i=ardb@kernel.org; h=from:subject; bh=KBpdtqnvzVD886mHANAPiui8pBP4bXCHS8Bbbn2shFU=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcyvOdXW87y54pHVdXOsT35B7x5dI6qMFU/K5N73j1r 42CW450lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIlcl2NkWLHfR8zSbMtj3lkx N4vXhU9TrDDWiFybKS+TG7XeMCj+KsNfKc2PZy547Cr/qT6Bd0mtQ7BeZ4tmsOPj6t1Mk2beOzq DFQA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-39-ardb+git@google.com> Subject: [PATCH v5 15/22] objtool: Add action to check for absence of absolute relocations From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The x86 startup code must not use absolute references to code or data, as it executes before the kernel virtual mapping is up. Add an action to objtool to check all allocatable sections (with the exception of __patchable_function_entries, which uses absolute references for nebulous reasons) and raise an error if any absolute references are found. Note that debug sections typically contain lots of absolute references too, but those are not allocatable so they will be ignored. Signed-off-by: Ard Biesheuvel --- tools/objtool/builtin-check.c | 2 ++ tools/objtool/check.c | 36 ++++++++++++++++++++ tools/objtool/include/objtool/builtin.h | 1 + 3 files changed, 39 insertions(+) diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c index 80239843e9f0..0f6b197cfcb0 100644 --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -87,6 +87,7 @@ static const struct option check_options[] =3D { OPT_BOOLEAN('t', "static-call", &opts.static_call, "annotate static calls= "), OPT_BOOLEAN('u', "uaccess", &opts.uaccess, "validate uaccess rules for SM= AP"), OPT_BOOLEAN(0 , "cfi", &opts.cfi, "annotate kernel control flow integrit= y (kCFI) function preambles"), + OPT_BOOLEAN(0 , "noabs", &opts.noabs, "reject absolute references in all= ocatable sections"), OPT_CALLBACK_OPTARG(0, "dump", NULL, NULL, "orc", "dump metadata", parse_= dump), =20 OPT_GROUP("Options:"), @@ -162,6 +163,7 @@ static bool opts_valid(void) opts.hack_noinstr || opts.ibt || opts.mcount || + opts.noabs || opts.noinstr || opts.orc || opts.retpoline || diff --git a/tools/objtool/check.c b/tools/objtool/check.c index d967ac001498..5d1d38404892 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -4643,6 +4643,39 @@ static void disas_warned_funcs(struct objtool_file *= file) disas_funcs(funcs); } =20 +static int check_abs_references(struct objtool_file *file) +{ + struct section *sec; + struct reloc *reloc; + int ret =3D 0; + + for_each_sec(file, sec) { + /* absolute references in non-loadable sections are fine */ + if (!(sec->sh.sh_flags & SHF_ALLOC)) + continue; + + /* section must have an associated .rela section */ + if (!sec->rsec) + continue; + + /* + * Special case for compiler generated metadata that is not + * consumed until after boot. + */ + if (!strcmp(sec->name, "__patchable_function_entries")) + continue; + + for_each_reloc(sec->rsec, reloc) { + if (reloc_type(reloc) =3D=3D R_ABS64) { + WARN("section %s has absolute relocation at offset 0x%lx", + sec->name, reloc_offset(reloc)); + ret++; + } + } + } + return ret; +} + struct insn_chunk { void *addr; struct insn_chunk *next; @@ -4776,6 +4809,9 @@ int check(struct objtool_file *file) goto out; } =20 + if (opts.noabs) + warnings +=3D check_abs_references(file); + if (opts.orc && nr_insns) { ret =3D orc_create(file); if (ret) diff --git a/tools/objtool/include/objtool/builtin.h b/tools/objtool/includ= e/objtool/builtin.h index 6b08666fa69d..ab22673862e1 100644 --- a/tools/objtool/include/objtool/builtin.h +++ b/tools/objtool/include/objtool/builtin.h @@ -26,6 +26,7 @@ struct opts { bool uaccess; int prefix; bool cfi; + bool noabs; =20 /* options: */ bool backtrace; --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0937F28B3EB for ; Wed, 16 Jul 2025 03:22:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636168; cv=none; b=uFoYTbppzenzMk4EDTlfoGTat0KveBV/s/ei0fJDl9RaSCZ2g1aPz6HmUazIG5EP5YjtoEbHhdU1fj7Si2W4Kk3TbuXX7HkfVz4WtxALnLZOWYlF/9is6y4L0bMVm5ag2zrg1xkMDvvIO3nYxasGuuwq/GZ6L7dSzs+wwxD/OBE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636168; c=relaxed/simple; bh=L0nuKM1iOS5J1LrRXwl6oFJ2k3UoNAHOTrQqnHSBepc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=n60Hm8YaaI4Ljipi7Tsyt6dZUHfbhfu1sLUIXMJ1/LGB9zYLVs3XM4q6zQ+M7fTvkryXsPRjCSVc174P9EbKChyqbiygRbwh0xPR8QacX0Xi8OI5xd0nieP2KvBgl96X18uVqnG6lUg7iVqtoBRveGDGPVWMH6EyjG4sveYM1Oo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=F74jEc3w; arc=none smtp.client-ip=209.85.208.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="F74jEc3w" Received: by mail-ed1-f74.google.com with SMTP id 4fb4d7f45d1cf-60995aa5417so5104884a12.1 for ; Tue, 15 Jul 2025 20:22:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636165; x=1753240965; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=AJj7BKcgkJOUpVILvlutzG3sQyBRFRydGJczKsiTn/M=; b=F74jEc3wcIK2N8yPXlxMSHMyuh6/puUCff6GWNtB9pWnLclBpFSBllM7rwPgd+e4b2 X9ZVgBoVIyEY2kWxQzd4YKsHfsHJLIikKNLHldOEsOeVt5+R+MpE7noTVulT1VR/iXmk GIbgLrsaNTi9cBEZvmffn8UJL78/Y89fHCOS+qVU7gn+Rn2O7S1/ekgB7a1YFGa+go3d P8PyyPh+uabQ6YaSJid9OHfaKENIp5Wf0NMQ4DbX/Xks2T/P9Y56lnBDin0qi8URlvpT X1c3b7+dwB2boFCd9KCksKuMyarf09FK906pHKCK5KY+CRaZc+AfpdwwfdlxSkshi7wA wEeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636165; x=1753240965; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AJj7BKcgkJOUpVILvlutzG3sQyBRFRydGJczKsiTn/M=; b=KiYVd/XS4NgtskDYjyxEjassPweC25rjjNOxQMoSZ3QazI+nnx4xfyofJBEtaL1fGY iVBkgISgtQBbkoJ2aN/rI0Js9iyLwv4x6wREEk0LlhOqbaCoUkeFGKBBWHN7yc2vgRry FYi+coD1iy8upellWUexEZJtN7cL1Ft7OlW8lrj6ljWLhM3Sbonfnz5N3Ela4OsQA70M U0nn6qfAZo4l3ShphRk3w6DJ0T8advQxVuztn0Im923eLI7asSmHx2jRuIxe9UATKsp/ 6Z1tjfnWzSTESJZ9sVZdmV2ZgHLCr3R5gOInQ6mJdfcjPzNi4A1/wgnwWnQ/aXm9PWC4 Mo+g== X-Gm-Message-State: AOJu0Yy7UjXNqg1BIg4yV+DfFmQJnKWOHVFxP5nN54QucmaxKIZQVRf0 g/0sIO64Ks6eMlVdxdS/z31lYMzKdsvatRMAfQ91yXwxiVxxrsWpUT4feQu+d6iQDnwuRINH1Qz dPPNLzGVCYa5/N/6x/Vv5tsRN/xupPTAg34/HZaeTvUb1WV8G32dyQ08lGa2Z22Mlo3qfkKj15Q 8MmjaTRsDii7TjAuf88ynumnmV/InvmG97kg== X-Google-Smtp-Source: AGHT+IHeuPRcXPW58c1Ou6hgXM4/t+lql3E4QuE4F2sGlkq0PPpS3a860Pbw1SAm5G7yBhLu8V/nGGFh X-Received: from edjb15.prod.google.com ([2002:a50:cccf:0:b0:609:911:afb5]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6402:26c1:b0:609:99a7:f051 with SMTP id 4fb4d7f45d1cf-61285d039bamr816377a12.31.1752636165387; Tue, 15 Jul 2025 20:22:45 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:31 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1894; i=ardb@kernel.org; h=from:subject; bh=L4jffg2+Vf1ZB+P16ZYKMMQDycf2VYvq95i2j0U/b58=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcyq/C0cXRztektL9ZcKnGo7JHEdd62vdf2/PO0vHUR 9Une/52lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIlkhDAy3FN2W9jEsZUx+1VJ 14yt/m4vrBze3ah8v7As2XPuGcZya4b/bhtMXp/8n9JSZJida7A9i9dAb3VZm4tdFhvDioq86eW cAA== X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-40-ardb+git@google.com> Subject: [PATCH v5 16/22] x86/boot: Check startup code for absence of absolute relocations From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Invoke objtool on each startup code object individually to check for the absence of absolute relocations. This is needed because this code will be invoked from the 1:1 mapping of memory before those absolute virtual addresses (which are derived from the kernel virtual base address provided to the linker and possibly shifted at boot) are mapped. Only objects built under arch/x86/boot/startup/ have this restriction, and once they have been incorporated into vmlinux.o, this distinction is difficult to make. So force the invocation of objtool for each object file individually, even if objtool is deferred to vmlinux.o for the rest of the build. In the latter case, only pass --noabs and nothing else; otherwise, append it to the existing objtool command line. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index b514f7e81332..32737f4ab5a8 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -19,6 +19,7 @@ KCOV_INSTRUMENT :=3D n =20 obj-$(CONFIG_X86_64) +=3D gdt_idt.o map_kernel.o obj-$(CONFIG_AMD_MEM_ENCRYPT) +=3D sme.o sev-startup.o +pi-objs :=3D $(patsubst %.o,$(obj)/%.o,$(obj-y)) =20 lib-$(CONFIG_X86_64) +=3D la57toggle.o lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o @@ -28,3 +29,10 @@ lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o # to be linked into the decompressor or the EFI stub but not vmlinux # $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_STANDARD :=3D y + +# +# Invoke objtool for each object individually to check for absolute +# relocations, even if other objtool actions are being deferred. +# +$(pi-objs): objtool-enabled =3D 1 +$(pi-objs): objtool-args =3D $(if $(delay-objtool),,$(objtool-args-y)) --n= oabs --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 58BA128BAA5 for ; Wed, 16 Jul 2025 03:22:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636170; cv=none; b=p9BAeqhK4rKQXZsm4vDS9Di+GCGI6RXNpHjFR3vDb+0PTLOBZn8r0rf4B4SgncCIjtHDgzV0CzUfzqdAiSn9yfoyF38qlmCaccMAi6VNHooHZ4HdIIASl7n7onqXZM+YHxwkxETnnD/NK8JD9YK1jW9RF/MEZrs+HOlj8aJlOc4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636170; c=relaxed/simple; bh=AmlKbu8zJYacssviYCi6dbWYnFwBdiRVNUViWOcbTcY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VXtzmcDU50vGqU0aZml7/8Ok/vkSJKBMYeYpuYjEEMBzufDXpJnkbgW5Iv8ZTtzcQ6+zs+Qc0gMilqpOq2zJwU+k0x1hfQPORlTqPT84AclTezugbyQ38d63rmKSMT1E8g3AAcYRHAbuYAhFyVad1c1m4Mu+Cu2wgfVVjf6rqXc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ABm3Krow; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ABm3Krow" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3b20f50da27so190614f8f.0 for ; Tue, 15 Jul 2025 20:22:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636167; x=1753240967; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1hVGKhMjRai/1mEd80T8Cu2AXSEmjXsghMoyzlOM7Mo=; b=ABm3KrowQzFPJNDKEqHgEwTXI/u0uvxLNjETDAYG8uXZLRmD6hggHvDta/TsmchpIN Op11Gx9VFzpTBSaL5PZiw95fyeUarKGmv0uoEPG+gmKkCnE9WJbqZsj5eUlfTHUN60D1 /NOE5vKHl894EDRtvStEyfJm3YBehLT1gSi9L6kPZr+AwMCXXoeLhVSZwDbdOBz8OnwD nQ1XUPuqbzKHdRMi1q+cKddxFoJTK8P7PK9uxHpVANfNj3WJytEELRM3iiOZ4PvlK6QD dFgp/X5XmVwsu4DNdinzecfhx7buf9/XJK63SsOI+8oKbMTa6S2YinBJsOxnLHtYu1om rqJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636167; x=1753240967; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1hVGKhMjRai/1mEd80T8Cu2AXSEmjXsghMoyzlOM7Mo=; b=mypUMN5hSbUbFw31ikZKwFloiymFBSVQTavhQkQ1AdFoEVpe+AAgx4WjqWHqmziiOR QXXYW5psbXWo36tlh6CIujwwgWkSdSjSSXT/Rc7uMyZjFa6ntd9ijnNJzH6qWzZH4Dqo b/OY8zPF1GZi4e9nVeNCJTcYrEaoNtDWJjuqoLBFMQpVyx5EuPHKV+v23RX/DoCOjrmM qpmHIsBmURa9t3Yj4KOMTQBXjDfcElhi5GsHuK3qen5/ab92RArYtfzpcKrbIZA3vodh HC6ye9N1mmjdw4BEei2Gs/hLx7FInC4PxrbL0d/Pc8itqfZgjsPLZ0rxVQUTvRRyR7He a4Tg== X-Gm-Message-State: AOJu0YyXrnwPRURTUEGIw4ehkuE50XR7aGqSUQpkS7vUSdtPQVIxdaql /uhggHKhzWFkxw3vPp4lFbEgjWpVFrORr9XKi+9c2j3R/es/lvuZryycadWr8D/8WiYv+kePpVR 0RafaL6cvafLJjsx33kUVWfbFsqq9phr34INhPOHSbYGFDEEjhrH1uSqXHgXVdW5Acw0eISPMuz vrDhqC+tryUpznZo3zF9dfjxinuwxS9hzaNA== X-Google-Smtp-Source: AGHT+IGqvSqRzkkXesMMPjPU91yAcp6rfeQuJTBvlb6S4I5TP7MHP10HqWBTpkxfXOGkBeuuu7B8vXft X-Received: from wmbbi16.prod.google.com ([2002:a05:600c:3d90:b0:456:217f:2625]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:4287:b0:3b3:9c56:b825 with SMTP id ffacd0b85a97d-3b60953f526mr4626818f8f.22.1752636166476; Tue, 15 Jul 2025 20:22:46 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:32 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1469; i=ardb@kernel.org; h=from:subject; bh=KDAfcfWDoK0sbR/OM+7rDP0GR1LPKwd+fvJZ7QocPEE=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcKnhSIYPTd41NJaEC6Yu559R75qp4LlfcmXaya7dif IXF0wMdpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCKcExgZ1thWnm68wDU5jjFX gIln4X9O20WB20r8tTs/adqdC7/awvBXLmuegVvHNx2Ld9xqtitl0ys0RDcxiH4K23Osaf1RKy9 2AA== X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-41-ardb+git@google.com> Subject: [PATCH v5 17/22] x86/boot: Revert "Reject absolute references in .head.text" From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel This reverts commit faf0ed487415 ("x86/boot: Reject absolute references in .head.text") The startup code is checked directly for the absence of absolute symbol references, so checking the .head.text section in the relocs tool is no longer needed. Signed-off-by: Ard Biesheuvel --- arch/x86/tools/relocs.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index 5778bc498415..e5a2b9a912d1 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -740,10 +740,10 @@ static void walk_relocs(int (*process)(struct section= *sec, Elf_Rel *rel, static int do_reloc64(struct section *sec, Elf_Rel *rel, ElfW(Sym) *sym, const char *symname) { - int headtext =3D !strcmp(sec_name(sec->shdr.sh_info), ".head.text"); unsigned r_type =3D ELF64_R_TYPE(rel->r_info); ElfW(Addr) offset =3D rel->r_offset; int shn_abs =3D (sym->st_shndx =3D=3D SHN_ABS) && !is_reloc(S_REL, symnam= e); + if (sym->st_shndx =3D=3D SHN_UNDEF) return 0; =20 @@ -783,12 +783,6 @@ static int do_reloc64(struct section *sec, Elf_Rel *re= l, ElfW(Sym) *sym, break; } =20 - if (headtext) { - die("Absolute reference to symbol '%s' not permitted in .head.text\n", - symname); - break; - } - /* * Relocation offsets for 64 bit kernels are output * as 32 bits and sign extended back to 64 bits when --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BCAA28C2A9 for ; Wed, 16 Jul 2025 03:22:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636170; cv=none; b=mE6pIIq6VHrQ+9UzIoY6DmUollJmDx2+UX+og7HLpK7O1cJgef/9ZOc/7+JjBcTDAq+20hHVPGpLP7zsd9JJ9o3hknpofzyE7aQyfZDQxme9hAl0B3hdFGUvyAVzkymR4hWoNqsonHqMEGUvmloRL5vhC+/wWHZgOCDY5Nhixag= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636170; c=relaxed/simple; bh=qi/XSlH/3m0Py+I72AmudGPp6EWjqjC8xYfnH6HfggU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XKwVyjzPzhX+guomAAeOlFffhTOYnWIraSifEAQr8xn94Z7rhlJfIYoFO5fJ4F1kg/m0YjAdwvwcYvgzCi9VIhJBAXrGDkyIAXT66CVIVKy/aW7Bbvc/gP2Dr52PuY2pGfgFvHqintgxzUgijgQWBbqnUkJ7FIga8YkY4xFAxXI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=xOuBc35X; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="xOuBc35X" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3b5f97cb8fbso1386582f8f.3 for ; Tue, 15 Jul 2025 20:22:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636168; x=1753240968; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HHREQvw4opT+z1wL8T5wjMmNHsYkeJcC/ePiz2KgcJA=; b=xOuBc35XGEzrJ4irBCSoTluUfvzZvDp5+WZtWzvEPyZouqqg1dpo7OTswVnXnGNkJc pvrluKcgbAY9kChmvdlJ4cOvLM5Mh+gmhSpeMt1BCKs5KpCZIx4efSEtMY6Ek9InXh6o exDqOsVxaXG3sKtj3mVsvaAYWh9ZzSE+iwXuwHzclD7Vb7LWqkihRmZrO0FlydqdZcd/ h9ckD/qlmRsL1+dZ1+Z0y8uXDtqBigKfcfAMY8NSzzEv6MzEWyTuIogU4r6S6sus9Bfn CHlnijzHCqhiOSvSzznhQMGwahWvupMNqKh4QBjvE8DDpli+YlJH8IkPMGT90yi1G9bZ oVKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636168; x=1753240968; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HHREQvw4opT+z1wL8T5wjMmNHsYkeJcC/ePiz2KgcJA=; b=e9p2PL7uFfkmlRxTwyIa5ZzwpC8bHnreNBSMBhFDLnpdteWaqT9jD5vo6IyvBSTgYQ 1m9Tp8HK9TyHNV3ln8y8HskMGiDu8IQJcWcCQiZ0W/Q+yR80ojk1EchKRFq/tc8x84GC Y6gE7A1Q04A4+iW0HKxI0c9vQgNjuiG5c6i6EgDGmFC7XAnuWQvfqRq9nQnHw4VbQzyW bJK8gdm10SUrVw04JBVcz0gi+aB+XFlg8iFmLIboRyEFbIIUQm43yUSEmmInYKBUL64j BHSGl9+gJmNJ5rx71koGOachCg27gZa8KR4SsLSpGhvHAXSv2yZ+hW9TdlDMIit/jse1 XLoQ== X-Gm-Message-State: AOJu0YzT272EDFp5M4kQth+VgZzycqrdW2T7Xh/Nt+695WIvmr2XRVzL hU9pciUW1y75XFgxtv7xcqbjvUcs54Brxv8WDwLfNGqeilVxuw+0pSD1LX2WXgJbQxoFE2TXn61 bYLavvzJYi08Z6WS6ex+ZxFi45+tlUUoSTJAfZTfwJxQPJvdhp8/ac2e4phecIo8tDaavNnjm3a Td5BF3yt5tZtXxYf8/b7CIeou1MQTYsW8FRw== X-Google-Smtp-Source: AGHT+IHCDF28uhxLChWY201JTyXnDh+mV9s7xysG12xzVOaBfwcEjRnjq+G7EOVRHZSpSmIkxdVi1rSl X-Received: from wrth4.prod.google.com ([2002:a5d:5044:0:b0:3a5:7a26:fcd]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:290f:b0:3a3:6a9a:5ebf with SMTP id ffacd0b85a97d-3b60e4d0841mr609066f8f.20.1752636167659; Tue, 15 Jul 2025 20:22:47 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:33 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1689; i=ardb@kernel.org; h=from:subject; bh=N6Uq2lVfV25Jk1mFXhfGvG4B+EmaRioUjXHyXI14Co0=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcKmL7jszVT6MOl35jqfwRG7FLI/js7ikfRZd9yti8S cRJo3xDRykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIYjlGhmdpa/7fqVZafJ1n Hsu8nRI+OxKZLWp4lateyHxsSDMWFWJkuBXos8E0tt1npUfBC/4b3LslV3V+vMLIx3lbncko1kO IGwA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-42-ardb+git@google.com> Subject: [PATCH v5 18/22] x86/kbuild: Incorporate boot/startup/ via Kbuild makefile From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Using core-y is not the correct way to get kbuild to descend into arch/x86/boot/startup. For instance, building an individual object does not work as expected when the pattern rule is local to the Makefile $ make arch/x86/boot/startup/map_kernel.pi.o GEN Makefile CALL /home/ardb/linux/scripts/checksyscalls.sh DESCEND objtool INSTALL libsubcmd_headers make[3]: *** No rule to make target 'arch/x86/boot/startup/map_kernel.pi.= o'. Stop. make[2]: *** [/home/ardb/linux/scripts/Makefile.build:461: arch/x86] Erro= r 2 make[1]: *** [/home/ardb/linux/Makefile:2011: .] Error 2 make: *** [/home/ardb/linux/Makefile:248: __sub-make] Error 2 So use obj-y from arch.x86/Kbuild instead, which makes things work as expected. Signed-off-by: Ard Biesheuvel --- arch/x86/Kbuild | 2 ++ arch/x86/Makefile | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kbuild b/arch/x86/Kbuild index f7fb3d88c57b..36b985d0e7bf 100644 --- a/arch/x86/Kbuild +++ b/arch/x86/Kbuild @@ -3,6 +3,8 @@ # Branch profiling isn't noinstr-safe. Disable it for arch/x86/* subdir-ccflags-$(CONFIG_TRACE_BRANCH_PROFILING) +=3D -DDISABLE_BRANCH_PROF= ILING =20 +obj-y +=3D boot/startup/ + obj-$(CONFIG_ARCH_HAS_CC_PLATFORM) +=3D coco/ =20 obj-y +=3D entry/ diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 1913d342969b..9b76e77ff7f7 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -286,7 +286,6 @@ archprepare: $(cpufeaturemasks.hdr) ### # Kernel objects =20 -core-y +=3D arch/x86/boot/startup/ libs-y +=3D arch/x86/lib/ =20 # drivers-y are linked after core-y --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05D8328C844 for ; Wed, 16 Jul 2025 03:22:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636172; cv=none; b=m6FqgH3ev8b7D/m7fK+3TkuGs+L+VJsfF4mv5eid2kl2BjoTeYj/G/V7AoX2WG4qaDJFa4z7HoRamTdxEf9R6jdXVex0+0iU3blhvb9pqFbFzCPvgJMri620kCAZc7RdqHtLlxRl8o3cKTLn32Jx2veSNqtgl/JwIfz+iQce4+w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636172; c=relaxed/simple; bh=9948CqycW08/1LlGrpW7zJgLemHnsuajVZQX/8gge3w=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=C/T4JwdS+ADoukuaGeTRfuxFQdFvqJ/yEshRVKQFjSj+FziEYqZ4xm1QUAm45XNT1qGLPEpih7PT4m5vaq4xo0xVyp0ndJQxZ0keqcj5XxvqBJFH7pTHkBD5Q5uyMaPkqsv4Ps6crDaeRajccg9NXafqNKTHvngLwKterbLsosI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YAneP/Vu; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YAneP/Vu" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45611579300so21328055e9.0 for ; Tue, 15 Jul 2025 20:22:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636168; x=1753240968; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=luT+danWgmjD728mlL9Ydkk3VcCYSX3YxUKwDAOLS70=; b=YAneP/Vu77V1pyiKJi0gAxDOT1CKK/92PhihS6eIHxKFXbERO5nMocp2sv77YKJ+0n ITqIThLtuveYRMJYC4NPhgq333SN+tkJbQbgmByGnOqhxX6fJSaYPTwz1MKfTm9L4jxL 6CzekvHDxqdBzk4mM/jjrH2VXYlWFRzubQLmUsIyy3dtJC6/kSyXWgqvDysFiHPmQcd7 r4tiqi/vdxbxVtzXOUwWqFdSSU5Bt+q339mpU7ag9jTQQXDG34bU5OOW6FUfQCaNQa5v GvUc2S/QldpNhsNrHBK1ZLDvmQafojetqbnhRKoQVKDE2d4cNqSlGZb7AMOdk3XOS3OD 1+yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636168; x=1753240968; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=luT+danWgmjD728mlL9Ydkk3VcCYSX3YxUKwDAOLS70=; b=hbHbxNdMFujBagxVsyQ1Rtr6npn3iGG0iQVBfoI+CtCm9UQwH+iopdTt0H14QAKsCJ +SgxofxNtPxV+9CJp+aplAbF2OigT3u0Qok6wfd5e4DNEScSx26MDf5Vtr+DMphkNpft GByxelR2J+lFmQQJ6peOv0ZO9Am54OWbsKTS4rVqV3oJ2IBpg46P1yAVAD2VBpket9UC egmAGx8AfCAcKskc1G62+RKa5iI6STNSg+evgXKJ1JapYDtNJb3yRftZT1v7BLqRuS1S L0+dbjH2UeurPPw0lFghlS0QFYLKBsoxuveoPgDqw0lwpnuLecqbd6t+qQAK/ZTaeuUG syCA== X-Gm-Message-State: AOJu0YwBeSmPignYBVan768JluVh7+TbvQb4YrYUVL+r62McXptf3tFV K88aZkmn3ClJQjgalHdRn4eWGoCIMYen+YQ5gMTFyRYR7A3Gqg2NiPmHCsacI4HFGEtOU0rc+wh SA6waLwO4ugxNs+hWtHK4UqwhNsvCZ2T+A5DFmobQ8qgS3TgjEKWKESPXEBSun2iyEkWdsg8d45 VS5fdyIdsrHnovHsxRSeaWfPUw6vwqAJ8hTA== X-Google-Smtp-Source: AGHT+IGg5fGpxb/IAAuVi73fIBB0LLaod9y7ICEuuTUkovm5avI5N2SMbFLeq3Yk5lDgY8NCrdpzGHjv X-Received: from wmbev18.prod.google.com ([2002:a05:600c:8012:b0:456:1a6f:801a]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8b69:b0:456:28d4:ef1 with SMTP id 5b1f17b1804b1-4562e377982mr7314315e9.29.1752636168547; Tue, 15 Jul 2025 20:22:48 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:34 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7464; i=ardb@kernel.org; h=from:subject; bh=O4h+hR00Lbkm8G1bCRBIftlCyN3nxgHxGnDkh/lR8iw=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcKnaKx8bdz56ZXW94ED9hgvXsnzsmPbv46pG59IErf NGr65IndpSyMIhxMciKKbIIzP77bufpiVK1zrNkYeawMoEMYeDiFICJtJkz/OHILd6wtfagWuaE Fv62CexCrcZ7pp2pmhH/7Lyn6gkGTS+Gfya6LqqxHw+I75rwt+nHJ6NFs+fs+OaeV8+csS+yyKd rDSsA X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-43-ardb+git@google.com> Subject: [PATCH v5 19/22] x86/boot: Create a confined code area for startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel In order to be able to have tight control over which code may execute from the early 1:1 mapping of memory, but still link vmlinux as a single executable, prefix all symbol references in startup code with __pi_, and invoke it from outside using the __pi_ prefix. Use objtool to check that no absolute symbol references are present in the startup code, as these cannot be used from code running from the 1:1 mapping. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 14 ++++++++++++++ arch/x86/boot/startup/sev-shared.c | 4 +--- arch/x86/boot/startup/sme.c | 1 - arch/x86/coco/sev/core.c | 2 +- arch/x86/include/asm/setup.h | 1 + arch/x86/include/asm/sev.h | 1 + arch/x86/kernel/head64.c | 2 +- arch/x86/kernel/head_64.S | 8 ++++---- arch/x86/mm/mem_encrypt_boot.S | 6 +++--- tools/objtool/check.c | 3 ++- 10 files changed, 28 insertions(+), 14 deletions(-) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index 32737f4ab5a8..e8fdf020b422 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -4,6 +4,7 @@ KBUILD_AFLAGS +=3D -D__DISABLE_EXPORTS KBUILD_CFLAGS +=3D -D__DISABLE_EXPORTS -mcmodel=3Dsmall -fPIC \ -Os -DDISABLE_BRANCH_PROFILING \ $(DISABLE_STACKLEAK_PLUGIN) \ + $(DISABLE_LATENT_ENTROPY_PLUGIN) \ -fno-stack-protector -D__NO_FORTIFY \ -fno-jump-tables \ -include $(srctree)/include/linux/hidden.h @@ -36,3 +37,16 @@ $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_ST= ANDARD :=3D y # $(pi-objs): objtool-enabled =3D 1 $(pi-objs): objtool-args =3D $(if $(delay-objtool),,$(objtool-args-y)) --n= oabs + +# +# Confine the startup code by prefixing all symbols with __pi_ (for positi= on +# independent). This ensures that startup code can only call other startup +# code, or code that has explicitly been made accessible to it via a symbol +# alias. +# +$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ +$(obj)/%.pi.o: $(obj)/%.o FORCE + $(call if_changed,objcopy) + +targets +=3D $(obj-y) +obj-y :=3D $(patsubst %.o,%.pi.o,$(obj-y)) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index cc14daf816e8..b60d546e74a7 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -11,9 +11,7 @@ =20 #include =20 -#ifndef __BOOT_COMPRESSED -#define error(v) pr_err(v) -#else +#ifdef __BOOT_COMPRESSED #undef WARN #define WARN(condition, format...) (!!(condition)) #endif diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index 70ea1748c0a7..eb6a758ba660 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -567,7 +567,6 @@ void __head sme_enable(struct boot_params *bp) =20 #ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION /* Local version for startup code, which never operates on user page table= s */ -__weak pgd_t __pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd) { return pgd; diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index be89f0a4a28f..fbed1651f6d8 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -272,7 +272,7 @@ static int svsm_perform_call_protocol(struct svsm_call = *call) =20 do { ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); + : __pi_svsm_perform_msr_protocol(call); } while (ret =3D=3D -EAGAIN); =20 if (sev_cfg.ghcbs_initialized) diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index 692af46603a1..914eb32581c7 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -53,6 +53,7 @@ extern void i386_reserve_resources(void); extern unsigned long __startup_64(unsigned long p2v_offset, struct boot_pa= rams *bp); extern void startup_64_setup_gdt_idt(void); extern void startup_64_load_idt(void *vc_handler); +extern void __pi_startup_64_load_idt(void *vc_handler); extern void early_setup_idt(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); =20 diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index f3acbfcdca9a..2d61b13e1810 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -551,6 +551,7 @@ struct cpuid_leaf { }; =20 int svsm_perform_msr_protocol(struct svsm_call *call); +int __pi_svsm_perform_msr_protocol(struct svsm_call *call); int snp_cpuid(void (*cpuid_hv)(void *ctx, struct cpuid_leaf *), void *ctx, struct cpuid_leaf *leaf); =20 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 1bc40d0785ee..fd28b53dbac5 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -319,5 +319,5 @@ void early_setup_idt(void) handler =3D vc_boot_ghcb; } =20 - startup_64_load_idt(handler); + __pi_startup_64_load_idt(handler); } diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 3e9b3a3bd039..d219963ecb60 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -71,7 +71,7 @@ SYM_CODE_START_NOALIGN(startup_64) xorl %edx, %edx wrmsr =20 - call startup_64_setup_gdt_idt + call __pi_startup_64_setup_gdt_idt =20 /* Now switch to __KERNEL_CS so IRET works reliably */ pushq $__KERNEL_CS @@ -91,7 +91,7 @@ SYM_CODE_START_NOALIGN(startup_64) * subsequent code. Pass the boot_params pointer as the first argument. */ movq %r15, %rdi - call sme_enable + call __pi_sme_enable #endif =20 /* Sanitize CPU configuration */ @@ -111,7 +111,7 @@ SYM_CODE_START_NOALIGN(startup_64) * programmed into CR3. */ movq %r15, %rsi - call __startup_64 + call __pi___startup_64 =20 /* Form the CR3 value being sure to include the CR3 modifier */ leaq early_top_pgt(%rip), %rcx @@ -562,7 +562,7 @@ SYM_CODE_START_NOALIGN(vc_no_ghcb) /* Call C handler */ movq %rsp, %rdi movq ORIG_RAX(%rsp), %rsi - call do_vc_no_ghcb + call __pi_do_vc_no_ghcb =20 /* Unwind pt_regs */ POP_REGS diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index f8a33b25ae86..edbf9c998848 100644 --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -16,7 +16,7 @@ =20 .text .code64 -SYM_FUNC_START(sme_encrypt_execute) +SYM_FUNC_START(__pi_sme_encrypt_execute) =20 /* * Entry parameters: @@ -69,9 +69,9 @@ SYM_FUNC_START(sme_encrypt_execute) ANNOTATE_UNRET_SAFE ret int3 -SYM_FUNC_END(sme_encrypt_execute) +SYM_FUNC_END(__pi_sme_encrypt_execute) =20 -SYM_FUNC_START(__enc_copy) +SYM_FUNC_START_LOCAL(__enc_copy) ANNOTATE_NOENDBR /* * Routine used to encrypt memory in place. diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 5d1d38404892..f43bd598d928 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -3563,7 +3563,8 @@ static int validate_branch(struct objtool_file *file,= struct symbol *func, if (func && insn_func(insn) && func !=3D insn_func(insn)->pfunc) { /* Ignore KCFI type preambles, which always fall through */ if (!strncmp(func->name, "__cfi_", 6) || - !strncmp(func->name, "__pfx_", 6)) + !strncmp(func->name, "__pfx_", 6) || + !strncmp(func->name, "__pi___pfx_", 11)) return 0; =20 if (file->ignore_unreachables) --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8645728D8CA for ; Wed, 16 Jul 2025 03:22:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636173; cv=none; b=dNIS5RFCYP/VGaTsHMgCc1mivB0mtXeYl97xH2xKmb10u6J5Exh/h/aMYp4XwOe54jY0G3XHApQtT/sHQGQgBVcgU+iy48Y1YkSwWSe9bwPeHsJKd0vvi5LE89/wyuWXmBi7U3w6I5UJAWMMdrOHFrrN3Fobd0l2QuV26Xq4U9g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636173; c=relaxed/simple; bh=RfO7bxnrvkm3EAfuN+XVxgry6A3ikIVlIqCUVBjfqOE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=r0sr2s+5u5sjsAOsKg35+ute4426Q22OVoXuVJzR9SQ5kDuqpXLm8vBsOvM/zvrcr7rlpl2hrwvj/eewJPPbTfisILzUnFPnazgucN2Umol+ftrnNyi+GlR8Iigm+LkF969g1PnnSeUZcJbuzvGSN9VC+uyepwGEXkxO/CMgAAE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4kW/fjnf; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4kW/fjnf" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3a5281ba3a4so2284098f8f.0 for ; Tue, 15 Jul 2025 20:22:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636170; x=1753240970; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=9nImemBj0j8fFHCvjMkwHMba165ZYb0Bk8vw2Jekgh0=; b=4kW/fjnf/DWge4T13xs63Wafg6AJnAc9hKjrewFVl1VQ+Uxw8EIrewDpAZxj2S3puL lkqycqjnkrMKSMiTzk1a2mQ2y8YAIYg6OAc+SrB4jE8GZi3e+zRsE8xjvzQbhviPl8Ox KiK6wA2x/y7d+PMU6065xhwgD5AlbyTLpws6dwO/Eo/+oF4yP7H0XNXSS6OJwoXhsBPT A1DCXKVq1oXIj9ApRdZilhz65hznXXbE5DHOIFfLz0QNc4o+2lrs1J402AcepI2GaF7v f+rkEcd2Rf1RUR8zuoB23Kq4WG/Hn01ZCWx6ZJbt77UmHwz2ljcen17uhxPyuGU9cDow 7IGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636170; x=1753240970; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9nImemBj0j8fFHCvjMkwHMba165ZYb0Bk8vw2Jekgh0=; b=eGjJgqz/nKXmeNtL4Y24OV5RlAzfqvEkVNhyjRaHo5FNJyCF4AU4VZ4saKFK/QF8V2 5mWDCjD8sw/rJ/GHk+FECPQ/3qiczAedbK86IuChD+zaaeiRyDDqHias8POsf8Tb5Qwb x72fdtJRPVlOoChQ7HQyMa0g62/NpCdv9AQQQEap3ktkFuI/7RB60/KBaOte2FigUAp3 w3iTDpAuat2nHqzCSZgA9pQ5KS3/Kf7oeQVd90pYw0fk1id/bc40Li3xYXuffRcX/j1w 1aymXzEItctogHAdwCmFuVI7Ywc8u4fcPtlI+xPCrQqlj3A/fpxvsHTPzF7FbJlO1qSL +kzg== X-Gm-Message-State: AOJu0YwpOAwQEcjv1WLCWia9FjKhMBy3qyOHnoGuKKiCaWwzbcWEVHrh 2d+7VEx/Gc+nffnRgekeJnBNRgeN26aEMW6NC/73tj6hlfoT9VmpdVX8f8X1XXExONXAd31zBrm pZIPu9GkuauGvFV8sWt016iq3TGFChJymqj4MiqVVmO72tjuwgd28RFZkLBpmIRtXAwziE31ef6 /TVF0sdb5lXF6TBlniM9/IFRTpcjUOppvqfQ== X-Google-Smtp-Source: AGHT+IEWhaE99OwCX/esjWHh8KBB3EsOMLyjjInmtN2ZrBnWyDFImIs4h/qmvtFvku7loso+0jZGwFxu X-Received: from wmcq23.prod.google.com ([2002:a05:600c:c117:b0:453:b96:8ef9]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:4719:b0:3b5:dbd8:ad5f with SMTP id ffacd0b85a97d-3b60dd91d5amr861486f8f.58.1752636169819; Tue, 15 Jul 2025 20:22:49 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:35 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3785; i=ardb@kernel.org; h=from:subject; bh=GtM5Ky3cWjJjWfzB1UFTM+fqdT7qquH5JBfrdp2rkyg=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcKmnmhN1lVkVhyk1GSrIzbNUyT2uoRXM+9p5t6nFcL uzAFZWOUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJFvzxgZTgvmbZ3yK6X4/tlU B52tDpo7wptyo2bwWv59Pue+SmyuMiPDgjPN/rwfPot+ud2sGO+2Rbq++qDg6Uye2v9LNwZ+0bL jAwA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-44-ardb+git@google.com> Subject: [PATCH v5 20/22] efistub/x86: Remap inittext read-execute when needed From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Recent EFI x86 systems are more strict when it comes to mapping boot images, and require that mappings are either read-write or read-execute. Now that the boot code is being cleaned up and refactored, most of it is being moved into .init.text [where it arguably belongs] but that implies that when booting on such strict EFI firmware, we need to take care to map .init.text (and the .altinstr_aux section that follows it) read-execute as well. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 2 ++ arch/x86/include/asm/boot.h | 2 ++ arch/x86/kernel/vmlinux.lds.S | 2 ++ drivers/firmware/efi/libstub/x86-stub.c | 4 +++- 5 files changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/M= akefile index 3a38fdcdb9bd..74657589264d 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -73,7 +73,7 @@ LDFLAGS_vmlinux +=3D -T hostprogs :=3D mkpiggy HOST_EXTRACFLAGS +=3D -I$(srctree)/tools/include =20 -sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__start_r= odata\|__bss_start\|_end\)$$/\#define VO_\2 _AC(0x\1,UL)/p' +sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__start_r= odata\|_sinittext\|__inittext_end\|__bss_start\|_end\)$$/\#define VO_\2 _AC= (0x\1,UL)/p' =20 quiet_cmd_voffset =3D VOFFSET $@ cmd_voffset =3D $(NM) $< | sed -n $(sed-voffset) > $@ diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/mis= c.c index 94b5991da001..0f41ca0e52c0 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -332,6 +332,8 @@ static size_t parse_elf(void *output) } =20 const unsigned long kernel_text_size =3D VO___start_rodata - VO__text; +const unsigned long kernel_inittext_offset =3D VO__sinittext - VO__text; +const unsigned long kernel_inittext_size =3D VO___inittext_end - VO__sinit= text; const unsigned long kernel_total_size =3D VO__end - VO__text; =20 static u8 boot_heap[BOOT_HEAP_SIZE] __aligned(4); diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h index 02b23aa78955..f7b67cb73915 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h @@ -82,6 +82,8 @@ #ifndef __ASSEMBLER__ extern unsigned int output_len; extern const unsigned long kernel_text_size; +extern const unsigned long kernel_inittext_offset; +extern const unsigned long kernel_inittext_size; extern const unsigned long kernel_total_size; =20 unsigned long decompress_kernel(unsigned char *outbuf, unsigned long virt_= addr, diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 5d5e3a95e1f9..4277efb26358 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -227,6 +227,8 @@ SECTIONS */ .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { *(.altinstr_aux) + . =3D ALIGN(PAGE_SIZE); + __inittext_end =3D .; } =20 INIT_DATA_SECTION(16) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi= /libstub/x86-stub.c index cafc90d4caaf..0d05eac7c72b 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -788,7 +788,9 @@ static efi_status_t efi_decompress_kernel(unsigned long= *kernel_entry, =20 *kernel_entry =3D addr + entry; =20 - return efi_adjust_memory_range_protection(addr, kernel_text_size); + return efi_adjust_memory_range_protection(addr, kernel_text_size) ?: + efi_adjust_memory_range_protection(addr + kernel_inittext_offset, + kernel_inittext_size); } =20 static void __noreturn enter_kernel(unsigned long kernel_addr, --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B0FB28DEE9 for ; Wed, 16 Jul 2025 03:22:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636174; cv=none; b=tgv3WMQesWx6Cqjn+qHqO8ecFGXYBbHzkJHND8RaSJjAA5TKbOTlZk3/ztTQmiAcnzuk8SSw7VZ9i2Y+2GYTBP90k6XV9vub6thVjzMJyb8do+I3VqQcAFtp95dlsYI2u386b31DLat5Bx7m5wyaQ2DI/dhRDFDXzLBx0jg2hxg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636174; c=relaxed/simple; bh=pYLH0Fg80GBMsJnnL1ks9z964iWsYBt0LhWbKo46WtM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=h6KIvAOB6pO4/Bfg1Trwz6r1aii3a6sc5Baudwg1CJClfRGT2nZIn+iD3psJobYY6L3SgJIXw6ZM08DTDPmX65duFRWf8SEzeSLomJKp5lsLzMllaX9LEPGMpfd8tlYCNVfQ1THPJK+Rf8A4VdYlWZjYBWV3IX2JH9rM9Hk3kWs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3i0ismKV; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3i0ismKV" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-455ea9cb0beso37144855e9.0 for ; Tue, 15 Jul 2025 20:22:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636171; x=1753240971; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=NzdZAcrlQKZSEh2UZMP8E9BVzV/2LxhvcbnzZODRoKA=; b=3i0ismKVQWJk8++vvkYHA2JAp1vnCAthMa/aW+j1k6EBELz8H2R1Lc/wA9wm9I8RZz +LWptW9VC7ATLoEyrsxmX6kzA6H+oJSAi2zGgFqGk320sIDHCTBMpbNEKldVRNLU7et7 5QDAuhMQssHn00CXspRm0exMhrFM1z1cU3nwhE+l+dswA1HULamVzZbxRNJQEcr118zR JNu/77PzxZrhNv6bwKZ9sBl/YqsDmuYAB9d50KG2Q0QdsRezjFzcbro6B2o1EODpGnFO idcHwXIsI6L1c4Tac+VYYoW0GBSeLRuRRFXbqVOqmKDV5nIcaIrvfuhRhXCUp8TVHGPj A11A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636171; x=1753240971; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NzdZAcrlQKZSEh2UZMP8E9BVzV/2LxhvcbnzZODRoKA=; b=XDNQAym2O+Y9sw7aBHS8BMQ+/UAFLJb0svCu3AMwNY2YN9O29NNzbZ1Y4DrkBvnF6q /dkXcfib+oK4DJ871L2JbXY5b33MIpuDGPbTsFcFadnn8ZzqTr7FrdilKiYeKXkgbemS gntDXu5hsYYt/mozgAK8QxEpFh/0FN2VrN4BZ50y8LBsbt38fzQQTsgivr/TH4wYSw9W C6Qie07Dhw74nV2FU2bAC1w7gGhRbuZr/k5rBz/fz+ljPKaICgI4F2VpufO91Hno8kU+ X+vuFYnHmfduEehgc3IN7psVOm3hB2IVKXaGjZS2GLtKmxCEnBpG38zj3it9xN7k2nD0 fizg== X-Gm-Message-State: AOJu0Yw0ZpwofGwVVl82HklmnaEjHnKEaPkMMcIfk5HA7M4GeNmVX3kD b8oYfTNSvIoqpdlCEZ9c+xvvRKoBYnTqrP2H/ti3oGLc1dcU6lGgxyUJp57n/gGDL6XttJ9diBX uRHjEiSBU7+/8Jg4kuMYfMNHdCC8FLe6RLnfVqwDXeQFp0FuCrjf7cbjiCEmYwicle5djrHecZb p7dJwXMa0CRal06XWTg1+YfKV9mDN1T4FLFw== X-Google-Smtp-Source: AGHT+IECAe+OdurbwG69pRXocrNZVLq6RP1bwCna4gQadx+PxWaHvaD9cd9kfuheUrR7UANDmnu4hXB7 X-Received: from wmbea5.prod.google.com ([2002:a05:600c:6745:b0:456:2dbe:bf2]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8b84:b0:455:fc16:9eb3 with SMTP id 5b1f17b1804b1-4562e3c27bdmr6297635e9.33.1752636170824; Tue, 15 Jul 2025 20:22:50 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:36 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=17100; i=ardb@kernel.org; h=from:subject; bh=Ekexm5rxuUFJ0TfAkq77J/A+NRy0wf9pIushV+GgWT8=; b=kA0DAAoWMG4JVi59LVwByyZiAGh3Gmei7jQbrMDwXgrYRWttCekfF/xfV+ADv0+NvfU3f5ED+ Yh1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmh3GmcACgkQMG4JVi59LVxZggEAu3ON W0pDDZz/rADkNcOvH8nar0BJnYQBHfiO9pquoXQBAL9plG5wIqljgRuCH0u1x/5kXsUPuHWJ7So ElCQnM7wP X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-45-ardb+git@google.com> Subject: [PATCH v5 21/22] x86/boot: Move startup code out of __head section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Move startup code out of the __head section, now that this no longer has a special significance. Move everything into .text or .init.text as appropriate, so that startup code is not kept around unnecessarily. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 3 -- arch/x86/boot/startup/gdt_idt.c | 4 +-- arch/x86/boot/startup/map_kernel.c | 4 +-- arch/x86/boot/startup/sev-shared.c | 38 ++++++++++---------- arch/x86/boot/startup/sev-startup.c | 14 ++++---- arch/x86/boot/startup/sme.c | 26 +++++++------- arch/x86/include/asm/init.h | 6 ---- arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 2 +- arch/x86/platform/pvh/head.S | 2 +- 10 files changed, 46 insertions(+), 55 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index faa6cc2f9990..a7af906145e8 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -32,9 +32,6 @@ struct ghcb *boot_ghcb; #undef __init #define __init =20 -#undef __head -#define __head - #define __BOOT_COMPRESSED =20 u8 snp_vmpl; diff --git a/arch/x86/boot/startup/gdt_idt.c b/arch/x86/boot/startup/gdt_id= t.c index a3112a69b06a..d16102abdaec 100644 --- a/arch/x86/boot/startup/gdt_idt.c +++ b/arch/x86/boot/startup/gdt_idt.c @@ -24,7 +24,7 @@ static gate_desc bringup_idt_table[NUM_EXCEPTION_VECTORS] __page_aligned_d= ata; =20 /* This may run while still in the direct mapping */ -void __head startup_64_load_idt(void *vc_handler) +void startup_64_load_idt(void *vc_handler) { struct desc_ptr desc =3D { .address =3D (unsigned long)rip_rel_ptr(bringup_idt_table), @@ -46,7 +46,7 @@ void __head startup_64_load_idt(void *vc_handler) /* * Setup boot CPU state needed before kernel switches to virtual addresses. */ -void __head startup_64_setup_gdt_idt(void) +void __init startup_64_setup_gdt_idt(void) { struct gdt_page *gp =3D rip_rel_ptr((void *)(__force unsigned long)&gdt_p= age); void *handler =3D NULL; diff --git a/arch/x86/boot/startup/map_kernel.c b/arch/x86/boot/startup/map= _kernel.c index 332dbe6688c4..83ba98d61572 100644 --- a/arch/x86/boot/startup/map_kernel.c +++ b/arch/x86/boot/startup/map_kernel.c @@ -30,7 +30,7 @@ static inline bool check_la57_support(void) return true; } =20 -static unsigned long __head sme_postprocess_startup(struct boot_params *bp, +static unsigned long __init sme_postprocess_startup(struct boot_params *bp, pmdval_t *pmd, unsigned long p2v_offset) { @@ -84,7 +84,7 @@ static unsigned long __head sme_postprocess_startup(struc= t boot_params *bp, * the 1:1 mapping of memory. Kernel virtual addresses can be determined by * subtracting p2v_offset from the RIP-relative address. */ -unsigned long __head __startup_64(unsigned long p2v_offset, +unsigned long __init __startup_64(unsigned long p2v_offset, struct boot_params *bp) { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D rip_rel_ptr(early_dynamic_pgts); diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index b60d546e74a7..4e36a81d8c18 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -29,7 +29,7 @@ static u32 cpuid_std_range_max __ro_after_init; static u32 cpuid_hyp_range_max __ro_after_init; static u32 cpuid_ext_range_max __ro_after_init; =20 -void __head __noreturn +void __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { u64 val =3D GHCB_MSR_TERM_REQ; @@ -48,7 +48,7 @@ sev_es_terminate(unsigned int set, unsigned int reason) /* * The hypervisor features are available from GHCB version 2 onward. */ -u64 get_hv_features(void) +u64 __init get_hv_features(void) { u64 val; =20 @@ -218,7 +218,7 @@ const struct snp_cpuid_table *snp_cpuid_get_table(void) * * Return: XSAVE area size on success, 0 otherwise. */ -static u32 __head snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compact= ed) +static u32 snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compacted) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); u64 xfeatures_found =3D 0; @@ -254,7 +254,7 @@ static u32 __head snp_cpuid_calc_xsave_size(u64 xfeatur= es_en, bool compacted) return xsave_size; } =20 -static bool __head +static bool snp_cpuid_get_validated_func(struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); @@ -296,8 +296,8 @@ static void snp_cpuid_hv_msr(void *ctx, struct cpuid_le= af *leaf) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); } =20 -static int __head snp_cpuid_postprocess(void (*cpuid_fn)(void *ctx, struct= cpuid_leaf *), - void *ctx, struct cpuid_leaf *leaf) +static int snp_cpuid_postprocess(void (*cpuid_fn)(void *ctx, struct cpuid_= leaf *), + void *ctx, struct cpuid_leaf *leaf) { struct cpuid_leaf leaf_hv =3D *leaf; =20 @@ -391,8 +391,8 @@ static int __head snp_cpuid_postprocess(void (*cpuid_fn= )(void *ctx, struct cpuid * Returns -EOPNOTSUPP if feature not enabled. Any other non-zero return v= alue * should be treated as fatal by caller. */ -int __head snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *), voi= d *ctx, - struct cpuid_leaf *leaf) +int snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *), void *ctx, + struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); =20 @@ -434,7 +434,7 @@ int __head snp_cpuid(void (*cpuid_fn)(void *ctx, struct= cpuid_leaf *), void *ctx * page yet, so it only supports the MSR based communication with the * hypervisor and only the CPUID exit-code. */ -void __head do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) +void do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) { unsigned int subfn =3D lower_bits(regs->cx, 32); unsigned int fn =3D lower_bits(regs->ax, 32); @@ -510,7 +510,7 @@ struct cc_setup_data { * Search for a Confidential Computing blob passed in as a setup_data entry * via the Linux Boot Protocol. */ -static __head +static __init struct cc_blob_sev_info *find_cc_blob_setup_data(struct boot_params *bp) { struct cc_setup_data *sd =3D NULL; @@ -538,7 +538,7 @@ struct cc_blob_sev_info *find_cc_blob_setup_data(struct= boot_params *bp) * mapping needs to be updated in sync with all the changes to virtual mem= ory * layout and related mapping facilities throughout the boot process. */ -static void __head setup_cpuid_table(const struct cc_blob_sev_info *cc_inf= o) +static void __init setup_cpuid_table(const struct cc_blob_sev_info *cc_inf= o) { const struct snp_cpuid_table *cpuid_table_fw, *cpuid_table; int i; @@ -566,7 +566,7 @@ static void __head setup_cpuid_table(const struct cc_bl= ob_sev_info *cc_info) } } =20 -static int __head svsm_call_msr_protocol(struct svsm_call *call) +static int svsm_call_msr_protocol(struct svsm_call *call) { int ret; =20 @@ -577,8 +577,8 @@ static int __head svsm_call_msr_protocol(struct svsm_ca= ll *call) return ret; } =20 -static void __head svsm_pval_4k_page(unsigned long paddr, bool validate, - struct svsm_ca *caa, u64 caa_pa) +static void svsm_pval_4k_page(unsigned long paddr, bool validate, + struct svsm_ca *caa, u64 caa_pa) { struct svsm_pvalidate_call *pc; struct svsm_call call =3D {}; @@ -618,8 +618,8 @@ static void __head svsm_pval_4k_page(unsigned long padd= r, bool validate, native_local_irq_restore(flags); } =20 -static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long pa= ddr, - bool validate, struct svsm_ca *caa, u64 caa_pa) +static void pvalidate_4k_page(unsigned long vaddr, unsigned long paddr, + bool validate, struct svsm_ca *caa, u64 caa_pa) { int ret; =20 @@ -632,8 +632,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, } } =20 -static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, - enum psc_op op, struct svsm_ca *caa, u64 caa_pa) +static void __page_state_change(unsigned long vaddr, unsigned long paddr, + enum psc_op op, struct svsm_ca *caa, u64 caa_pa) { u64 val, msr; =20 @@ -671,7 +671,7 @@ static void __head __page_state_change(unsigned long va= ddr, unsigned long paddr, * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. */ -static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, +static bool __init svsm_setup_ca(const struct cc_blob_sev_info *cc_info, void *page) { struct snp_secrets_page *secrets_page; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index e9238149f2cf..1fdf196f9fad 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -44,7 +44,7 @@ /* Include code shared with pre-decompression boot stage */ #include "sev-shared.c" =20 -void __head +void __init early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op, struct svsm_ca *caa, u64 caa_pa) @@ -64,7 +64,7 @@ early_set_pages_state(unsigned long vaddr, unsigned long = paddr, } } =20 -void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, +void __init early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages) { /* @@ -84,7 +84,7 @@ void __head early_snp_set_memory_private(unsigned long va= ddr, unsigned long padd rip_rel_ptr(&boot_svsm_ca_page), boot_svsm_caa_pa); } =20 -void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, +void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, unsigned long npages) { /* @@ -114,7 +114,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr * * Scan for the blob in that order. */ -static __head struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp) +static struct cc_blob_sev_info *__init find_cc_blob(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; =20 @@ -140,7 +140,7 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) return cc_info; } =20 -static __head void svsm_setup(struct cc_blob_sev_info *cc_info) +static void __init svsm_setup(struct cc_blob_sev_info *cc_info) { struct snp_secrets_page *secrets =3D (void *)cc_info->secrets_phys; struct svsm_call call =3D {}; @@ -181,7 +181,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) boot_svsm_caa_pa =3D pa; } =20 -bool __head snp_init(struct boot_params *bp) +bool __init snp_init(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; =20 @@ -210,7 +210,7 @@ bool __head snp_init(struct boot_params *bp) return true; } =20 -void __head __noreturn snp_abort(void) +void __init __noreturn snp_abort(void) { sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index eb6a758ba660..39e7e9d18974 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -91,7 +91,7 @@ struct sme_populate_pgd_data { */ static char sme_workarea[2 * PMD_SIZE] __section(".init.scratch"); =20 -static void __head sme_clear_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; pgd_t *pgd_p; @@ -106,7 +106,7 @@ static void __head sme_clear_pgd(struct sme_populate_pg= d_data *ppd) memset(pgd_p, 0, pgd_size); } =20 -static pud_t __head *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) +static pud_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) { pgd_t *pgd; p4d_t *p4d; @@ -143,7 +143,7 @@ static pud_t __head *sme_prepare_pgd(struct sme_populat= e_pgd_data *ppd) return pud; } =20 -static void __head sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) +static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) { pud_t *pud; pmd_t *pmd; @@ -159,7 +159,7 @@ static void __head sme_populate_pgd_large(struct sme_po= pulate_pgd_data *ppd) set_pmd(pmd, __pmd(ppd->paddr | ppd->pmd_flags)); } =20 -static void __head sme_populate_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) { pud_t *pud; pmd_t *pmd; @@ -185,7 +185,7 @@ static void __head sme_populate_pgd(struct sme_populate= _pgd_data *ppd) set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); } =20 -static void __head __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd_large(ppd); @@ -195,7 +195,7 @@ static void __head __sme_map_range_pmd(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range_pte(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd(ppd); @@ -205,7 +205,7 @@ static void __head __sme_map_range_pte(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range(struct sme_populate_pgd_data *ppd, +static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, pmdval_t pmd_flags, pteval_t pte_flags) { unsigned long vaddr_end; @@ -229,22 +229,22 @@ static void __head __sme_map_range(struct sme_populat= e_pgd_data *ppd, __sme_map_range_pte(ppd); } =20 -static void __head sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } =20 -static void __head sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); } =20 -static void __head sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) +static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); } =20 -static unsigned long __head sme_pgtable_calc(unsigned long len) +static unsigned long __init sme_pgtable_calc(unsigned long len) { unsigned long entries =3D 0, tables =3D 0; =20 @@ -281,7 +281,7 @@ static unsigned long __head sme_pgtable_calc(unsigned l= ong len) return entries + tables; } =20 -void __head sme_encrypt_kernel(struct boot_params *bp) +void __init sme_encrypt_kernel(struct boot_params *bp) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; @@ -485,7 +485,7 @@ void __head sme_encrypt_kernel(struct boot_params *bp) native_write_cr3(__native_read_cr3()); } =20 -void __head sme_enable(struct boot_params *bp) +void __init sme_enable(struct boot_params *bp) { unsigned int eax, ebx, ecx, edx; unsigned long feature_mask; diff --git a/arch/x86/include/asm/init.h b/arch/x86/include/asm/init.h index 8b1b1abcef15..01ccdd168df0 100644 --- a/arch/x86/include/asm/init.h +++ b/arch/x86/include/asm/init.h @@ -2,12 +2,6 @@ #ifndef _ASM_X86_INIT_H #define _ASM_X86_INIT_H =20 -#if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 170000 -#define __head __section(".head.text") __no_sanitize_undefined __no_stack_= protector -#else -#define __head __section(".head.text") __no_sanitize_undefined -#endif - struct x86_mapping_info { void *(*alloc_pgt_page)(void *); /* allocate buf for page table */ void (*free_pgt_page)(void *, void *); /* free buf for page table */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S index 76743dfad6ab..437effb1ef03 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -61,7 +61,7 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE) * any particular GDT layout, because we load our own as soon as we * can. */ -__HEAD + __INIT SYM_CODE_START(startup_32) movl pa(initial_stack),%ecx =09 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index d219963ecb60..21816b48537c 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -33,7 +33,7 @@ * because we need identity-mapped pages. */ =20 - __HEAD + __INIT .code64 SYM_CODE_START_NOALIGN(startup_64) UNWIND_HINT_END_OF_STACK diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index 1d78e5631bb8..344030c1a81d 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -24,7 +24,7 @@ #include #include =20 - __HEAD + __INIT =20 /* * Entry point for PVH guests. --=20 2.50.0.727.gbf7dc18ff4-goog From nobody Sun Sep 7 12:19:05 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 792CF28FFC2 for ; Wed, 16 Jul 2025 03:22:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636175; cv=none; b=eCgla4s3gLO+bCUE98ozJ904hjFUdnzyQFDvZ4lqUV+M/diIJ/HeYByhOMJX6IyCBcWYIenIs9mGJvlOVREfBrv/zV29ZOMjNIwpl6rV7U43TWhksVqaTUdMzyuUBiMwGYET2eRBYN5EwZZSxrGtyF9ZRairzlNiysMCBoT2bC0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752636175; c=relaxed/simple; bh=MlIRBxRaja7ZlU2OXFrbRrUPNNl74/HsMd4o37sL9hE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MfQVbWDsgCfVU7pILfUFn494/F7YvRTf5HlMkekGydaWgZFRXSgY269zSi/LF0hV4vrEb5o+Tpl/gAMBWxx+3e7RxuxvPUA/aUWkQEQaRlQdABRJwKxINR/qtF/PcMdc1dQdXUOFQF49xcWm36pKVB8ar7z0AagI0b5Y5j93oQU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YaBIwLRj; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YaBIwLRj" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45617e7b82fso15571645e9.3 for ; Tue, 15 Jul 2025 20:22:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752636172; x=1753240972; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=sRQugI64DfH4l5motO7Op00/v3FgIyII8TOhMD/41k4=; b=YaBIwLRj4Vr6UldV0Y0mL9F1KzgLePgj8fmf3/zkzrzFJlCjZnHQInfIYTtayANFs3 DqvNij75wD+pJyqKSHgS/gZbokP3haFC91+btCgXJx8oxUcLfNFQ3ypOCo6WRLChQ03g ye5QYmLRJ56/HyQ2AtcS2EPdUiwwyb+dl+UQ3dZYKDhe9UhFMulS91IgYNtYcbOwkILi w1TdKzgK+eTOljJZvYD3LoDp0HQkD32xrtDwjumDZqUezru+lmVNCx6FaeFkmU8HryCE i5gn8X0CZw1ViTfEwVptDH9U5Z8jFd6b8XEf5U/WmZadqZ4mOvzeE/PsA0abTHjC9K/5 72+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752636172; x=1753240972; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sRQugI64DfH4l5motO7Op00/v3FgIyII8TOhMD/41k4=; b=e0sgL3mBNVAJUgLbwcDO9orHbCWB02LzKDVDl6dnyfg5kWQ28/DYQsFaUluiFFEKmA kYGSL5OKZXD+qymhCtBPQoW3p9Nu0fKOWV5ni6rqta2iYwJ7SvI5iSxkdJKQ6gCIW/7I dhFvp0MSe21ddt3JomJvj1RzRnydjiZtwCGJPhq4TsSI8GxtDpgG+trYGgtSgt4QQRFR Fuwd5wfxah2FwECpsSEdsPPeXQ6fMfgbnPdzCZO8FoUNmqmOrXHM+zoMIHNGkckSpL5l rz1QlEco2PPo9F9u8UDVsPArLP+e/YDyC8KDAA+6ABMNq/0VV54ChL+mo74h+HsmHxFX tv9g== X-Gm-Message-State: AOJu0Yz92KpCdvgcaxGu0rcXfH/bVgqC03IBsVRUJNpGgjysLfBsa9Z/ y1/2NMWWgA7+1+rhxIDXJAj8hIpmYJEe2Q+3QGbhhb7LnotPVA1C7lsrD+3zB7OhshVe9m+awrO mbp2JRGiAalvNgb/or96xa/aZRd1vDggpy8NX1nAe+fcTNr+P9ZdwitiB4t1gXOLB7EJb8Zp9WU rQ2J0cpvmwo//pkf4bkHQKPS9+Kh4Zpm8w7A== X-Google-Smtp-Source: AGHT+IFnCj8jxS3KgaXjMYNa9itLUHslkb0mJZSlS2GukOKKJ7oOdH9vQZsgJLJZCFlbor9UZzf5RFXO X-Received: from wmbeq12.prod.google.com ([2002:a05:600c:848c:b0:456:c7c:3165]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b2a:b0:442:dc6f:2f11 with SMTP id 5b1f17b1804b1-4562e37c114mr7388035e9.25.1752636171834; Tue, 15 Jul 2025 20:22:51 -0700 (PDT) Date: Wed, 16 Jul 2025 05:18:37 +0200 In-Reply-To: <20250716031814.2096113-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250716031814.2096113-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=737; i=ardb@kernel.org; h=from:subject; bh=2wDANTljMa+3l9R4Cw8PAic5NzJMQu4mfQTgCSM10MY=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIaNcKucX9+Kv8/UmBnls2hwsZnLF65Plcca6y0LPlX8/q zgfkTOjo5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzkw3NGhh3NvT4B8qV73KUO V91+kfcnjb3jj4L8rNXHT2q9SDj1X5mR4dVnn77qeZtvLriWkFFgotIVblooeGyHVBL/Byktdxc NJgA= X-Mailer: git-send-email 2.50.0.727.gbf7dc18ff4-goog Message-ID: <20250716031814.2096113-46-ardb+git@google.com> Subject: [PATCH v5 22/22] x86/boot: Get rid of the .head.text section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The .head.text section is now empty, so it can be dropped from the linker script. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/vmlinux.lds.S | 5 ----- 1 file changed, 5 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 4277efb26358..d7af4a64c211 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -160,11 +160,6 @@ SECTIONS =20 } :text =3D 0xcccccccc =20 - /* bootstrapping code */ - .head.text : AT(ADDR(.head.text) - LOAD_OFFSET) { - HEAD_TEXT - } :text =3D 0xcccccccc - /* End of text section, which should occupy whole number of pages */ _etext =3D .; . =3D ALIGN(PAGE_SIZE); --=20 2.50.0.727.gbf7dc18ff4-goog