From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 50FCB30AD00 for ; Thu, 28 Aug 2025 10:22:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376559; cv=none; b=SnhrsQkorv5ceRgIBffiaYC8aYJcRetP3cUj/hvfLNLs5oL8DRWIFQlOHxVpUeSGiZsUcZmPcy66bX5F/7HaUyMJIDDaFUzBOSTI0iPaYtktAV2eT2mGL/+rcJty45Z75+fmhs0SWiaYUsxsGJlyKikjXceztxUjkcjOT4SqEuw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376559; c=relaxed/simple; bh=QWMAOJGY7wAY00/6/1Jn9/MS9Qg7ZHHCIEvWvhpd8Po=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=h+gR2f8T3emg0+7/egBgPxOtAyubnlJO07Ch8i1R9qtdyqkyAcw7m0jm4083a/pcqOHrgQdb4syz9kCF8MKLb+CgMfYxIWYRyWxhx+ITOTxOUs/glAsEy2s9EFZfSuSxMYBj7KowyrGYpjRrsMejq/4QZKkv7jRtjkhjim+YMR4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mrbyGs+V; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mrbyGs+V" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45a1b0b14daso4604545e9.2 for ; Thu, 28 Aug 2025 03:22:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376556; x=1756981356; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=T3TnBpY9TST7dQigmkmElwBFo/yBElL6XMFdV+VIXJk=; b=mrbyGs+VJ9rjAjXeGEZaNelmEcgGho7Lwqu8h1W7SeZChED7c8gbgGXZC0B6QTwfhZ Rg3m24Txp+LTKE5sa+bQL/nipDz+kaJlCFHxksSAqH7996qHFQdmKLe3KAv6ezKFtJWL ANp1t0t4SrR9kOBel2k8Fm53h6FMT4sTEBmLfHydgD/8p6QEk3CBtEqOEmkfuOuB4NS/ mxfFY8C5qQbMryoluho5Xvc7PHQu22t3cyLijevBL8tK2wjMxFUYEILtOqKp6W+SbXgb m+nBNKQV2rw2aTEWvU3laYNdfKsOHlyeuAaoR9clzs6W8LHHd4g6JkM42T9sq5xZ19rO w36A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376556; x=1756981356; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=T3TnBpY9TST7dQigmkmElwBFo/yBElL6XMFdV+VIXJk=; b=E+bTA+OLJhdyjwW+4aAZ8AX9t360NShBXS4olHDlMPeXJJUqd9ZmDcXC8ee6VX08lT JvzYcRW8H9wtth6iuDLlLFGggFqKWk/kLrt4INvY4DMGo/xElCSTMLJdIwn/JTu0qx4+ T9xxP36VgpIFE65d2O/8CkIYudER510gUSqzLKphNgeR6mWxc8VBNe6/EFzaPy1owWPy 3qZvORDjNeis+A5aosdKe7qsdgivbNpWuYfXwsx5dtPI8bNxsRuoIhkjiDg9M49LC32P L317G0xQj6ypHMlPtvfIsNI2oFpe2L+fARJbjJxnzCCZqE/uI1tqM8ZCAq2sVMs4gqV7 2Xrw== X-Gm-Message-State: AOJu0YxpOcOzVvvD/g/d9+OaDdKf8ofaP9UqvLdPSeqjk8WCr4Lgykm7 +yISGH/ZesrrIvgHHPvFC4HSXnx/yquhP2MoLTgaRquq8MusCdfgl3cgXonlQ9d7qWfxA4WGSjV bzos+nI3odTLDOCCimx82bjtHZOwaRpfZ3hL6J5sO0uumqc/ArJO4WJ5IctC0ZSPytLIyj+aY/5 Y2k9L6B3ZkIDOT+cfl9TZyRiZ83TXIQTdZeg== X-Google-Smtp-Source: AGHT+IGmn4fylxlHvTGvZojtYGz2aGF8b7MYomRZcytxjfvT4OhW4VzPuMKEvb0vhLIkgGrBXtYySlAn X-Received: from wmbfp21.prod.google.com ([2002:a05:600c:6995:b0:45b:79d1:abcb]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1e8a:b0:459:ddad:a3a3 with SMTP id 5b1f17b1804b1-45b517ddbd5mr208544765e9.25.1756376555802; Thu, 28 Aug 2025 03:22:35 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:04 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7420; i=ardb@kernel.org; h=from:subject; bh=qu1Hf52YhO2sdv5NSOQ+rtKpRbKQeGB9Ds++Nh+Esg0=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7pm1Cdduh5w3uL33UOergL3f5t2fe0Zhi1R34gzPV T9DH/IydpSyMIhxMciKKbIIzP77bufpiVK1zrNkYeawMoEMYeDiFICJ8LMz/C8VL5TYs/SNftaW q68mTHf3nxhwqHNS292kP1Grp7QtOFvE8N+16mSJnavd77ZXOjc1Ny7Imcf7TmO79ibGwr87/7N abOIDAA== X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-25-ardb+git@google.com> Subject: [PATCH v7 01/22] x86/sev: Separate MSR and GHCB based snp_cpuid() via a callback From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel There are two distinct callers of snp_cpuid(): one where the MSR protocol is always used, and one where the GHCB page based interface is always used. The snp_cpuid() logic does not care about the distinction, which only matters at a lower level. But the fact that it supports both interfaces means that the GHCB page based logic is pulled into the early startup code where PA to VA conversions are problematic, given that it runs from the 1:1 mapping of memory. So keep snp_cpuid() itself in the startup code, but factor out the hypervisor calls via a callback, so that the GHCB page handling can be moved out. Code refactoring only - no functional change intended. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/startup/sev-shared.c | 59 ++++---------------- arch/x86/coco/sev/vc-shared.c | 49 +++++++++++++++- arch/x86/include/asm/sev.h | 3 +- 3 files changed, 61 insertions(+), 50 deletions(-) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index a34cd19796f9..ed88dfe7605e 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -342,44 +342,7 @@ static int __sev_cpuid_hv_msr(struct cpuid_leaf *leaf) return ret; } =20 -static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) -{ - u32 cr4 =3D native_read_cr4(); - int ret; - - ghcb_set_rax(ghcb, leaf->fn); - ghcb_set_rcx(ghcb, leaf->subfn); - - if (cr4 & X86_CR4_OSXSAVE) - /* Safe to read xcr0 */ - ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK)); - else - /* xgetbv will cause #UD - use reset value for xcr0 */ - ghcb_set_xcr0(ghcb, 1); - - ret =3D sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); - if (ret !=3D ES_OK) - return ret; - - if (!(ghcb_rax_is_valid(ghcb) && - ghcb_rbx_is_valid(ghcb) && - ghcb_rcx_is_valid(ghcb) && - ghcb_rdx_is_valid(ghcb))) - return ES_VMM_ERROR; =20 - leaf->eax =3D ghcb->save.rax; - leaf->ebx =3D ghcb->save.rbx; - leaf->ecx =3D ghcb->save.rcx; - leaf->edx =3D ghcb->save.rdx; - - return ES_OK; -} - -static int sev_cpuid_hv(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct= cpuid_leaf *leaf) -{ - return ghcb ? __sev_cpuid_hv_ghcb(ghcb, ctxt, leaf) - : __sev_cpuid_hv_msr(leaf); -} =20 /* * This may be called early while still running on the initial identity @@ -484,21 +447,21 @@ snp_cpuid_get_validated_func(struct cpuid_leaf *leaf) return false; } =20 -static void snp_cpuid_hv(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struc= t cpuid_leaf *leaf) +static void snp_cpuid_hv_msr(void *ctx, struct cpuid_leaf *leaf) { - if (sev_cpuid_hv(ghcb, ctxt, leaf)) + if (__sev_cpuid_hv_msr(leaf)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); } =20 static int __head -snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_ctxt *ctxt, - struct cpuid_leaf *leaf) +snp_cpuid_postprocess(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *leaf), + void *ctx, struct cpuid_leaf *leaf) { struct cpuid_leaf leaf_hv =3D *leaf; =20 switch (leaf->fn) { case 0x1: - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_fn(ctx, &leaf_hv); =20 /* initial APIC ID */ leaf->ebx =3D (leaf_hv.ebx & GENMASK(31, 24)) | (leaf->ebx & GENMASK(23,= 0)); @@ -517,7 +480,7 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, break; case 0xB: leaf_hv.subfn =3D 0; - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_fn(ctx, &leaf_hv); =20 /* extended APIC ID */ leaf->edx =3D leaf_hv.edx; @@ -565,7 +528,7 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, } break; case 0x8000001E: - snp_cpuid_hv(ghcb, ctxt, &leaf_hv); + cpuid_fn(ctx, &leaf_hv); =20 /* extended APIC ID */ leaf->eax =3D leaf_hv.eax; @@ -586,8 +549,8 @@ snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_c= txt *ctxt, * Returns -EOPNOTSUPP if feature not enabled. Any other non-zero return v= alue * should be treated as fatal by caller. */ -int __head -snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct cpuid_leaf *l= eaf) +int __head snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *leaf), + void *ctx, struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); =20 @@ -621,7 +584,7 @@ snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, s= truct cpuid_leaf *leaf) return 0; } =20 - return snp_cpuid_postprocess(ghcb, ctxt, leaf); + return snp_cpuid_postprocess(cpuid_fn, ctx, leaf); } =20 /* @@ -648,7 +611,7 @@ void __head do_vc_no_ghcb(struct pt_regs *regs, unsigne= d long exit_code) leaf.fn =3D fn; leaf.subfn =3D subfn; =20 - ret =3D snp_cpuid(NULL, NULL, &leaf); + ret =3D snp_cpuid(snp_cpuid_hv_msr, NULL, &leaf); if (!ret) goto cpuid_done; =20 diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c index 2c0ab0fdc060..b4688f69102e 100644 --- a/arch/x86/coco/sev/vc-shared.c +++ b/arch/x86/coco/sev/vc-shared.c @@ -409,15 +409,62 @@ static enum es_result vc_handle_ioio(struct ghcb *ghc= b, struct es_em_ctxt *ctxt) return ret; } =20 +static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) +{ + u32 cr4 =3D native_read_cr4(); + int ret; + + ghcb_set_rax(ghcb, leaf->fn); + ghcb_set_rcx(ghcb, leaf->subfn); + + if (cr4 & X86_CR4_OSXSAVE) + /* Safe to read xcr0 */ + ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK)); + else + /* xgetbv will cause #UD - use reset value for xcr0 */ + ghcb_set_xcr0(ghcb, 1); + + ret =3D sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); + if (ret !=3D ES_OK) + return ret; + + if (!(ghcb_rax_is_valid(ghcb) && + ghcb_rbx_is_valid(ghcb) && + ghcb_rcx_is_valid(ghcb) && + ghcb_rdx_is_valid(ghcb))) + return ES_VMM_ERROR; + + leaf->eax =3D ghcb->save.rax; + leaf->ebx =3D ghcb->save.rbx; + leaf->ecx =3D ghcb->save.rcx; + leaf->edx =3D ghcb->save.rdx; + + return ES_OK; +} + +struct cpuid_ctx { + struct ghcb *ghcb; + struct es_em_ctxt *ctxt; +}; + +static void snp_cpuid_hv_ghcb(void *p, struct cpuid_leaf *leaf) +{ + struct cpuid_ctx *ctx =3D p; + + if (__sev_cpuid_hv_ghcb(ctx->ghcb, ctx->ctxt, leaf)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); +} + static int vc_handle_cpuid_snp(struct ghcb *ghcb, struct es_em_ctxt *ctxt) { + struct cpuid_ctx ctx =3D { ghcb, ctxt }; struct pt_regs *regs =3D ctxt->regs; struct cpuid_leaf leaf; int ret; =20 leaf.fn =3D regs->ax; leaf.subfn =3D regs->cx; - ret =3D snp_cpuid(ghcb, ctxt, &leaf); + ret =3D snp_cpuid(snp_cpuid_hv_ghcb, &ctx, &leaf); if (!ret) { regs->ax =3D leaf.eax; regs->bx =3D leaf.ebx; diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 02236962fdb1..e4622e470ceb 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -552,7 +552,8 @@ struct cpuid_leaf { u32 edx; }; =20 -int snp_cpuid(struct ghcb *ghcb, struct es_em_ctxt *ctxt, struct cpuid_lea= f *leaf); +int snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *leaf), + void *ctx, struct cpuid_leaf *leaf); =20 void __noreturn sev_es_terminate(unsigned int set, unsigned int reason); enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 76A4230AD02 for ; Thu, 28 Aug 2025 10:22:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376560; cv=none; b=pUi6VHFCIDGNbeR6khLk4zg2fLa6K9ZEhY7mLNShZL7dnmGj4DW2/J5bbYl03FhtUBsW7KoSoI48Q016NMhyQcRn/wvzp7YcWDtvmLCy8rBb4m8vjHbrXQe/c6RGiDJc2koxE8gkMYhlySiDbMjQzZPxLp6HwkBm9UzMXMVd3io= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376560; c=relaxed/simple; bh=9FMrFz4yFws9nSQBzYDGUzVsmgC0frORowbaBDaRe+w=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=UcM4iCf861dEbwYZWu8hIEG2DnSRpSA5LpTFN+dgM2VPYGP8mT348/wQJAOM2IineB71TBQVaAZXdpZrzQqo/tfeYxtvle9dSL/V+YypgJdH3cnbkhxcJwHHtvBGwy6TscFP7cgay9PDQx606LswzcVgchJBSXzKfnYQW8z9NlY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1K9cFEOP; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1K9cFEOP" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45a1b0caae1so3719675e9.3 for ; Thu, 28 Aug 2025 03:22:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376557; x=1756981357; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3nwQAXQR3Sl4Tq4m168ErEqZbqg4yCIflfJGhXYIiQE=; b=1K9cFEOPrKQ/rMNV0GQMgD63326XAsyVK/B1joDHy/CPySR9PFm+L2M4zuc0WvZhch 9JD+5jvxRrnV+GJnxSsK9XTSZR7roqgAZKeEY3ZPguYjhqBQqIg/nc/sXC79Fp4q7k1G 46im4Y059XSS+e+bU5dCbxFA9qYqjnA+SOUyFdsQpCZQTIwZaA88remQBGvSdVcGYM6l NfHt+/rfZp9ATcB86p8PdZkYY5t1ZxJdZc/otl035tcllcN+MaJb1d/5xksy/ozvWSHg feQL0ji4l2oxpECd16bPsPu4tMfmZ9EOgPaUdmx/OImrjgrRNQ1/fCI6dQJ600CK9kqg SUKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376557; x=1756981357; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3nwQAXQR3Sl4Tq4m168ErEqZbqg4yCIflfJGhXYIiQE=; b=YRFZ2FggcMH3eQdYp5PGvd3KgQXV0k7NN7z8FZxDYbsx1O89n2/QAyA0a8QfTiXIKj R9oimS9hvUbaCUdXYrK2A42+36YoiVBvjVbfCdD6PRasRBXpjjZd1w66LDKmhlDnKI2z izaEjebdleylrShEi/YUA3RgwepL81/uYbyfjJaWvcfnFCD/t9aeboKT8+vA7/LO2aeS ddxmYsamoYnsfR92Aea7ciO0VWC9Raud+kgrNjM8Y4MP9nX4ea9X2WYMSH5rbgkjMTDr 0rK9xjFg3AjlRtLCia8e3/FlkvAFeEUS+8yJghpiXyO6UdPITeZPQevunaX/awUO9HFJ B8sA== X-Gm-Message-State: AOJu0YysfK5JlixfsynSurt8LCWuOVRMW6uFsLyrA88G/hCQj7dmYZkt Kqb6w7HP8VoP4LI48GLUkVxYTn0/FgG8LCc54maha7pBL7liMNHbDN41rh7LwMdTdQMyb2ZBFAO o+jMhez5v+KEyKW6W9h8v1yobc6194pHnxktRbClWMfrk6G5rKMqXRPZIjgldyxwyjogdJDGl4w YRqVMgLSmMVpOBeGWUOZWJAki66Qujq+gtww== X-Google-Smtp-Source: AGHT+IFez/08MYxA9v+9mjiybP8x5VNsKwGdGi6kiKjqmcS81v+Op5yujYj106yzaLaRso2zU6X6EeFg X-Received: from wmbel18.prod.google.com ([2002:a05:600c:3e12:b0:45b:732e:5a16]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:5d0a:0:b0:3c4:c15e:d08c with SMTP id ffacd0b85a97d-3c5dcdf92c2mr20718922f8f.42.1756376556806; Thu, 28 Aug 2025 03:22:36 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:05 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2215; i=ardb@kernel.org; h=from:subject; bh=mTyGVbIeyFyq7WTQ0GeVQAG9AK2IHXM5K/3hy8ql8SQ=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7tk25YrgQxekrwRt83cQXds/1W3G5N+bVQ46vCnTy eTjzd/XUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACbyxJXhn/XxeddDPz3tqs+7 6Mv8v9/y0b8QmQ1zt32zFTTk+xYY0MTI8CFm+d1pbgxyXl8eaifl7UhXUNnb/l4wal/ekWWCDzq vcAEA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-26-ardb+git@google.com> Subject: [PATCH v7 02/22] x86/sev: Use MSR protocol for remapping SVSM calling area From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel As the preceding code comment already indicates, remapping the SVSM calling area occurs long before the GHCB page is configured, and so calling svsm_perform_call_protocol() is guaranteed to result in a call to svsm_perform_msr_protocol(). So just call the latter directly. This allows most of the GHCB based API infrastructure to be moved out of the startup code in a subsequent patch. Signed-off-by: Ard Biesheuvel Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Tom Lendacky --- arch/x86/boot/startup/sev-shared.c | 11 +++++++++++ arch/x86/boot/startup/sev-startup.c | 5 ++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index ed88dfe7605e..975d2b02926a 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -724,6 +724,17 @@ static void __head setup_cpuid_table(const struct cc_b= lob_sev_info *cc_info) } } =20 +static int __head svsm_call_msr_protocol(struct svsm_call *call) +{ + int ret; + + do { + ret =3D svsm_perform_msr_protocol(call); + } while (ret =3D=3D -EAGAIN); + + return ret; +} + static void __head svsm_pval_4k_page(unsigned long paddr, bool validate) { struct svsm_pvalidate_call *pc; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 0b7e3b950183..8412807a865c 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -295,7 +295,6 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) static __head void svsm_setup(struct cc_blob_sev_info *cc_info) { struct svsm_call call =3D {}; - int ret; u64 pa; =20 /* @@ -325,8 +324,8 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) call.caa =3D svsm_get_caa(); call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); call.rcx =3D pa; - ret =3D svsm_perform_call_protocol(&call); - if (ret) + + if (svsm_call_msr_protocol(&call)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CA_REMAP_FAIL); =20 boot_svsm_caa =3D (struct svsm_ca *)pa; --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDBD030BB8A for ; Thu, 28 Aug 2025 10:22:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376561; cv=none; b=XCkkcge8bnRXznC8Zrv4U2u6RNHVpYsj4oUmSXnGMdnndb4plg6+SMdBfS1P8A/lh4ZyBZh755JFOLHJeDR2Z5PVg02Bz3/HAOxu+vHEJYsd1yXWIVJ8fYrIIXwxiPLaswZsYMqgeWMaWwcEHRe9viFDP8EaicykoXxFGfNoyug= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376561; c=relaxed/simple; bh=Wupn8/+jH4ehbUGTnycniS0JbTKV7i2I/hx50kmtTmg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=gSSsQTBf7zYDqqI6gEglh/1XOego9TCk7bXRm9PpmOBbn70ZVht1rRHLUsatfaYAdj+Be7WmwdypyP8GO4E4fheiX8uR6/c+VfPGzC2rnhuXG7LXeocgP3uMyIm6g8w9K957fFiS0Wik764Fx2XbFMVb/vFtInaYwlOUz8jWL4E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=tOXsvV7Q; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tOXsvV7Q" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45b74ec7cd0so4931205e9.2 for ; Thu, 28 Aug 2025 03:22:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376558; x=1756981358; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=XHA7B2dxRx1gFNHgqhk1zivIqtg1FKdAaUdN5SpURY8=; b=tOXsvV7Q/jr29zAXGGlJZReVROr3RNW1R2B+buAe54yDzKfrdcb/UdYXABK/LFNM0D ez8ptIleJY9pa1GCFOhbWcUkIfSUW+7wCXKYyxoiB82TNQfQ6E/plZLOm3LS67FoOx6a 5KowlvN0SfTl55+IK4WQ6IZNq4A5NCaAIRGhV8w5hBV8v9s+r1gM63REf/ZvIC+FvY3w zIcgx4agCsjNdqN9R3xSJqecX28H13YJkp8I58LuIf9kqrdMFDKcC5dUNtu2o1tCDPjm I6BMhvwlwliVQfMKk4JR+LiQ1MmQikQohZBQ0CRHrRWx11c1FEMqaZkmfk/v1NNipm7M Z+jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376558; x=1756981358; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XHA7B2dxRx1gFNHgqhk1zivIqtg1FKdAaUdN5SpURY8=; b=kNmf+kcSvdp6YUk4Eh0I9ScEy9XPrLnDBGJ8GKxH4l3+Bnoc8DdHq9XQfJM/moAFDm 9eIT9cA6k8cRfsA3iJu0h7cu87BK3XZQ13FAjCoIBlbWm0j+fs8qLAAmKPWCCXWMWR1+ Zi4v1ATubo0MLE1FyJ77ZClUPTiDWfMshQsQOM5Rqq02QcW0Iyl6xfdtwXqMABcynXnv IodOksW+VUgbxa/H+KgIZX/4f53S1UamGrTSLoiZlsvaZZLEHvi21eUcOjC4s9JSWBeB osZYNGWjm9FjP5vCiponUqC5NNzS+7mq0xmN51a89eFawFRlfld2N7eym69QsZRDn9lO eDXQ== X-Gm-Message-State: AOJu0YxjQUtxrks22k32gCsdlAy7e5s7o5l1mBlQAIkoeWj9paSTs03t eXW36651RrKGZYGkAvXDcnLolfKyKFSLKBVPsHUNoCckPCVxW+tH1K+YdD+gzzHz3p08d9yvQW5 WJ2yQxYbVCa8eB5WruIuX1x2jVveps8LwouLzwqtk9tv8KFQ6lCV2dNT3FcbdGxumbdcc1Bu412 Qk9VzDXfaNYz4tacqNKEYM6wlMD9OKZD11Sw== X-Google-Smtp-Source: AGHT+IEk3hBf93LRYqSHeKwyXZ4JBY2S2O4NXvMQfmCXYG7fatoBNKva0DHLZa0NRAGk6sSpdmCjV3lo X-Received: from wmbhj23.prod.google.com ([2002:a05:600c:5297:b0:458:c02c:3ccd]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:2ad3:b0:45b:79fd:cb45 with SMTP id 5b1f17b1804b1-45b79fdcc32mr11826105e9.29.1756376557923; Thu, 28 Aug 2025 03:22:37 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:06 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2838; i=ardb@kernel.org; h=from:subject; bh=TcdYcykAR9cLEM27p6kO98NKAl+g8NWrqQB4rNoCokc=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7rlS1eUu599PVi5+e11pvbXSo4ebZ973df811/uxd leHC6dYRykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhIUQAjw+PeiXrOMdZfriVl CC9K+Zf90+3TT/WzJg+ZJtclbd0bNYnhv98+QwON8lsFeyvOLJKYY/svr/DpOb1zSibr/v67nHx pGhsA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-27-ardb+git@google.com> Subject: [PATCH v7 03/22] x86/sev: Use MSR protocol only for early SVSM PVALIDATE call From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The early page state change API performs an SVSM call to PVALIDATE each page when running under a SVSM, and this involves either a GHCB page based call or a call based on the MSR protocol. The GHCB page based variant involves VA to PA translation of the GHCB address, and this is best avoided in the startup code, where virtual addresses are ambiguous (1:1 or kernel virtual). As this is the last remaining occurrence of svsm_perform_call_protocol() in the startup code, switch to the MSR protocol exclusively in this particular case, so that the GHCB based plumbing can be moved out of the startup code entirely in a subsequent patch. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 20 -------------------- arch/x86/boot/startup/sev-shared.c | 9 ++++++--- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index fd1b67dfea22..b71c1ab6a282 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -50,31 +50,11 @@ u64 svsm_get_caa_pa(void) return boot_svsm_caa_pa; } =20 -int svsm_perform_call_protocol(struct svsm_call *call); - u8 snp_vmpl; =20 /* Include code for early handlers */ #include "../../boot/startup/sev-shared.c" =20 -int svsm_perform_call_protocol(struct svsm_call *call) -{ - struct ghcb *ghcb; - int ret; - - if (boot_ghcb) - ghcb =3D boot_ghcb; - else - ghcb =3D NULL; - - do { - ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); - } while (ret =3D=3D -EAGAIN); - - return ret; -} - static bool sev_snp_enabled(void) { return sev_status & MSR_AMD64_SEV_SNP_ENABLED; diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 975d2b02926a..7bd73462c11e 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -741,7 +741,6 @@ static void __head svsm_pval_4k_page(unsigned long padd= r, bool validate) struct svsm_call call =3D {}; unsigned long flags; u64 pc_pa; - int ret; =20 /* * This can be called very early in the boot, use native functions in @@ -766,8 +765,12 @@ static void __head svsm_pval_4k_page(unsigned long pad= dr, bool validate) call.rax =3D SVSM_CORE_CALL(SVSM_CORE_PVALIDATE); call.rcx =3D pc_pa; =20 - ret =3D svsm_perform_call_protocol(&call); - if (ret) + /* + * Use the MSR protocol exclusively, so that this code is usable in + * startup code where VA/PA translations of the GHCB page's address may + * be problematic. + */ + if (svsm_call_msr_protocol(&call)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); =20 native_local_irq_restore(flags); --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C32D430BBAE for ; Thu, 28 Aug 2025 10:22:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376563; cv=none; b=TfSHfQ2/nieScyAcuV57z7Bg22LSp9RsWcq+/tVgTMjEwXDAFmiNyk/W5zHMQmG9deGeLwEXrMkAFiWlWqYC5IVW5qpmMP4x7yZJFJmoZ5nMNPHOgf9kFQZyTheExksXeusqdORSS+iGJnve7pNDPPMi0Qb54y8fq3/dmxczZvA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376563; c=relaxed/simple; bh=XG4iFPQ7dXm9EawAtfRXbf+NOLZ/2VSBVsOoLZQRg/Q=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=t1te9lDUpY5G2Cg1xKW+445hsmxERo8Il3i6M4rX5PTrFZuZNMHvl5aHuXh50fzoeX1vIkJ3uMWF7Gd9rO6WHZjkR2gm4pE3UONrTSXLCFbQtqmM/xlE2H0RuK7zvG5th+mLCjcjSpXajgCNuRe9ttKu7OcZrVc+nUaIkZVvjl8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=DHVV3M7o; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="DHVV3M7o" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45b7a0d1a71so3864435e9.2 for ; Thu, 28 Aug 2025 03:22:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376559; x=1756981359; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=n+Ex4M3lYhbOdmTgl2VVZUUMMctjvi43SPBt0Zir0yQ=; b=DHVV3M7oQeS6qHogfdPYdrKMnXzLrxswpF/YHjnUW+Qy6oB3CfezOxgL+HhtQpVRaw JvmfLtAWU9g44ATIeF+47BmLK+pom7l87DYAw2wzdRtCC2OgirLkmAG3HqFbH/sZx6pv 9eZ1x3nP1PVhLPRvOeo5cTHFHf27PxDyJfsWGaR5hSsoqBS3J/WwvsKs/5jrG9L+evdu jvnvwxm0DILbiy04V6orOoEmHhcbTP1JdO981NRGJBFve49ZPJK9VVJAm79fpNq1gCqE J6GJ9F1JlnFCDQLIijZGHXj4xGTJ0goyb3MFQJBuoyyPiLOc3zkERlY8591VLPW0lAhO tF8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376559; x=1756981359; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=n+Ex4M3lYhbOdmTgl2VVZUUMMctjvi43SPBt0Zir0yQ=; b=ufJxt6PlghrFprWi2tC1G9q89uTgQ66X0X59gngETfwiSwE7C7xz7p5zyCAnwpyltn qpWSmaKzAoCsajRq6oTm1UlOeI3EaMcTi+pFWdvg/Xdu5ABOLREjqsFSpv635igZ48b8 GfmRrjigihM7Qu2DAeRMdUJKkoyWahxhjC3tIi+FKR5tJsqVXRYNEkJYUA9m9B3xQ9VW wYIX3Wzb/zLpzpx9njFm2Ihay6NAStACUClbroBMiYI16a+Y+f72YF3KgaCUH18PO8PD R75voG/2UYVPQqwKq+Za6qrzteoasMZQmc4HtCEJEQ4RuaG6rTXO4ic8F8xkRn8dOL8c YqXQ== X-Gm-Message-State: AOJu0YwmC0L/ZATY8H0PllXRsFZo+mkiwwAk6KY6ovojxin+pVE4uPnH lKFtS4+2NwgShlV33y4cYBxCVuHGJ4+IcKruKS175mri9kLEFnNgStPN3Is0TDreakgouoSZCJF 3cB7LD4Yv8IP955N0vX62w9arzGvED2e5oyBS/7Kr1hojTVcWe+wsoQLjIYLrC0c1NbAc8h9hH3 w7W5o3gMOsn5uC99nCPydWvumE7ibOu6FcGw== X-Google-Smtp-Source: AGHT+IGNzEO84yuvx51wyyUqZ5IgdRemtZpso/SXozOIRmH2QEl8i4IgDhNAbJ8hB7wf//PXXEVqHe/I X-Received: from wmsz14.prod.google.com ([2002:a05:600c:c16e:b0:459:de2a:4d58]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c0d1:20b0:459:d8c2:80b2 with SMTP id 5b1f17b1804b1-45b5190ff43mr118500785e9.7.1756376559293; Thu, 28 Aug 2025 03:22:39 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:07 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2885; i=ardb@kernel.org; h=from:subject; bh=c3RqFILGYSYwN8rYDyGtCPSFDiKCSaKQd37/kSOjjY8=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7nnxU+XS3UwWWdyvmbYVyF6/N+v/YdcnW2yX8E7e/ eRBtYtsRykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhIoisjw6StK04wCSx5Ij9p yfy+npNrr+sapJfvYXiUJN134rLsoieMDF8/iRwWOLLrs16+bWBncuiaRjXb3p9B7mrn5zOvS99 axQQA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-28-ardb+git@google.com> Subject: [PATCH v7 04/22] x86/sev: Run RMPADJUST on SVSM calling area page to test VMPL From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Determining the VMPL at which the kernel runs involves performing a RMPADJUST operation on an arbitrary page of memory, and observing whether it succeeds. The use of boot_ghcb_page in the core kernel in this case is completely arbitrary, but results in the need to provide a PIC alias for it. So use boot_svsm_ca_page instead, which already needs this alias for other reasons. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 2 +- arch/x86/boot/startup/sev-shared.c | 5 +++-- arch/x86/boot/startup/sev-startup.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index b71c1ab6a282..3628e9bddc6a 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -327,7 +327,7 @@ static bool early_snp_init(struct boot_params *bp) * running at VMPL0. The CA will be used to communicate with the * SVSM and request its services. */ - svsm_setup_ca(cc_info); + svsm_setup_ca(cc_info, rip_rel_ptr(&boot_ghcb_page)); =20 /* * Pass run-time kernel a pointer to CC info via boot_params so EFI diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 7bd73462c11e..83c222a4f1fa 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -801,7 +801,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. */ -static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info) +static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, + void *page) { struct snp_secrets_page *secrets_page; struct snp_cpuid_table *cpuid_table; @@ -824,7 +825,7 @@ static bool __head svsm_setup_ca(const struct cc_blob_s= ev_info *cc_info) * routine is running identity mapped when called, both by the decompress= or * code and the early kernel code. */ - if (!rmpadjust((unsigned long)rip_rel_ptr(&boot_ghcb_page), RMP_PG_SIZE_4= K, 1)) + if (!rmpadjust((unsigned long)page, RMP_PG_SIZE_4K, 1)) return false; =20 /* diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 8412807a865c..3da04a715831 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -302,7 +302,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) * running at VMPL0. The CA will be used to communicate with the * SVSM to perform the SVSM services. */ - if (!svsm_setup_ca(cc_info)) + if (!svsm_setup_ca(cc_info, rip_rel_ptr(&boot_svsm_ca_page))) return; =20 /* --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 50EDC30BB90 for ; Thu, 28 Aug 2025 10:22:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376565; cv=none; b=i6WGD62Fd51KYyVW3EkR5RL1Y7fBW1B5j4jAo4eNV/o+WeBZvWB8T4smWYBxIITNfPZ23BOiOaPtIpnVI913k+v5DJrlnvqDHuRt1H7lNUY61Ysd59b5VJOp+twvqvh/1XzmfAtiPXS5Egfbhopjubqa81oLtFXJt69ur4a1HYI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376565; c=relaxed/simple; bh=L+RX7wsFWUJDXC7j/TvaLisN+sLeVwiHzkBEw8Cn1qY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=oEIJ30lKpmQ348NvClSPmuuIqv1LxpuNe8UmMhvoaslpYOy0h4Akh212GAsBx0kRqv6XKDfgd7SbFlh+tVwYMOwhGEGU20wQ8Y6b/pKsplIvB6g4k2m8IHCDb/B+Yqw0e/7zrC8YOkrdWeJjeEN4vujraiqldiv5qVcbeQFortU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=iOreWv1M; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="iOreWv1M" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3cceb92ea73so473424f8f.0 for ; Thu, 28 Aug 2025 03:22:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376560; x=1756981360; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=q6TZMaPVJEARk964GE2iYkX5BUEOsBV34EEMIahrLqs=; b=iOreWv1M7CNexo5tWIoP/3XFFXi97/ZgzXn/2sQUPqWSl1zN7s3pb+Nae3Ae7/nRn0 +s8cVWNgOUsfrbVSL9NvB3Xk6OXsWQ1KyJYxnulA2K22bE22uOfHf2zW9ezCEX8IMSd9 71J5rXQcXNsnejwoHTH94AdFyACv3WD1yj9DgmaUbvv1Uk1ZlQmQpiebrcHqeJ8/OmN2 s5XZMkEYgRcB+x7/x9UPM80+YH9atW3TkJ2EQ+6uhX32b0QV9/+sqgzkGf9OtbANsfj9 4JlSZfsmjnas4IS7Zan9osLS/dL5vfGF6vXKll2q8CLzUKEiw167noS8qCXKwotzj4cm hQtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376560; x=1756981360; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=q6TZMaPVJEARk964GE2iYkX5BUEOsBV34EEMIahrLqs=; b=Dp6y0gcqx6cqeojZJ+BZAoHhGr0GXGVJc6bkKQd7yPN+X/jApoBCJcZaOoi1CF2Im8 Ob6bZU5C3E2RE89YM6/AKsvbOSw9KYNOIYfb+OPte5AIEesrT1xc4wADtOh3vSAdsq2s wtlor9HQ5k5WiMo00biCcFVyp71NOpaMRJmd65GvYBmssg82pXDa96+K7zX/byubEWIG 5mslkGfgB1INtoQvt5aFn4Gw36H5P7pyhhdxQSrrBEpgITsko7gQ91NiFnal0TQUpdjM jhj/SJfrFq/ABqP+TyvxLkemdKziTdLoG6FERJiCCu98cGrgJEeQSTpdrTUJ2G8epmFh XP6w== X-Gm-Message-State: AOJu0YwZKnHDuBxCyinG7rK7J7wDJtJ4WOVOPaT7eJa7cgy9oLlRS5vn YorSGSfddjaQDTe0Dfmx70zYkkI/SlPeXERiyZEVUVyYGA+oNviAzor5V9Zbn7cgdE72VtK8jLd PJ47xKXhOJXFd5zhgXyZj53pXDl+BuQJcZ8TMweGUUsf0Wx9rK6p22kyk4TLJkHq55W587d8/aw Pg93tGlnxPnqDq/aQ6D7PYphnR5190mkWAmA== X-Google-Smtp-Source: AGHT+IGeUkHsu/efF9geH8Od62QWfhTlIYbTSMvHZZMnJJNSQIOF1yh0zuwqD4vi+TrB10COuvpD4ZMj X-Received: from wmth22.prod.google.com ([2002:a05:600c:8b76:b0:458:715c:51a1]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:24c1:b0:3c8:352a:4aae with SMTP id ffacd0b85a97d-3c8352a4fcfmr12093260f8f.50.1756376560106; Thu, 28 Aug 2025 03:22:40 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:08 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=18268; i=ardb@kernel.org; h=from:subject; bh=UzzeHu5BMFjxjwx/7quRQp+stnsZDEIfiEfRu4iYsNk=; b=kA0DAAoWMG4JVi59LVwByyZiAGiwLdHIb28KW51udLSFOjSZdonAMuwKSakDaEk8bDmI1urZ1 Yh1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmiwLdEACgkQMG4JVi59LVwazwD+NR3K Hkjvzb5HSXHC2LvPCOcq1tMKGAvLcch30fEOHGABAK+rElwWRZepXxEIdccdUaZO9PLv7nnLyBK 9Kuc22hgJ X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-29-ardb+git@google.com> Subject: [PATCH v7 05/22] x86/sev: Move GHCB page based HV communication out of startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Both the decompressor and the core kernel implement an early #VC handler, which only deals with CPUID instructions, and full featured one, which can handle any #VC exception. The former communicates with the hypervisor using the MSR based protocol, whereas the latter uses a shared GHCB page, which is configured a bit later during the boot, when the kernel runs from its ordinary virtual mapping, rather than the 1:1 mapping that the startup code uses. Accessing this shared GHCB page from the core kernel's startup code is problematic, because it involves converting the GHCB address provided by the caller to a physical address. In the startup code, virtual to physical address translations are problematic, given that the virtual address might be a 1:1 mapped address, and such translations should therefore be avoided. This means that exposing startup code dealing with the GHCB to callers that execute from the ordinary kernel virtual mapping should be avoided too. So move all GHCB page based communication out of the startup code, now that all communication occurring before the kernel virtual mapping is up relies on the MSR protocol only. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev-handle-vc.c | 3 + arch/x86/boot/startup/sev-shared.c | 143 +------------------- arch/x86/boot/startup/sev-startup.c | 42 ------ arch/x86/coco/sev/core.c | 76 +++++++++++ arch/x86/coco/sev/vc-handle.c | 2 + arch/x86/coco/sev/vc-shared.c | 94 +++++++++++++ arch/x86/include/asm/sev-internal.h | 7 +- arch/x86/include/asm/sev.h | 11 +- 8 files changed, 190 insertions(+), 188 deletions(-) diff --git a/arch/x86/boot/compressed/sev-handle-vc.c b/arch/x86/boot/compr= essed/sev-handle-vc.c index 89dd02de2a0f..7530ad8b768b 100644 --- a/arch/x86/boot/compressed/sev-handle-vc.c +++ b/arch/x86/boot/compressed/sev-handle-vc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 =20 #include "misc.h" +#include "error.h" #include "sev.h" =20 #include @@ -14,6 +15,8 @@ #include =20 #define __BOOT_COMPRESSED +#undef __init +#define __init =20 /* Basic instruction decoding support needed */ #include "../../lib/inat.c" diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 83c222a4f1fa..24cbeaf7ff4f 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -13,12 +13,9 @@ =20 #ifndef __BOOT_COMPRESSED #define error(v) pr_err(v) -#define has_cpuflag(f) boot_cpu_has(f) #else #undef WARN #define WARN(condition, format...) (!!(condition)) -#undef vc_forward_exception -#define vc_forward_exception(c) panic("SNP: Hypervisor requested exceptio= n\n") #endif =20 /* @@ -39,7 +36,7 @@ u64 boot_svsm_caa_pa __ro_after_init; * * GHCB protocol version negotiated with the hypervisor. */ -static u16 ghcb_version __ro_after_init; +u16 ghcb_version __ro_after_init; =20 /* Copy of the SNP firmware's CPUID page. */ static struct snp_cpuid_table cpuid_table_copy __ro_after_init; @@ -54,16 +51,6 @@ static u32 cpuid_std_range_max __ro_after_init; static u32 cpuid_hyp_range_max __ro_after_init; static u32 cpuid_ext_range_max __ro_after_init; =20 -bool __init sev_es_check_cpu_features(void) -{ - if (!has_cpuflag(X86_FEATURE_RDRAND)) { - error("RDRAND instruction not supported - no trusted source of randomnes= s available\n"); - return false; - } - - return true; -} - void __head __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { @@ -100,72 +87,7 @@ u64 get_hv_features(void) return GHCB_MSR_HV_FT_RESP_VAL(val); } =20 -void snp_register_ghcb_early(unsigned long paddr) -{ - unsigned long pfn =3D paddr >> PAGE_SHIFT; - u64 val; - - sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn)); - VMGEXIT(); - - val =3D sev_es_rd_ghcb_msr(); - - /* If the response GPA is not ours then abort the guest */ - if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_REG_GPA_RESP) || - (GHCB_MSR_REG_GPA_RESP_VAL(val) !=3D pfn)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER); -} - -bool sev_es_negotiate_protocol(void) -{ - u64 val; - - /* Do the GHCB protocol version negotiation */ - sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ); - VMGEXIT(); - val =3D sev_es_rd_ghcb_msr(); - - if (GHCB_MSR_INFO(val) !=3D GHCB_MSR_SEV_INFO_RESP) - return false; - - if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN || - GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX) - return false; - - ghcb_version =3D min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX= ); - - return true; -} - -static enum es_result verify_exception_info(struct ghcb *ghcb, struct es_e= m_ctxt *ctxt) -{ - u32 ret; - - ret =3D ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0); - if (!ret) - return ES_OK; - - if (ret =3D=3D 1) { - u64 info =3D ghcb->save.sw_exit_info_2; - unsigned long v =3D info & SVM_EVTINJ_VEC_MASK; - - /* Check if exception information from hypervisor is sane. */ - if ((info & SVM_EVTINJ_VALID) && - ((v =3D=3D X86_TRAP_GP) || (v =3D=3D X86_TRAP_UD)) && - ((info & SVM_EVTINJ_TYPE_MASK) =3D=3D SVM_EVTINJ_TYPE_EXEPT)) { - ctxt->fi.vector =3D v; - - if (info & SVM_EVTINJ_VALID_ERR) - ctxt->fi.error_code =3D info >> 32; - - return ES_EXCEPTION; - } - } - - return ES_VMM_ERROR; -} - -static inline int svsm_process_result_codes(struct svsm_call *call) +int svsm_process_result_codes(struct svsm_call *call) { switch (call->rax_out) { case SVSM_SUCCESS: @@ -193,7 +115,7 @@ static inline int svsm_process_result_codes(struct svsm= _call *call) * - RAX specifies the SVSM protocol/callid as input and the return co= de * as output. */ -static __always_inline void svsm_issue_call(struct svsm_call *call, u8 *pe= nding) +void svsm_issue_call(struct svsm_call *call, u8 *pending) { register unsigned long rax asm("rax") =3D call->rax; register unsigned long rcx asm("rcx") =3D call->rcx; @@ -216,7 +138,7 @@ static __always_inline void svsm_issue_call(struct svsm= _call *call, u8 *pending) call->r9_out =3D r9; } =20 -static int svsm_perform_msr_protocol(struct svsm_call *call) +int svsm_perform_msr_protocol(struct svsm_call *call) { u8 pending =3D 0; u64 val, resp; @@ -247,63 +169,6 @@ static int svsm_perform_msr_protocol(struct svsm_call = *call) return svsm_process_result_codes(call); } =20 -static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call = *call) -{ - struct es_em_ctxt ctxt; - u8 pending =3D 0; - - vc_ghcb_invalidate(ghcb); - - /* - * Fill in protocol and format specifiers. This can be called very early - * in the boot, so use rip-relative references as needed. - */ - ghcb->protocol_version =3D ghcb_version; - ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; - - ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL); - ghcb_set_sw_exit_info_1(ghcb, 0); - ghcb_set_sw_exit_info_2(ghcb, 0); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - - svsm_issue_call(call, &pending); - - if (pending) - return -EINVAL; - - switch (verify_exception_info(ghcb, &ctxt)) { - case ES_OK: - break; - case ES_EXCEPTION: - vc_forward_exception(&ctxt); - fallthrough; - default: - return -EINVAL; - } - - return svsm_process_result_codes(call); -} - -enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, - struct es_em_ctxt *ctxt, - u64 exit_code, u64 exit_info_1, - u64 exit_info_2) -{ - /* Fill in protocol and format specifiers */ - ghcb->protocol_version =3D ghcb_version; - ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; - - ghcb_set_sw_exit_code(ghcb, exit_code); - ghcb_set_sw_exit_info_1(ghcb, exit_info_1); - ghcb_set_sw_exit_info_2(ghcb, exit_info_2); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - VMGEXIT(); - - return verify_exception_info(ghcb, ctxt); -} - static int __sev_cpuid_hv(u32 fn, int reg_idx, u32 *reg) { u64 val; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 3da04a715831..fd18a00f000e 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,15 +41,6 @@ #include #include =20 -/* For early boot hypervisor communication in SEV-ES enabled guests */ -struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); - -/* - * Needs to be in the .data section because we need it NULL before bss is - * cleared - */ -struct ghcb *boot_ghcb __section(".data"); - /* Bitmap of SEV features supported by the hypervisor */ u64 sev_hv_features __ro_after_init; =20 @@ -139,39 +130,6 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state) } } =20 -int svsm_perform_call_protocol(struct svsm_call *call) -{ - struct ghcb_state state; - unsigned long flags; - struct ghcb *ghcb; - int ret; - - /* - * This can be called very early in the boot, use native functions in - * order to avoid paravirt issues. - */ - flags =3D native_local_irq_save(); - - if (sev_cfg.ghcbs_initialized) - ghcb =3D __sev_get_ghcb(&state); - else if (boot_ghcb) - ghcb =3D boot_ghcb; - else - ghcb =3D NULL; - - do { - ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); - } while (ret =3D=3D -EAGAIN); - - if (sev_cfg.ghcbs_initialized) - __sev_put_ghcb(&state); - - native_local_irq_restore(flags); - - return ret; -} - void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 14ef5908fb27..2a28d14425d4 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -101,6 +101,15 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); u8 snp_vmpl __ro_after_init; EXPORT_SYMBOL_GPL(snp_vmpl); =20 +/* For early boot hypervisor communication in SEV-ES enabled guests */ +static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); + +/* + * Needs to be in the .data section because we need it NULL before bss is + * cleared + */ +struct ghcb *boot_ghcb __section(".data"); + static u64 __init get_snp_jump_table_addr(void) { struct snp_secrets_page *secrets; @@ -154,6 +163,73 @@ static u64 __init get_jump_table_addr(void) return ret; } =20 +static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call = *call) +{ + struct es_em_ctxt ctxt; + u8 pending =3D 0; + + vc_ghcb_invalidate(ghcb); + + /* + * Fill in protocol and format specifiers. This can be called very early + * in the boot, so use rip-relative references as needed. + */ + ghcb->protocol_version =3D ghcb_version; + ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; + + ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL); + ghcb_set_sw_exit_info_1(ghcb, 0); + ghcb_set_sw_exit_info_2(ghcb, 0); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + + svsm_issue_call(call, &pending); + + if (pending) + return -EINVAL; + + switch (verify_exception_info(ghcb, &ctxt)) { + case ES_OK: + break; + case ES_EXCEPTION: + vc_forward_exception(&ctxt); + fallthrough; + default: + return -EINVAL; + } + + return svsm_process_result_codes(call); +} + +static int svsm_perform_call_protocol(struct svsm_call *call) +{ + struct ghcb_state state; + unsigned long flags; + struct ghcb *ghcb; + int ret; + + flags =3D native_local_irq_save(); + + if (sev_cfg.ghcbs_initialized) + ghcb =3D __sev_get_ghcb(&state); + else if (boot_ghcb) + ghcb =3D boot_ghcb; + else + ghcb =3D NULL; + + do { + ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) + : svsm_perform_msr_protocol(call); + } while (ret =3D=3D -EAGAIN); + + if (sev_cfg.ghcbs_initialized) + __sev_put_ghcb(&state); + + native_local_irq_restore(flags); + + return ret; +} + static inline void __pval_terminate(u64 pfn, bool action, unsigned int pag= e_size, int ret, u64 svsm_ret) { diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c index c3b4acbde0d8..357389456296 100644 --- a/arch/x86/coco/sev/vc-handle.c +++ b/arch/x86/coco/sev/vc-handle.c @@ -351,6 +351,8 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ct= xt, } =20 #define sev_printk(fmt, ...) printk(fmt, ##__VA_ARGS__) +#define error(v) +#define has_cpuflag(f) boot_cpu_has(f) =20 #include "vc-shared.c" =20 diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c index b4688f69102e..9b01c9ad81be 100644 --- a/arch/x86/coco/sev/vc-shared.c +++ b/arch/x86/coco/sev/vc-shared.c @@ -409,6 +409,53 @@ static enum es_result vc_handle_ioio(struct ghcb *ghcb= , struct es_em_ctxt *ctxt) return ret; } =20 +enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt) +{ + u32 ret; + + ret =3D ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0); + if (!ret) + return ES_OK; + + if (ret =3D=3D 1) { + u64 info =3D ghcb->save.sw_exit_info_2; + unsigned long v =3D info & SVM_EVTINJ_VEC_MASK; + + /* Check if exception information from hypervisor is sane. */ + if ((info & SVM_EVTINJ_VALID) && + ((v =3D=3D X86_TRAP_GP) || (v =3D=3D X86_TRAP_UD)) && + ((info & SVM_EVTINJ_TYPE_MASK) =3D=3D SVM_EVTINJ_TYPE_EXEPT)) { + ctxt->fi.vector =3D v; + + if (info & SVM_EVTINJ_VALID_ERR) + ctxt->fi.error_code =3D info >> 32; + + return ES_EXCEPTION; + } + } + + return ES_VMM_ERROR; +} + +enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, + struct es_em_ctxt *ctxt, + u64 exit_code, u64 exit_info_1, + u64 exit_info_2) +{ + /* Fill in protocol and format specifiers */ + ghcb->protocol_version =3D ghcb_version; + ghcb->ghcb_usage =3D GHCB_DEFAULT_USAGE; + + ghcb_set_sw_exit_code(ghcb, exit_code); + ghcb_set_sw_exit_info_1(ghcb, exit_info_1); + ghcb_set_sw_exit_info_2(ghcb, exit_info_2); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + VMGEXIT(); + + return verify_exception_info(ghcb, ctxt); +} + static int __sev_cpuid_hv_ghcb(struct ghcb *ghcb, struct es_em_ctxt *ctxt,= struct cpuid_leaf *leaf) { u32 cr4 =3D native_read_cr4(); @@ -549,3 +596,50 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghc= b, =20 return ES_OK; } + +void snp_register_ghcb_early(unsigned long paddr) +{ + unsigned long pfn =3D paddr >> PAGE_SHIFT; + u64 val; + + sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn)); + VMGEXIT(); + + val =3D sev_es_rd_ghcb_msr(); + + /* If the response GPA is not ours then abort the guest */ + if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_REG_GPA_RESP) || + (GHCB_MSR_REG_GPA_RESP_VAL(val) !=3D pfn)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER); +} + +bool __init sev_es_check_cpu_features(void) +{ + if (!has_cpuflag(X86_FEATURE_RDRAND)) { + error("RDRAND instruction not supported - no trusted source of randomnes= s available\n"); + return false; + } + + return true; +} + +bool sev_es_negotiate_protocol(void) +{ + u64 val; + + /* Do the GHCB protocol version negotiation */ + sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ); + VMGEXIT(); + val =3D sev_es_rd_ghcb_msr(); + + if (GHCB_MSR_INFO(val) !=3D GHCB_MSR_SEV_INFO_RESP) + return false; + + if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN || + GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX) + return false; + + ghcb_version =3D min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX= ); + + return true; +} diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 3dfd306d1c9e..6199b35a82e4 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -2,7 +2,6 @@ =20 #define DR7_RESET_VALUE 0x400 =20 -extern struct ghcb boot_ghcb_page; extern u64 sev_hv_features; extern u64 sev_secrets_pa; =20 @@ -80,7 +79,8 @@ static __always_inline u64 svsm_get_caa_pa(void) return boot_svsm_caa_pa; } =20 -int svsm_perform_call_protocol(struct svsm_call *call); +enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt); +void vc_forward_exception(struct es_em_ctxt *ctxt); =20 static inline u64 sev_es_rd_ghcb_msr(void) { @@ -97,9 +97,6 @@ static __always_inline void sev_es_wr_ghcb_msr(u64 val) native_wrmsr(MSR_AMD64_SEV_ES_GHCB, low, high); } =20 -void snp_register_ghcb_early(unsigned long paddr); -bool sev_es_negotiate_protocol(void); -bool sev_es_check_cpu_features(void); u64 get_hv_features(void); =20 const struct snp_cpuid_table *snp_cpuid_get_table(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index e4622e470ceb..096307dc8f39 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -503,6 +503,7 @@ static inline int pvalidate(unsigned long vaddr, bool r= mp_psize, bool validate) } =20 void setup_ghcb(void); +void snp_register_ghcb_early(unsigned long paddr); void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, @@ -540,8 +541,6 @@ static __always_inline void vc_ghcb_invalidate(struct g= hcb *ghcb) __builtin_memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitm= ap)); } =20 -void vc_forward_exception(struct es_em_ctxt *ctxt); - /* I/O parameters for CPUID-related helpers */ struct cpuid_leaf { u32 fn; @@ -552,15 +551,23 @@ struct cpuid_leaf { u32 edx; }; =20 +int svsm_perform_msr_protocol(struct svsm_call *call); int snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *leaf), void *ctx, struct cpuid_leaf *leaf); =20 +void svsm_issue_call(struct svsm_call *call, u8 *pending); +int svsm_process_result_codes(struct svsm_call *call); + void __noreturn sev_es_terminate(unsigned int set, unsigned int reason); enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, struct es_em_ctxt *ctxt, u64 exit_code, u64 exit_info_1, u64 exit_info_2); =20 +bool sev_es_negotiate_protocol(void); +bool sev_es_check_cpu_features(void); + +extern u16 ghcb_version; extern struct ghcb *boot_ghcb; =20 #else /* !CONFIG_AMD_MEM_ENCRYPT */ --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E04A130C354 for ; Thu, 28 Aug 2025 10:22:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376566; cv=none; b=YUIH6eOBtNv8r1P3YKEQu1C4OJAeAb0lFTdyIq2sjTpk4ffGT5VoKXwgdFOMGzkrwhgb4I9dYH9jDtooWoYkgsVnbpJkUX8Fbsa8ODzoRACMqrWzN0pPqu7OFW78gQku2KaiW7HXTO0zb0ICM3EdnfH4GHEv2ee+Yt0n8Ou57pI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376566; c=relaxed/simple; bh=J0HWu+JaKQaX0Z7iCITlcV0GYZYb/YTPivFBQy0/1r4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=o00Xj6PIkLz8AIzXT1cu4LtJw+rqV5PcL1jjh+adYcAQ51rBPfsVec44ZacXPCON6Dq3vdmsBW9LOL6D2Ba8T++GHTJhynjl8Dnp9KjeQ421aHkrD4dNNXqK+5kA4ILbS42YHSfiYQJ29sonDCTGIEojudHZdn2i96D9ydm5uMc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=KbUQos/H; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KbUQos/H" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3c6ae25997cso485794f8f.0 for ; Thu, 28 Aug 2025 03:22:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376561; x=1756981361; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=m/CpCaZQ2UKXQXcDVGzYz8uWRfMMQ/9Iyko498fjtpo=; b=KbUQos/H9gizWlIc1Y6zRlb4JXck1aAQEViIVls0pwsx8K1NIw09Qhz3y0CDhS3dqO NvjE53ts/1bPyfKzhtj3BdEp0egBJMbwVTpnsDFruIcYLK+eIQtrrzmOy1Ug5DqR7w7y wZuLbgttQNywx/xeupHU/N/nKPIylWWfWmrqHyBE4Mj7wlPKbIQibbv73D+HI6f/d3x3 ZXYlcHPuB6BQ8+Z6Q3JVwcK9N+Iq6WG6Nc6iiUzvUF1zIq9tsY3z++Ie6fWfZIL+XPWc m7sRfZza7rHf6W7K6FCjE4znQu4g6/Z0/OpkWHs+LJ2QyTYuUZ557h/Sh6xD3bpi5km4 eOHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376561; x=1756981361; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=m/CpCaZQ2UKXQXcDVGzYz8uWRfMMQ/9Iyko498fjtpo=; b=uzhVG/2XAgdDXhGaKySONYG41YDaogTKK8QOTOmxNbSja8B/C0Ko8Plfu0bkTY8qjy 7xQOzQh0BggQ8Q0erGUdQ93UrCI0E+v37d9syVxlhQw+1t2awW1zcrcuST5OPO4TU7Ye /UI9mfUbEr7Zwacy6dK1nbYJjJpi68xUJeLFt0sragzT9DoUczzW+RqC0s1oma1BSp9d EP94joZpo3ymN6CJxwGL3esu8XMxguKlRDuBB/PLKDnrFjCtqEL77ETgogQVQHDu83S2 GwiLsSpqMNvPY5OhNMvqHOGi/zEpqwrDWfzRYzt0IRqm9B7zvcSv4CcNl3kUqWQ5hyHM uqng== X-Gm-Message-State: AOJu0Yz8Tbr20M1xqbqT6oigGebFIS3N3Q8N3RicKaIkir+9GEDSQE3r bo+npMD63g+AYJCMIFOTkmOPUCirwsPuZpBKwmO/yWMvfHdlITRPUaSf60SHb5EX8wDU72Z50yH 2rw8c5rdoYl4OZZm85zKzN8y46gKMM4Bbge/iUV+WrJxIAit2B9YXQCUxp7GWvRHFlj1Nm2BVWA sryBVrDoB4f77WY3TSrATM4ThJjmIkJlmxsw== X-Google-Smtp-Source: AGHT+IGvK4nASCJWNa2GfqaIyEMKaZ+zowcii8Jb7tChcUNNBbqX/uDXLGDEtkWZZD2G8DMxuPU77Cnr X-Received: from wrvb15.prod.google.com ([2002:a5d:550f:0:b0:3cc:7885:d1be]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2906:b0:3c7:f9a9:7b33 with SMTP id ffacd0b85a97d-3c7f9a97ecbmr12395590f8f.19.1756376561283; Thu, 28 Aug 2025 03:22:41 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:09 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7523; i=ardb@kernel.org; h=from:subject; bh=o12TCmlojnWO0vYwCgxFT2avm5pq2qLd7FFwwFeGT2A=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7iXm+0FvhO4sPFJn8NPrVO723k0vfm1gfrdw3boXX 5wZFmg/6yhlYRDjYpAVU2QRmP333c7TE6VqnWfJwsxhZQIZwsDFKQATyf3K8N+/4vpNr9bIWPXU QpbHagWr4t+sTTvlN8expm2f8+wXxq4M/zS3OtyWSdu4/cqZfZ/FuTxFZJ/c0NAReBJb/GTePY7 KcG4A X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-30-ardb+git@google.com> Subject: [PATCH v7 06/22] x86/sev: Avoid global variable to store virtual address of SVSM area From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The boottime SVSM calling area is used both by the startup code running from a 1:1 mapping, and potentially later on running from the ordinary kernel mapping. This SVSM calling area is statically allocated, and so its physical address doesn't change. However, its virtual address depends on the calling context (1:1 mapping or kernel virtual mapping), and even though the variable that holds the virtual address of this calling area gets updated from 1:1 address to kernel address during the boot, it is hard to reason about why this is guaranteed to be safe. So instead, take the RIP-relative address of the boottime SVSM calling area whenever its virtual address is required, and only use a global variable for the physical address. Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 5 ++--- arch/x86/boot/startup/sev-shared.c | 7 +------ arch/x86/boot/startup/sev-startup.c | 9 +++++---- arch/x86/coco/sev/core.c | 9 --------- arch/x86/include/asm/sev-internal.h | 3 +-- arch/x86/include/asm/sev.h | 2 -- arch/x86/mm/mem_encrypt_amd.c | 6 ------ 7 files changed, 9 insertions(+), 32 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 3628e9bddc6a..6c0f91d38595 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -37,12 +37,12 @@ struct ghcb *boot_ghcb; =20 #define __BOOT_COMPRESSED =20 -extern struct svsm_ca *boot_svsm_caa; extern u64 boot_svsm_caa_pa; =20 struct svsm_ca *svsm_get_caa(void) { - return boot_svsm_caa; + /* The decompressor is mapped 1:1 so VA =3D=3D PA */ + return (struct svsm_ca *)boot_svsm_caa_pa; } =20 u64 svsm_get_caa_pa(void) @@ -530,7 +530,6 @@ bool early_is_sevsnp_guest(void) =20 /* Obtain the address of the calling area to use */ boot_rdmsr(MSR_SVSM_CAA, &m); - boot_svsm_caa =3D (void *)m.q; boot_svsm_caa_pa =3D m.q; =20 /* diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 24cbeaf7ff4f..68044c11524c 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -13,6 +13,7 @@ =20 #ifndef __BOOT_COMPRESSED #define error(v) pr_err(v) +#define has_cpuflag(f) boot_cpu_has(f) #else #undef WARN #define WARN(condition, format...) (!!(condition)) @@ -26,7 +27,6 @@ * early boot, both with identity mapped virtual addresses and proper ke= rnel * virtual addresses. */ -struct svsm_ca *boot_svsm_caa __ro_after_init; u64 boot_svsm_caa_pa __ro_after_init; =20 /* @@ -718,11 +718,6 @@ static bool __head svsm_setup_ca(const struct cc_blob_= sev_info *cc_info, if (caa & (PAGE_SIZE - 1)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CAA); =20 - /* - * The CA is identity mapped when this routine is called, both by the - * decompressor code and the early kernel code. - */ - boot_svsm_caa =3D (struct svsm_ca *)caa; boot_svsm_caa_pa =3D caa; =20 /* Advertise the SVSM presence via CPUID. */ diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index fd18a00f000e..8a06f6026101 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -252,6 +252,7 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) =20 static __head void svsm_setup(struct cc_blob_sev_info *cc_info) { + struct snp_secrets_page *secrets =3D (void *)cc_info->secrets_phys; struct svsm_call call =3D {}; u64 pa; =20 @@ -272,21 +273,21 @@ static __head void svsm_setup(struct cc_blob_sev_info= *cc_info) pa =3D (u64)rip_rel_ptr(&boot_svsm_ca_page); =20 /* - * Switch over to the boot SVSM CA while the current CA is still - * addressable. There is no GHCB at this point so use the MSR protocol. + * Switch over to the boot SVSM CA while the current CA is still 1:1 + * mapped and thus addressable with VA =3D=3D PA. There is no GHCB at this + * point so use the MSR protocol. * * SVSM_CORE_REMAP_CA call: * RAX =3D 0 (Protocol=3D0, CallID=3D0) * RCX =3D New CA GPA */ - call.caa =3D svsm_get_caa(); + call.caa =3D (struct svsm_ca *)secrets->svsm_caa; call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); call.rcx =3D pa; =20 if (svsm_call_msr_protocol(&call)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SVSM_CA_REMAP_FAIL); =20 - boot_svsm_caa =3D (struct svsm_ca *)pa; boot_svsm_caa_pa =3D pa; } =20 diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 2a28d14425d4..ff1e2be8b5a8 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1666,15 +1666,6 @@ void sev_show_status(void) pr_cont("\n"); } =20 -void __init snp_update_svsm_ca(void) -{ - if (!snp_vmpl) - return; - - /* Update the CAA to a proper kernel address */ - boot_svsm_caa =3D &boot_svsm_ca_page; -} - #ifdef CONFIG_SYSFS static ssize_t vmpl_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 6199b35a82e4..ffe4755962fe 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -60,7 +60,6 @@ void early_set_pages_state(unsigned long vaddr, unsigned = long paddr, DECLARE_PER_CPU(struct svsm_ca *, svsm_caa); DECLARE_PER_CPU(u64, svsm_caa_pa); =20 -extern struct svsm_ca *boot_svsm_caa; extern u64 boot_svsm_caa_pa; =20 static __always_inline struct svsm_ca *svsm_get_caa(void) @@ -68,7 +67,7 @@ static __always_inline struct svsm_ca *svsm_get_caa(void) if (sev_cfg.use_cas) return this_cpu_read(svsm_caa); else - return boot_svsm_caa; + return rip_rel_ptr(&boot_svsm_ca_page); } =20 static __always_inline u64 svsm_get_caa_pa(void) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 096307dc8f39..fd11b266a67a 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -519,7 +519,6 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t e= nd); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); void sev_show_status(void); -void snp_update_svsm_ca(void); int prepare_pte_enc(struct pte_enc_desc *d); void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot_t new_prot); void snp_kexec_finish(void); @@ -600,7 +599,6 @@ static inline void snp_accept_memory(phys_addr_t start,= phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } -static inline void snp_update_svsm_ca(void) { } static inline int prepare_pte_enc(struct pte_enc_desc *d) { return 0; } static inline void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot= _t new_prot) { } static inline void snp_kexec_finish(void) { } diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index faf3a13fb6ba..2f8c32173972 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -536,12 +536,6 @@ void __init sme_early_init(void) x86_init.resources.dmi_setup =3D snp_dmi_setup; } =20 - /* - * Switch the SVSM CA mapping (if active) from identity mapped to - * kernel mapped. - */ - snp_update_svsm_ca(); - if (sev_status & MSR_AMD64_SNP_SECURE_TSC) setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); } --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66ADA30C610 for ; Thu, 28 Aug 2025 10:22:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376566; cv=none; b=g4rJ4iVKfa6A2bUFE3lBraqiO9zzXM2dQ3fn/pEjEPrP/cKph2jkNfhgjmlrWv4of6pM8Zfuep0nGR6GpxbkC3Pc6ygZ771XZi4CaUrSwE16hKSDikHjLfliCcFGjbRRip1MBueouADcTj1p8KvNo2hcRRVPNpVg2PdwcdEbWOc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376566; c=relaxed/simple; bh=fOUbgDPfEUmMxePLgMhIgcjUhn4DDpLQ1ei/0F4NSiI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=axxHTLryZxxNhyjr+eqQJ33teUN4u6NDYFQsj3rBJpLXHPIO1Dk6xh4T2p5ZH84NeKs9DqQt0tAcPqVzrlchThDNsfGLqxf66psfddIeJuRH2z4zXXmljiTLMU7ZgoCi3NWerI8FI/4pPFalsy9YH3PyC9Q3H3sX/ZqHeFHm2Qk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bRBeQUbV; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bRBeQUbV" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45a1b0c5366so4927615e9.3 for ; Thu, 28 Aug 2025 03:22:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376563; x=1756981363; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=CTbuxh7eJTWljsDMXoTjLRxQFMI8xKvDnT16BYdzj+g=; b=bRBeQUbV5RVmMzv4zwn0KWvtn8cc5ZdZFoSTecqudhUVHM6rJqCi2mIFFbScYYdehS VxecWOPiKfpyW0TkZNyLMT09GePoVW3kXogyqo3v0IPRKZAwE9WAQvBx5dsxlpoVposc l7LQ7wa1eOYqXt0tFqP3bByn+HYNMXDISmuAvMjYWDQb98yZFigyBO1PxLNo5FayCwtE MA3vS42LVrofmG1Y2SJoOV/N8dBGkb3Wv6Iyxm90TwXlhAYsYrPSFYxUyVxItAdKQDb+ JVgtIiw+EueD4W9+doiBzLVC4HrVdNu9NbgKTPBEAf/eC8swGQw+r1ufMIoZgtfruMcl WF6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376563; x=1756981363; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=CTbuxh7eJTWljsDMXoTjLRxQFMI8xKvDnT16BYdzj+g=; b=whVclQXYgj1ROI/FgfAn6xTccdGJ0614y3wwmyX/t+NOBnEX2LYoYQOlELhxIx95Vn Hm0SetofBNavTL3TrTUXbr3Xw2UIX6H5WdbnMvF3zWY3N6ot5uv0tFrqaZz6uCfvkgWi BZZ6zqLxX66qso5MrurPW5GnqDwAVBlwBZpCbh7hpFqgWemU0J+5yrEh4SzbC1fSln4I usuGkl2x010z3aW1qpY7S/p6AD965aob6tAukvCjzqJeqbD7z5lbloPaQVo0D31fa8aI ERc6EXTFCfZGL3zY6GXdLO96X6bCCt5U8cFP1zAdMjByfBgdFinrKF+apDbR6YPlOiO8 9vFg== X-Gm-Message-State: AOJu0YwD1XJ8JM7qtQiNWzwkMGpxEaV8/+O/jZGe90EqsczOqewltEKZ 7omge7/T3+KCOzW4Zbf1E8U3cQr/musi9wquRs4+lJ27D3k00xJ7D874ToY8Z1lCmkBY/VhYL26 msov0ujz+G7BiDFSonKsJULOsJv6X2PFsQjuOD+WBYEnExo53ymh5Ys6en6gprjurm/7xCpWNEC jluDSZuve9Pl+AtXIZOtxD/mCKtxlSq+TM9g== X-Google-Smtp-Source: AGHT+IGuBS1recQYqVOziZ50rTraSRaAGKtdc+RbWE6bpJM80s4AJn5voCySBTmexCXq8s/+s519sDz+ X-Received: from wmbed10.prod.google.com ([2002:a05:600c:614a:b0:45b:72dc:5715]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c98:b0:459:ea5d:418b with SMTP id 5b1f17b1804b1-45b5179f3dcmr194541465e9.9.1756376562652; Thu, 28 Aug 2025 03:22:42 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:10 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5924; i=ardb@kernel.org; h=from:subject; bh=Nux9cVSIr+CSNp9JeU1YADSUjJDp6xCOlW6q6zxAI40=; b=kA0DAAoWMG4JVi59LVwByyZiAGiwLdOiUSdTE/OYZzZYBzROcK/IfiQ+7TnQWF5wS/oP4MYNQ Yh1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmiwLdMACgkQMG4JVi59LVzTTQEAnxRH 0+uoQIzAvcN5dhUTI1A71XPQlfIU5EMuK4zhuTIBAI4wiawDpJ+hUAYqhPn6M1A6kknhbARABON 7v1tUCaYL X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-31-ardb+git@google.com> Subject: [PATCH v7 07/22] x86/sev: Share implementation of MSR-based page state change From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Both the decompressor and the SEV startup code implement the exact same sequence for invoking the MSR based communication protocol to effectuate a page state change. Before tweaking the internal APIs used in both versions, merge them and share them so those tweaks are only needed in a single place. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 40 ++------------------ arch/x86/boot/startup/sev-shared.c | 35 +++++++++++++++++ arch/x86/boot/startup/sev-startup.c | 29 +------------- 3 files changed, 39 insertions(+), 65 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 6c0f91d38595..f714235d3222 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -60,46 +60,12 @@ static bool sev_snp_enabled(void) return sev_status & MSR_AMD64_SEV_SNP_ENABLED; } =20 -static void __page_state_change(unsigned long paddr, enum psc_op op) -{ - u64 val, msr; - - /* - * If private -> shared then invalidate the page before requesting the - * state change in the RMP table. - */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(paddr, paddr, false); - - /* Save the current GHCB MSR value */ - msr =3D sev_es_rd_ghcb_msr(); - - /* Issue VMGEXIT to change the page state in RMP table. */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); - VMGEXIT(); - - /* Read the response of the VMGEXIT. */ - val =3D sev_es_rd_ghcb_msr(); - if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); - - /* Restore the GHCB MSR value */ - sev_es_wr_ghcb_msr(msr); - - /* - * Now that page state is changed in the RMP table, validate it so that i= t is - * consistent with the RMP entry. - */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(paddr, paddr, true); -} - void snp_set_page_private(unsigned long paddr) { if (!sev_snp_enabled()) return; =20 - __page_state_change(paddr, SNP_PAGE_STATE_PRIVATE); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE); } =20 void snp_set_page_shared(unsigned long paddr) @@ -107,7 +73,7 @@ void snp_set_page_shared(unsigned long paddr) if (!sev_snp_enabled()) return; =20 - __page_state_change(paddr, SNP_PAGE_STATE_SHARED); + __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED); } =20 bool early_setup_ghcb(void) @@ -133,7 +99,7 @@ bool early_setup_ghcb(void) void snp_accept_memory(phys_addr_t start, phys_addr_t end) { for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) - __page_state_change(pa, SNP_PAGE_STATE_PRIVATE); + __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE); } =20 void sev_es_shutdown_ghcb(void) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 68044c11524c..4c94d88f5ac8 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -662,6 +662,41 @@ static void __head pvalidate_4k_page(unsigned long vad= dr, unsigned long paddr, sev_evict_cache((void *)vaddr, 1); } =20 +static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, + enum psc_op op) +{ + u64 val, msr; + + /* + * If private -> shared then invalidate the page before requesting the + * state change in the RMP table. + */ + if (op =3D=3D SNP_PAGE_STATE_SHARED) + pvalidate_4k_page(vaddr, paddr, false); + + /* Save the current GHCB MSR value */ + msr =3D sev_es_rd_ghcb_msr(); + + /* Issue VMGEXIT to change the page state in RMP table. */ + sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); + VMGEXIT(); + + /* Read the response of the VMGEXIT. */ + val =3D sev_es_rd_ghcb_msr(); + if ((GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL= (val)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); + + /* Restore the GHCB MSR value */ + sev_es_wr_ghcb_msr(msr); + + /* + * Now that page state is changed in the RMP table, validate it so that i= t is + * consistent with the RMP entry. + */ + if (op =3D=3D SNP_PAGE_STATE_PRIVATE) + pvalidate_4k_page(vaddr, paddr, true); +} + /* * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 8a06f6026101..5eb7d939ebd3 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -135,7 +135,6 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages, enum psc_op op) { unsigned long paddr_end; - u64 val; =20 vaddr =3D vaddr & PAGE_MASK; =20 @@ -143,37 +142,11 @@ early_set_pages_state(unsigned long vaddr, unsigned l= ong paddr, paddr_end =3D paddr + (npages << PAGE_SHIFT); =20 while (paddr < paddr_end) { - /* Page validation must be rescinded before changing to shared */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(vaddr, paddr, false); - - /* - * Use the MSR protocol because this function can be called before - * the GHCB is established. - */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); - VMGEXIT(); - - val =3D sev_es_rd_ghcb_msr(); - - if (GHCB_RESP_CODE(val) !=3D GHCB_MSR_PSC_RESP) - goto e_term; - - if (GHCB_MSR_PSC_RESP_VAL(val)) - goto e_term; - - /* Page validation must be performed after changing to private */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(vaddr, paddr, true); + __page_state_change(vaddr, paddr, op); =20 vaddr +=3D PAGE_SIZE; paddr +=3D PAGE_SIZE; } - - return; - -e_term: - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); } =20 void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BECA30C631 for ; Thu, 28 Aug 2025 10:22:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376567; cv=none; b=cYlyGKxl6469CEKMN+nUbcLIsbX2GTS9Io8olNKq2ogOLLILxp2i/4xT7pfvd5RzDbSKGrssmRi859rJVPQxdxMbmMzttcOWOV9T/+iRkmNUxxEtkssDgaYnNsTpxJTwnoVT2LAVYfflFIxUUS0DgT3FhO03isVlCpPnLKMHswM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376567; c=relaxed/simple; bh=tLaPhUguUM/PI9xAxwsDHXuGsrdgnKL0BD0Opxo8h24=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DB/gEC8bU9PaLIz7b1Gr1PhQBeEQ6mZJRTKAPSVeoOD1ORm5mNUMgqG6zV6jjzsKTyVYWyiBHloeFJez/J2rOVdUOhk97iLwWpQ6PzR9q/SrDabsCWBIaC7ZHcsY78qF1B8EZlu9enD7jr/WAljxf2Kl1HFK3JCyiHMgWvZtnkA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Qe7saVXC; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Qe7saVXC" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45b72ef3455so3102945e9.3 for ; Thu, 28 Aug 2025 03:22:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376564; x=1756981364; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=cNCY6N69YmEJE7R1qRiSebg4lbkiA/HE7mx7CXEi9Ik=; b=Qe7saVXCJWQKjgylVEHJsaIDmNWI9vKqm1f3O81xef6+8DthzEB7zXDOCvpdJZqmBS wzo9isAPlMbLtdKXz92Oy7+an4dS1pEUpZpPDlLcV9HanSr/fGEwpk+RBbcWcMj919Wh LxQKm45Q85KwyEhD74UvTSKx/6cdCd0zLJuCVDDf0LR5WqjOPOA6bvqPBHxVtQ6TcgGe vOkU3c36B6ovYs1yc5Splr1Xw9xToK2HH04XtPsDKyU5cWAZxaeRV+qHMofGG65yMDXU JDCVdKaM9ROCTzkx9PL4srYax+JQJWO7s/6JD8zj+gU3z/TaUcCE/YJd53wjuJYMl91L +m+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376564; x=1756981364; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cNCY6N69YmEJE7R1qRiSebg4lbkiA/HE7mx7CXEi9Ik=; b=a74SpYb6rORYUULGlDBWr02bBxeLJh5UvXSZqdw6Ts/Zq+vaJcl6zq+Zj0L4bLg+35 scjIslC5G50wSteWR7vLZN+Wkc01wmPuTufN7HkODPW4D5gqoS6jVqSeh65lLl1I1eFO kijhliEPqfqrWnQJNhDtApqkC/ZPyj4RKZbOaQznQZxQIXJPp/rJUsODtHpbQrz6WjcM 9+DF9xyrolpSPy0ABhsoP0pPVXtkjjkPUfHQUa4EV4NwWn0QD3K+tiFL+V0vQk/qft4Y 5Vet2w+izkWLnHQsP8OVlQuEvQDg27hFP38c2sqv+zoE9OW/IRFJtxYeZf0ckpIxV4QN YrZQ== X-Gm-Message-State: AOJu0Yxv+r2+d0hFxFMJVQKX71lSYFqZA9bNB/h3+0CvsqPf/nZOCBiu SIcSGq7jPeQ7i6R0FAMwQtInbca9h+58kqlmJjiCr0ghzuXYYD+5TUiEpTzhVcUzOUOdMawLaCV cD5+vWkqe/pAw3PXMTClspj8jKHKNOZkUXyAGKkD/p5ci/l7U5XPbnkAHl7/AVRVShWwSOe51rj ipC6XH2Mt3/WH+u5qNr+VBTWSMEbhJWWC5xw== X-Google-Smtp-Source: AGHT+IGqmtxQAOqEMOYjKGtwkS5jpnqk7ur2o3gyegX4NXm3c1WylL/q8jt8awmhO8UwmrwNWz3lyfa1 X-Received: from wmbdo20.prod.google.com ([2002:a05:600c:6814:b0:45a:2855:e836]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:45cc:b0:456:1e5a:8879 with SMTP id 5b1f17b1804b1-45b517a067cmr199832635e9.9.1756376563788; Thu, 28 Aug 2025 03:22:43 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:11 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=9416; i=ardb@kernel.org; h=from:subject; bh=epKBfGpTOldMVfw8yHDo9rbn8A28IptnON9A0982n2I=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7hUO0TLeJr63l3Nrf9zbuWN1wE0V2xUlUU5/AiSzq 2Wr0z51lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgImUsTAyrM48UzT5SQmjwac5 5t6b3+9nzlyq83fr/yY/GX7dHO2rJxn+u1002RsdU77lSyVDabxaUsqCziSJOfv/MHh8b3r59a4 sLwA= X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-32-ardb+git@google.com> Subject: [PATCH v7 08/22] x86/sev: Pass SVSM calling area down to early page state change API From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The early page state change API is mostly only used very early, when only the boot time SVSM calling area is in use. However, this API is also called by the kexec finishing code, which runs very late, and potentially from a different CPU (which uses a different calling area). To avoid pulling the per-CPU SVSM calling area pointers and related SEV state into the startup code, refactor the page state change API so the SVSM calling area virtual and physical addresses can be provided by the caller. No functional change intended. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 24 +++++++++++++++++--- arch/x86/boot/startup/sev-shared.c | 23 ++++++++++--------- arch/x86/boot/startup/sev-startup.c | 16 +++++++++---- arch/x86/coco/sev/core.c | 7 ++++-- arch/x86/include/asm/sev-internal.h | 2 +- arch/x86/include/asm/sev.h | 6 +++++ 6 files changed, 57 insertions(+), 21 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index f714235d3222..dffe607e6d8b 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -62,18 +62,30 @@ static bool sev_snp_enabled(void) =20 void snp_set_page_private(unsigned long paddr) { + struct psc_desc d =3D { + SNP_PAGE_STATE_PRIVATE, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa + }; + if (!sev_snp_enabled()) return; =20 - __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE); + __page_state_change(paddr, paddr, &d); } =20 void snp_set_page_shared(unsigned long paddr) { + struct psc_desc d =3D { + SNP_PAGE_STATE_SHARED, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa + }; + if (!sev_snp_enabled()) return; =20 - __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED); + __page_state_change(paddr, paddr, &d); } =20 bool early_setup_ghcb(void) @@ -98,8 +110,14 @@ bool early_setup_ghcb(void) =20 void snp_accept_memory(phys_addr_t start, phys_addr_t end) { + struct psc_desc d =3D { + SNP_PAGE_STATE_PRIVATE, + (struct svsm_ca *)boot_svsm_caa_pa, + boot_svsm_caa_pa + }; + for (phys_addr_t pa =3D start; pa < end; pa +=3D PAGE_SIZE) - __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE); + __page_state_change(pa, pa, &d); } =20 void sev_es_shutdown_ghcb(void) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 4c94d88f5ac8..b86027d9a968 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -600,7 +600,8 @@ static int __head svsm_call_msr_protocol(struct svsm_ca= ll *call) return ret; } =20 -static void __head svsm_pval_4k_page(unsigned long paddr, bool validate) +static void __head svsm_pval_4k_page(unsigned long paddr, bool validate, + struct svsm_ca *caa, u64 caa_pa) { struct svsm_pvalidate_call *pc; struct svsm_call call =3D {}; @@ -613,10 +614,10 @@ static void __head svsm_pval_4k_page(unsigned long pa= ddr, bool validate) */ flags =3D native_local_irq_save(); =20 - call.caa =3D svsm_get_caa(); + call.caa =3D caa; =20 pc =3D (struct svsm_pvalidate_call *)call.caa->svsm_buffer; - pc_pa =3D svsm_get_caa_pa() + offsetof(struct svsm_ca, svsm_buffer); + pc_pa =3D caa_pa + offsetof(struct svsm_ca, svsm_buffer); =20 pc->num_entries =3D 1; pc->cur_index =3D 0; @@ -642,12 +643,12 @@ static void __head svsm_pval_4k_page(unsigned long pa= ddr, bool validate) } =20 static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long pa= ddr, - bool validate) + bool validate, struct svsm_ca *caa, u64 caa_pa) { int ret; =20 if (snp_vmpl) { - svsm_pval_4k_page(paddr, validate); + svsm_pval_4k_page(paddr, validate, caa, caa_pa); } else { ret =3D pvalidate(vaddr, RMP_PG_SIZE_4K, validate); if (ret) @@ -663,7 +664,7 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, } =20 static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, - enum psc_op op) + const struct psc_desc *desc) { u64 val, msr; =20 @@ -671,14 +672,14 @@ static void __head __page_state_change(unsigned long = vaddr, unsigned long paddr, * If private -> shared then invalidate the page before requesting the * state change in the RMP table. */ - if (op =3D=3D SNP_PAGE_STATE_SHARED) - pvalidate_4k_page(vaddr, paddr, false); + if (desc->op =3D=3D SNP_PAGE_STATE_SHARED) + pvalidate_4k_page(vaddr, paddr, false, desc->ca, desc->caa_pa); =20 /* Save the current GHCB MSR value */ msr =3D sev_es_rd_ghcb_msr(); =20 /* Issue VMGEXIT to change the page state in RMP table. */ - sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); + sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, desc->op)); VMGEXIT(); =20 /* Read the response of the VMGEXIT. */ @@ -693,8 +694,8 @@ static void __head __page_state_change(unsigned long va= ddr, unsigned long paddr, * Now that page state is changed in the RMP table, validate it so that i= t is * consistent with the RMP entry. */ - if (op =3D=3D SNP_PAGE_STATE_PRIVATE) - pvalidate_4k_page(vaddr, paddr, true); + if (desc->op =3D=3D SNP_PAGE_STATE_PRIVATE) + pvalidate_4k_page(vaddr, paddr, true, desc->ca, desc->caa_pa); } =20 /* diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 5eb7d939ebd3..8009a37d53c1 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -132,7 +132,7 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state) =20 void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, - unsigned long npages, enum psc_op op) + unsigned long npages, const struct psc_desc *desc) { unsigned long paddr_end; =20 @@ -142,7 +142,7 @@ early_set_pages_state(unsigned long vaddr, unsigned lon= g paddr, paddr_end =3D paddr + (npages << PAGE_SHIFT); =20 while (paddr < paddr_end) { - __page_state_change(vaddr, paddr, op); + __page_state_change(vaddr, paddr, desc); =20 vaddr +=3D PAGE_SIZE; paddr +=3D PAGE_SIZE; @@ -152,6 +152,10 @@ early_set_pages_state(unsigned long vaddr, unsigned lo= ng paddr, void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages) { + struct psc_desc d =3D { + SNP_PAGE_STATE_PRIVATE, svsm_get_caa(), svsm_get_caa_pa() + }; + /* * This can be invoked in early boot while running identity mapped, so * use an open coded check for SNP instead of using cc_platform_has(). @@ -165,12 +169,16 @@ void __head early_snp_set_memory_private(unsigned lon= g vaddr, unsigned long padd * Ask the hypervisor to mark the memory pages as private in the RMP * table. */ - early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE); + early_set_pages_state(vaddr, paddr, npages, &d); } =20 void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, unsigned long npages) { + struct psc_desc d =3D { + SNP_PAGE_STATE_SHARED, svsm_get_caa(), svsm_get_caa_pa() + }; + /* * This can be invoked in early boot while running identity mapped, so * use an open coded check for SNP instead of using cc_platform_has(). @@ -181,7 +189,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr return; =20 /* Ask hypervisor to mark the memory pages shared in the RMP table. */ - early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); + early_set_pages_state(vaddr, paddr, npages, &d); } =20 /* diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index ff1e2be8b5a8..a833b2b31d3d 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -607,8 +607,11 @@ static void set_pages_state(unsigned long vaddr, unsig= ned long npages, int op) unsigned long vaddr_end; =20 /* Use the MSR protocol when a GHCB is not available. */ - if (!boot_ghcb) - return early_set_pages_state(vaddr, __pa(vaddr), npages, op); + if (!boot_ghcb) { + struct psc_desc d =3D { op, svsm_get_caa(), svsm_get_caa_pa() }; + + return early_set_pages_state(vaddr, __pa(vaddr), npages, &d); + } =20 vaddr =3D vaddr & PAGE_MASK; vaddr_end =3D vaddr + (npages << PAGE_SHIFT); diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index ffe4755962fe..9ff824540b48 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -55,7 +55,7 @@ DECLARE_PER_CPU(struct sev_es_runtime_data*, runtime_data= ); DECLARE_PER_CPU(struct sev_es_save_area *, sev_vmsa); =20 void early_set_pages_state(unsigned long vaddr, unsigned long paddr, - unsigned long npages, enum psc_op op); + unsigned long npages, const struct psc_desc *desc); =20 DECLARE_PER_CPU(struct svsm_ca *, svsm_caa); DECLARE_PER_CPU(u64, svsm_caa_pa); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index fd11b266a67a..416715aaadf7 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -569,6 +569,12 @@ bool sev_es_check_cpu_features(void); extern u16 ghcb_version; extern struct ghcb *boot_ghcb; =20 +struct psc_desc { + enum psc_op op; + struct svsm_ca *ca; + u64 caa_pa; +}; + #else /* !CONFIG_AMD_MEM_ENCRYPT */ =20 #define snp_vmpl 0 --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-ej1-f74.google.com (mail-ej1-f74.google.com [209.85.218.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C66A130AD1B for ; Thu, 28 Aug 2025 10:22:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376568; cv=none; b=Ydxb9cRA/P/32aXrjxtc7zcsIFUgv6KBzgPfKBHzercURASLGxP4h26RIr3R18JWucCASzAHh9rkk3xgRcRJ9IeG9VlSCnK2uufiRgXni9DJeYBCa7ywlHnpq0K03eHbgPsVoaZwe5wqt7PMc8hKUQoZiMoxHZq1YIxBv8qez1w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376568; c=relaxed/simple; bh=kbRhLjsFsfQOfcNbfvEEZZaC8ogzs16ItYPudW2bum4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=f17k3DwN4gdW27XjwSowJHTjMfLpJ6QE7t8AQg4y3FdF04hS8C49EOCemNa3BCadMPSbteH+MzWYBZGgwd3u94LiMpwFFc7U5uFE7ZWw7W5x6iDPD+Ku1ik2mQe74eRN/SoWAU/klhV4W33Wa3d+zOMSyJt4Hi+b5o0kUmk/MYw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=eHOrFUXX; arc=none smtp.client-ip=209.85.218.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="eHOrFUXX" Received: by mail-ej1-f74.google.com with SMTP id a640c23a62f3a-afe6216085aso60290166b.1 for ; Thu, 28 Aug 2025 03:22:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376565; x=1756981365; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=dNkCiWgoJXF1ru1y9bEItu48j6Mp/Zxq2OanWUzF0Jg=; b=eHOrFUXXV21Q6VifwZTz99mrbIomB7ihyp5s7KpYcHstyfYyGXdXFg/llYnqtmgXl6 vOGqs1I11o7ElbMGCKq0j1V6Cog0nlaKsuQ8Ft4xaUQJDDvLFTHg2JzvKJIoUixt01QG UvZ8ISv2svYK0BMvXs09hahW23PlcvWJY0Er/lSmnnq5GB77c/qunH4yLGXoBULqo5ps RRwLjIHWpJjBDReXuwdSsTumWpfhMZXe9toxEzw1CCK1noEtQj22zvraQCNYJvyRR5bz CQV0jVnMhTdGXYubAytoqkJpVGRXbpFeSIgr5X0j/0r32G0ZAzzGVt+DH0DeMvVDTAjJ TYew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376565; x=1756981365; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dNkCiWgoJXF1ru1y9bEItu48j6Mp/Zxq2OanWUzF0Jg=; b=vxQsWVBbcym8x8iJ++CfH9VSNenVXK3YwVWGcamGadf3zS1TrxOcxCLIetjSaFonhn EEE3nsNoj+s0HbGUn//ZWlCHriSy+BkWDcXIEezyga92yZBrz+mOkHG5LzFtDpFm0Pl3 HzUyZH4uWh5PBJ3HpFzpqlhOsT5NZw6FaTjA4uyg+cRftOuPJwYaHfXrzl+HgKM4sM0J vNy38Z/i+FykRo6z3M8Kv1LRIuXR1060WsEbqbgnqwV47oUYgygL4wlnMStIZkr4tCHC v6jd3HeTEh1DbDBaN7ibo/c5ux3KUudhRO3hHDDocnQ2Xwu1hnCnoh2UJwkEHvxkdy68 0hiA== X-Gm-Message-State: AOJu0YzktN8bIwietzLoiK/Egw84e3it3As2UAPSyXAkztlM6ZCumDFJ jxetCyRU9vcLqO39dInCHv61N71slxY9818hIqo/dRzW95OBFsKh9Zf3QxKxp4cYlLE0cxpxW+X g47drlUQzArRePF/GipSGOHmVb4MDr6dNmHxWvSWOEEFaERkBa2BoTTnZnZosZQ3KtBGDcnv56H 56T0uuhoAIGJVnK21hPiERZdzbKsPQeZjtUQ== X-Google-Smtp-Source: AGHT+IEdv7mMg3gEVKaKZBtRemKkta4byG9MVxV52sHDkTP7r/nh6czwtsItRFYYNoPF1QZ7iWCCsV7a X-Received: from ejcug4.prod.google.com ([2002:a17:907:c8c4:b0:afe:96ea:180d]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a17:907:97cb:b0:afd:d9e3:953f with SMTP id a640c23a62f3a-afe296b14edmr2262708566b.63.1756376565039; Thu, 28 Aug 2025 03:22:45 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:12 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5360; i=ardb@kernel.org; h=from:subject; bh=C0q1ad84KjlSQtQ9LCyoiSGw3tyN88QelZe45Gf2aZQ=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7tWZ1t0um3+FGXO27vN0sQywvJAWl7qi+tFvpc5a7 q3N7R4dpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCKaqgz/Ey9vmrmW99ze48sS 4++9m1k4bffn+S8XNbkd27ks/+5UzWsM/+sf6Rhf05EUTWdzD5p3P9tE8Y5RWuK58zdmMvy+8YF RnB0A X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-33-ardb+git@google.com> Subject: [PATCH v7 09/22] x86/sev: Use boot SVSM CA for all startup and init code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel To avoid having to reason about whether or not to use the per-CPU SVSM calling area when running startup and init code on the boot CPU, reuse the boot SVSM calling area as the per-CPU area for CPU #0. This removes the need to make the per-CPU variables and associated state in sev_cfg accessible to the startup code once confined. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 13 ------ arch/x86/boot/startup/sev-startup.c | 11 ++--- arch/x86/coco/sev/core.c | 47 +++++++++----------- arch/x86/include/asm/sev-internal.h | 16 ------- 4 files changed, 28 insertions(+), 59 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index dffe607e6d8b..de73da526577 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -37,19 +37,6 @@ struct ghcb *boot_ghcb; =20 #define __BOOT_COMPRESSED =20 -extern u64 boot_svsm_caa_pa; - -struct svsm_ca *svsm_get_caa(void) -{ - /* The decompressor is mapped 1:1 so VA =3D=3D PA */ - return (struct svsm_ca *)boot_svsm_caa_pa; -} - -u64 svsm_get_caa_pa(void) -{ - return boot_svsm_caa_pa; -} - u8 snp_vmpl; =20 /* Include code for early handlers */ diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 8009a37d53c1..b0fc63f8dee1 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -50,9 +50,6 @@ u64 sev_secrets_pa __ro_after_init; /* For early boot SVSM communication */ struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); =20 -DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); -DEFINE_PER_CPU(u64, svsm_caa_pa); - /* * Nothing shall interrupt this code path while holding the per-CPU * GHCB. The backup GHCB is only for NMIs interrupting this path. @@ -153,7 +150,9 @@ void __head early_snp_set_memory_private(unsigned long = vaddr, unsigned long padd unsigned long npages) { struct psc_desc d =3D { - SNP_PAGE_STATE_PRIVATE, svsm_get_caa(), svsm_get_caa_pa() + SNP_PAGE_STATE_PRIVATE, + rip_rel_ptr(&boot_svsm_ca_page), + boot_svsm_caa_pa }; =20 /* @@ -176,7 +175,9 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr unsigned long npages) { struct psc_desc d =3D { - SNP_PAGE_STATE_SHARED, svsm_get_caa(), svsm_get_caa_pa() + SNP_PAGE_STATE_SHARED, + rip_rel_ptr(&boot_svsm_ca_page), + boot_svsm_caa_pa }; =20 /* diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index a833b2b31d3d..9782ebe30675 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -46,6 +46,25 @@ #include #include =20 +DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); +DEFINE_PER_CPU(u64, svsm_caa_pa); + +static inline struct svsm_ca *svsm_get_caa(void) +{ + if (sev_cfg.use_cas) + return this_cpu_read(svsm_caa); + else + return rip_rel_ptr(&boot_svsm_ca_page); +} + +static inline u64 svsm_get_caa_pa(void) +{ + if (sev_cfg.use_cas) + return this_cpu_read(svsm_caa_pa); + else + return boot_svsm_caa_pa; +} + /* AP INIT values as documented in the APM2 section "Processor Initializa= tion State" */ #define AP_INIT_CS_LIMIT 0xffff #define AP_INIT_DS_LIMIT 0xffff @@ -1312,7 +1331,8 @@ static void __init alloc_runtime_data(int cpu) struct svsm_ca *caa; =20 /* Allocate the SVSM CA page if an SVSM is present */ - caa =3D memblock_alloc_or_panic(sizeof(*caa), PAGE_SIZE); + caa =3D cpu ? memblock_alloc_or_panic(sizeof(*caa), PAGE_SIZE) + : &boot_svsm_ca_page; =20 per_cpu(svsm_caa, cpu) =3D caa; per_cpu(svsm_caa_pa, cpu) =3D __pa(caa); @@ -1366,32 +1386,9 @@ void __init sev_es_init_vc_handling(void) init_ghcb(cpu); } =20 - /* If running under an SVSM, switch to the per-cpu CA */ - if (snp_vmpl) { - struct svsm_call call =3D {}; - unsigned long flags; - int ret; - - local_irq_save(flags); - - /* - * SVSM_CORE_REMAP_CA call: - * RAX =3D 0 (Protocol=3D0, CallID=3D0) - * RCX =3D New CA GPA - */ - call.caa =3D svsm_get_caa(); - call.rax =3D SVSM_CORE_CALL(SVSM_CORE_REMAP_CA); - call.rcx =3D this_cpu_read(svsm_caa_pa); - ret =3D svsm_perform_call_protocol(&call); - if (ret) - panic("Can't remap the SVSM CA, ret=3D%d, rax_out=3D0x%llx\n", - ret, call.rax_out); - + if (snp_vmpl) sev_cfg.use_cas =3D true; =20 - local_irq_restore(flags); - } - sev_es_setup_play_dead(); =20 /* Secondary CPUs use the runtime #VC handler */ diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 9ff824540b48..f98f080410ad 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -62,22 +62,6 @@ DECLARE_PER_CPU(u64, svsm_caa_pa); =20 extern u64 boot_svsm_caa_pa; =20 -static __always_inline struct svsm_ca *svsm_get_caa(void) -{ - if (sev_cfg.use_cas) - return this_cpu_read(svsm_caa); - else - return rip_rel_ptr(&boot_svsm_ca_page); -} - -static __always_inline u64 svsm_get_caa_pa(void) -{ - if (sev_cfg.use_cas) - return this_cpu_read(svsm_caa_pa); - else - return boot_svsm_caa_pa; -} - enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt = *ctxt); void vc_forward_exception(struct es_em_ctxt *ctxt); =20 --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36FF930DD2A for ; Thu, 28 Aug 2025 10:22:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376570; cv=none; b=kFMZsY5KzG+e5zRAAYlwfscwoj/ecu1KI4U3bvb/Ip/P+Jd/ZYClox1xRMfh9FAQ/FbojVGMd9BhP9MYwXJqb9HA6C25Sz86BTJsKvYZDQmQQHfSRq43TzP3dBo8iECq/iQgcg/DPxqZsm+OnG2LxZHwRdTqpaljwTxqR98qQFQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376570; c=relaxed/simple; bh=OLU5QcbyyNINYElAKiJwayIsMLpwXtfz6ndB7XVk9/4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Brk6NfeufpaXQ79GsvjXezcpRPtqP9JnmwPMS1cJn7M8L4lRH5AXz+0hqd23DqXMB4MJ8RLLKOnX9+SUKrX0ZprnFimQRySklrYpJfzATFduj47Bq4wfS889LxqOEUjkmt68zujVT+Q3NHovaVD+QdsGLLCduJORgDZ/NAhgfko= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=xlzlPU67; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="xlzlPU67" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-3ccfd9063a0so268460f8f.0 for ; Thu, 28 Aug 2025 03:22:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376566; x=1756981366; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=L4ke4XWWJRSjh2bYfLQGWCSa7ibZe++P2mcK281T5xw=; b=xlzlPU67fI8N82Cz+EQ34XM1rZBi0PvBonNE7tH9iuRYdzN8+l/WsgWw51ZszLz/1R 90///DohZ2ejMFV2/Z7m4MHm921QVMkWA2rIJUigPRCL44qEgiLkH9KqxVrNMUn5uC+A m+H4yYidaDvkGbX/20hlexAMhAzjOSSAHCHKxCgn2w8LqgYWvygqLW14+NBw0HeDly+w kUPKm9sVXxefe2h4lgIdB7aNo7T4DldBVD2lu+Ax05RvqHhp+4QJRzcms7bQuwemd9DO HDuANYxPowwvxmhJ4+JDcjm0dPE3XFurpAri+7xNsnDsjuXg/BihiZo8zif7klxto9rL 9SZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376566; x=1756981366; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=L4ke4XWWJRSjh2bYfLQGWCSa7ibZe++P2mcK281T5xw=; b=J4lHbssD/A8oWnq1s8t4F/xKxBBRBaH53YbULMup3VbB6uJgWM7ZPlPXD4mX53r9mG MKFyzKQn9a30OLScOxW4LrFPTIckDBdGvC02r/HxTmK8GnKJocPRLwdcRiuqtuL88DvV zdFScNUW+28UcwdsiebFwaFuNhTlMX2FS4nHhT+/H4lNaxGTPoyxEHuMgPILb96jsgZ5 tEHsWbaqSYXJXqlYErRv2APtBnP9jKNBHunn/QWWPVDH/dAXOqohX34f8jj1TrH3GuHS SV+UMhc77GDYCRlBph430J+pJ8HWITbYW3EcWUP6Lau5CruynJYsIRx8ofxTvtKLE5LH Jn/Q== X-Gm-Message-State: AOJu0YyHmIUMw7dVYNm0rUyZdO8wEWlvOPu+beUqcvK7T94gvS4suWqv 9+p6Ry2jEggyJqQtilvt7Fv7prEETl1IbqekJETPxTS9rABQhK7BW8ZpgQsl5DDfu59KKvt4KTr 6ptVDZJXfxVKKGLyeiw8CbQS20Jcausq5JIbMmQHmsTSCzEapjHR80LUSe8AmzXexEogepqsB/e mqG30XWp1LsubI71Yshnv9w9wim7UTnnOi9w== X-Google-Smtp-Source: AGHT+IEErDdrpoDOnJGXWeVgfX/xMF9TWYEvvktoGqnlAr5ACLDelnBYJhmTLS01WM4ffzgxGgkvWsZG X-Received: from wrbee12.prod.google.com ([2002:a05:6000:210c:b0:3cd:3377:ba8f]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:200e:b0:3c8:5b40:deb0 with SMTP id ffacd0b85a97d-3c85b40e862mr10214800f8f.7.1756376566328; Thu, 28 Aug 2025 03:22:46 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:13 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2029; i=ardb@kernel.org; h=from:subject; bh=z5/KQ3GBPkmGwtg267k/7sBxf/zNQ61LbpifmGbtIgM=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7jWbjWw3ahvcdu4OVZ6xNo6fo8V+8t53uwxeL1y9w YXf60laRykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZgI30dGhst57stlgi0iHC/G PGK52nyyYJH/gg17uL66m4rcvzj1/gaGf6prb/1zE/wpHCzAV6+wOr510Qd/ecGzKzVMXUt2rZE V4QMA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-34-ardb+git@google.com> Subject: [PATCH v7 10/22] x86/boot: Drop redundant RMPADJUST in SEV SVSM presence check From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel snp_vmpl will be assigned a non-zero value when executing at a VMPL other than 0, and this is inferred from a call to RMPADJUST, which only works when running at VMPL0. This means that testing snp_vmpl is sufficient, and there is no need to perform the same check again. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index de73da526577..d650a314143b 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -404,30 +404,16 @@ void sev_enable(struct boot_params *bp) */ if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { u64 hv_features; - int ret; =20 hv_features =3D get_hv_features(); if (!(hv_features & GHCB_HV_FT_SNP)) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); =20 /* - * Enforce running at VMPL0 or with an SVSM. - * - * Use RMPADJUST (see the rmpadjust() function for a description of - * what the instruction does) to update the VMPL1 permissions of a - * page. If the guest is running at VMPL0, this will succeed. If the - * guest is running at any other VMPL, this will fail. Linux SNP guests - * only ever run at a single VMPL level so permission mask changes of a - * lesser-privileged VMPL are a don't-care. + * Running at VMPL0 is required unless an SVSM is present and + * the hypervisor supports the required SVSM GHCB events. */ - ret =3D rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1); - - /* - * Running at VMPL0 is not required if an SVSM is present and the hyperv= isor - * supports the required SVSM GHCB events. - */ - if (ret && - !(snp_vmpl && (hv_features & GHCB_HV_FT_SNP_MULTI_VMPL))) + if (snp_vmpl > 0 && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); } =20 --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 30A0F30DD07 for ; Thu, 28 Aug 2025 10:22:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376570; cv=none; b=e4/4+yhjk7S3u1kl0UXPJRcLVxjrCpoxuFTrAfw6Kh1OJ5VXBS66E4Itm596xhRZTInd4d/JaeiC06Bk41njiHop4n3WvdMP0QXtpayzWHQiJiLSasU2eZ6O+d7hHacneE/OcJLjPqd4TC4wi4G9uGOnLZ2B/KYkyuWSUsrrmAk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376570; c=relaxed/simple; bh=L5OPBMNERIorebPLCitdWWYXRB3zMTwpP66dKgU4iUk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=JCIHFihFEC3T6OVYukV1gpKXIKzBH03EtjSrp+9cn1MM05VfM7lRA26vD06DC+cvIHZgIVuk3GPnIL5Mz2Zsh5drwxCkno8EbDg5eAPtiyVLQP5ro0rYmYNweuGZm6BpgIkwUlcP+merilckihsX5cBCUm+9RI/CdTO/2IRXsPs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RWSujQ75; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RWSujQ75" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45a15f10f31so12499365e9.0 for ; Thu, 28 Aug 2025 03:22:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376567; x=1756981367; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=XaJpL8jKywahQIGYh+IMsHL6Z6ULbMaLruj54BTvvjY=; b=RWSujQ75q+NBFQ9d2bRhpu65w4xBvL6BlKi/S/jw38SlVnf+sbx8Bs5dneoP3O/6Vj 5rhzqvBF0fH3O9EJvld2D5QlpARb0D/858OJllhwwt1bQ+mPQ7W4T33G2LqAC1sVcY9u /4TbriojqaUwquj0zkRVX1DDwVQDGnqaasJviEjNRgCU6/9DOKWrUD08JlhJyVjo/jLN wiyDcgX0EzULC5KXU7ZQdCQ8BjaJS6odA1SCHp/c/KEV+yIX0Nh2Ea0kvxfLr9J+RS1O m2551K/bxObt8+vcGHnrnsOaNgkVoZBZfR9CAtzUtrbtRVI3xT21zu9lHoEqShue18AN XLNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376567; x=1756981367; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XaJpL8jKywahQIGYh+IMsHL6Z6ULbMaLruj54BTvvjY=; b=YfzsGJJFes9wRWSRv0lCwU//bKNJwSl9SxB7+CByFh2ORxgYd2kidUxbJQgFMaFR++ 0xH0GZz4bl3VQO3DEXW508rTNsNir95+9PhAKfMf7swRX/7+28pXDk63fWWKmw850dp/ QmLx3IgunZdLCeTTQbOv0vXy4EHWPX0Xa5BkHodMYNdiW+nOehDPj0FPZl2elaUgY8J/ SdnYEW3jfL0vYSo2uU6WaMEhnksKPakQDjnq6/qzXlu9R6gflYV9lDdyQxWNdhKhqJer J5za3RBZ6M+P6AGloLY6PNi08NGYGrUsxJ+v24t0YZP01bznBxF4R68TtQyGh+lIBihi fGGw== X-Gm-Message-State: AOJu0YyKEvEM9X0FYgkMjJ6pynMqBo2kVRM21vxWm7QjDmb8FgpgEDxn MeQtEAHl9FMAwdTU3evscj0jnKIzpIu7uDVNnSBLNjey2clyTJXFqfUQjhxb9E4qCf2yGHwa6Oe agVAogf47BcBwjudqfvkyH8lbrqMGsx1QU3kvkqhGH9VOGtyYBW9V/kzkAHWH0R+dRHImb6SQZS v6ctVZlR6S0P21RAuDNo9QKxDvk3HNYZ2pUQ== X-Google-Smtp-Source: AGHT+IEhFhvZFfYqgoI+yglrrAcVCrV8WmuhsfzoUM7Gzcti1M88OdREtqQfEeL9jz0hSC/a+wtRFaO6 X-Received: from wrbfi2.prod.google.com ([2002:a05:6000:4402:b0:3a5:7a8e:97ed]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:50c8:0:b0:3cb:fee1:de33 with SMTP id ffacd0b85a97d-3cbfee1dea7mr5302998f8f.7.1756376567632; Thu, 28 Aug 2025 03:22:47 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:14 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1051; i=ardb@kernel.org; h=from:subject; bh=C7hRv/57XB72AG4RPN24KyXGqFt68aWMEWowtuf+WwU=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7o2eS1HPc8Q5dfKzTqQn3O8qsfLhsil4nXNuXsIqL Qmj7awdpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCJShowMTwo/unWkb1e5+HOT lSCnXfHCpxG20b6/p75RTdCQSTHfychwIihNPCbec++u/a8XZTpFPtC/ISixt9b78dRb6dWvvjm xAAA= X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-35-ardb+git@google.com> Subject: [PATCH v7 11/22] x86/boot: Provide PIC aliases for 5-level paging related constants From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Provide PIC aliases for the global variables related to 5-level paging, so that the startup code can access them in order to populate the kernel page tables. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/head64.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 533fcf5636fc..1bc40d0785ee 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -52,10 +52,13 @@ SYM_PIC_ALIAS(next_early_pgt); pmdval_t early_pmd_flags =3D __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_= NX); =20 unsigned int __pgtable_l5_enabled __ro_after_init; +SYM_PIC_ALIAS(__pgtable_l5_enabled); unsigned int pgdir_shift __ro_after_init =3D 39; EXPORT_SYMBOL(pgdir_shift); +SYM_PIC_ALIAS(pgdir_shift); unsigned int ptrs_per_p4d __ro_after_init =3D 1; EXPORT_SYMBOL(ptrs_per_p4d); +SYM_PIC_ALIAS(ptrs_per_p4d); =20 unsigned long page_offset_base __ro_after_init =3D __PAGE_OFFSET_BASE_L4; EXPORT_SYMBOL(page_offset_base); --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B25030BB92 for ; Thu, 28 Aug 2025 10:22:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376572; cv=none; b=GJQw3m/IU7xQMvezAj2OR2UlS1dAlUU0y0kOmNTlGX0BDbnzw4Ct5eGMtb53yUrqVijl5SUdV+3nq5qMXm80ywEO47LO0GzYYrwQLB2uK4kRpeqTr9qgn4M6KNxrZjNof4bYPAqtNThPSfUHZAmaOjJWDrl9d6mIgz4nB/KCi/8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376572; c=relaxed/simple; bh=G2zufqLCQn7+KfD8fnQ9mx11YDR18l1Dlw5GsKNscZY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=If7I9foM+weG5x/aawjtkSpHzD2lRJuplmJvzW7OszI8OBu2IajKJk5F33W3cRK5Y+xaXAWIFIQxJgmoO2M33UpjqRvp46fP4GcP+X4pqBuRqcYa3x8UFNt1S+hQEK6l6oCIHTxrUqgNvGQdN3PwmMdI1o/z+fc0gJUHT7sjnfQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sUuYbLNi; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sUuYbLNi" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45b51baec92so1619175e9.1 for ; Thu, 28 Aug 2025 03:22:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376569; x=1756981369; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ujXKSc+zgno0OOMX6c7Rga5ycdtxsGZotgyzuX1fels=; b=sUuYbLNiUlc3YoWE5WBJpCKXQ59MeVVgXFIz8sk6iD1150VCDtP5NZcMAk4iiEeK1K I231yYrMAu+e15EbafiSQSXzpjGC0DiMsfSUzK5m5+fJ0yR+xn7fnITbLw9ICtQAv8m/ Bg6+y4WU0sJK0fn3fFBJTQ7RpESnsa7FfxqgikC5jbEp4CSwRKMUxxN2B+1dze5XxPVx ocoPHQYqc8HvibZYhJGo8y6JuJJov/huQKuXSPclOA/CXjJNUwSjC5+CRGTWK7fO2gqN Bkf+idHQiHkU3hui3uwk/QcCMmQEBQfP6yr2P5NXQg1drVbHSVEyN+nb1xQw7XEmwGWF +D2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376569; x=1756981369; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ujXKSc+zgno0OOMX6c7Rga5ycdtxsGZotgyzuX1fels=; b=Kf2BLu5rjES8crqTCA1y8lk9AJj9dx8AunHrdasapgIZi3zb+J+B1xgC91RT4Iofvs UeMXfYbhI9GpEukBjruhrSHjrLHzcF/SLu7Hoh8SZvS2YjFEdfUEndXWIoexV5pqos/4 d+YehaBMCRnjpgh4iS4wCfWaj4dn96CCtGYW1PttWwovSl5SrZ61ercT8HHcr7rX9wok JQmJbCeniNia9Ex7uQHewy+rb8HKaXP7Vb+AbdVWE5CGXhG9yrafsMkDIm9tPWCsJ75g It+7RXHVWY1yGyvMuvAWvu2xXibcAIiWS3fe9UMarTSkdQVXzVuhN9OVFlWYqH84gWDg zgvQ== X-Gm-Message-State: AOJu0YwiBkVaiHjEtxeTQ0DMxDKHTGgdPE2lUfaqZ+0sCBZrcwTaKoH6 PvnMtX4kEIJuPEJyNR6IUazDz536jTsUHNqGnWFAAus127UktEf9O87xzXbgn5rWsyNzwiwSn/2 nU8WQb35GryrzqjAKx8BOQr8NyDdMT3+2hQOXtEp9qhDb+zs+3KzoFQh2cfC9GItFyHH4lHeHsC YfzWZ2PIB5lmTB2LOrqDtsw77asnBbTmdgUQ== X-Google-Smtp-Source: AGHT+IELwBKJ1UROeUm4ICPfKLRu9iKkB4nXcVpVpcr3BHxSyVYVCTcIRJFBmrQ1Gj31W7uvHssJ33ov X-Received: from wrui11.prod.google.com ([2002:a5d:630b:0:b0:3c5:97f8:7ce7]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2306:b0:3c8:ffcf:e01d with SMTP id ffacd0b85a97d-3c8ffcfe6bbmr11059839f8f.55.1756376568911; Thu, 28 Aug 2025 03:22:48 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:15 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5030; i=ardb@kernel.org; h=from:subject; bh=NkmNKRuvJHRR3ewqik/hXwp4Dka2MgHQ5hAg1woLvBM=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7s0DeteO7X2zc4WWmFyiTKH1/9enOu62X0ibyCk2s SrRTyaso5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzE5SbD/zDvgyxb8jzY+HMD rHyXHfP05fw7Idhn1fXYI2bKy58sYmVkuM74L+1Y21uf/05/ngUUJn3vfCrWF/7p+Tqh05lsj6K 2sAAA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-36-ardb+git@google.com> Subject: [PATCH v7 12/22] x86/sev: Provide PIC aliases for SEV related data objects From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Provide PIC aliases for data objects that are shared between the SEV startup code and the SEV code that executes later. This is needed so that the confined startup code is permitted to access them. This requires some of these variables to be moved into a source file that is not part of the startup code, as the PIC alias is already implied, and exporting variables in the opposite direction is not supported. Move ghcb_version as well, but don't provide a PIC alias as it is not actually needed. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 3 ++ arch/x86/boot/startup/sev-shared.c | 19 ----------- arch/x86/boot/startup/sev-startup.c | 9 ------ arch/x86/coco/sev/core.c | 34 ++++++++++++++++++++ 4 files changed, 37 insertions(+), 28 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index d650a314143b..6822eb4b9152 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -38,6 +38,9 @@ struct ghcb *boot_ghcb; #define __BOOT_COMPRESSED =20 u8 snp_vmpl; +u16 ghcb_version; + +u64 boot_svsm_caa_pa; =20 /* Include code for early handlers */ #include "../../boot/startup/sev-shared.c" diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index b86027d9a968..180f54570022 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -19,25 +19,6 @@ #define WARN(condition, format...) (!!(condition)) #endif =20 -/* - * SVSM related information: - * During boot, the page tables are set up as identity mapped and later - * changed to use kernel virtual addresses. Maintain separate virtual and - * physical addresses for the CAA to allow SVSM functions to be used dur= ing - * early boot, both with identity mapped virtual addresses and proper ke= rnel - * virtual addresses. - */ -u64 boot_svsm_caa_pa __ro_after_init; - -/* - * Since feature negotiation related variables are set early in the boot - * process they must reside in the .data section so as not to be zeroed - * out when the .bss section is later cleared. - * - * GHCB protocol version negotiated with the hypervisor. - */ -u16 ghcb_version __ro_after_init; - /* Copy of the SNP firmware's CPUID page. */ static struct snp_cpuid_table cpuid_table_copy __ro_after_init; =20 diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index b0fc63f8dee1..138b26f14ff1 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,15 +41,6 @@ #include #include =20 -/* Bitmap of SEV features supported by the hypervisor */ -u64 sev_hv_features __ro_after_init; - -/* Secrets page physical address from the CC blob */ -u64 sev_secrets_pa __ro_after_init; - -/* For early boot SVSM communication */ -struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); - /* * Nothing shall interrupt this code path while holding the per-CPU * GHCB. The backup GHCB is only for NMIs interrupting this path. diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 9782ebe30675..b9133c825f90 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -46,6 +46,29 @@ #include #include =20 +/* Bitmap of SEV features supported by the hypervisor */ +u64 sev_hv_features __ro_after_init; +SYM_PIC_ALIAS(sev_hv_features); + +/* Secrets page physical address from the CC blob */ +u64 sev_secrets_pa __ro_after_init; +SYM_PIC_ALIAS(sev_secrets_pa); + +/* For early boot SVSM communication */ +struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); +SYM_PIC_ALIAS(boot_svsm_ca_page); + +/* + * SVSM related information: + * During boot, the page tables are set up as identity mapped and later + * changed to use kernel virtual addresses. Maintain separate virtual and + * physical addresses for the CAA to allow SVSM functions to be used dur= ing + * early boot, both with identity mapped virtual addresses and proper ke= rnel + * virtual addresses. + */ +u64 boot_svsm_caa_pa __ro_after_init; +SYM_PIC_ALIAS(boot_svsm_caa_pa); + DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); DEFINE_PER_CPU(u64, svsm_caa_pa); =20 @@ -119,6 +142,17 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); */ u8 snp_vmpl __ro_after_init; EXPORT_SYMBOL_GPL(snp_vmpl); +SYM_PIC_ALIAS(snp_vmpl); + +/* + * Since feature negotiation related variables are set early in the boot + * process they must reside in the .data section so as not to be zeroed + * out when the .bss section is later cleared. + * + * GHCB protocol version negotiated with the hypervisor. + */ +u16 ghcb_version __ro_after_init; +SYM_PIC_ALIAS(ghcb_version); =20 /* For early boot hypervisor communication in SEV-ES enabled guests */ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E2DA30E0EB for ; Thu, 28 Aug 2025 10:22:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376575; cv=none; b=p/WE5oOZ0S/+aEsyu/S2ua5fBQDsWt6aDIcigHka66wkzF8khmlmF8LgH8O+6If+vUeYZuvL24WfKSaFDmCvl/QV8k0s2CsdjB0rIGGj4oWUEb9g/hUT0Nxnkaht5/27R98ZeGRcKHDCKLpAtuijpIVaerEqOvpnqeUaZ/TuMwc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376575; c=relaxed/simple; bh=95eytKerMntb0xoZ2LLXP2V9tAvxXcbUbLq2gM3XUuc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=b8TrB9NqbiRUHROGdBIDlyj/c3S/2wgbHA1812vzq8yLRq9QTPNW7mWzU0r62yxeucs5jYiqMJ2zHg4YWMaQjEF7DRyObzl/dw98TC+e9lBn/l7KOpBeOlq6XT4ROMLqn4+JCApCrT6oDI7FLTfi4VixzKOb055cV4YJ5gy0MR4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HhaSUBBm; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HhaSUBBm" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45b71fe31ffso4578925e9.2 for ; Thu, 28 Aug 2025 03:22:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376570; x=1756981370; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=U+ZCCxTQoTCPao1KGzvcRQdS6JKcYVTRlRuQtQ6ys2Q=; b=HhaSUBBmLWoWraRmf6CncdPxwK31ibvWtNfQbPzWOUoQXsWHczlxTuoDdH3Gunhuw0 2ADgxc3uuE8RUjSjy6gE0gG4UOe4wpKwBnVddxjxfFhMfSUnFc0OFAmihpmJibt5N/OZ wZTBg7uEokvEv15fGrW65WohkD+KlrV8AKB4OGD2RNziHghvTXcfqslJki2wBTrOhGhZ hP/yzbXJY4SH37td+4atrPlT0V8R2/Xo8ryibrBP0BbEJMA+DLyjzMVDCDLSMi+5QBft GXtnRaiYqkIX1UCMo7CYPMmqibpS+WQAzBpggidLzBtpkxdUsLNaIxihbXc4qkBiwGeU 9M+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376570; x=1756981370; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=U+ZCCxTQoTCPao1KGzvcRQdS6JKcYVTRlRuQtQ6ys2Q=; b=sJX6rmsJnmFWgwznEtgOEHgW5u7g4bnfFkTetc6Ql4mmnJ6db7UrLOGtSVv/kpRKa1 dfV2O2iURyKntGs/jBBRjVhhUk/av2vCB93heMs0xEDUQEtBZExcfmjQLqgRcRqTATnw cl/ayyZEFnl3AEn57K7Z3FX8JapaLSkMqCAQSxS8qsUr2F9IYLNgLRT/kJoVI685Amx2 BeyalFlbkBE35sGAqU6aEXZ2rtycF4LsbO+C0t6E1qMG//G4fN5Oml8nRvw8YvjU0rAp 8gjj55Hc+0VijAFj8fCVWKAKwcTeYmwbd3m3sWE1p54fSuxzOgu9oX5yZ2XfJjRNcIJx mKbA== X-Gm-Message-State: AOJu0Yya+alnHm/rVonB3FBuIMFCF4RYMDwvs+6IABAAV6bxyAMXVqbs HudF3s6Ms+RIppoNxQtmK0l/9MEs/aqlvceLKZRr348VdwD8EfTEdweZGM55SCOR8wmi3nIV8+a JR9yWgt6dwUA1OuT2o2pIB+1zUBEsJqFNODDVYs5494eRlPC3g4a66Q8Cpdp66C8RE5BPsgzT09 aiUVPmHAn87ubknZ8QcOejUvml0yOTS8gnZQ== X-Google-Smtp-Source: AGHT+IGvnR4G+9YkF+RVoXJvYh+q2PmQd3U9b7j4Ed7TzaWCj7E2ufT3qSlSKlyNol5Bm/iKq6hNJiYY X-Received: from wmbel18.prod.google.com ([2002:a05:600c:3e12:b0:45b:732e:5a16]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c04:b0:45b:772b:12b9 with SMTP id 5b1f17b1804b1-45b772b146emr18870715e9.15.1756376570076; Thu, 28 Aug 2025 03:22:50 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:16 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6041; i=ardb@kernel.org; h=from:subject; bh=ZJUXkLzG6HR7JSAtBmXd60VbGlAeVNlhB/oKEMBDNYE=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7q2vTz8YzM1b/dwtzmMv81rGOX22R/5uLrue1Nymv np1gOfEjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjARoUmMDA86ldxEMjmMMr4X dcebWFTr18ezr5p3veidZlRq4eTk14wMHxeW/f92RVzxZbrI6bDjz1rX7WMMKvVUTNh4ev4cByU ObgA= X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-37-ardb+git@google.com> Subject: [PATCH v7 13/22] x86/sev: Move __sev_[get|put]_ghcb() into separate noinstr object From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Rename sev-nmi.c to noinstr.c, and move the get/put GHCB routines into it too, which are also annotated as 'noinstr' and suffer from the same problem as the NMI code, i.e., that GCC may ignore the __no_sanitize_address__ function attribute implied by 'noinstr' and insert KASAN instrumentation anyway. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/sev-startup.c | 74 -------------------- arch/x86/coco/sev/Makefile | 8 +-- arch/x86/coco/sev/{sev-nmi.c =3D> noinstr.c} | 74 ++++++++++++++++++++ 3 files changed, 78 insertions(+), 78 deletions(-) diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 138b26f14ff1..9f4b4ca7deaa 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -41,83 +41,9 @@ #include #include =20 -/* - * Nothing shall interrupt this code path while holding the per-CPU - * GHCB. The backup GHCB is only for NMIs interrupting this path. - * - * Callers must disable local interrupts around it. - */ -noinstr struct ghcb *__sev_get_ghcb(struct ghcb_state *state) -{ - struct sev_es_runtime_data *data; - struct ghcb *ghcb; - - WARN_ON(!irqs_disabled()); - - data =3D this_cpu_read(runtime_data); - ghcb =3D &data->ghcb_page; - - if (unlikely(data->ghcb_active)) { - /* GHCB is already in use - save its contents */ - - if (unlikely(data->backup_ghcb_active)) { - /* - * Backup-GHCB is also already in use. There is no way - * to continue here so just kill the machine. To make - * panic() work, mark GHCBs inactive so that messages - * can be printed out. - */ - data->ghcb_active =3D false; - data->backup_ghcb_active =3D false; - - instrumentation_begin(); - panic("Unable to handle #VC exception! GHCB and Backup GHCB are already= in use"); - instrumentation_end(); - } - - /* Mark backup_ghcb active before writing to it */ - data->backup_ghcb_active =3D true; - - state->ghcb =3D &data->backup_ghcb; - - /* Backup GHCB content */ - *state->ghcb =3D *ghcb; - } else { - state->ghcb =3D NULL; - data->ghcb_active =3D true; - } - - return ghcb; -} - /* Include code shared with pre-decompression boot stage */ #include "sev-shared.c" =20 -noinstr void __sev_put_ghcb(struct ghcb_state *state) -{ - struct sev_es_runtime_data *data; - struct ghcb *ghcb; - - WARN_ON(!irqs_disabled()); - - data =3D this_cpu_read(runtime_data); - ghcb =3D &data->ghcb_page; - - if (state->ghcb) { - /* Restore GHCB from Backup */ - *ghcb =3D *state->ghcb; - data->backup_ghcb_active =3D false; - state->ghcb =3D NULL; - } else { - /* - * Invalidate the GHCB so a VMGEXIT instruction issued - * from userspace won't appear to be valid. - */ - vc_ghcb_invalidate(ghcb); - data->ghcb_active =3D false; - } -} - void __head early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, const struct psc_desc *desc) diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile index 342d79f0ab6a..3b8ae214a6a6 100644 --- a/arch/x86/coco/sev/Makefile +++ b/arch/x86/coco/sev/Makefile @@ -1,10 +1,10 @@ # SPDX-License-Identifier: GPL-2.0 =20 -obj-y +=3D core.o sev-nmi.o vc-handle.o +obj-y +=3D core.o noinstr.o vc-handle.o =20 # Clang 14 and older may fail to respect __no_sanitize_undefined when inli= ning -UBSAN_SANITIZE_sev-nmi.o :=3D n +UBSAN_SANITIZE_noinstr.o :=3D n =20 # GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining -KASAN_SANITIZE_sev-nmi.o :=3D n -KCSAN_SANITIZE_sev-nmi.o :=3D n +KASAN_SANITIZE_noinstr.o :=3D n +KCSAN_SANITIZE_noinstr.o :=3D n diff --git a/arch/x86/coco/sev/sev-nmi.c b/arch/x86/coco/sev/noinstr.c similarity index 61% rename from arch/x86/coco/sev/sev-nmi.c rename to arch/x86/coco/sev/noinstr.c index d8dfaddfb367..b527eafb6312 100644 --- a/arch/x86/coco/sev/sev-nmi.c +++ b/arch/x86/coco/sev/noinstr.c @@ -106,3 +106,77 @@ void noinstr __sev_es_nmi_complete(void) =20 __sev_put_ghcb(&state); } + +/* + * Nothing shall interrupt this code path while holding the per-CPU + * GHCB. The backup GHCB is only for NMIs interrupting this path. + * + * Callers must disable local interrupts around it. + */ +noinstr struct ghcb *__sev_get_ghcb(struct ghcb_state *state) +{ + struct sev_es_runtime_data *data; + struct ghcb *ghcb; + + WARN_ON(!irqs_disabled()); + + data =3D this_cpu_read(runtime_data); + ghcb =3D &data->ghcb_page; + + if (unlikely(data->ghcb_active)) { + /* GHCB is already in use - save its contents */ + + if (unlikely(data->backup_ghcb_active)) { + /* + * Backup-GHCB is also already in use. There is no way + * to continue here so just kill the machine. To make + * panic() work, mark GHCBs inactive so that messages + * can be printed out. + */ + data->ghcb_active =3D false; + data->backup_ghcb_active =3D false; + + instrumentation_begin(); + panic("Unable to handle #VC exception! GHCB and Backup GHCB are already= in use"); + instrumentation_end(); + } + + /* Mark backup_ghcb active before writing to it */ + data->backup_ghcb_active =3D true; + + state->ghcb =3D &data->backup_ghcb; + + /* Backup GHCB content */ + *state->ghcb =3D *ghcb; + } else { + state->ghcb =3D NULL; + data->ghcb_active =3D true; + } + + return ghcb; +} + +noinstr void __sev_put_ghcb(struct ghcb_state *state) +{ + struct sev_es_runtime_data *data; + struct ghcb *ghcb; + + WARN_ON(!irqs_disabled()); + + data =3D this_cpu_read(runtime_data); + ghcb =3D &data->ghcb_page; + + if (state->ghcb) { + /* Restore GHCB from Backup */ + *ghcb =3D *state->ghcb; + data->backup_ghcb_active =3D false; + state->ghcb =3D NULL; + } else { + /* + * Invalidate the GHCB so a VMGEXIT instruction issued + * from userspace won't appear to be valid. + */ + vc_ghcb_invalidate(ghcb); + data->ghcb_active =3D false; + } +} --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3EE6330EF69 for ; Thu, 28 Aug 2025 10:22:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376575; cv=none; b=rT0ewF0Pp4iwqnUCFI4WBJh1WP8+jzNNO2fiwiWVDh/1MuKILiV214SoH2y6ijGDwwQKYDVgihmjZDwEQ/zLAXnpmrKgzI6u1RUgAzJVmqXmMY7pvoTxOQGLf58vyVFKaPTFfqic8LJ6fRfJNGvH4u46d2YNEKg1Wu4W8KXkl40= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376575; c=relaxed/simple; bh=C8Csp226/YzfeWHSASzw9WJOSXUwkB6EtwTL/bzqdvg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=D8vzCBoNt5Rpt6/T6MuBcI8sIlxTNbZII++RrsMk82dFth9Rh8xQQ87kw6JW8iW/sQbcXZi8MQrcRorC455WbWF+B5znwa3F4PlGRTer7XmLPvRrejj0bPferQYlxrH7f1hT7BwUYTKKEJcRqf9x8c3yjRZCHJlTNODZm72SFOo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2nXJyfwS; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2nXJyfwS" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3c584459d02so543612f8f.0 for ; Thu, 28 Aug 2025 03:22:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376571; x=1756981371; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=drwOIUdP9CFzwn412iXkc1dycUMYVpFZ2JoqeIstN34=; b=2nXJyfwSXjatzWHuohfq8n+XMgDG7RnY7gXEQK6vefylHKrHK3QkhAcTIuZMIXDdrI fGqIiU9nMtyX7cz49MzrEnJiUGAQnQb70yvH1p3piHy5CQh9oCfiMHhH0+Ag8GQl2g60 i1GIYDmO5q5kdc8ymBysGitueqHiPBv7H/Sku/AH9hm0ycP7k2ih4TGSruoZYF27ot4R NsmYCQdKTOyhrnJ/xJ8HwUbXX7DxM8w/J9xUvXaVqlcSQeHgPkH0eFkw1T9YPbmuJSRW wsxhv+zicYScOkMngImIbfhpT5YmUS+4S4g1cvPm715oRzvXaHaaqzf8kHzwly3/2uIW 7Qmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376571; x=1756981371; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=drwOIUdP9CFzwn412iXkc1dycUMYVpFZ2JoqeIstN34=; b=jar67/sqqvUADuFwYdBAyJll96vmSojv3MopJHG/c8ZANwrW3Xekcy6NiZoyv/6uJ0 DYxC7d7kGOxe9OS7LWBhE1OmPXhHy1D/0xMHaYFDKbkA4TS8KcB8N/Jb4juaiKXUBXfF ZH3mTjKAAgPkPQX+p9Sf7mqHwizpPS9DmdiXXjSXdlk0Y3d4PcNr3r16TyLM3/K5j3Ll 77JzRr0P0UMpZhA0eS7pKcg7ylEKK2KDauwk9Xmkbi626BRfyo0ZU93Hd7zK6r7kl8yc IqehpYNEMqWmzP6X5ePUmNciQ2WDBXfuvFebBNxG8pF6dlepYJtQXKZ51N5t6EswRIAv AGCQ== X-Gm-Message-State: AOJu0YwZ2erxOCcBEhis99aHoLpCg+YiGBSXWWMGHyPWqVBMTFkxPeak QGVCgKIDzaZG6Dyju0u0UVuyAdzKUn7WW2MGeQpjftkJ9V4H87IxUk3Vh1KcXmWnMgdnQOI0n4m dpMf5F5cEKBEzmaQaa5b/cEyaN0XDBByiPB5k9NGANyiB6lvVr3TfMt+w3euUQNbO6R8q6e6qb0 KaY2gkBoE45TvwaDFzWJrKRS4EQ5kkzGwcLw== X-Google-Smtp-Source: AGHT+IEW9YcvbPIqRSaXTvjHk3oWsIrAjMzazaRVz/Z6Q9LwVhMb6DSeRsnCMsjz2Kfh4d0bChGQfID3 X-Received: from wmbds12.prod.google.com ([2002:a05:600c:628c:b0:459:e068:b510]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:18ad:b0:3b8:fb31:a42d with SMTP id ffacd0b85a97d-3c5dc6385e1mr16035040f8f.34.1756376571462; Thu, 28 Aug 2025 03:22:51 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:17 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1696; i=ardb@kernel.org; h=from:subject; bh=/OAv7ZhuG2hKsYziZ71xYvsi1BlIFCdIV4BfD+340/U=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7m3GAjtTV/Os+CMRe44bTTTU3x89wXHmkurnXu0v2 Fen2nh3lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIk4OTP8Fb/6sv/qz1khuVa9 68/oyB75ty7Y8fmszWox24/kmyuW7mX4X+o6m/d8iRGrLWPZMR2/ykqzrTe2iMT5/f5Ylc+X7mP FDwA= X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-38-ardb+git@google.com> Subject: [PATCH v7 14/22] x86/sev: Export startup routines for later use From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Create aliases that expose routines that are part of the startup code to other code in the core kernel, so that they can be called later as well. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/exports.h | 14 ++++++++++++++ arch/x86/kernel/vmlinux.lds.S | 2 ++ 2 files changed, 16 insertions(+) diff --git a/arch/x86/boot/startup/exports.h b/arch/x86/boot/startup/export= s.h new file mode 100644 index 000000000000..01d2363dc445 --- /dev/null +++ b/arch/x86/boot/startup/exports.h @@ -0,0 +1,14 @@ + +/* + * The symbols below are functions that are implemented by the startup cod= e, + * but called at runtime by the SEV code residing in the core kernel. + */ +PROVIDE(early_set_pages_state =3D __pi_early_set_pages_state); +PROVIDE(early_snp_set_memory_private =3D __pi_early_snp_set_memory_private= ); +PROVIDE(early_snp_set_memory_shared =3D __pi_early_snp_set_memory_shared); +PROVIDE(get_hv_features =3D __pi_get_hv_features); +PROVIDE(sev_es_terminate =3D __pi_sev_es_terminate); +PROVIDE(snp_cpuid =3D __pi_snp_cpuid); +PROVIDE(snp_cpuid_get_table =3D __pi_snp_cpuid_get_table); +PROVIDE(svsm_issue_call =3D __pi_svsm_issue_call); +PROVIDE(svsm_process_result_codes =3D __pi_svsm_process_result_codes); diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 4fa0be732af1..5d5e3a95e1f9 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -535,3 +535,5 @@ xen_elfnote_entry_value =3D xen_elfnote_phys32_entry_value =3D ABSOLUTE(xen_elfnote_phys32_entry) + ABSOLUTE(pvh_start_xen - LOAD_OFFSET= ); #endif + +#include "../boot/startup/exports.h" --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D416230EF8F for ; Thu, 28 Aug 2025 10:22:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376575; cv=none; b=jJSXek9QZHC6nXJ95VXVvo9LJtMhgURlf9l+OYpV+3PDpuySbIpoBpCiKO7lJdLdc9cQ7FDjdRUYUwVo3Oso9EOyWfSBOmxEzD6j1KC77fPr7aJ4F5C5s5m5+IpJTR3Ks+qphgrfDVsv4hQ1n+CQZ4hgyKvxDZibZqZtrEWrQ4c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376575; c=relaxed/simple; bh=CXktk/3ktYtlDoKQDE5CsLePB7sfd59X2JWdEHn1/S8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YudMSA38H7jzfvI82rDEvE9jCevSHceGYCoX2hoHGSZh6cqxrzbH+umAxEC/0OMrYf72I+y6iUap7OK6PCRFhNCzwTy/NaxIDLpjWoq33qn+3EqgS0jwiv+X6kQTMeBd58+lFcPflD1UCCdi9Orj3RCGtu1SjO9V24NB3Konf6o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CbOAADjo; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CbOAADjo" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45a1b0c5377so3695085e9.3 for ; Thu, 28 Aug 2025 03:22:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376572; x=1756981372; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gC5W6X2xpozBVwR+ZZENH3Rw9CsJdIRSiecoK84WE7c=; b=CbOAADjoK1QJxNmny+zrd8EQemd3IJEmSq8HGVULuuYy/jnPgznAJJ+HL5YBqQPX6r /IfjMz9o4sgObn39IUylKO4lzjbC77ULI33RTLCzJT3VDG77gQbHiVJjIsuWnSqTS9Do 5SLZIQkRLuPtX4nUDqNeRwj0VxsBOLbDHgKeS12zrH2R7FGXOKVBjgxUug0a7OomkUPm 169Y+XPX/daM29u4cMNc0CMkHL+m9LRkOZOF3gV9Kn9LQjWuzJ9+Ww6m40CtR6GBOpiz B3LPCW1nCf2wEYp0Djq6v1jyFQj/bmCi/w9l0blP3g0ivdT3vkxLvHer4B4QYjW6qCzK tkDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376572; x=1756981372; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gC5W6X2xpozBVwR+ZZENH3Rw9CsJdIRSiecoK84WE7c=; b=ovbujllWMTSzkASzHYcCrOWEiUirPWO6eNbUv3jG+E9N53QpnPELf1YsXS2PZQ9T9+ L1fu1x8U3ke1HSCu7qU7F4HfiXysBQdy0lwlqOGzDMP7LV4bdqhHufNKG57KwEN+etp5 c8YjWcofxipEtb7NbNNYo+o2FSrwijjlKnsz0Z3G8t9xiMKVGJsxBInsf4fd4gqgTu/Q +HggL6zLQmWTsDT5mOFAHuKyP+Wuz9rFWqRRfGDdtfrXEjiwaC3qv8EkCk02SiNHwlU8 cj/6SsGAT5snzeBl1YUDtYvEvDtNooH19rVD/Q7yKPYkHkGyeWQQSW4DUDQgRNaUjDkc Pd5A== X-Gm-Message-State: AOJu0YxXekwPszax1oJ3vT2DpBo0ToL9SAZy7LN5wxyLzGXy8/PbtJCB kMtDsYqHERXD/8cpi2G0wlSCfwItuwhE0CUK/UzvHAW6ZciITAcL4qgE+WOWD+eDzw/FoM7tTQv YpM6Z9Y6LhCaTi5LYhXeCZCv57zZIgp7gP2wjGedi+QsOZ2pK2Yxzb1MMF60NB/xp5ObK1Tavv/ G10inIgB1SIW3HOZGdPCaKJiOePCYdpb/bmA== X-Google-Smtp-Source: AGHT+IGk5A+c9ZauwvIFtJFV0781AhxX/ojz6Gd3Fd9wjXDV4PD/3u0/o0sJsZPaWeQJQH/IVgYLIVEo X-Received: from wmbbi5.prod.google.com ([2002:a05:600c:3d85:b0:45b:6360:6457]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4715:b0:45b:47e1:f5fb with SMTP id 5b1f17b1804b1-45b517d8ffamr189159875e9.36.1756376572416; Thu, 28 Aug 2025 03:22:52 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:18 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4933; i=ardb@kernel.org; h=from:subject; bh=/Ow2c7Eh7WXOHbGjqlPO4UMCNa4pimfe+LzGDv+GZcI=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7p1mc4s3vt2/9GvucSq5Hf3owe5e63hxZznzLeUq3 59vFX91lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIls52D4w3+sNpfFQezhc2+v L5O/79/0NPNVbtqRnGLhg7kX3r/I3MDwz3qJ3Eleb7+dPcFzghnD3veXXHX78YCP72rN0i0ztxQ fYQcA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-39-ardb+git@google.com> Subject: [PATCH v7 15/22] objtool: Add action to check for absence of absolute relocations From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The x86 startup code must not use absolute references to code or data, as it executes before the kernel virtual mapping is up. Add an action to objtool to check all allocatable sections (with the exception of __patchable_function_entries, which uses absolute references for nebulous reasons) and raise an error if any absolute references are found. Note that debug sections typically contain lots of absolute references too, but those are not allocatable so they will be ignored. Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/x86/decode.c | 12 ++++++ tools/objtool/builtin-check.c | 2 + tools/objtool/check.c | 44 ++++++++++++++++++++ tools/objtool/include/objtool/arch.h | 1 + tools/objtool/include/objtool/builtin.h | 1 + 5 files changed, 60 insertions(+) diff --git a/tools/objtool/arch/x86/decode.c b/tools/objtool/arch/x86/decod= e.c index 98c4713c1b09..0ad5cc70ecbe 100644 --- a/tools/objtool/arch/x86/decode.c +++ b/tools/objtool/arch/x86/decode.c @@ -880,3 +880,15 @@ unsigned int arch_reloc_size(struct reloc *reloc) return 8; } } + +bool arch_absolute_reloc(struct elf *elf, struct reloc *reloc) +{ + switch (reloc_type(reloc)) { + case R_X86_64_32: + case R_X86_64_32S: + case R_X86_64_64: + return true; + default: + return false; + } +} diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c index 80239843e9f0..0f6b197cfcb0 100644 --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -87,6 +87,7 @@ static const struct option check_options[] =3D { OPT_BOOLEAN('t', "static-call", &opts.static_call, "annotate static calls= "), OPT_BOOLEAN('u', "uaccess", &opts.uaccess, "validate uaccess rules for SM= AP"), OPT_BOOLEAN(0 , "cfi", &opts.cfi, "annotate kernel control flow integrit= y (kCFI) function preambles"), + OPT_BOOLEAN(0 , "noabs", &opts.noabs, "reject absolute references in all= ocatable sections"), OPT_CALLBACK_OPTARG(0, "dump", NULL, NULL, "orc", "dump metadata", parse_= dump), =20 OPT_GROUP("Options:"), @@ -162,6 +163,7 @@ static bool opts_valid(void) opts.hack_noinstr || opts.ibt || opts.mcount || + opts.noabs || opts.noinstr || opts.orc || opts.retpoline || diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 79eab61cd944..aeefc749e237 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -4686,6 +4686,47 @@ static void disas_warned_funcs(struct objtool_file *= file) disas_funcs(funcs); } =20 +__weak bool arch_absolute_reloc(struct elf *elf, struct reloc *reloc) +{ + unsigned int type =3D reloc_type(reloc); + size_t sz =3D elf_addr_size(elf); + + return (sz =3D=3D 8) ? (type =3D=3D R_ABS64) : (type =3D=3D R_ABS32); +} + +static int check_abs_references(struct objtool_file *file) +{ + struct section *sec; + struct reloc *reloc; + int ret =3D 0; + + for_each_sec(file, sec) { + /* absolute references in non-loadable sections are fine */ + if (!(sec->sh.sh_flags & SHF_ALLOC)) + continue; + + /* section must have an associated .rela section */ + if (!sec->rsec) + continue; + + /* + * Special case for compiler generated metadata that is not + * consumed until after boot. + */ + if (!strcmp(sec->name, "__patchable_function_entries")) + continue; + + for_each_reloc(sec->rsec, reloc) { + if (arch_absolute_reloc(file->elf, reloc)) { + WARN("section %s has absolute relocation at offset 0x%lx", + sec->name, reloc_offset(reloc)); + ret++; + } + } + } + return ret; +} + struct insn_chunk { void *addr; struct insn_chunk *next; @@ -4819,6 +4860,9 @@ int check(struct objtool_file *file) goto out; } =20 + if (opts.noabs) + warnings +=3D check_abs_references(file); + if (opts.orc && nr_insns) { ret =3D orc_create(file); if (ret) diff --git a/tools/objtool/include/objtool/arch.h b/tools/objtool/include/o= bjtool/arch.h index 01ef6f415adf..be33c7b43180 100644 --- a/tools/objtool/include/objtool/arch.h +++ b/tools/objtool/include/objtool/arch.h @@ -97,6 +97,7 @@ bool arch_is_embedded_insn(struct symbol *sym); int arch_rewrite_retpolines(struct objtool_file *file); =20 bool arch_pc_relative_reloc(struct reloc *reloc); +bool arch_absolute_reloc(struct elf *elf, struct reloc *reloc); =20 unsigned int arch_reloc_size(struct reloc *reloc); unsigned long arch_jump_table_sym_offset(struct reloc *reloc, struct reloc= *table); diff --git a/tools/objtool/include/objtool/builtin.h b/tools/objtool/includ= e/objtool/builtin.h index 6b08666fa69d..ab22673862e1 100644 --- a/tools/objtool/include/objtool/builtin.h +++ b/tools/objtool/include/objtool/builtin.h @@ -26,6 +26,7 @@ struct opts { bool uaccess; int prefix; bool cfi; + bool noabs; =20 /* options: */ bool backtrace; --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 570CB30F534 for ; Thu, 28 Aug 2025 10:22:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376577; cv=none; b=LExnfgvx5mbjkbMvTfoZeSl0aSuGt/UNbZm/yH7oMllx6W/tdR7KJCHNeGIzXQqA2T8s59oGrWYrdKhCw4/v0RmV/TNNXmz795kNLEGC5lcBXE2+G1Ue5bVx460RCh37wAOgQqzzFT5NdGMjYQJMOC4E0mgruledz1s+y96pZbc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376577; c=relaxed/simple; bh=jGl0gAvgNJrYlOm1BG7IdxXVkPnYyxdeu5V2bTXKolc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SN6yITKCLDWwvOrKFn7ueW+80vG64Zfos3txXwMONfbYxSyt0P0JjzRRpzfhnGrR+WdGB5+KvJzuAiYQXgEajUxJHTWqATg+990e6a/aO/s5OSZvnvEDHV2yYr+1pnW9D6wwk9RcwDK5afhyOt9MT/EaU7+Gvo/uIw0+g+6o56A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pVqRqJDt; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pVqRqJDt" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3cdd69ee330so303981f8f.3 for ; Thu, 28 Aug 2025 03:22:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376573; x=1756981373; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2Vh/TMDTG9cWmYhJajg2zGWVZxEySWD6BQdJcoGY80U=; b=pVqRqJDtXJA9Tu2lmlbx7yhC4lXHreiNyuBFUip6aNGzPx7WKxyd8cN1KnnTSKlARH fNFqEENVkxM/Ref38q3Hnz6xvJF4E7H3Heg55spyZN1oBCOAXoI0+X644lBdQfdjB66C 7S/4AeqOWWppHeHcsAjdnvL2eK0I/o7mTYkYl/oFvZG9yDx8jgwVCqt1NuPcWl/WXvtw K9wqy/oL0jzsVYeEZ1mvPnexWUbfFZSc51LzlA9angAHLBtUZt4c9kKGOn3qJ5UKzpDX DBA1+S/fIAoCVN86mR4foqg3v1aR6Pe3N9MjTWqYOLDNPDSbDGh1l9BONvO4HII5VR2Z gPIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376573; x=1756981373; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2Vh/TMDTG9cWmYhJajg2zGWVZxEySWD6BQdJcoGY80U=; b=ioaqhFvUYbdRdIbyxQde9rzk9fMzGbL255CLekoVqfEIaEYw2dX1aEikNibgsBP1wJ YBc7CVERCxmmPc7GkwrGI/fxbnMlxA4rrmaCkWXtAfXfE4YnWQsa1JlRJLE9/QFuazFL +motlmbUQ5knswzTrZoH71E0fuxftna0L9ToJ9KOf2YZw7dgYFvo9IjCev7ZnNoBTEBE aCcrHXoWCOzkzepcQ3Xznu5VV14EOppXjVAWfbHL9gcm/ppyoygWdYLj4P/VBNlWcyQY 7nep3OgqkEyaYFDhPK539Iay5Ff14TWPBISM1L/PP7tQYdfE1qy/UIcaCEQKZVS61yeQ IdjQ== X-Gm-Message-State: AOJu0Yx3l6bTxnhmPr+GhwK8mK0mfJ0zsJQC5Rry8lP1XqznJbKbdJzR GCyrd97WaTxQjw4btBUFq+C+1M/uvj06s43pkI0kPPA4XxCf3JiBGZBEvJWWPi8LjLrAffUFUlE LlBP/aNcIFqM3sDVS3bSA4uwQ0OmIJNU0+U64/odd2SScuChW4OoQj+jnCFZE8i6F0kLtrTIzQw pQ4aGFhYSqM5fSkqR46aw/D/DMNJ7Qp7nbyA== X-Google-Smtp-Source: AGHT+IGzyo4w7scpy8WW+b+oQiX15LWbcXgloAUM3D9gllnCfISSdwtidehaTDvBCPJEUgcu3dLgGAFJ X-Received: from wrtr9.prod.google.com ([2002:a5d:4e49:0:b0:3b7:840a:d99d]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:402c:b0:3ce:a06e:f25f with SMTP id ffacd0b85a97d-3cea06ef81bmr429293f8f.49.1756376573602; Thu, 28 Aug 2025 03:22:53 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:19 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1894; i=ardb@kernel.org; h=from:subject; bh=jra0AylJ/mojTBI+lQn1YBIXbt/4EEWUHxfw6HQw/JA=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7j3Dcx9VOR8JWCkWaHScjZvm7TNpf7d/3YVeXmvPC 9Gn/+l3lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIl8vcHIsEj8dfrzdatnzefd blCWL6ib+lnylSvr2aO6exgmli64dZbhD8+eovccckwVNge/qb36t5dzopHy6bBnj0/ndNwujD5 ZxQ0A X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-40-ardb+git@google.com> Subject: [PATCH v7 16/22] x86/boot: Check startup code for absence of absolute relocations From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Invoke objtool on each startup code object individually to check for the absence of absolute relocations. This is needed because this code will be invoked from the 1:1 mapping of memory before those absolute virtual addresses (which are derived from the kernel virtual base address provided to the linker and possibly shifted at boot) are mapped. Only objects built under arch/x86/boot/startup/ have this restriction, and once they have been incorporated into vmlinux.o, this distinction is difficult to make. So force the invocation of objtool for each object file individually, even if objtool is deferred to vmlinux.o for the rest of the build. In the latter case, only pass --noabs and nothing else; otherwise, append it to the existing objtool command line. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index b514f7e81332..32737f4ab5a8 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -19,6 +19,7 @@ KCOV_INSTRUMENT :=3D n =20 obj-$(CONFIG_X86_64) +=3D gdt_idt.o map_kernel.o obj-$(CONFIG_AMD_MEM_ENCRYPT) +=3D sme.o sev-startup.o +pi-objs :=3D $(patsubst %.o,$(obj)/%.o,$(obj-y)) =20 lib-$(CONFIG_X86_64) +=3D la57toggle.o lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o @@ -28,3 +29,10 @@ lib-$(CONFIG_EFI_MIXED) +=3D efi-mixed.o # to be linked into the decompressor or the EFI stub but not vmlinux # $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_STANDARD :=3D y + +# +# Invoke objtool for each object individually to check for absolute +# relocations, even if other objtool actions are being deferred. +# +$(pi-objs): objtool-enabled =3D 1 +$(pi-objs): objtool-args =3D $(if $(delay-objtool),,$(objtool-args-y)) --n= oabs --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36BA030F53C for ; Thu, 28 Aug 2025 10:22:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376577; cv=none; b=IUeote9IJRk812Rd2SctoWiWhuQTzqV7FP53QqPoLGuwp9Ns+NP6aCSRa2WPh9NUZrRhJV6CoNGF1t44MMjjdpnMwtEv9WBTgIfyy2Ng/QnCuAstSVUa268SfUkmGecoWthUUKlyNW7nPd4KaWI1viLoGNuX4yvwVn65qYyY/bo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376577; c=relaxed/simple; bh=zIl8q9uQpI2X7EKwuJC5u9QPpt9qfEp5AIbRjG9/qOc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=a1fMXaBCW2CWfsZacfUgM99RCPgVcfdMNmNAr8m2dIkPnkUyknX3gHl4+y5f8ecgSUw4hgvnT17qXtq4FLlfb6hS1HGG1DEfprpUHvDpgdBt/LPNgKCoaWOKDIfpU54ZEq3Yxgb3cbRUv6rKk8TBc6375UwD/7IibhC8Ka3FdGk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=cu+JJnz+; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="cu+JJnz+" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45a1b0b2b5cso5515835e9.2 for ; Thu, 28 Aug 2025 03:22:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376575; x=1756981375; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1G/yn9yOCSAcxp41rzAZ4aYvHvF8XH+4CBnHBHHA7Q8=; b=cu+JJnz+HAi+cme6x248intieiNVnGOrq87AS097OJBi7Sr1Y8w9RgSHvveIt4mHwS Oqnkr7fJE8WnymqcJXlrLEzDvNrXKXn05wNY+zTuX9luWmYLbn1mi363Xc5ApjuiCAEn 3v5l/PCBpO1eCKxBLpDoo3Sgsv+1uGKKtBoyyo+GkLcaYlPfMSRutJaPxRjzcGMlQ+Xw gwf/fC7jDz9yeeyr9ljHGxBVgIH5NAghKqCFzh33JmP94Urgx4xDXTlDUx0XAVMghIAT jtEkxP3WnB6L/ijRmrQW3eJwKA4vvEM87PGJOqtwWDMxccr2jnlrbUnng81MIljoaOAk z/mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376575; x=1756981375; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1G/yn9yOCSAcxp41rzAZ4aYvHvF8XH+4CBnHBHHA7Q8=; b=cs/xpOKK4xRxjORSWhJFkYWW0l/11vDFaimXOczcV20fAk5JZBd+Q7CgS3X3q3zE8O fKZIGmkuH4/WBQt6c3hD7RwdmR7UapkmBvT2Q6yN3rFf+1KZAfAsW9cd9O55FKE/VHXT aIGVr5TB4F7nuROP9iVCu4gIeBxlNNXvkam1iUsSUdjoXjAPw1oRIAZypQVrFdmzBYAP vvdJSvbYGjay7kUKD8JS8cbORrMBulPbI4SqUDdPdoGkd6PoCXojCxwNNIRhal+mjCY4 of1nGGpwucKlUNt34NgFrilJNvLvmCzMwv4XB0nwGlZ1X4zJLiOT9uCpsWRZVbnUPYgU A6cw== X-Gm-Message-State: AOJu0YyuLFEZcDzTI8t9t+E0WAII//dej/qBrzfToYPXHmH4kl02f9wo zXIoK1i++vi+cSspZxe1mG9sYB10uhPZWbWV9dO6oSYoAH80IkDHObWSnJQszdI+2MDhVGTF6GE U0f8vOprZxHCN4ABZO+5dvtXgPh1lj0qFOzofsepqcC8G+iWtad2nwkqNf2L2yvgiP0E5aD2xhI AEqr1wwXO4wsRlOMhI8lxj6yazs77Quvripg== X-Google-Smtp-Source: AGHT+IHp24pY4Owf8k/qm9JSaITBLoOezuxyBhsRCmmgmMuE5DWI4hEK3LC7LbHDVPgoEtvUXrOC5BTE X-Received: from wmbay41.prod.google.com ([2002:a05:600c:1e29:b0:459:dfcf:15e4]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:5d81:0:b0:3b8:893f:a185 with SMTP id ffacd0b85a97d-3c5dce05cc8mr17269335f8f.53.1756376574534; Thu, 28 Aug 2025 03:22:54 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:20 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1469; i=ardb@kernel.org; h=from:subject; bh=0iFUpR99/rJ4BsTpi1I0iwnKOpixfxzyxPQTBrstses=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7n07m10S50W+H65Xyc623rP9cNDm4Lf7X/b2Tdy2e oIxp/zzjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRiJeMDBs7fm/TqFJT6Cmu vGJx18dvzU29+Q6TH87RXXxu55O5Bk8YGW7bT1xSpfRq7ofcq6HHYgs+CC7ZsrSNo0SPU7eN+Wu DOBcA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-41-ardb+git@google.com> Subject: [PATCH v7 17/22] x86/boot: Revert "Reject absolute references in .head.text" From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel This reverts commit faf0ed487415 ("x86/boot: Reject absolute references in .head.text") The startup code is checked directly for the absence of absolute symbol references, so checking the .head.text section in the relocs tool is no longer needed. Signed-off-by: Ard Biesheuvel --- arch/x86/tools/relocs.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index 5778bc498415..e5a2b9a912d1 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -740,10 +740,10 @@ static void walk_relocs(int (*process)(struct section= *sec, Elf_Rel *rel, static int do_reloc64(struct section *sec, Elf_Rel *rel, ElfW(Sym) *sym, const char *symname) { - int headtext =3D !strcmp(sec_name(sec->shdr.sh_info), ".head.text"); unsigned r_type =3D ELF64_R_TYPE(rel->r_info); ElfW(Addr) offset =3D rel->r_offset; int shn_abs =3D (sym->st_shndx =3D=3D SHN_ABS) && !is_reloc(S_REL, symnam= e); + if (sym->st_shndx =3D=3D SHN_UNDEF) return 0; =20 @@ -783,12 +783,6 @@ static int do_reloc64(struct section *sec, Elf_Rel *re= l, ElfW(Sym) *sym, break; } =20 - if (headtext) { - die("Absolute reference to symbol '%s' not permitted in .head.text\n", - symname); - break; - } - /* * Relocation offsets for 64 bit kernels are output * as 32 bits and sign extended back to 64 bits when --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 571AB30F7EF for ; Thu, 28 Aug 2025 10:22:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376579; cv=none; b=EsTsGMvIwB7nKcydqrsHGe716Iv+H94R34vGf8HRm00auGP0o/7mgXFDqRtB+zM2gRgT1uFhJv7XG1V1oHV7ds6Wlj/u0qubfb17k6cPL6JZPJ1bbjcFnt7RrePaX5gFMhSv3z20LGZx8xK4v0z5/fukBu+R9qg3ZOr57NsCi+Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376579; c=relaxed/simple; bh=17gKwiiEc6Iayh7vvEXW3j/5n7q3RqqnU5JePw6QKxc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Zmy5jbaKOSq9hklQAR/iismPjqwi/xNW/fENDo8fLe2tN6fG1ajrXF+mfWPfMGQRKDSIOVImYiQtttoLogPU3LUMgPfkq4DfjLEwe+RW47m04mtx8Smt/uYFPz1Ek/ASO+qE9BIyQ3eAGpACOcXvTHMfD/yJZLuE/5gu794GVpA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bJSKZmKt; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bJSKZmKt" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-45b72ef3455so3103795e9.3 for ; Thu, 28 Aug 2025 03:22:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376575; x=1756981375; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3K9E6P95OBoIrAaeSXhIcr+KmE7exqnfhWdjrNUo1aA=; b=bJSKZmKtKk+3AUn/DX3Fw4CASNCGeJ/OFOo4DZ+nq/b1VOLmWOqYObQBGuB7E/3Eqs hA7f5TBP1MicvXKk8m2L/KF0MshP27Jd3OboHCBtY79PR9GENSGLKsv5kWNOfd2FlBeV MqNJ/3LC3HM8J2o9E+Lk1/kiw0LQ7/v3XkW6BcgHA3IsHjr7WA/fk5ld2xzd+TgmHh38 tMsQOFp1ERNqxHLBMOLK2iK0cRWEqJNt9XGz489jR+ikAH5+S+/Xa+KLP2Cd3GAKuYz0 NNOWiCOM+HFEdF6eHCww003WUvGmMgiS+L/rBSRyunjLMDelVwqUwMAry4ryKTai2ECb js1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376575; x=1756981375; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3K9E6P95OBoIrAaeSXhIcr+KmE7exqnfhWdjrNUo1aA=; b=ZnAsTcunq7Y7iSj0Cz9p0a2kNYpGJjvd3Jmajn0bKwOGLWhKukUguEbyYPG/Ok3rmT gBHW6TWq0cmLQ7CUWNSSKn781eXvsZ5vZsZd9aced3Ko6RZuL8C00EWO1cNdSdMLXEdf DfPnd68rAsPfwemgSt6TptTrkpnBYv1B3RH3KNDLRndEqKjfU99VEmHGdn91EboWP/I4 GE5oV5DNEaOxyHjf3RRCfiVNClRt/d//VzKXnIcPVDsEJWhRn4yUjaRRY3ksFwetrits vt4n1IXn7OMLh7WcIQS9J2x22CWgSSnCljZzQvg1iqgWJ4T+F9wn6akWULwpAqr45Bul VUSw== X-Gm-Message-State: AOJu0YzHwc0ngf/XtFKllkEjl4UGrD55T4pstjc6+fZpNnNKdwdwNAXF FUE11p7dHlQ4FNDj3MjZLNPqDcqAf5JIZFW+YcyS0LOp9ZLZ2zb6r8z75WiGoFElQYjAQr4urLo vNhK5qEzJzVuEPPXE/i5ofOJ6+O155Xa5XxrWoJq//5UaMACO3pahwmjy5/afxqXsgpPr7qxEe5 gBGxK8tZuAcuNaFrkn4+5F89iuacaHVBhrwQ== X-Google-Smtp-Source: AGHT+IFpT5QW7/KxeBIMyZI1WbFqw0GzGtPZng4SsxGxqK2bSNryCdcYj5gMK+LpiN1tj05OTabMiIET X-Received: from wmbhh6.prod.google.com ([2002:a05:600c:5306:b0:45b:737c:35bf]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c87:b0:45b:7b54:881 with SMTP id 5b1f17b1804b1-45b7b540a62mr11109375e9.1.1756376575652; Thu, 28 Aug 2025 03:22:55 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:21 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1689; i=ardb@kernel.org; h=from:subject; bh=i15d+lYw6W0I2d8523MgJUq1xQDSurxPBDjB0fb3voQ=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7oMvjx4c+LT60NyaR/N26rua9Rmu7rT/O/VlQlfTh 2CJJn3PjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjARxQ6Gn4yzdnL/Sp1ivnDy jXkMwklHe27yOJi83n71HnNK2JnuWTqMDL3nhI9atZY2BDz6YFUVESQ4ZY53hk6ky8z93yVOyN8 qYAMA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-42-ardb+git@google.com> Subject: [PATCH v7 18/22] x86/kbuild: Incorporate boot/startup/ via Kbuild makefile From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Using core-y is not the correct way to get kbuild to descend into arch/x86/boot/startup. For instance, building an individual object does not work as expected when the pattern rule is local to the Makefile $ make arch/x86/boot/startup/map_kernel.pi.o GEN Makefile CALL /home/ardb/linux/scripts/checksyscalls.sh DESCEND objtool INSTALL libsubcmd_headers make[3]: *** No rule to make target 'arch/x86/boot/startup/map_kernel.pi.= o'. Stop. make[2]: *** [/home/ardb/linux/scripts/Makefile.build:461: arch/x86] Erro= r 2 make[1]: *** [/home/ardb/linux/Makefile:2011: .] Error 2 make: *** [/home/ardb/linux/Makefile:248: __sub-make] Error 2 So use obj-y from arch.x86/Kbuild instead, which makes things work as expected. Signed-off-by: Ard Biesheuvel --- arch/x86/Kbuild | 2 ++ arch/x86/Makefile | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kbuild b/arch/x86/Kbuild index f7fb3d88c57b..36b985d0e7bf 100644 --- a/arch/x86/Kbuild +++ b/arch/x86/Kbuild @@ -3,6 +3,8 @@ # Branch profiling isn't noinstr-safe. Disable it for arch/x86/* subdir-ccflags-$(CONFIG_TRACE_BRANCH_PROFILING) +=3D -DDISABLE_BRANCH_PROF= ILING =20 +obj-y +=3D boot/startup/ + obj-$(CONFIG_ARCH_HAS_CC_PLATFORM) +=3D coco/ =20 obj-y +=3D entry/ diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 4b4e2a3ac6df..4db7e4bf69f5 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -275,7 +275,6 @@ archprepare: $(cpufeaturemasks.hdr) ### # Kernel objects =20 -core-y +=3D arch/x86/boot/startup/ libs-y +=3D arch/x86/lib/ =20 # drivers-y are linked after core-y --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 884D130F922 for ; Thu, 28 Aug 2025 10:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376580; cv=none; b=Ogtcc9mQODD5UvHWWmJbTKXmKj+ajDn3qUlyhMCY0OnrgHJzJC9xuHJbnTfV6W/vtF4QnetCVPB8GQH+YU7EvcoWEhg+jXcxGCq6e5hgkxlX4wLcZPK1/npSaV+wdp0G9g2qFhHvsLfRU6iT49cZK1zNd+0CHhS88AP7ApLsQXA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376580; c=relaxed/simple; bh=fJA6/YG7S0a8r6aND0Nu8Q1HRP/pOtd9pPHhVyAJNxE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=TPU4urAX2bP41bhzIc/pMixCnBTTajBM26cQ7Tu+SxyyoMCCLVV1T6O5VDmm6rSbr83Or85Shi3fPe9I2/59I8PSt0bnARjLCFJEKjQnkZw49i1tHYXcCazWaWCkJPrAIRnJMwSElAgd7Q/QdggHjFTo/SAcn9fspGPVBUB+1zA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3QaKTOtx; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3QaKTOtx" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45a1b0c5366so4929535e9.3 for ; Thu, 28 Aug 2025 03:22:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376577; x=1756981377; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MM3NxhoO/96bt83oBxkv/Eeqilhsze+niCMGS5W2zkg=; b=3QaKTOtx58w8BYQc1+5cHA73FPgJn81o9kSLbm0w3evvDcq7FgvY+IVxUpjxepmv7e Rg/5dloD6H+41+7OgQw+Qusv02w5Lk70uXmWO8flDcOxVM3SmGBSfO1ZZ0wD/75LlDJg nOZ8ZtVX7IZQ8ismI5SUlflxhHHcIx7QIME0BG/ynuINVTqi9gojZmdj+f+sRuVkocYr k9TJuwwQjKaTRFXU89xfmKldjU6NemtMQClv9M1UKcY9PhckzekxVoCUjomPLSVo29KN nKHVilxYd7ZEWm67y7S4JzJAnz2OewkxaoziuWNsxrVqY2qgqtbjddIWXbqUznPIp+bH uYkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376577; x=1756981377; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MM3NxhoO/96bt83oBxkv/Eeqilhsze+niCMGS5W2zkg=; b=LXFL+rE0suxdVf9X9VoeLSNiWeCtMqLOJDzOAOBApMAvGGdyPzTjhdGgfmBlc/r2J9 mMiu7X9Q8OG15Z5Md7FPQEn3v9noM9L00t+/ZyFbpTGu9Mk6UC9QO+B+CsW2fbnfZ3qZ qGTQ1sTmVTQzvYkYxBkpyacf0em0n8NNW5sdY9hHJQuxCs18ekA4RNCBd4dWCSopQCQw zpfzGQcUyA4clQS6FGZ4ipMtKkHpJujpUfx1XX25DhQks/qkt9ujPqA2g7Bvyjtf97WV VcQWjWX0OyAQ3RBNmweKWtlPDcjpoJRJ2+fphkS85Lv4zQSboXTsZXZ+7xp0oRWDUQTv dZFQ== X-Gm-Message-State: AOJu0Ywl13l1y0zAuiuUJcCizXKc/dYyhYqCxlodXiDIObEt5qM2PNYz ddCtB3cqzsHT76SR0JSWrZhLQI5XPp5XTlOL/C8yz8mafPUuk7umYESe7nyjVsFkIWEM8dg2G0P YNn2u+9N721UptDJyPbrVzSEhR96F8I6v/KlUYVQHzxkekJEhaD+H1Gk1DGmeZ2jF9Wm9jo0vwi vddHuaNsqQveJzPnjFaO0aTe1DkgQ8PsoNgA== X-Google-Smtp-Source: AGHT+IFioARwiIzlLD3GCnyQAbN05PLRqmycRMtF5oYZ5mvHjzuxZEN8FsJNnTIfTtWD8NTv0M2/o3HJ X-Received: from wmbhj10.prod.google.com ([2002:a05:600c:528a:b0:45b:520a:6656]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c87:b0:456:475b:7af6 with SMTP id 5b1f17b1804b1-45b5179b6aamr177966385e9.7.1756376576924; Thu, 28 Aug 2025 03:22:56 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:22 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7681; i=ardb@kernel.org; h=from:subject; bh=M8ezlf5/PDz1F/7JZ4xezbsg4QahoU+ms5tGuByspuE=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7kPW0yoVrRUXrzImbau8tVh/14+rC0TSPqSHMJZM4 J2m7NDXUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACay/isjww+1p/t/3u21176w bO7xw2HZF0zzj/E8rc98XtEkP1OT/xbD/+i0utu7/uikbZReVzPHWTrxztRCwcOpDg55134nSEZ e4wcA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-43-ardb+git@google.com> Subject: [PATCH v7 19/22] x86/boot: Create a confined code area for startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel In order to be able to have tight control over which code may execute from the early 1:1 mapping of memory, but still link vmlinux as a single executable, prefix all symbol references in startup code with __pi_, and invoke it from outside using the __pi_ prefix. Use objtool to check that no absolute symbol references are present in the startup code, as these cannot be used from code running from the 1:1 mapping. Note that this also requires disabling the latent-entropy GCC plugin, as the global symbol references that it injects would require explicit exports, and given that the startup code rarely executes more than once, it is not a useful source of entropy anyway. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/startup/Makefile | 14 ++++++++++++++ arch/x86/boot/startup/sev-shared.c | 1 - arch/x86/boot/startup/sme.c | 1 - arch/x86/coco/sev/core.c | 2 +- arch/x86/include/asm/setup.h | 1 + arch/x86/include/asm/sev.h | 1 + arch/x86/kernel/head64.c | 2 +- arch/x86/kernel/head_64.S | 8 ++++---- arch/x86/mm/mem_encrypt_boot.S | 6 +++--- tools/objtool/check.c | 3 ++- 10 files changed, 27 insertions(+), 12 deletions(-) diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile index 32737f4ab5a8..e8fdf020b422 100644 --- a/arch/x86/boot/startup/Makefile +++ b/arch/x86/boot/startup/Makefile @@ -4,6 +4,7 @@ KBUILD_AFLAGS +=3D -D__DISABLE_EXPORTS KBUILD_CFLAGS +=3D -D__DISABLE_EXPORTS -mcmodel=3Dsmall -fPIC \ -Os -DDISABLE_BRANCH_PROFILING \ $(DISABLE_STACKLEAK_PLUGIN) \ + $(DISABLE_LATENT_ENTROPY_PLUGIN) \ -fno-stack-protector -D__NO_FORTIFY \ -fno-jump-tables \ -include $(srctree)/include/linux/hidden.h @@ -36,3 +37,16 @@ $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_ST= ANDARD :=3D y # $(pi-objs): objtool-enabled =3D 1 $(pi-objs): objtool-args =3D $(if $(delay-objtool),,$(objtool-args-y)) --n= oabs + +# +# Confine the startup code by prefixing all symbols with __pi_ (for positi= on +# independent). This ensures that startup code can only call other startup +# code, or code that has explicitly been made accessible to it via a symbol +# alias. +# +$(obj)/%.pi.o: OBJCOPYFLAGS :=3D --prefix-symbols=3D__pi_ +$(obj)/%.pi.o: $(obj)/%.o FORCE + $(call if_changed,objcopy) + +targets +=3D $(obj-y) +obj-y :=3D $(patsubst %.o,%.pi.o,$(obj-y)) diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index 180f54570022..d6d807da2e6e 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -12,7 +12,6 @@ #include =20 #ifndef __BOOT_COMPRESSED -#define error(v) pr_err(v) #define has_cpuflag(f) boot_cpu_has(f) #else #undef WARN diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index 70ea1748c0a7..eb6a758ba660 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -567,7 +567,6 @@ void __head sme_enable(struct boot_params *bp) =20 #ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION /* Local version for startup code, which never operates on user page table= s */ -__weak pgd_t __pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd) { return pgd; diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index b9133c825f90..cf9a511b47e0 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -272,7 +272,7 @@ static int svsm_perform_call_protocol(struct svsm_call = *call) =20 do { ret =3D ghcb ? svsm_perform_ghcb_protocol(ghcb, call) - : svsm_perform_msr_protocol(call); + : __pi_svsm_perform_msr_protocol(call); } while (ret =3D=3D -EAGAIN); =20 if (sev_cfg.ghcbs_initialized) diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index 692af46603a1..914eb32581c7 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -53,6 +53,7 @@ extern void i386_reserve_resources(void); extern unsigned long __startup_64(unsigned long p2v_offset, struct boot_pa= rams *bp); extern void startup_64_setup_gdt_idt(void); extern void startup_64_load_idt(void *vc_handler); +extern void __pi_startup_64_load_idt(void *vc_handler); extern void early_setup_idt(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); =20 diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 416715aaadf7..d3f0f17834fa 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -551,6 +551,7 @@ struct cpuid_leaf { }; =20 int svsm_perform_msr_protocol(struct svsm_call *call); +int __pi_svsm_perform_msr_protocol(struct svsm_call *call); int snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *leaf), void *ctx, struct cpuid_leaf *leaf); =20 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 1bc40d0785ee..fd28b53dbac5 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -319,5 +319,5 @@ void early_setup_idt(void) handler =3D vc_boot_ghcb; } =20 - startup_64_load_idt(handler); + __pi_startup_64_load_idt(handler); } diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 3e9b3a3bd039..d219963ecb60 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -71,7 +71,7 @@ SYM_CODE_START_NOALIGN(startup_64) xorl %edx, %edx wrmsr =20 - call startup_64_setup_gdt_idt + call __pi_startup_64_setup_gdt_idt =20 /* Now switch to __KERNEL_CS so IRET works reliably */ pushq $__KERNEL_CS @@ -91,7 +91,7 @@ SYM_CODE_START_NOALIGN(startup_64) * subsequent code. Pass the boot_params pointer as the first argument. */ movq %r15, %rdi - call sme_enable + call __pi_sme_enable #endif =20 /* Sanitize CPU configuration */ @@ -111,7 +111,7 @@ SYM_CODE_START_NOALIGN(startup_64) * programmed into CR3. */ movq %r15, %rsi - call __startup_64 + call __pi___startup_64 =20 /* Form the CR3 value being sure to include the CR3 modifier */ leaq early_top_pgt(%rip), %rcx @@ -562,7 +562,7 @@ SYM_CODE_START_NOALIGN(vc_no_ghcb) /* Call C handler */ movq %rsp, %rdi movq ORIG_RAX(%rsp), %rsi - call do_vc_no_ghcb + call __pi_do_vc_no_ghcb =20 /* Unwind pt_regs */ POP_REGS diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index f8a33b25ae86..edbf9c998848 100644 --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -16,7 +16,7 @@ =20 .text .code64 -SYM_FUNC_START(sme_encrypt_execute) +SYM_FUNC_START(__pi_sme_encrypt_execute) =20 /* * Entry parameters: @@ -69,9 +69,9 @@ SYM_FUNC_START(sme_encrypt_execute) ANNOTATE_UNRET_SAFE ret int3 -SYM_FUNC_END(sme_encrypt_execute) +SYM_FUNC_END(__pi_sme_encrypt_execute) =20 -SYM_FUNC_START(__enc_copy) +SYM_FUNC_START_LOCAL(__enc_copy) ANNOTATE_NOENDBR /* * Routine used to encrypt memory in place. diff --git a/tools/objtool/check.c b/tools/objtool/check.c index aeefc749e237..92ce18886477 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -3575,7 +3575,8 @@ static int validate_branch(struct objtool_file *file,= struct symbol *func, if (func && insn_func(insn) && func !=3D insn_func(insn)->pfunc) { /* Ignore KCFI type preambles, which always fall through */ if (!strncmp(func->name, "__cfi_", 6) || - !strncmp(func->name, "__pfx_", 6)) + !strncmp(func->name, "__pfx_", 6) || + !strncmp(func->name, "__pi___pfx_", 11)) return 0; =20 if (file->ignore_unreachables) --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A909530EF69 for ; Thu, 28 Aug 2025 10:22:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376581; cv=none; b=EYXk2z/BstNGZV+x/GMer3hpEwc7lzzOe1VsIBaGqPQC5HSXI0AETpyFHQpJQtOJ3sPrUeEvGdJ8uR4M2DuasvrefpycpumqBdAghy0Kv7NGyieCNoKQi20Vxt7MyCMds6swOfQdCf4xb7ywzpzcriU0efSOXtyoRPm555G1d04= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376581; c=relaxed/simple; bh=Wm4huExo/rWiPpdWdhwHOyqLO27lCE2gsJm7jQz21sI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=jab2JkKrR6uN++s5en+M6odUA/ZSVTKnC+y9PlDuYDNhvf1mSSEkuZk06WlHYw5JGnooJAHCq3PY6I+0+q3+kHXM5PKuxkIytZJiMEbILe5qqYXNuZUCd5WeQQzyd7r7WEpLDLuz4gV43glh3tEYJ0kA3h5uJWr9QwXIXkSJlhw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YMVnTKpZ; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YMVnTKpZ" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3c79f0a5babso328481f8f.0 for ; Thu, 28 Aug 2025 03:22:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376578; x=1756981378; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=r1f3ZjcWlsJLihtECrmhyMD9LWgGuDxqBMcG5WPlfDU=; b=YMVnTKpZTSjWsRg1qy20qRAI3r+6EPb85vXRwporlYncuRYvj3MC9YcW69X6fP/HNJ kN9xK6+W46wjN4Aop5+0YF9BaJA0LCZ6eEiAM4000iu5/m2zbLGAh0BuSRKX04gYccbh Sx7frExQsZS0cj79tlYIlKWu1eq1bbidrExbjhShWGF+4dVKerIDGPoUGV4+6P2Zzy8x A5Fo1RpwYHFp2ZeEcq083dgiJS6uR6iYORAF8QaYZ+vZc7MeODNDNEovyhKo4L6homvf EFfLbYz0Ji8S3MwUXvbJ9LnL7RNJ2Kv5J4m4pJ7JQMT9SRI3KZdAWSSUp9WMeDUUhgyC L6Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376578; x=1756981378; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=r1f3ZjcWlsJLihtECrmhyMD9LWgGuDxqBMcG5WPlfDU=; b=Vz0yoURCYCpUFeAKs9Hc0b3Tfpqvtu0PzUn2ACHWzIPNWJ6zlMAFK7hR+3grlMuoq3 CUQ5GPkN8E3pyUsx9WWvAvbXERwLpuqzxlJg4+t/pfBMrI0BRmWOafW1CEumkB3oDCxY bQ6yHJVi/4X3Ra3uD82gLtbsxjKFHv8GRSbx3TGh/d9/9f78vr/zavQJtpFzD0pm+bhr atGlF0VhPO5zdUBGf50njE6LrVYudqhiNOUveoCUsukxhDQHWUUSDFk/nf+FyGOERhRf IwIKupcuLZ0brS/+W4XwHPbAQmtnk0ArNDk4keyLydAxhpjWl7DVnHHDuEZfeI1gUAxs EmYA== X-Gm-Message-State: AOJu0YyeVJgyByu4Q4J/TTddDIhmwVpObC6v3V0GNI80k8vajHi6CySP CMyctbFCFMQV8jicbqO3DEdi/2q8dYRhomSiqyZ7rFxwuyVtxl3O5nSkTDUz46Vcm/P+FRqX/3N DaG6PQOq6sHY/T3JOC+HdszS2uzYDBusqjCx6LU91Ag1c2rMlK6NlZFGfeimRiHGTzVnltu0tOv EH8jAdE1lc2gI9kOczWoBdARuDA3D3eLS/Aw== X-Google-Smtp-Source: AGHT+IHfSbSnLfuE7FTPww0QwZtyNvI1oXr8LtflFNUkiMg0DCUXdG/tT5Pimf0unX0Wk4FPfG5u8SOu X-Received: from wrvk12.prod.google.com ([2002:a5d:518c:0:b0:3b8:dd81:b66]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:178d:b0:3a3:7593:818b with SMTP id ffacd0b85a97d-3c5daefcb76mr17278099f8f.21.1756376577967; Thu, 28 Aug 2025 03:22:57 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:23 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3785; i=ardb@kernel.org; h=from:subject; bh=iJpaDFlxD/1hgayKj8lz/cO9Xi0vBaplz15UnrLLXnE=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7iPj6OMHPsz6uPZSmJ1ZfFqtvpLxq6lnZkfMF9y6T cVYMcato5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEwkPpzhF/PyD5PnMP951bX9 hcwD9S3PXv1LqQ+ddZ05/tXOBYfE9W0Y/go+P71wTj3Tt91dqa2dW2tfHc97opa2/oSvg5GaybL wtTwA X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-44-ardb+git@google.com> Subject: [PATCH v7 20/22] efistub/x86: Remap inittext read-execute when needed From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Recent EFI x86 systems are more strict when it comes to mapping boot images, and require that mappings are either read-write or read-execute. Now that the boot code is being cleaned up and refactored, most of it is being moved into .init.text [where it arguably belongs] but that implies that when booting on such strict EFI firmware, we need to take care to map .init.text (and the .altinstr_aux section that follows it) read-execute as well. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 2 ++ arch/x86/include/asm/boot.h | 2 ++ arch/x86/kernel/vmlinux.lds.S | 2 ++ drivers/firmware/efi/libstub/x86-stub.c | 4 +++- 5 files changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/M= akefile index 3a38fdcdb9bd..74657589264d 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -73,7 +73,7 @@ LDFLAGS_vmlinux +=3D -T hostprogs :=3D mkpiggy HOST_EXTRACFLAGS +=3D -I$(srctree)/tools/include =20 -sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__start_r= odata\|__bss_start\|_end\)$$/\#define VO_\2 _AC(0x\1,UL)/p' +sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__start_r= odata\|_sinittext\|__inittext_end\|__bss_start\|_end\)$$/\#define VO_\2 _AC= (0x\1,UL)/p' =20 quiet_cmd_voffset =3D VOFFSET $@ cmd_voffset =3D $(NM) $< | sed -n $(sed-voffset) > $@ diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/mis= c.c index 94b5991da001..0f41ca0e52c0 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -332,6 +332,8 @@ static size_t parse_elf(void *output) } =20 const unsigned long kernel_text_size =3D VO___start_rodata - VO__text; +const unsigned long kernel_inittext_offset =3D VO__sinittext - VO__text; +const unsigned long kernel_inittext_size =3D VO___inittext_end - VO__sinit= text; const unsigned long kernel_total_size =3D VO__end - VO__text; =20 static u8 boot_heap[BOOT_HEAP_SIZE] __aligned(4); diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h index 02b23aa78955..f7b67cb73915 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h @@ -82,6 +82,8 @@ #ifndef __ASSEMBLER__ extern unsigned int output_len; extern const unsigned long kernel_text_size; +extern const unsigned long kernel_inittext_offset; +extern const unsigned long kernel_inittext_size; extern const unsigned long kernel_total_size; =20 unsigned long decompress_kernel(unsigned char *outbuf, unsigned long virt_= addr, diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 5d5e3a95e1f9..4277efb26358 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -227,6 +227,8 @@ SECTIONS */ .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { *(.altinstr_aux) + . =3D ALIGN(PAGE_SIZE); + __inittext_end =3D .; } =20 INIT_DATA_SECTION(16) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi= /libstub/x86-stub.c index cafc90d4caaf..0d05eac7c72b 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -788,7 +788,9 @@ static efi_status_t efi_decompress_kernel(unsigned long= *kernel_entry, =20 *kernel_entry =3D addr + entry; =20 - return efi_adjust_memory_range_protection(addr, kernel_text_size); + return efi_adjust_memory_range_protection(addr, kernel_text_size) ?: + efi_adjust_memory_range_protection(addr + kernel_inittext_offset, + kernel_inittext_size); } =20 static void __noreturn enter_kernel(unsigned long kernel_addr, --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88F0D30FC3D for ; Thu, 28 Aug 2025 10:23:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376582; cv=none; b=ZFZT2TuAUL7vXzJKk1Yso5Et45O41q7uDiUF9PbrIpkt7X9ofdcwoAtSSouaKkBjtMLiSDoPmzE98Q/CqAZZAGKEuUJGkCSinFhetXV0562O+JqhxCo0mwV4ju9oZL2Su8oUBJaP6JfrphErKfD80o2hE3G3a0vnFGITsy7JCJI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376582; c=relaxed/simple; bh=+8pWjOxpRQfdlwHX+KgUsBvgf6yJmN57ihMi46e11fo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=G1PxVd+yZiknaCDLFgwxEGQMlQtF6BkKXzHiOhDZF6KpkkRWnuv1u5mSqoeKZMcM5chenO6J5xXKM4xSzQnaU3cfpCHfir9c1HVC5remMsczzamDmSiwq9wpbQQAVtIzTUE3W3efgeplpid41+VAqRkMOmaY+5d7efke7o6b6S8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=LDAXxxrh; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LDAXxxrh" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45a1b0bd6a9so4403775e9.2 for ; Thu, 28 Aug 2025 03:23:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376579; x=1756981379; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=d4rk3wEJueWySwtycJx5daz9NstBI2BIFojglDvDsb8=; b=LDAXxxrh0Wz/rqSKIBd8SK1Mb4LqzPbPaobK7OXkkS1saiC0NyuLAOUrpiMDLINt69 dl5E1DnHpPomphA3ocLl8dUZHc4D21SdGumq5rvO2FQRwKJE9ej4en7nxDpiiOTxD8Dm 9wVoHt4oWeoqjTyokZm5c4I4NNKFWgbjPlzKNyVCuNqaEFB09ujAtZCcZv4Hf/uSRlwV Uf28PF9+n0MXdYVMdoQU1F6jB4Wvw6yFsKcSt/UBwy1uZDMynPmU9vEozwZK+LKOb6Vg F6KkGyu3f6xC1u1m8oBIxeQiRtQL/tUtyfWMekJ0lY3Azy7Xm70/2hbm+Qrbmoe4sOQ6 70nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376579; x=1756981379; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=d4rk3wEJueWySwtycJx5daz9NstBI2BIFojglDvDsb8=; b=HmPIF/JKRNYUXjb0KiwxedqdKiemZmM7XBXHyVS9ALA/g+EyQGK73k2NWVSCJe+SHo H64BD/cjYPge/aaS9b2shK/lbrKPjL3DJNgl8q7241dFVE1aWL22B1AK1Hw4MYaDDJjr 15ZAtFT8zrijvBO4xQpM6NYQlMJ+vKgeUhyuYS8L54/FRBhdiGd0xvpd6q7W2Ec/QKOt M3+otbapL74yyWuy266jKu+T50zs3DVRJBMkUqhfDs4YJqR3jmDw93HsnCWvC63/xkVd 0RgNpUQvPDqGhhZAt+mUJ1ACXHe/ZpxnES8s1kKrOGLaNzV6Z6uF4om039WYCyAuITcB MUww== X-Gm-Message-State: AOJu0YxCPLl6z15w6voHSBYI/SsIzpT4xb8jnqONwY96zFsYyg2NfPs1 UchhSk2NRNGpWyT4aZuWNoJy6tW7zPWXZpiituN/R9iYZ/y3XONIMd0M/lOZUry1FTt1co3X4dI yLhkZlm0RXHOSBiWe7oq1sqriGaijDRHqH5qMmZjzLVvz55tHWrGbzi9MucpEpiU7rpjWh/KrQ6 jDDBC5jGzy5+upqyYe1NiUvI1IIB45lLRsgg== X-Google-Smtp-Source: AGHT+IG3BmigcJlNLMlMpzE7DBUDp5cG/4N0fqRfL+xcmSA3Ucv6tdTE2jPPt3mYZmEBVWRKo1b3Xxf1 X-Received: from wmbbi7.prod.google.com ([2002:a05:600c:3d87:b0:45b:6337:ab6b]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b25:b0:459:da89:b06 with SMTP id 5b1f17b1804b1-45b517b008dmr280088605e9.16.1756376578953; Thu, 28 Aug 2025 03:22:58 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:24 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=16970; i=ardb@kernel.org; h=from:subject; bh=PLSUCg+PgEUiduZ+jVfgXjQ0dHXfIsSW6/m8g0h4tas=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7uPNh06/XMWXJRd7rqJZNOPh4cAyj7RVbic5305sv lcRGVrdUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACay5hXD//S82fMvCMb99Hth tFKgpMm4yemR8A8JM37tXe+/RjkqvWb4KxDqd0/LxEZM51KGeKO7+D6dqgNZEc/SmT13r77wMGw mNwA= X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-45-ardb+git@google.com> Subject: [PATCH v7 21/22] x86/boot: Move startup code out of __head section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Move startup code out of the __head section, now that this no longer has a special significance. Move everything into .text or .init.text as appropriate, so that startup code is not kept around unnecessarily. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 3 -- arch/x86/boot/startup/gdt_idt.c | 4 +-- arch/x86/boot/startup/map_kernel.c | 4 +-- arch/x86/boot/startup/sev-shared.c | 36 ++++++++++---------- arch/x86/boot/startup/sev-startup.c | 14 ++++---- arch/x86/boot/startup/sme.c | 26 +++++++------- arch/x86/include/asm/init.h | 6 ---- arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 2 +- arch/x86/platform/pvh/head.S | 2 +- 10 files changed, 45 insertions(+), 54 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 6822eb4b9152..235e557fd10c 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -32,9 +32,6 @@ struct ghcb *boot_ghcb; #undef __init #define __init =20 -#undef __head -#define __head - #define __BOOT_COMPRESSED =20 u8 snp_vmpl; diff --git a/arch/x86/boot/startup/gdt_idt.c b/arch/x86/boot/startup/gdt_id= t.c index a3112a69b06a..d16102abdaec 100644 --- a/arch/x86/boot/startup/gdt_idt.c +++ b/arch/x86/boot/startup/gdt_idt.c @@ -24,7 +24,7 @@ static gate_desc bringup_idt_table[NUM_EXCEPTION_VECTORS] __page_aligned_d= ata; =20 /* This may run while still in the direct mapping */ -void __head startup_64_load_idt(void *vc_handler) +void startup_64_load_idt(void *vc_handler) { struct desc_ptr desc =3D { .address =3D (unsigned long)rip_rel_ptr(bringup_idt_table), @@ -46,7 +46,7 @@ void __head startup_64_load_idt(void *vc_handler) /* * Setup boot CPU state needed before kernel switches to virtual addresses. */ -void __head startup_64_setup_gdt_idt(void) +void __init startup_64_setup_gdt_idt(void) { struct gdt_page *gp =3D rip_rel_ptr((void *)(__force unsigned long)&gdt_p= age); void *handler =3D NULL; diff --git a/arch/x86/boot/startup/map_kernel.c b/arch/x86/boot/startup/map= _kernel.c index 332dbe6688c4..83ba98d61572 100644 --- a/arch/x86/boot/startup/map_kernel.c +++ b/arch/x86/boot/startup/map_kernel.c @@ -30,7 +30,7 @@ static inline bool check_la57_support(void) return true; } =20 -static unsigned long __head sme_postprocess_startup(struct boot_params *bp, +static unsigned long __init sme_postprocess_startup(struct boot_params *bp, pmdval_t *pmd, unsigned long p2v_offset) { @@ -84,7 +84,7 @@ static unsigned long __head sme_postprocess_startup(struc= t boot_params *bp, * the 1:1 mapping of memory. Kernel virtual addresses can be determined by * subtracting p2v_offset from the RIP-relative address. */ -unsigned long __head __startup_64(unsigned long p2v_offset, +unsigned long __init __startup_64(unsigned long p2v_offset, struct boot_params *bp) { pmd_t (*early_pgts)[PTRS_PER_PMD] =3D rip_rel_ptr(early_dynamic_pgts); diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev= -shared.c index d6d807da2e6e..8d2476e1ad3b 100644 --- a/arch/x86/boot/startup/sev-shared.c +++ b/arch/x86/boot/startup/sev-shared.c @@ -31,7 +31,7 @@ static u32 cpuid_std_range_max __ro_after_init; static u32 cpuid_hyp_range_max __ro_after_init; static u32 cpuid_ext_range_max __ro_after_init; =20 -void __head __noreturn +void __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { u64 val =3D GHCB_MSR_TERM_REQ; @@ -50,7 +50,7 @@ sev_es_terminate(unsigned int set, unsigned int reason) /* * The hypervisor features are available from GHCB version 2 onward. */ -u64 get_hv_features(void) +u64 __init get_hv_features(void) { u64 val; =20 @@ -220,7 +220,7 @@ const struct snp_cpuid_table *snp_cpuid_get_table(void) * * Return: XSAVE area size on success, 0 otherwise. */ -static u32 __head snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compact= ed) +static u32 snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compacted) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); u64 xfeatures_found =3D 0; @@ -256,7 +256,7 @@ static u32 __head snp_cpuid_calc_xsave_size(u64 xfeatur= es_en, bool compacted) return xsave_size; } =20 -static bool __head +static bool snp_cpuid_get_validated_func(struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); @@ -298,7 +298,7 @@ static void snp_cpuid_hv_msr(void *ctx, struct cpuid_le= af *leaf) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV); } =20 -static int __head +static int snp_cpuid_postprocess(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *leaf), void *ctx, struct cpuid_leaf *leaf) { @@ -394,8 +394,8 @@ snp_cpuid_postprocess(void (*cpuid_fn)(void *ctx, struc= t cpuid_leaf *leaf), * Returns -EOPNOTSUPP if feature not enabled. Any other non-zero return v= alue * should be treated as fatal by caller. */ -int __head snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *leaf), - void *ctx, struct cpuid_leaf *leaf) +int snp_cpuid(void (*cpuid_fn)(void *ctx, struct cpuid_leaf *leaf), + void *ctx, struct cpuid_leaf *leaf) { const struct snp_cpuid_table *cpuid_table =3D snp_cpuid_get_table(); =20 @@ -437,7 +437,7 @@ int __head snp_cpuid(void (*cpuid_fn)(void *ctx, struct= cpuid_leaf *leaf), * page yet, so it only supports the MSR based communication with the * hypervisor and only the CPUID exit-code. */ -void __head do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) +void do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) { unsigned int subfn =3D lower_bits(regs->cx, 32); unsigned int fn =3D lower_bits(regs->ax, 32); @@ -513,7 +513,7 @@ struct cc_setup_data { * Search for a Confidential Computing blob passed in as a setup_data entry * via the Linux Boot Protocol. */ -static __head +static __init struct cc_blob_sev_info *find_cc_blob_setup_data(struct boot_params *bp) { struct cc_setup_data *sd =3D NULL; @@ -541,7 +541,7 @@ struct cc_blob_sev_info *find_cc_blob_setup_data(struct= boot_params *bp) * mapping needs to be updated in sync with all the changes to virtual mem= ory * layout and related mapping facilities throughout the boot process. */ -static void __head setup_cpuid_table(const struct cc_blob_sev_info *cc_inf= o) +static void __init setup_cpuid_table(const struct cc_blob_sev_info *cc_inf= o) { const struct snp_cpuid_table *cpuid_table_fw, *cpuid_table; int i; @@ -569,7 +569,7 @@ static void __head setup_cpuid_table(const struct cc_bl= ob_sev_info *cc_info) } } =20 -static int __head svsm_call_msr_protocol(struct svsm_call *call) +static int svsm_call_msr_protocol(struct svsm_call *call) { int ret; =20 @@ -580,8 +580,8 @@ static int __head svsm_call_msr_protocol(struct svsm_ca= ll *call) return ret; } =20 -static void __head svsm_pval_4k_page(unsigned long paddr, bool validate, - struct svsm_ca *caa, u64 caa_pa) +static void svsm_pval_4k_page(unsigned long paddr, bool validate, + struct svsm_ca *caa, u64 caa_pa) { struct svsm_pvalidate_call *pc; struct svsm_call call =3D {}; @@ -622,8 +622,8 @@ static void __head svsm_pval_4k_page(unsigned long padd= r, bool validate, native_local_irq_restore(flags); } =20 -static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long pa= ddr, - bool validate, struct svsm_ca *caa, u64 caa_pa) +static void pvalidate_4k_page(unsigned long vaddr, unsigned long paddr, + bool validate, struct svsm_ca *caa, u64 caa_pa) { int ret; =20 @@ -643,8 +643,8 @@ static void __head pvalidate_4k_page(unsigned long vadd= r, unsigned long paddr, sev_evict_cache((void *)vaddr, 1); } =20 -static void __head __page_state_change(unsigned long vaddr, unsigned long = paddr, - const struct psc_desc *desc) +static void __page_state_change(unsigned long vaddr, unsigned long paddr, + const struct psc_desc *desc) { u64 val, msr; =20 @@ -682,7 +682,7 @@ static void __head __page_state_change(unsigned long va= ddr, unsigned long paddr, * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the = SVSM * services needed when not running in VMPL0. */ -static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, +static bool __init svsm_setup_ca(const struct cc_blob_sev_info *cc_info, void *page) { struct snp_secrets_page *secrets_page; diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/se= v-startup.c index 9f4b4ca7deaa..39465a0ff4e5 100644 --- a/arch/x86/boot/startup/sev-startup.c +++ b/arch/x86/boot/startup/sev-startup.c @@ -44,7 +44,7 @@ /* Include code shared with pre-decompression boot stage */ #include "sev-shared.c" =20 -void __head +void __init early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, const struct psc_desc *desc) { @@ -63,7 +63,7 @@ early_set_pages_state(unsigned long vaddr, unsigned long = paddr, } } =20 -void __head early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, +void __init early_snp_set_memory_private(unsigned long vaddr, unsigned lon= g paddr, unsigned long npages) { struct psc_desc d =3D { @@ -88,7 +88,7 @@ void __head early_snp_set_memory_private(unsigned long va= ddr, unsigned long padd early_set_pages_state(vaddr, paddr, npages, &d); } =20 -void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, +void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long= paddr, unsigned long npages) { struct psc_desc d =3D { @@ -123,7 +123,7 @@ void __head early_snp_set_memory_shared(unsigned long v= addr, unsigned long paddr * * Scan for the blob in that order. */ -static __head struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp) +static struct cc_blob_sev_info *__init find_cc_blob(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; =20 @@ -149,7 +149,7 @@ static __head struct cc_blob_sev_info *find_cc_blob(str= uct boot_params *bp) return cc_info; } =20 -static __head void svsm_setup(struct cc_blob_sev_info *cc_info) +static void __init svsm_setup(struct cc_blob_sev_info *cc_info) { struct snp_secrets_page *secrets =3D (void *)cc_info->secrets_phys; struct svsm_call call =3D {}; @@ -190,7 +190,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *= cc_info) boot_svsm_caa_pa =3D pa; } =20 -bool __head snp_init(struct boot_params *bp) +bool __init snp_init(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; =20 @@ -219,7 +219,7 @@ bool __head snp_init(struct boot_params *bp) return true; } =20 -void __head __noreturn snp_abort(void) +void __init __noreturn snp_abort(void) { sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c index eb6a758ba660..39e7e9d18974 100644 --- a/arch/x86/boot/startup/sme.c +++ b/arch/x86/boot/startup/sme.c @@ -91,7 +91,7 @@ struct sme_populate_pgd_data { */ static char sme_workarea[2 * PMD_SIZE] __section(".init.scratch"); =20 -static void __head sme_clear_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; pgd_t *pgd_p; @@ -106,7 +106,7 @@ static void __head sme_clear_pgd(struct sme_populate_pg= d_data *ppd) memset(pgd_p, 0, pgd_size); } =20 -static pud_t __head *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) +static pud_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) { pgd_t *pgd; p4d_t *p4d; @@ -143,7 +143,7 @@ static pud_t __head *sme_prepare_pgd(struct sme_populat= e_pgd_data *ppd) return pud; } =20 -static void __head sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) +static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *pp= d) { pud_t *pud; pmd_t *pmd; @@ -159,7 +159,7 @@ static void __head sme_populate_pgd_large(struct sme_po= pulate_pgd_data *ppd) set_pmd(pmd, __pmd(ppd->paddr | ppd->pmd_flags)); } =20 -static void __head sme_populate_pgd(struct sme_populate_pgd_data *ppd) +static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) { pud_t *pud; pmd_t *pmd; @@ -185,7 +185,7 @@ static void __head sme_populate_pgd(struct sme_populate= _pgd_data *ppd) set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); } =20 -static void __head __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd_large(ppd); @@ -195,7 +195,7 @@ static void __head __sme_map_range_pmd(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range_pte(struct sme_populate_pgd_data *ppd) +static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd(ppd); @@ -205,7 +205,7 @@ static void __head __sme_map_range_pte(struct sme_popul= ate_pgd_data *ppd) } } =20 -static void __head __sme_map_range(struct sme_populate_pgd_data *ppd, +static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, pmdval_t pmd_flags, pteval_t pte_flags) { unsigned long vaddr_end; @@ -229,22 +229,22 @@ static void __head __sme_map_range(struct sme_populat= e_pgd_data *ppd, __sme_map_range_pte(ppd); } =20 -static void __head sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } =20 -static void __head sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) +static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *p= pd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); } =20 -static void __head sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) +static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data= *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); } =20 -static unsigned long __head sme_pgtable_calc(unsigned long len) +static unsigned long __init sme_pgtable_calc(unsigned long len) { unsigned long entries =3D 0, tables =3D 0; =20 @@ -281,7 +281,7 @@ static unsigned long __head sme_pgtable_calc(unsigned l= ong len) return entries + tables; } =20 -void __head sme_encrypt_kernel(struct boot_params *bp) +void __init sme_encrypt_kernel(struct boot_params *bp) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; @@ -485,7 +485,7 @@ void __head sme_encrypt_kernel(struct boot_params *bp) native_write_cr3(__native_read_cr3()); } =20 -void __head sme_enable(struct boot_params *bp) +void __init sme_enable(struct boot_params *bp) { unsigned int eax, ebx, ecx, edx; unsigned long feature_mask; diff --git a/arch/x86/include/asm/init.h b/arch/x86/include/asm/init.h index 5a68e9db6518..01ccdd168df0 100644 --- a/arch/x86/include/asm/init.h +++ b/arch/x86/include/asm/init.h @@ -2,12 +2,6 @@ #ifndef _ASM_X86_INIT_H #define _ASM_X86_INIT_H =20 -#if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 170000 -#define __head __section(".head.text") __no_sanitize_undefined __no_stack_= protector -#else -#define __head __section(".head.text") __no_sanitize_undefined __no_kstack= _erase -#endif - struct x86_mapping_info { void *(*alloc_pgt_page)(void *); /* allocate buf for page table */ void (*free_pgt_page)(void *, void *); /* free buf for page table */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S index 76743dfad6ab..437effb1ef03 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -61,7 +61,7 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE) * any particular GDT layout, because we load our own as soon as we * can. */ -__HEAD + __INIT SYM_CODE_START(startup_32) movl pa(initial_stack),%ecx =09 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index d219963ecb60..21816b48537c 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -33,7 +33,7 @@ * because we need identity-mapped pages. */ =20 - __HEAD + __INIT .code64 SYM_CODE_START_NOALIGN(startup_64) UNWIND_HINT_END_OF_STACK diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index 1d78e5631bb8..344030c1a81d 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -24,7 +24,7 @@ #include #include =20 - __HEAD + __INIT =20 /* * Entry point for PVH guests. --=20 2.51.0.268.g9569e192d0-goog From nobody Sun Sep 7 12:18:18 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4337630FF3B for ; Thu, 28 Aug 2025 10:23:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376583; cv=none; b=AY5+LaXpB/4u7FDjszKJ64XEa50ngNLO5faHk3Z5GObunXmUnP1ksIB2ctyVmwEBawjBz18TMZPStVzW0d3o/+XEtDXfEULKTxaZnM59fG7piv9qMMkZ37A9tuiiT8Bj+d8IZjhYOzNN2+RUSSdF5u490JCZCEjW9+qm1/CWWM8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756376583; c=relaxed/simple; bh=ATa5Ur6QwnSv625zc1IS75BRih4YDr/zqVuLMWsD/FU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=lG9iF7mrS04VXeQ+vfuVKONyOsPbJhPbLByIS/F1C1t0b+vDterjbL0ey7myhb2f0e3l+iEOOyikP4Xe5ErxFJ/f2mSRrxOfai3xvBAZ3NK4bf5bYaEULHN8IDUiWd94me4nEJNxsLdgUdROAPlcZMLgpIS8Qy/jATWSxgndZVw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ZEatw1Yg; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ZEatw1Yg" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45b7bb85e90so2801975e9.0 for ; Thu, 28 Aug 2025 03:23:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756376580; x=1756981380; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=jXWw7Y+UJdSBQLh/fhRl4MOI8sJec2OYFK+QWdBoYgg=; b=ZEatw1Ygo6QL8JbR5vrgYLebi6gyXwu758M9Lgfxcbz8L9eI8g/QfyXIeseza+4sOw 3SoClks4X4ysztZ64LpDA0Eaps64mrcTLwIlFmeV2A1Ocyb9pB7WVTIRSGJKqH7Niayo nItfqW76kpuzESUujUebGEVGYze/a9pWF0hPMzqOUFDDRkgdvY00SoHMBOwqq+CjiXzB ZkgV2JRJI/8XZfbC9ViLc+ObI/ZJNhEoFjfHSURFqPyF5QzbZDFsyagk2RitdfEp3Xny F1bFGvW93aShbvoKP6LKrUnHCkgFMmJ8WTOcMVE5RYbYMzHA2deoJsuqtiQorMlXmNan ddpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756376580; x=1756981380; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jXWw7Y+UJdSBQLh/fhRl4MOI8sJec2OYFK+QWdBoYgg=; b=RcO8QTQeqbzA/fa2XA0vWEg0eogrW6C9cA8DU8HZb5da3wXuF+hB/sag+hfpP1vTDB t4CzuGkh26LtFcNyflA3Z8e7/NvsbSSS80d03XWMfFxyCbvwfu1pB1hxKc+piqGwmeD5 xUNHwA3Woxcc7BWYcmnSNtGUYF75LFPlej7L96vXxLata0174K3BGRmp0qqQf/QNnC4v Yvd/4v4/yukGRJcO73plWy6MvJdwnOljq9rpXq4+dW7j/+ouuuboslF3KYRdRGjUQiNZ ui90CfomEh3Lqth+HJu158mXz2xQJrdIn96PE7MGy6j0CR4MsybMggSLYxX6fWeNBBPg LInQ== X-Gm-Message-State: AOJu0YyuMYACZXDBLAqTMMgBEW4gvRCnDn3zZyf9w2mx2vlnDCoWw8RI g8OCoLB/qJ4dqgXLuL/ARC68V7fLXbeSiV6u/OEuCW+sZfuZ59pVWqhQa25+WkKfrQArV49esCN ES0OpfjSoFuZCvVaf7hiUstpo7r6XuPZoCh/zbFJq9SBLSsv0heNiIjoFFgvTF1UFN58sG7eyRo 9XLc6diroMWRbLISDJZs4CdRO0pab7S59Bqw== X-Google-Smtp-Source: AGHT+IHbmcTa9uXOzfLKVnm4w8QZ3oOsJ/lxXH29qLLzB/tlHHWIOyMrZTudC5l76tIEXZKxSGIjjFAr X-Received: from wmsd11.prod.google.com ([2002:a05:600c:3acb:b0:45b:5f83:6ae4]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1387:b0:458:b8b0:6338 with SMTP id 5b1f17b1804b1-45b6870e70bmr89819895e9.6.1756376580490; Thu, 28 Aug 2025 03:23:00 -0700 (PDT) Date: Thu, 28 Aug 2025 12:22:25 +0200 In-Reply-To: <20250828102202.1849035-24-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250828102202.1849035-24-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=737; i=ardb@kernel.org; h=from:subject; bh=/jCcOYfML0JH2E5FHnI0zJ4gY10zGaxYfVZWNXUzEkw=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIWOD7tMH2RyFtySk5UujLB6vfVR4hjsk57HGk6q6T+8be cuay552lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIm0VDP8T/fqbUpg7ot4cIX3 Ls8hm2nrXuXcn3/fZgJr+SozrVytVob/4d7xE0xtPa//CrC89Pte1+V9fs46W1SVBT87CFztezC LDQA= X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250828102202.1849035-46-ardb+git@google.com> Subject: [PATCH v7 22/22] x86/boot: Get rid of the .head.text section From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Ingo Molnar , Kevin Loughlin , Tom Lendacky , Josh Poimboeuf , Peter Zijlstra , Nikunj A Dadhania Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The .head.text section is now empty, so it can be dropped from the linker script. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/vmlinux.lds.S | 5 ----- 1 file changed, 5 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 4277efb26358..d7af4a64c211 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -160,11 +160,6 @@ SECTIONS =20 } :text =3D 0xcccccccc =20 - /* bootstrapping code */ - .head.text : AT(ADDR(.head.text) - LOAD_OFFSET) { - HEAD_TEXT - } :text =3D 0xcccccccc - /* End of text section, which should occupy whole number of pages */ _etext =3D .; . =3D ALIGN(PAGE_SIZE); --=20 2.51.0.268.g9569e192d0-goog