From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 691DD423162 for ; Tue, 20 Jan 2026 19:54:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938898; cv=none; b=kVRez1vMbwO+kFvXav7C0etD+5/k9N5c4iC1egdG67h+uF4DEcA8FwD+H65neu3CXJS7lLqyYCsmzLFeBT1eQFx1rZDKSpcnMsLRJTfmDMxwAi3jWSrcWmTbaw5Zu3INR0yekQtEL+ZH/kTEr91rInEx7ZCjqT+JEP+pID2RDNk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938898; c=relaxed/simple; bh=7uKuifd5hg9zyYE+Th7mxjry6UYrnyLf5x6U9gCahbs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DZGCX92B/0Qo/SgPg86Ksl6rlwxRC1pJ3MV85aCF+EF69gVL4n9SQw5daNPmRhrGhbLTeT0RGHGnNXFbL4hqBqoJRb5FTtyEtxdeS05tB+ilmg0t1jm65JFEORyHoP46NANU4x3J4A/sY4rrnTiEVqdNuCcQxbVybTu610cK0QU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=MyBJauUR; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="MyBJauUR" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD383899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:15 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD383899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938858; bh=2Jsmp6SNJo0r+L2zMO/RO98Z1QirHh+gFi5n8Bhoc0o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MyBJauURVSbGI9VA/glfPxaFZmpMmE/H+GadkKxlRAg36BsvZndBKJgTCs3rn5cod YGhbvTH4Y63zWL2j19MMQMulwwiGRvkx4AqKzkuu3lSuMa9RecaHhV89+EXzz0AQMW 91/QgYutgVO/FRFh8mNzFpAJPvHhSdxbx8sTd0FIJy0Y9txcMKiIWKFXg14dSFQ7kz voPLLH/HYD7tr7LsUtnfGQUoVk2eXqXJpX8I98AOHKwQGBxgFvOUEh1EazRXZoMpKT p2AeJX5KmwnpYYJVa0N73MFIP+59sZ4suGFCKWUfhHlJslxah28seI5rVIX1b270j3 m2ZmBD36fkLqg== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 01/14] x86/realmode: remove I/O port paravirtualization Date: Tue, 20 Jan 2026 11:53:53 -0800 Message-ID: <20260120195407.1163051-2-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In commit: eb4ea1ae8f45 x86/boot: Port I/O: Allow to hook up alternative helpers ... paravirtualization hooks were added to (some!) of the port I/O functions. However, they were only ever used in the 32/64-bit "compressed" directory, and never made any sense in the real-mode code, which is notoriously size sensitive. Without these hooks, is usable directly, so mode io.h into the compressed/ directory and replace "io.h" with for the actual real-mode code. Signed-off-by: H. Peter Anvin (Intel) Acked-by: Kiryl Shutsemau --- arch/x86/boot/boot.h | 2 +- arch/x86/boot/{ =3D> compressed}/io.h | 0 arch/x86/boot/compressed/misc.h | 2 +- arch/x86/boot/compressed/tdx.c | 2 +- arch/x86/boot/main.c | 5 +---- arch/x86/realmode/rm/wakemain.c | 4 ---- 6 files changed, 4 insertions(+), 11 deletions(-) rename arch/x86/boot/{ =3D> compressed}/io.h (100%) diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h index 8e3eab34dff4..f185931283cb 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -18,6 +18,7 @@ =20 #ifndef __ASSEMBLER__ =20 +#include #include #include #include @@ -26,7 +27,6 @@ #include "bitops.h" #include "ctype.h" #include "cpuflags.h" -#include "io.h" =20 /* Useful macros */ #define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) diff --git a/arch/x86/boot/io.h b/arch/x86/boot/compressed/io.h similarity index 100% rename from arch/x86/boot/io.h rename to arch/x86/boot/compressed/io.h diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/mis= c.h index fd855e32c9b9..68957e7698ad 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -43,8 +43,8 @@ =20 #define BOOT_BOOT_H #include "../ctype.h" -#include "../io.h" =20 +#include "io.h" #include "efi.h" =20 #ifdef CONFIG_X86_64 diff --git a/arch/x86/boot/compressed/tdx.c b/arch/x86/boot/compressed/tdx.c index 8451d6a1030c..00359dbe1f8c 100644 --- a/arch/x86/boot/compressed/tdx.c +++ b/arch/x86/boot/compressed/tdx.c @@ -2,7 +2,7 @@ =20 #include "../cpuflags.h" #include "../string.h" -#include "../io.h" +#include "io.h" #include "error.h" =20 #include diff --git a/arch/x86/boot/main.c b/arch/x86/boot/main.c index 9d0fea18d3c8..da01ade4959e 100644 --- a/arch/x86/boot/main.c +++ b/arch/x86/boot/main.c @@ -15,10 +15,9 @@ #include "boot.h" #include "string.h" =20 +/* Buffer for building the full "zero page" struct boot_params */ struct boot_params boot_params __attribute__((aligned(16))); =20 -struct port_io_ops pio_ops; - char *HEAP =3D _end; char *heap_end =3D _end; /* Default end of heap =3D no heap */ =20 @@ -132,8 +131,6 @@ static void init_heap(void) =20 void main(void) { - init_default_io_ops(); - /* First, copy the boot header into the "zeropage" */ copy_boot_params(); =20 diff --git a/arch/x86/realmode/rm/wakemain.c b/arch/x86/realmode/rm/wakemai= n.c index a6f4d8388ad8..1d6437e6d2ba 100644 --- a/arch/x86/realmode/rm/wakemain.c +++ b/arch/x86/realmode/rm/wakemain.c @@ -62,12 +62,8 @@ static void send_morse(const char *pattern) } } =20 -struct port_io_ops pio_ops; - void main(void) { - init_default_io_ops(); - /* Kill machine if structures are wrong */ if (wakeup_header.real_magic !=3D 0x12345678) while (1) --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D745E3F075B for ; Tue, 20 Jan 2026 19:54:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938896; cv=none; b=AzYNwYNnwQdUiq9JUeSaXfapTH7EuHixmamDDsWWHa+VcyAAfWqDm9sJDsBJ895RYYGpiY1TOIyeo1ZPEnVNOM/Vjctnw8Gjl+qwv9x4DWwsG7XMYNpH8+5EfRlMSRN7g915JcfRa1pMxQAgjLHADVQg9xLpvOwIt62wi4xg3NE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938896; c=relaxed/simple; bh=HwQYLMn2Ico8P5pJ61HSy0FD/bC0b8+32vCu6lReUek=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KvnA0dlz1iq40/1GjsVlWwupyMCW7WSzAD8c1Hr6C8KS/xLk93YyeOyAhncMSWOMuVEjxbH9Ah8i1B3J3YxZfLzJkZjenYwMgylCmYz8m23ekkrZqQYTz7XZ2C5z3HlhKcs3NTdwlXplWNWAl7AfPUqxZshZcsnhNkNVVvATINs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=NnhFHy8R; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="NnhFHy8R" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD393899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:18 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD393899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938860; bh=RBVs9h7s1HCtT9Q0JVrBxBgYYiiLINYNUH55FQnvhLo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NnhFHy8RbpjYddmRAzj1xo4w9AWD0mY3KYMsN/anT1qgB7G/0JxOaGP3saNHt81vv MQnex1NEp1PwY2+EBYSCH93TVKV3ORaEubcJdLLgHRJ88hpqPghMQ4L+W313x/FSl2 KE7QIXkeX0Lh3ZFQlnSvS+w29lrDqMppHBpEkJiQfj0xR2+CX55u46pck/VmBKMbSc lgaoCRb+0nSdDYhQXu30UjV/CZfe6PJqb/EhaDC9nQrqLAfb0jhuBsY2HJMbW8fwJc hZ0rlRPVNGtGFaYIxqdHGgBzI+HTu46MTPvgfeSgpDfLx8NaYrXmpwFdNEsNI92s4e MEkbeFCJ5h90g== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 02/14] x86/realmode: make %gs == 0 an invariant Date: Tue, 20 Jan 2026 11:53:54 -0800 Message-ID: <20260120195407.1163051-3-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When accessing data that is not "near", either only one segment is used or one segment is always zero. Leave %gs =3D=3D 0 at all times throughout the C code; this reduces the number of segment loads needed. Signed-off-by: H. Peter Anvin (Intel) Reviewed-by: Uros Bizjak --- arch/x86/boot/a20.c | 11 +++++------ arch/x86/boot/header.S | 3 +++ arch/x86/boot/regs.c | 3 ++- arch/x86/boot/video-bios.c | 5 ++--- arch/x86/boot/video-mode.c | 5 ++--- arch/x86/boot/video.c | 7 +++---- arch/x86/realmode/rm/wakeup_asm.S | 10 ++++++---- 7 files changed, 23 insertions(+), 21 deletions(-) diff --git a/arch/x86/boot/a20.c b/arch/x86/boot/a20.c index bda042933a05..3ab6cd8eaa31 100644 --- a/arch/x86/boot/a20.c +++ b/arch/x86/boot/a20.c @@ -56,20 +56,19 @@ static int a20_test(int loops) int ok =3D 0; int saved, ctr; =20 - set_fs(0x0000); - set_gs(0xffff); + set_fs(0xffff); =20 - saved =3D ctr =3D rdfs32(A20_TEST_ADDR); + saved =3D ctr =3D rdgs32(A20_TEST_ADDR); =20 while (loops--) { - wrfs32(++ctr, A20_TEST_ADDR); + wrgs32(++ctr, A20_TEST_ADDR); io_delay(); /* Serialize and make delay constant */ - ok =3D rdgs32(A20_TEST_ADDR+0x10) ^ ctr; + ok =3D rdfs32(A20_TEST_ADDR+0x10) ^ ctr; if (ok) break; } =20 - wrfs32(saved, A20_TEST_ADDR); + wrgs32(saved, A20_TEST_ADDR); return ok; } =20 diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 9bea5a1e2c52..bda20395658f 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -596,6 +596,9 @@ start_of_setup: shrw $2, %cx rep stosl =20 +# The C code uses %gs =3D=3D 0 as invariant + movw %ax, %gs + # Jump to C code (should not return) calll main =20 diff --git a/arch/x86/boot/regs.c b/arch/x86/boot/regs.c index 55de6b3092b8..54d6dfd129c5 100644 --- a/arch/x86/boot/regs.c +++ b/arch/x86/boot/regs.c @@ -22,6 +22,7 @@ void initregs(struct biosregs *reg) reg->eflags |=3D X86_EFLAGS_CF; reg->ds =3D ds(); reg->es =3D ds(); + /* The input values of %cs and %ss are ignored by intcall() */ reg->fs =3D fs(); - reg->gs =3D gs(); + /* %gs =3D=3D 0 */ } diff --git a/arch/x86/boot/video-bios.c b/arch/x86/boot/video-bios.c index 6eb8c06bc287..e8be64424a40 100644 --- a/arch/x86/boot/video-bios.c +++ b/arch/x86/boot/video-bios.c @@ -73,7 +73,6 @@ static int bios_probe(void) if (adapter !=3D ADAPTER_EGA && adapter !=3D ADAPTER_VGA) return 0; =20 - set_fs(0); crtc =3D vga_crtc(); =20 video_bios.modes =3D GET_HEAP(struct mode_info, 0); @@ -105,8 +104,8 @@ static int bios_probe(void) mi =3D GET_HEAP(struct mode_info, 1); mi->mode =3D VIDEO_FIRST_BIOS+mode; mi->depth =3D 0; /* text */ - mi->x =3D rdfs16(0x44a); - mi->y =3D rdfs8(0x484)+1; + mi->x =3D rdgs16(0x44a); + mi->y =3D rdgs8(0x484)+1; nmodes++; } =20 diff --git a/arch/x86/boot/video-mode.c b/arch/x86/boot/video-mode.c index 9ada55dc1ab7..e5b9bc96bd42 100644 --- a/arch/x86/boot/video-mode.c +++ b/arch/x86/boot/video-mode.c @@ -119,9 +119,8 @@ static void vga_recalc_vertical(void) u16 crtc; u8 pt, ov; =20 - set_fs(0); - font_size =3D rdfs8(0x485); /* BIOS: font size (pixels) */ - rows =3D force_y ? force_y : rdfs8(0x484)+1; /* Text rows */ + font_size =3D rdgs8(0x485); /* BIOS: font size (pixels) */ + rows =3D force_y ? force_y : rdgs8(0x484)+1; /* Text rows */ =20 rows *=3D font_size; /* Visible scan lines */ rows--; /* ... minus one */ diff --git a/arch/x86/boot/video.c b/arch/x86/boot/video.c index 0641c8c46aee..09b810faa5c0 100644 --- a/arch/x86/boot/video.c +++ b/arch/x86/boot/video.c @@ -79,12 +79,11 @@ static void store_mode_params(void) video_segment =3D 0xb800; } =20 - set_fs(0); - font_size =3D rdfs16(0x485); /* Font size, BIOS area */ + font_size =3D rdgs16(0x485); /* Font size, BIOS area */ boot_params.screen_info.orig_video_points =3D font_size; =20 - x =3D rdfs16(0x44a); - y =3D (adapter =3D=3D ADAPTER_CGA) ? 25 : rdfs8(0x484)+1; + x =3D rdgs16(0x44a); + y =3D (adapter =3D=3D ADAPTER_CGA) ? 25 : rdgs8(0x484)+1; =20 if (force_x) x =3D force_x; diff --git a/arch/x86/realmode/rm/wakeup_asm.S b/arch/x86/realmode/rm/wakeu= p_asm.S index 02d0ba16ae33..a8a8580158d7 100644 --- a/arch/x86/realmode/rm/wakeup_asm.S +++ b/arch/x86/realmode/rm/wakeup_asm.S @@ -70,15 +70,17 @@ SYM_CODE_START(wakeup_start) movl $rm_stack_end, %esp movw %ax, %ds movw %ax, %es - movw %ax, %fs - movw %ax, %gs =20 - lidtl .Lwakeup_idt + xorl %eax, %eax + movw %ax, %fs + movw %ax, %gs /* The real mode code requires %gs =3D=3D 0 */ =20 /* Clear the EFLAGS */ - pushl $0 + pushl %eax popfl =20 + lidtl .Lwakeup_idt + /* Check header signature... */ movl signature, %eax cmpl $WAKEUP_HEADER_SIGNATURE, %eax --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 276183A0EA8 for ; Tue, 20 Jan 2026 19:54:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938897; cv=none; b=fr/gsPsTd3pz/8Gn1pO7QEct8FKp8hyUAH4E0rxfb229ApM4dJDQH8OZIW5IVxuon1NwjNxEwvfcMcGrBBlp/UW65OOGssTqt5q2Toq7wWbBoFDB1+vhJWV1unm7sQBbAeKwOPccGSyg0KDdorhHHUkLw0+0rhdTY2OE8uyn8Yk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938897; c=relaxed/simple; bh=g6sHea/KAFwpEd7flzRem9YK8r3ZWWcLAjUOIAh6xRA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QwTimNMj42N4plpcp75d8WTGhlSFCjZAmaaZRNe1yWc5OHm+U33JWRP6Jo0jVghGT2R0TSwO0t5f/8t/wnhy3ozxTk7sFv6eFIDgBIScRW5H97qPv96wE8SLyOYcZTfY003ufR2YTgj+qa7dQkL16IA0wyzkEswAxsfjPZV8ETE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=gIy4FMKF; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="gIy4FMKF" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3A3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:20 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3A3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938861; bh=zt7T/6XDlNvfV1mQ2N69K6rQQbZfmJFfaBmLXqu7Q1o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gIy4FMKF/fza2Kuytw7bD109DrS5ePisT5hH+Oqoai6K/s8i1FMHUiw6mPNkTajQq 9W6OW7gAo3GINqtipQ6sH2JdnHps8l2+p5yyAWgbPO7Sye2tSn2I1utkZBIzYbKBib RqiOTuh680ioPRfWyI5zdurBiQqzDZHQ1A25WotzwbyEWVoBaUY6zcQjjqV13rFHRE +pTofkb/cAvFz1T9HtYKoaUd7UTMSVqbM/M+Vf09fBs4+MUCmB8gl+6G/tU6SPeaEZ kt6oUHSJfWFWiowHGv9ZgTXCP7ezrF2Bby9e+M2X434K4TUfPVL9xP6AT4GRBwC4A5 FVH/pFPJKhH/w== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 03/14] x86/boot: use Date: Tue, 20 Jan 2026 11:53:55 -0800 Message-ID: <20260120195407.1163051-4-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Include in arch/x86/boot/boot.h and replace __attribute__((noreturn)) with __noreturn. Signed-off-by: H. Peter Anvin (Intel) Reviewed-by: Uros Bizjak --- arch/x86/boot/boot.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h index f185931283cb..1f2b7252e387 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -18,6 +18,7 @@ =20 #ifndef __ASSEMBLER__ =20 +#include #include #include #include @@ -279,17 +280,16 @@ void console_init(void); void query_edd(void); =20 /* header.S */ -void __attribute__((noreturn)) die(void); +void __noreturn die(void); =20 /* memory.c */ void detect_memory(void); =20 /* pm.c */ -void __attribute__((noreturn)) go_to_protected_mode(void); +void __noreturn go_to_protected_mode(void); =20 /* pmjump.S */ -void __attribute__((noreturn)) - protected_mode_jump(u32 entrypoint, u32 bootparams); +void __noreturn protected_mode_jump(u32 entrypoint, u32 bootparams); =20 /* printf.c */ int sprintf(char *buf, const char *fmt, ...); --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F90142DFFA for ; Tue, 20 Jan 2026 19:55:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938904; cv=none; b=lqUrY+rgfzUHgvLeZ5JJS6EoKPL0Tk2WYD6lYU2AunwDUMEuQpXN4CkzEtsmCT+ARpmx/J7KcCmQDREbkiJqRCllczLnFptpFLCHLi+Y4LQHhB8y0h7qSfjuK8wE1M9ztIG+6/aOH4tRwAZjg99LCS+tFF+cHrVNUu3wIQGAxIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938904; c=relaxed/simple; bh=MveQi5l0YQ7OLkSuW8oRirePVaw/kJlAsYs/pcnpNm0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FkgTyfs7uMHr8lsDsSjlMv/+s7APQm6rdERxxmJ8xfjNngkgXl+sInHlDqR2XWLg6+wpPwzHV+TimoGprbgMhW4TzhCQxMnUUYTHVlq/Fb0mhLsIejOg/vwVHcvqbdYACyNE+OGElGOvJT047pJOrPNVf7QO1eoeJ3VKhNvP4eg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=DcVcbmQ+; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="DcVcbmQ+" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3B3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:22 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3B3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938863; bh=JqbF6ot1ZgQZZaR0bZSta5QNoXS+I8M4O8vH2t5f5pE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DcVcbmQ+A9Ddrx2QIL0KnMREyFL66kVXtTojdTPj1XFieFitAjAsjTbHq2NNlVJ63 9cCjmbEfeuH3ndeVu5kZNxKdIvoM+sBs+avloJSM2CBjcgrAXYlOiQIOrNxoSzjE5x hsXkyRtK4NLZjD1oknYtg8DwWYktmcGUXc2+MVK6NuUCdUY3H+0bW7R/SirPkDhK4x 6YemCXS3e5JyCzhmEc0fplzRM3/GFA6TGv3/OPZk308I/FcmESMyQfUSLi9PBOoLbk En5q+KtnIE7qPyJhs29Fnd4dEWCJSB7Ht3EElLJ7H9wb4AGtx9PF1o9HTY4JCwFn3X erwRQCaJ1UfOQ== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 04/14] x86/boot: modernize the segment structure for the header and setup Date: Tue, 20 Jan 2026 11:53:56 -0800 Message-ID: <20260120195407.1163051-5-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Modernize the segment structure for the EFI and bzImage headers and the 16-bit setup. 1. The ".bstext" section (EFI header) has not had code in it for a while now. Merge it into the .header section. 2. Move the contents of the .signature section to assembly rather than the linker script. As a side benefit, the magic number is now private to header.S. 3. Add additional asserts to the linker script. 4. Fill gaps in code sections with int3 instead of nop. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/boot/header.S | 27 +++++++++++++++++++-------- arch/x86/boot/setup.ld | 26 ++++++++++++-------------- 2 files changed, 31 insertions(+), 22 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index bda20395658f..85a21d576f5b 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -40,7 +40,7 @@ SYSSEG =3D 0x1000 /* historical load address >> 4 */ .set falign, 0x200 =20 .code16 - .section ".bstext", "ax" + .section ".header", "a" #ifdef CONFIG_EFI_STUB # "MZ", MS-DOS header .word IMAGE_DOS_SIGNATURE @@ -221,15 +221,16 @@ pecompat_fstart: IMAGE_SCN_MEM_WRITE # Characteristics =20 .set section_count, (. - section_table) / 40 + #endif /* CONFIG_EFI_STUB */ =20 - # Kernel attributes; used by setup. This is part 1 of the - # header, from the old boot sector. + # hdr should be at address 0x1f1; -2 for the sentinel + .org 0x1f1-2, 0xff # Fill with 0xff =20 - .section ".header", "a" .globl sentinel sentinel: .byte 0xff, 0xff /* Used to detect broken loaders */ =20 + # The bzImage struct setup_header .globl hdr hdr: .byte setup_sects - 1 @@ -240,15 +241,15 @@ vid_mode: .word SVGA_MODE root_dev: .word 0 /* Default to major/minor 0/0 */ boot_flag: .word 0xAA55 =20 - # offset 512, entry point + # offset 512, entry point AND struct setup_header length marker =20 .globl _start _start: # Explicitly enter this as bytes, or the assembler - # tries to generate a 3-byte jump here, which causes + # might try to generate a 3-byte jump here, which causes # everything else to push off to the wrong offset. .byte 0xeb # short (2-byte) jump - .byte start_of_setup-1f + .byte end_of_bzheader-1f 1: =20 # Part 2 of the header, from the old setup.S @@ -541,9 +542,13 @@ init_size: .long INIT_SIZE # kernel initialization s= ize handover_offset: __handover_offset kernel_info_offset: .long ZO_kernel_info =20 + .globl end_of_bzheader +end_of_bzheader: + # End of setup header ##################################################### =20 .section ".entrytext", "ax" + .globl start_of_setup start_of_setup: # Force %es =3D %ds movw %ds, %ax @@ -585,7 +590,8 @@ start_of_setup: 6: =20 # Check signature at end of setup - cmpl $0x5a5aaa55, setup_sig +SETUP_SIGNATURE =3D 0x5a5aaa55 + cmpl $SETUP_SIGNATURE, setup_sig jne setup_bad =20 # Zero the bss @@ -620,3 +626,8 @@ die: setup_corrupt: .byte 7 .string "No setup signature found...\n" + + .section ".signature", "a" + .balign 4 +setup_sig: + .long SETUP_SIGNATURE diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld index e1d594a60204..7515ab011783 100644 --- a/arch/x86/boot/setup.ld +++ b/arch/x86/boot/setup.ld @@ -10,19 +10,14 @@ ENTRY(_start) SECTIONS { . =3D 0; - .bstext : { - *(.bstext) - . =3D 495; - } =3D0xffffffff - .header : { *(.header) } - .entrytext : { *(.entrytext) } - .inittext : { *(.inittext) } + .entrytext : { *(.entrytext) } =3D 0xcccccccc + .inittext : { *(.inittext) } =3D 0xcccccccc .initdata : { *(.initdata) } __end_init =3D .; =20 - .text : { *(.text .text.*) } - .text32 : { *(.text32) } + .text : { *(.text .text.*) } =3D 0xcccccccc + .text32 : { *(.text32) } =3D 0xcccccccc =20 .pecompat : { *(.pecompat) } PROVIDE(pecompat_fsize =3D setup_size - pecompat_fstart); @@ -40,9 +35,7 @@ SECTIONS .data : { *(.data*) } =20 .signature : { - setup_sig =3D .; - LONG(0x5a5aaa55) - + *(.signature) setup_size =3D ALIGN(ABSOLUTE(.), 4096); setup_sects =3D ABSOLUTE(setup_size / 512); ASSERT(setup_sects >=3D 5, "The setup must be at least 5 sectors in size= "); @@ -64,11 +57,16 @@ SECTIONS } =20 /* - * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility: + * The ASSERT() sink to . is intentional. A bare ASSERT() + * outside of an output section is believed to have been broken + * in some binutils versions, although it is supposed to have + * been supported since binutils 2.15. Either way, it doesn't hurt, + * so there is no reason to drop it. */ . =3D ASSERT(_end <=3D 0x8000, "Setup too big!"); . =3D ASSERT(hdr =3D=3D 0x1f1, "The setup header has the wrong offset!"); + . =3D ASSERT(end_of_bzheader <=3D 512+2+127, "bzImage header overflow!"); + . =3D ASSERT(end_of_bzheader =3D=3D start_of_setup, "padding bytes betwee= n .bzheader and .entrytext!"); /* Necessary for the very-old-loader check to work... */ . =3D ASSERT(__end_init <=3D 5*512, "init sections too big!"); - } --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14DCE407582 for ; Tue, 20 Jan 2026 19:54:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938896; cv=none; b=I6yEu1oIXQIRgNWsZkhwFj1inhVFrZWddemuwoWHixSI96QI2SBfUKjan1nEfQs5AkY6TXdBJ6ng5vyzFk3Ub5eD7fV0Ys4trA6xptX8AxrB814qNpJdMvrc91mzNdTKlDul5nyUigKAAeyimBy7VtFBTalVjMOFN+H2NGZ9id0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938896; c=relaxed/simple; bh=HCkzLw9lyDqURmFWnyWl+RoTbzltAIc9nLa5AlC6bF0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HrGJ/k7dOEdmwlgY5khH41CFm9GNDV1monEL8MjRjEuCE/xtdOcBOM8sKpF6HfWTvjHZJT7Bgp5fMSzwikn90ESGYReQQs6D1wxFgD8A9tve3Uco4ecVBWuzQ6c6XMZNJbXQTMnA3Vo8WvfdQdsJlGTGnZqDNjfOcQNr41WV6xI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=GbbE01ej; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="GbbE01ej" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3C3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:23 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3C3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938864; bh=x5o5p1WTVjSwGQYBVSOvLdb90rpRZLyFia98wPTCF2A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GbbE01ejnG7xfmZe2imk4WXiCQz/WoejAef5XGbF3qcjlUxPvKRjn7gGelcq+Lx6G koRkWwn4Pi3uDQZdnU0TCvI+0gMioA/kKflkAJF5k1lK4E+K+yCONHVO2OJ7k57uZH 1X4rPAFB8J31wDk/rhGJHkEruVDqfVQzIoBGIOKLBdydHkdVNR+Rkc7z39eVrnv071 A8CAJv/4Crvrx7g+1MzQbz9upZm6fX2W3e7FQlU+R6M9RREnBkgqixm3S8YMKyuqmb F9nRh7NVgMMeXo8IUShnkX1wpAdMT/RZmRcdHIPUUclH0amvpU2FyiUF6PmpDgeMJO qcefEpWodZoUQ== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 05/14] x86/boot: call puts() from within die() Date: Tue, 20 Jan 2026 11:53:57 -0800 Message-ID: <20260120195407.1163051-6-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Every call to die() has a call to puts() in front of it, which adds unnecessary code bloat. Move the puts() into die() which, being a noreturn function, is terminal and allows the compiler to not generate unnecessary code around it. Signed-off-by: H. Peter Anvin (Intel) Reviewed-by: Uros Bizjak --- arch/x86/boot/boot.h | 2 +- arch/x86/boot/header.S | 5 +++-- arch/x86/boot/main.c | 6 ++---- arch/x86/boot/pm.c | 6 ++---- 4 files changed, 8 insertions(+), 11 deletions(-) diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h index 1f2b7252e387..b4eb8405ba55 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -280,7 +280,7 @@ void console_init(void); void query_edd(void); =20 /* header.S */ -void __noreturn die(void); +void __noreturn die(const char *msg); =20 /* memory.c */ void detect_memory(void); diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 85a21d576f5b..5a54d33e51c2 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -611,14 +611,15 @@ SETUP_SIGNATURE =3D 0x5a5aaa55 # Setup corrupt somehow... setup_bad: movl $setup_corrupt, %eax - calll puts # Fall through... =20 .globl die .type die, @function die: + calll puts +1: hlt - jmp die + jmp 1b =20 .size die, .-die =20 diff --git a/arch/x86/boot/main.c b/arch/x86/boot/main.c index da01ade4959e..ad8869aad6db 100644 --- a/arch/x86/boot/main.c +++ b/arch/x86/boot/main.c @@ -143,10 +143,8 @@ void main(void) init_heap(); =20 /* Make sure we have all the proper CPU support */ - if (validate_cpu()) { - puts("Unable to boot - please use a kernel appropriate for your CPU.\n"); - die(); - } + if (validate_cpu()) + die("Unable to boot - please use a kernel appropriate for your CPU.\n"); =20 /* Tell the BIOS what CPU mode we intend to run in */ set_bios_mode(); diff --git a/arch/x86/boot/pm.c b/arch/x86/boot/pm.c index 5941f930f6c5..3be89ba4b1b3 100644 --- a/arch/x86/boot/pm.c +++ b/arch/x86/boot/pm.c @@ -106,10 +106,8 @@ void go_to_protected_mode(void) realmode_switch_hook(); =20 /* Enable the A20 gate */ - if (enable_a20()) { - puts("A20 gate not responding, unable to boot...\n"); - die(); - } + if (enable_a20()) + die("A20 gate not responding, unable to boot...\n"); =20 /* Reset coprocessor (IGNNE#) */ reset_coprocessor(); --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9040342317B for ; Tue, 20 Jan 2026 19:54:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938899; cv=none; b=J0M5IemdWFxqyExRITpX6sIpbbc5Jo1YCzESE3dSPKDWmrRb13DkfEHjvM1L6UzrApLiI5KRBvBfgW8ClMCgrHL/zvkfdRX2qTI9ZSuc+sctUyeeyCTzJk9qlUtaWLSjLJ0Axyv/wkwcy15c7qTytRJKZmGoBu6pokae3CKO+X8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938899; c=relaxed/simple; bh=Bj2ziLTpsCe5BZ24TEUz3Ts+WdMM2I5uygLOAv1e9t0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F3Xg6q+lGFR8YJ3D7Tyj/r/f2vCDBw15NtH0yGguK9ImPu+LQ/ESt6eciptYvMjdn+GOD2VCT+JlgzFAPRLAdCrsO2BAahyHuMG0217iLhi5gYuKMSwOXYAh58oSl2HRwkbJK+OxxVJ4vBJDWdp3CMQRK/mxAgV9BfZNGPO1nNU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=KZ6eEuJj; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="KZ6eEuJj" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3D3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:24 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3D3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938865; bh=NFUby8qM7aSboPB+19i5VTqV1XhLfa94fpQvQMZdh8w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KZ6eEuJjaJWvwk32R5nWuywpM+YX0vVnQ4Kf4tDuaRmmeF9nS6kCU2BWo9dKNHwfu 4poXUrgs9K5DIBQ6Iehnx4arYi70TdGLBuBsh1axVDEAr7iTICSH5cEYgNClH0qacO tLPOysoVPqDn4amUC1ismo9N5hdTO24EwVi9nElhE7H58KhJHQk5sjWyxv+eWNh3jr r1nxNbl6s5DmQ5qg0X1eO1R6+UTQ2pzA3jqsPcJvBs5Kl/h2NDhN00eK28RggFTUHU x7OJWbTafxyDHm2cHN4qAODlBAUNzU0z5zuMHsOkUo/bZ+h/iq+SprbHK9bp5Ifofh uEWykPdUp+ufA== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 06/14] x86/boot: add comment barriers for the different headers Date: Tue, 20 Jan 2026 11:53:58 -0800 Message-ID: <20260120195407.1163051-7-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add better comment barriers at the top of the PECOFF header and the bzImage header to make it easier to find the source for the respective chunks of data. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/boot/header.S | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 5a54d33e51c2..d74db02928e6 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -40,6 +40,9 @@ SYSSEG =3D 0x1000 /* historical load address >> 4 */ .set falign, 0x200 =20 .code16 + +# EFI PECOFF header ######################################################= #### + .section ".header", "a" #ifdef CONFIG_EFI_STUB # "MZ", MS-DOS header @@ -224,6 +227,8 @@ pecompat_fstart: =20 #endif /* CONFIG_EFI_STUB */ =20 +# bzImage header #########################################################= #### + # hdr should be at address 0x1f1; -2 for the sentinel .org 0x1f1-2, 0xff # Fill with 0xff =20 @@ -545,7 +550,7 @@ kernel_info_offset: .long ZO_kernel_info .globl end_of_bzheader end_of_bzheader: =20 -# End of setup header ##################################################### +# End of bzImage header ##################################################= #### =20 .section ".entrytext", "ax" .globl start_of_setup --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86EB63A7851 for ; Tue, 20 Jan 2026 19:54:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938900; cv=none; b=CDH/949mwEvRcQhg0byx2eKbuxxTuhzlRdQ3Wl8p+5NJkVV39/Ew24JJ3xMxkoNROtmoW1ZsJnN/Dv4gVCvdrPsn4IsDR4KGl+QODNPsqfPKTyVoPYBqzKvRHFTGlaZc3/Zduh9mMSKInL4tygn7tgsQoezxzmN69jzmt2R2bjw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938900; c=relaxed/simple; bh=pd088RQOhQt9hIGjmfzn4CJYQCYna96Bqw2lP4UCTWk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LxbCHstSchXQi4LYTPHYt7wiXEwBHaqQSKWJ+MpHGQo3EBjDiXIBg4wmIQtLr1nAZmgtqBQyvuSYTfFN+gH6xWx6iS1lH0eJzJZk3oZL0McVxFMDmtx6FIUcLZZ9rJELaNZEdS15orEOPXfnYlH13WD3QgURDgtIjVGx3xLXes0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=K7G06s8s; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="K7G06s8s" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3E3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:25 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3E3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938866; bh=0eZFuAsmIpe2g12/pjAj+iubg2rFoCHRAqhKjy60vdk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K7G06s8s2eRuBZcImpUM9Z2KaHM88Uk5qTFtu2hghh/cgoZ/xjp2PoShXAeaVkh0i 2y+Xm2VLX/l2SvjNCAPnLKpjVbXTw0p9ZFUUsiDVj9noX9hkWhxaXMP3Kn7pbp81rC Wfh2ssaYa1fyQ4ySQGNmG3SElmXH72Pqtt7bsy6aklVXRAypgKNAop0J30RI8v4ooF 1+dbDHIsfr4Oa0QeMoC8VAo3dzAoKxbZ7bf2k6AmoY2vK42IaUnJzqCgMfSyVrqWu2 hu6XcphwVC1s4MTolkTlW1+Hge96buuI6YaMWlCfnHTR3HeFN97b+sKbyEwxI2Lo95 c6UqRuwZk7OGQ== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 07/14] x86/boot: factor out the 16-bit startup code from header.S Date: Tue, 20 Jan 2026 11:53:59 -0800 Message-ID: <20260120195407.1163051-8-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move the 16-bit startup code to its own assembly file, instead of mixing it into header.S. header.S is now a pure data file. This also means the .code16 directive is no longer needed for this file. Signed-off-by: H. Peter Anvin (Intel) Reviewed-by: Uros Bizjak --- arch/x86/boot/Makefile | 4 +- arch/x86/boot/header.S | 91 +-------------------------------- arch/x86/boot/start16.S | 108 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+), 91 deletions(-) create mode 100644 arch/x86/boot/start16.S diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index 3f9fb3698d66..d7944bf196b9 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -22,8 +22,8 @@ subdir- :=3D compressed =20 setup-y +=3D a20.o bioscall.o cmdline.o copy.o cpu.o cpuflags.o cpucheck.o setup-y +=3D early_serial_console.o edd.o header.o main.o memory.o -setup-y +=3D pm.o pmjump.o printf.o regs.o string.o tty.o video.o -setup-y +=3D video-mode.o version.o +setup-y +=3D pm.o pmjump.o printf.o regs.o start16.o string.o tty.o +setup-y +=3D video.o video-mode.o version.o setup-$(CONFIG_X86_APM_BOOT) +=3D apm.o =20 # The link order of the video-*.o modules can matter. In particular, diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index d74db02928e6..10b2971320f3 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -25,7 +25,6 @@ #include "voffset.h" #include "zoffset.h" =20 -BOOTSEG =3D 0x07C0 /* original address of boot-sector */ SYSSEG =3D 0x1000 /* historical load address >> 4 */ =20 #ifndef SVGA_MODE @@ -39,8 +38,6 @@ SYSSEG =3D 0x1000 /* historical load address >> 4 */ .set salign, 0x1000 .set falign, 0x200 =20 - .code16 - # EFI PECOFF header ######################################################= #### =20 .section ".header", "a" @@ -277,6 +274,7 @@ type_of_loader: .byte 0 # 0 means ancient bootloader, = newer # assigned ids =20 # flags, unused bits must be zero (RFU) bit within loadflags + .globl loadflags loadflags: .byte LOADED_HIGH # The kernel is to be loaded high =20 @@ -301,6 +299,7 @@ ramdisk_size: .long 0 # its size in bytes bootsect_kludge: .long 0 # obsolete =20 + .globl heap_end_ptr heap_end_ptr: .word _end+STACK_SIZE-512 # (Header version 0x0201 or later) # space from here (exclusive) down to @@ -551,89 +550,3 @@ kernel_info_offset: .long ZO_kernel_info end_of_bzheader: =20 # End of bzImage header ##################################################= #### - - .section ".entrytext", "ax" - .globl start_of_setup -start_of_setup: -# Force %es =3D %ds - movw %ds, %ax - movw %ax, %es - cld - -# Apparently some ancient versions of LILO invoked the kernel with %ss != =3D %ds, -# which happened to work by accident for the old code. Recalculate the st= ack -# pointer if %ss is invalid. Otherwise leave it alone, LOADLIN sets up the -# stack behind its own code, so we can't blindly put it directly past the = heap. - - movw %ss, %dx - cmpw %ax, %dx # %ds =3D=3D %ss? - movw %sp, %dx - je 2f # -> assume %sp is reasonably set - - # Invalid %ss, make up a new stack - movw $_end, %dx - testb $CAN_USE_HEAP, loadflags - jz 1f - movw heap_end_ptr, %dx -1: addw $STACK_SIZE, %dx - jnc 2f - xorw %dx, %dx # Prevent wraparound - -2: # Now %dx should point to the end of our stack space - andw $~3, %dx # dword align (might as well...) - jnz 3f - movw $0xfffc, %dx # Make sure we're not zero -3: movw %ax, %ss - movzwl %dx, %esp # Clear upper half of %esp - sti # Now we should have a working stack - -# We will have entered with %cs =3D %ds+0x20, normalize %cs so -# it is on par with the other segments. - pushw %ds - pushw $6f - lretw -6: - -# Check signature at end of setup -SETUP_SIGNATURE =3D 0x5a5aaa55 - cmpl $SETUP_SIGNATURE, setup_sig - jne setup_bad - -# Zero the bss - movw $__bss_start, %di - movw $_end+3, %cx - xorl %eax, %eax - subw %di, %cx - shrw $2, %cx - rep stosl - -# The C code uses %gs =3D=3D 0 as invariant - movw %ax, %gs - -# Jump to C code (should not return) - calll main - -# Setup corrupt somehow... -setup_bad: - movl $setup_corrupt, %eax - # Fall through... - - .globl die - .type die, @function -die: - calll puts -1: - hlt - jmp 1b - - .size die, .-die - - .section ".initdata", "a" -setup_corrupt: - .byte 7 - .string "No setup signature found...\n" - - .section ".signature", "a" - .balign 4 -setup_sig: - .long SETUP_SIGNATURE diff --git a/arch/x86/boot/start16.S b/arch/x86/boot/start16.S new file mode 100644 index 000000000000..3381dc0f4065 --- /dev/null +++ b/arch/x86/boot/start16.S @@ -0,0 +1,108 @@ +/* + * start16.S + * + * Copyright (C) 1991, 1992 Linus Torvalds + * + * Based on bootsect.S and setup.S + * modified by more people than can be counted + * + * Rewritten as a common file by H. Peter Anvin (Apr 2007) + * + * BIG FAT NOTE: We're in real mode using 64k segments. Therefore segment + * addresses must be multiplied by 16 to obtain their respective linear + * addresses. To avoid confusion, linear addresses are written using leadi= ng + * hex while segment addresses are written as segment:offset. + * + * This code must *immediately* follow the bzImage header, so DO NOT + * add alignment directives anywhere in the .entrytext section! + */ + +#include +#include "boot.h" + + .code16 + .section ".entrytext", "ax" + .globl start_of_setup +start_of_setup: +# Force %es =3D %ds + movw %ds, %ax + movw %ax, %es + cld + +# Apparently some ancient versions of LILO invoked the kernel with %ss != =3D %ds, +# which happened to work by accident for the old code. Recalculate the st= ack +# pointer if %ss is invalid. Otherwise leave it alone, LOADLIN sets up the +# stack behind its own code, so we can't blindly put it directly past the = heap. + + movw %ss, %dx + cmpw %ax, %dx # %ds =3D=3D %ss? + movw %sp, %dx + je 2f # -> assume %sp is reasonably set + + # Invalid %ss, make up a new stack + movw $_end, %dx + testb $CAN_USE_HEAP, loadflags + jz 1f + movw heap_end_ptr, %dx +1: addw $STACK_SIZE, %dx + jnc 2f + xorw %dx, %dx # Prevent wraparound + +2: # Now %dx should point to the end of our stack space + andw $~3, %dx # dword align (might as well...) + jnz 3f + movw $0xfffc, %dx # Make sure we're not zero +3: movw %ax, %ss + movzwl %dx, %esp # Clear upper half of %esp + sti # Now we should have a working stack + +# We will have entered with %cs =3D %ds+0x20, normalize %cs so +# it is on par with the other segments. + pushw %ds + pushw $6f + lretw +6: + +# Check signature at end of setup +SETUP_SIGNATURE =3D 0x5a5aaa55 + cmpl $SETUP_SIGNATURE, setup_sig + jne setup_bad + +# Zero the bss + movw $__bss_start, %di + movw $_end+3, %cx + xorl %eax, %eax + subw %di, %cx + shrw $2, %cx + rep stosl + +# The C code uses %gs =3D=3D 0 as invariant + movw %ax, %gs + +# Jump to C code (should not return) + calll main + +# Setup corrupt somehow... +setup_bad: + movl $setup_corrupt, %eax + # Fall through... + + .globl die + .type die, @function +die: + calll puts +1: + hlt + jmp 1b + + .size die, .-die + + .section ".initdata", "a" +setup_corrupt: + .byte 7 + .string "No setup signature found...\n" + + .section ".signature", "a" + .balign 4 +setup_sig: + .long SETUP_SIGNATURE --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 203853A4ABF for ; Tue, 20 Jan 2026 19:54:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938899; cv=none; b=uq0vpAzGveT/lnnFsR75RwKatGgnf6DkKwNhh5XCDO7URwoVUnWLssgn27DN5fKgkqmq+FjmxpDM/nmcylGigjtLv5QWWrRrLmY0Obq8ldju+bWYP6EtRSqlXwkrUK25PRqDquqjsB5hPo/QcW4ClUZuxdxzoP9ZxjdKGMR5tQA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938899; c=relaxed/simple; bh=D4tK6s4qxmXd7ByQgksRFD6iGVZ5J1jtKQniMHVJirw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=q48W3Y/XMFP84+Kt5A3bLbUOQdwLVKuc6Ew8i/CU4zVhYPv0hKq0XXS9FFY1Q38VnVBYEHM8i5axQh3psNMgno1kgSV1qbn+8uYdCV4M3jfEv3Pfm0FgG3IkkvckKFljAHF5l134azt0dKSlmRVxVNO8Gyyo4rJgi+Zk1iYq0V0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=P5xGA/F/; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="P5xGA/F/" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3F3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:26 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3F3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938869; bh=hTzQn7SyH/cYu7s0tyFNKhrOlfC46JaH5MDmT+7FXN0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=P5xGA/F/SdLc+apds1JBd/6XbKRAM6F3DN2PsGe4IAkIOCW76o6QVkcgLnzH9+xaL 4NWtQWTos/iIYaZgc6NFHN62AG+53/2bn9iqucShu/QSOY5pNWCOwZtuF6+XEWn6dx cjuhbIkcB8MRDcZbQWn/yEceOQ6lqwDDsAvL/njUFZHC8lLwfXk6YPHBF9Psbc8L+W F9ejRNGDwehXwP/NfPrBtsGDZXBxezl858Z4x1QlF/3qZD1Kbn3szUBz1oozjGZU0q xrb4CQQK7ZX34O9EGcY25l3Ty9AYG/r6hZSWxVu9ptBEDtUx3fynHQLgsz0mv2wAVC awt9y0Jy+ELyg== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 08/14] x86: make CONFIG_EFI_STUB unconditional Date: Tue, 20 Jan 2026 11:54:00 -0800 Message-ID: <20260120195407.1163051-9-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The EFI stub code is mature, most current x86 systems require EFI to boot, and as it is exclusively preboot code, it doesn't affect the runtime memory footprint at all. It makes absolutely no sense to omit it anymore, so make it unconditional. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/Kconfig | 14 ++------------ arch/x86/boot/compressed/Makefile | 2 -- arch/x86/boot/compressed/error.c | 2 -- arch/x86/boot/header.S | 3 --- 4 files changed, 2 insertions(+), 19 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 80527299f859..14e2b00a3815 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -907,7 +907,6 @@ config INTEL_TDX_GUEST bool "Intel TDX (Trust Domain Extensions) - Guest Support" depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC - depends on EFI_STUB depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT @@ -1495,7 +1494,6 @@ config X86_MEM_ENCRYPT config AMD_MEM_ENCRYPT bool "AMD Secure Memory Encryption (SME) support" depends on X86_64 && CPU_SUP_AMD - depends on EFI_STUB select DMA_COHERENT_POOL select ARCH_USE_MEMREMAP_PROT select INSTRUCTION_DECODER @@ -1929,18 +1927,10 @@ config EFI platforms. =20 config EFI_STUB - bool "EFI stub support" - depends on EFI - select RELOCATABLE - help - This kernel feature allows a bzImage to be loaded directly - by EFI firmware without the use of a bootloader. - - See Documentation/admin-guide/efi-stub.rst for more information. + def_bool y =20 config EFI_HANDOVER_PROTOCOL bool "EFI handover protocol (DEPRECATED)" - depends on EFI_STUB default y help Select this in order to include support for the deprecated EFI @@ -1957,7 +1947,7 @@ config EFI_HANDOVER_PROTOCOL =20 config EFI_MIXED bool "EFI mixed-mode support" - depends on EFI_STUB && X86_64 + depends on X86_64 help Enabling this feature allows a 64-bit kernel to be booted on a 32-bit firmware, provided that your CPU supports 64-bit diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/M= akefile index 68f9d7a1683b..6cbcf01c8bad 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -66,11 +66,9 @@ LDFLAGS_vmlinux +=3D -z noexecstack ifeq ($(CONFIG_LD_IS_BFD),y) LDFLAGS_vmlinux +=3D $(call ld-option,--no-warn-rwx-segments) endif -ifeq ($(CONFIG_EFI_STUB),y) # ensure that the static EFI stub library will be pulled in, even if it is # never referenced explicitly from the startup code LDFLAGS_vmlinux +=3D -u efi_pe_entry -endif LDFLAGS_vmlinux +=3D -T =20 hostprogs :=3D mkpiggy diff --git a/arch/x86/boot/compressed/error.c b/arch/x86/boot/compressed/er= ror.c index 19a8251de506..f2d21e57c109 100644 --- a/arch/x86/boot/compressed/error.c +++ b/arch/x86/boot/compressed/error.c @@ -24,7 +24,6 @@ void error(char *m) } =20 /* EFI libstub provides vsnprintf() */ -#ifdef CONFIG_EFI_STUB void panic(const char *fmt, ...) { static char buf[1024]; @@ -40,4 +39,3 @@ void panic(const char *fmt, ...) =20 error(buf); } -#endif diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 10b2971320f3..776bd0631bce 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -41,7 +41,6 @@ SYSSEG =3D 0x1000 /* historical load address >> 4 */ # EFI PECOFF header ######################################################= #### =20 .section ".header", "a" -#ifdef CONFIG_EFI_STUB # "MZ", MS-DOS header .word IMAGE_DOS_SIGNATURE .org 0x38 @@ -222,8 +221,6 @@ pecompat_fstart: =20 .set section_count, (. - section_table) / 40 =20 -#endif /* CONFIG_EFI_STUB */ - # bzImage header #########################################################= #### =20 # hdr should be at address 0x1f1; -2 for the sentinel --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D7ED428820 for ; Tue, 20 Jan 2026 19:55:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938906; cv=none; b=TCykpK0HQd+NcFANKLC8iGgitErV2zHhktPIiC4jWiBCHTocUB7FbuIwi7m7poUDsSyAl9VTslgNq1hc1l4j+JfUej22p+w/xsQXr5fVFEuTAE2RSpQ75JwnLKR6VcJ0cHj1dFJu9s7bfS6i0LrvC4drrAAmFd5qi/ZzGtFL9Aw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938906; c=relaxed/simple; bh=cniQ/5CQ1A9KzfQ+8m9H5BcqzuqyLa9ZqPDMY5Vpxf4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=L2Zg56HVVK5L75uRBtSlP5k7HmhOPvMlVKbV2SMLzt/O01PAX7nXK7Zmyc0qJf/PrMnrPYBd9LF+ize3PAUzIR08ASaZd5OYwz8HO8CWc2VNOT4dA2Hab90bLe6WuGfQp2PNDyoNUUsKLuoe/FKhkf5bZhzg4CotHvsWE6Jjxyk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=fy0xvkhX; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="fy0xvkhX" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3G3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:29 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3G3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938870; bh=bRvYfqCNbuYiTVy5Sv3lOWnGQXtHJszTUQDuhogATsY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fy0xvkhXzHdZfSeyaTgVNau8danIWXZRvc49fPNW3/7r2tbkZD27Lwc1ii/5ebcQg E152ANWTvIG7i7395TePkU2INmyj1enbRYKhLss77sWzqB6/pF9HYXwo0D8HN4F989 T5OTrTNrGk8Vb0whENGH9Vo/Tz0BJqZWkvmDQEcd/wR19mmG26YasXVOopcfC2Vuja ErXiJz7VfkqsdsCCjx8IZ3alQRILkn2o+zQo3o/TIheeYtTnG5/Dv2/lM33MxV0oQd Jxfec6+h6cTvPlbbZ4OglK8zBlaERZXy3pMP5yiIirqrl9Ri64fnHHG1q620ih+/2t +HlfWNNp095fA== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 09/14] x86/boot: make the relocatable kernel unconditional Date: Tue, 20 Jan 2026 11:54:01 -0800 Message-ID: <20260120195407.1163051-10-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" There is absolutely no valid reason to build a non-relocatable kernel anymore. It has no effect on the runtime memory footprint since it is handled entirely in preboot code. Futhermore, the relocatable kernel is required for EFI stub support. Remove CONFIG_RELOCATABLE and make the non-relocatable kernel unconditional. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/Kconfig | 71 ++++-------------------------- arch/x86/boot/compressed/head_32.S | 2 - arch/x86/boot/compressed/head_64.S | 4 -- arch/x86/boot/compressed/misc.c | 8 ---- arch/x86/boot/header.S | 12 +---- 5 files changed, 11 insertions(+), 86 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 14e2b00a3815..a0fe0349fb77 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2018,61 +2018,16 @@ config PHYSICAL_START help This gives the physical address where the kernel is loaded. =20 - If the kernel is not relocatable (CONFIG_RELOCATABLE=3Dn) then bzImage - will decompress itself to above physical address and run from there. - Otherwise, bzImage will run from the address where it has been loaded - by the boot loader. The only exception is if it is loaded below the - above physical address, in which case it will relocate itself there. - - In normal kdump cases one does not have to set/change this option - as now bzImage can be compiled as a completely relocatable image - (CONFIG_RELOCATABLE=3Dy) and be used to load and run from a different - address. This option is mainly useful for the folks who don't want - to use a bzImage for capturing the crash dump and want to use a - vmlinux instead. vmlinux is not relocatable hence a kernel needs - to be specifically compiled to run from a specific memory area - (normally a reserved region) and this option comes handy. - - So if you are using bzImage for capturing the crash dump, - leave the value here unchanged to 0x1000000 and set - CONFIG_RELOCATABLE=3Dy. Otherwise if you plan to use vmlinux - for capturing the crash dump change this value to start of - the reserved region. In other words, it can be set based on - the "X" value as specified in the "crashkernel=3DYM@XM" - command line boot parameter passed to the panic-ed - kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst - for more details about crash dumps. - - Usage of bzImage for capturing the crash dump is recommended as - one does not have to build two kernels. Same kernel can be used - as production kernel and capture kernel. Above option should have - gone away after relocatable bzImage support is introduced. But it - is present because there are users out there who continue to use - vmlinux for dump capture. This option should go away down the - line. + If the kernel is loaded at a physical address below this address + by the boot loader it will relocate itself there. =20 - Don't change this unless you know what you are doing. + The addresses in the vmlinux and System.map files are based + at this address. =20 -config RELOCATABLE - bool "Build a relocatable kernel" - default y - help - This builds a kernel image that retains relocation information - so it can be loaded someplace besides the default 1MB. - The relocations tend to make the kernel binary about 10% larger, - but are discarded at runtime. - - One use is for the kexec on panic case where the recovery kernel - must live at a different physical address than the primary - kernel. - - Note: If CONFIG_RELOCATABLE=3Dy, then the kernel runs from the address - it has been loaded at and the compile time physical address - (CONFIG_PHYSICAL_START) is used as the minimum location. + Don't change this unless you know what you are doing. =20 config RANDOMIZE_BASE bool "Randomize the address of the kernel image (KASLR)" - depends on RELOCATABLE default y help In support of Kernel Address Space Layout Randomization (KASLR), @@ -2108,7 +2063,7 @@ config RANDOMIZE_BASE # Relocation on x86 needs some additional build support config X86_NEED_RELOCS def_bool y - depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE) + depends on RANDOMIZE_BASE || X86_32 select ARCH_VMLINUX_NEEDS_RELOCS =20 config PHYSICAL_ALIGN @@ -2121,17 +2076,9 @@ config PHYSICAL_ALIGN where kernel is loaded and run from. Kernel is compiled for an address which meets above alignment restriction. =20 - If bootloader loads the kernel at a non-aligned address and - CONFIG_RELOCATABLE is set, kernel will move itself to nearest - address aligned to above value and run from there. - - If bootloader loads the kernel at a non-aligned address and - CONFIG_RELOCATABLE is not set, kernel will ignore the run time - load address and decompress itself to the address it has been - compiled for and run from there. The address for which kernel is - compiled already meets above alignment restrictions. Hence the - end result is that kernel runs from a physical address meeting - above alignment restrictions. + If bootloader loads the kernel at a non-aligned address the + kernel will move itself upwards to the nearest address + aligned to above value and run from there. =20 On 32-bit this value must be a multiple of 0x2000. On 64-bit this value must be a multiple of 0x200000. diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/= head_32.S index 1cfe9802a42f..79d9e2c330ba 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -82,7 +82,6 @@ SYM_FUNC_START(startup_32) * %ebp is calculated to be the address that the kernel will be decompress= ed to. */ =20 -#ifdef CONFIG_RELOCATABLE leal startup_32@GOTOFF(%edx), %ebx movl BP_kernel_alignment(%esi), %eax decl %eax @@ -91,7 +90,6 @@ SYM_FUNC_START(startup_32) andl %eax, %ebx cmpl $LOAD_PHYSICAL_ADDR, %ebx jae 1f -#endif movl $LOAD_PHYSICAL_ADDR, %ebx 1: =20 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/= head_64.S index d9dab940ff62..8a964a4d45c2 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -143,7 +143,6 @@ SYM_FUNC_START(startup_32) * for safe in-place decompression. */ =20 -#ifdef CONFIG_RELOCATABLE movl %ebp, %ebx movl BP_kernel_alignment(%esi), %eax decl %eax @@ -152,7 +151,6 @@ SYM_FUNC_START(startup_32) andl %eax, %ebx cmpl $LOAD_PHYSICAL_ADDR, %ebx jae 1f -#endif movl $LOAD_PHYSICAL_ADDR, %ebx 1: =20 @@ -312,7 +310,6 @@ SYM_CODE_START(startup_64) */ =20 /* Start with the delta to where the kernel will run at. */ -#ifdef CONFIG_RELOCATABLE leaq startup_32(%rip) /* - $startup_32 */, %rbp movl BP_kernel_alignment(%rsi), %eax decl %eax @@ -321,7 +318,6 @@ SYM_CODE_START(startup_64) andq %rax, %rbp cmpq $LOAD_PHYSICAL_ADDR, %rbp jae 1f -#endif movq $LOAD_PHYSICAL_ADDR, %rbp 1: =20 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/mis= c.c index 0f41ca0e52c0..0cdc164286fc 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -314,12 +314,8 @@ static size_t parse_elf(void *output) if ((phdr->p_align % 0x200000) !=3D 0) error("Alignment of LOAD segment isn't multiple of 2MB"); #endif -#ifdef CONFIG_RELOCATABLE dest =3D output; dest +=3D (phdr->p_paddr - LOAD_PHYSICAL_ADDR); -#else - dest =3D (void *)(phdr->p_paddr); -#endif memmove(dest, output + phdr->p_offset, phdr->p_filesz); break; default: /* Ignore other PT_* */ break; @@ -506,10 +502,6 @@ asmlinkage __visible void *extract_kernel(void *rmode,= unsigned char *output) if (heap > ((-__PAGE_OFFSET-(128<<20)-1) & 0x7fffffff)) error("Destination address too large"); #endif -#ifndef CONFIG_RELOCATABLE - if (virt_addr !=3D LOAD_PHYSICAL_ADDR) - error("Destination virtual address changed when not relocatable"); -#endif =20 debug_putstr("\nDecompressing Linux... "); =20 diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 776bd0631bce..2828b25707bb 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -334,24 +334,16 @@ initrd_addr_max: .long 0x7fffffff kernel_alignment: .long CONFIG_PHYSICAL_ALIGN #physical addr alignment #required for protected mode #kernel -#ifdef CONFIG_RELOCATABLE -relocatable_kernel: .byte 1 -#else -relocatable_kernel: .byte 0 -#endif +relocatable_kernel: .byte 1 # Always relocatable min_alignment: .byte MIN_KERNEL_ALIGN_LG2 # minimum alignment =20 xloadflags: #ifdef CONFIG_X86_64 # define XLF0 XLF_KERNEL_64 /* 64-bit kernel */ -#else -# define XLF0 0 -#endif - -#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64) /* kernel/boot_param/ramdisk could be loaded above 4g */ # define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G #else +# define XLF0 0 # define XLF1 0 #endif =20 --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7CB0F441054 for ; Tue, 20 Jan 2026 19:55:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938904; cv=none; b=XYmzyTyPlK9rQJAcw6/9/kdGflhyeg8Za79lNnUj0jkJbut6lmcxCiAr15PrssakiZAAlJ/94GrR3L8ymEFYL7o88K72t3GTPhTpcFqas+jh490rYreY8Ua+817iLJ1MVevbZZSsU6LZZV/GZOXLqSD3cRNDX1rfFLjQeKWQvGw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938904; c=relaxed/simple; bh=vwbvR4PSA3kE6W9cqx+emJ/NFWHvT7QK3VG05OdBQks=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QqnWN36LC7oRKK4JYfXZPVBgli/y14rWBmXxuDUhACV35Y3uzTh/y2UzED3krBPLompgh5CyHTv0hAsKAkQO9vFpXsOQyt6n/nreg4O8W3dMEkr+VYZdPJekjCCALDymeeVi477E91J0u3TPq5QWGPrIyORRYz0E9och4sr1U/E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=XSnk9ITx; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="XSnk9ITx" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3H3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:30 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3H3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938871; bh=Pc8Z7/dwfRkBhL7bxG7h+eyD8Fb6lWN9llBPu5Gj3nM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XSnk9ITxTvgXx7rIAhi1yz9FIwxZc2ceRwCvHuYTHTWBgwYsYQBh3JBXJrTNCY0lW EkpeDz7LmCUXQMvJGoQ9Yft6noHQvm/m+cutWs3pDmE8FJGpSbGc3GoCy7e+jH3Nqi IQC3wEJXq+bLt8MIp1UrmTSwPK7krGrhQb8+MCrATctoZRJ5Cz9edYld37ZksXESAb ues2XYIxdo0gDKp+EAobOW/vubpNR8uh0IY97ixnCeUpRAd+SWyQCynzh8kd25k30l MUvrmbFiPCWxblJUg1HX1uz1ih7OubHFqiLCLOE0FdhhJuAljjHGYwdHmZLMAaCzHI wqr/fNJeN3qww== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 10/14] x86/boot: explicitly put the old command line pointer in header.S Date: Tue, 20 Jan 2026 11:54:02 -0800 Message-ID: <20260120195407.1163051-11-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Put the location for the old command line pointer into header.S. This not only makes the layout of the header data more explicit, but it also removes the need for the absolute_pointer() hack in arch/x86/boot/main.c. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/boot/header.S | 7 +++++++ arch/x86/boot/main.c | 32 ++++++++++++++++---------------- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 2828b25707bb..4eb12443dafa 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -43,6 +43,13 @@ SYSSEG =3D 0x1000 /* historical load address >> 4 */ .section ".header", "a" # "MZ", MS-DOS header .word IMAGE_DOS_SIGNATURE + + .org 0x20 + # Used for the command line protocol in boot protocols 2.00-2.01 + .globl old_cmdline +old_cmdline: + .word 0, 0 + .org 0x38 # # Offset to the PE header. diff --git a/arch/x86/boot/main.c b/arch/x86/boot/main.c index ad8869aad6db..864da3deab18 100644 --- a/arch/x86/boot/main.c +++ b/arch/x86/boot/main.c @@ -22,36 +22,36 @@ char *HEAP =3D _end; char *heap_end =3D _end; /* Default end of heap =3D no heap */ =20 /* - * Copy the header into the boot parameter block. Since this - * screws up the old-style command line protocol, adjust by - * filling in the new-style command line pointer instead. + * Copy the header into the boot parameter block. Since this screws + * up the old-style command line protocol (protocol 2.00-2.01), adjust + * by filling in the new-style command line pointer instead. */ +struct old_cmdline { + u16 cl_magic; + u16 cl_offset; +}; +extern const struct old_cmdline old_cmdline; + static void copy_boot_params(void) { - struct old_cmdline { - u16 cl_magic; - u16 cl_offset; - }; - const struct old_cmdline * const oldcmd =3D absolute_pointer(OLD_CL_ADDRE= SS); - BUILD_BUG_ON(sizeof(boot_params) !=3D 4096); memcpy(&boot_params.hdr, &hdr, sizeof(hdr)); =20 - if (!boot_params.hdr.cmd_line_ptr && oldcmd->cl_magic =3D=3D OLD_CL_MAGIC= ) { + if (!boot_params.hdr.cmd_line_ptr && + old_cmdline.cl_magic =3D=3D OLD_CL_MAGIC) { /* Old-style command line protocol */ - u16 cmdline_seg; + u32 cmdline_base =3D 0x90000; =20 /* * Figure out if the command line falls in the region * of memory that an old kernel would have copied up * to 0x90000... */ - if (oldcmd->cl_offset < boot_params.hdr.setup_move_size) - cmdline_seg =3D ds(); - else - cmdline_seg =3D 0x9000; + if (old_cmdline.cl_offset < boot_params.hdr.setup_move_size) + cmdline_base =3D ds() << 4; =20 - boot_params.hdr.cmd_line_ptr =3D (cmdline_seg << 4) + oldcmd->cl_offset; + boot_params.hdr.cmd_line_ptr =3D + cmdline_base + old_cmdline.cl_offset; } } =20 --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D1CF47A0DD for ; Tue, 20 Jan 2026 19:55:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938909; cv=none; b=T5r3HJ0lYW1t0e5KD5+DEHuPlum/mhxTDo/m7tPG7wgTSL80aPL1BWCTf11WD9kDhtVBNoNynDXwLElhHwS0k49SPDtnhNuidx6hWf4g/IQIIoelsfkDT4WbFGusTmIPx5SbmtSgoDIFFTIWCC5sAStbPSFTj7YJzh351dUgQHI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938909; c=relaxed/simple; bh=LBxdsT6zNKsJO/Sx1ifhb2dPpGgksxxDynxFV0ztctw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Dnd+hTvXWP+s5iQEvF2OFx9DvIr+yK31ScrjZe/QkZ3YLH+sWMA+3cVCneq7VFwAL52uOOBBVbPna8Au3yYod77eKLOu3EeuG70Dk1+VnWzEbLITXv8411hUzfLSVexh2/Qw/tJ2XI1Ggradn24xwDYgcOoT4krggH6wR19iO84= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=iHkvsy3h; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="iHkvsy3h" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3I3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:31 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3I3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938872; bh=lC6mgLfuk0/kOJZaYu1MaK8TsF5kxYLUg+2v1N2MSns=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iHkvsy3hUyCcKR5DbfHKEZEJsI40nZc8CbU2s0SJYP3lAdLnuKCv9UARPfjAsjCO8 St6zhOGnKasJwArhDU6Q/LmMBsX1sSLx/TMXRKh9Zf583qhiHaGlUsHv5U2QAQoFoa oRbKnmZ6SHtcpoDRLa5QzYboV8wwRCb5iOUcBJg8clMeBU7XwmNYzn2ZWdK9SP5/Ut b46ywkV3gFeJLhMna8tpfOMicxCBGFTZb0qU1+B1kWeDhuDAgnTmlkt1fKFwVAjojY yrnr34R8rBHJ5HtAplTZcS/oX+KbAdTEKIR4EsjOLJbkYBBp4PR4p6JQLspyBbzaI/ Rx/PRj3cJTZLQ== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 11/14] x86/boot: use __seg_fs and __seg_gs in the real-mode boot code Date: Tue, 20 Jan 2026 11:54:03 -0800 Message-ID: <20260120195407.1163051-12-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" All supported versions of gcc support __seg_fs and __seg_gs now. All supported versions of clang support __seg_fs and __seg_gs too, except for two bugs (as of clang 21, at least): 1. The %fs: and %gs: prefix does not get emitted in inline assembly. 2. An internal compiler error when addressing symbols directly. However, none of these are required in the boot code. Furthermore, this makes it possible to remove the absolute_pointer() hack in the fs/gs access functions. This requires adding a barrier() to a20.c, to prevent the compiler from eliding the load from the aliased memory address. Remove the unused memcmp_[fg]s() functions. Finally, ds() is by necessity constant, so mark the function as such. Signed-off-by: H. Peter Anvin (Intel) Reviewed-by: Uros Bizjak --- arch/x86/boot/a20.c | 1 + arch/x86/boot/boot.h | 81 ++++++++++++++------------------------------ 2 files changed, 27 insertions(+), 55 deletions(-) diff --git a/arch/x86/boot/a20.c b/arch/x86/boot/a20.c index 3ab6cd8eaa31..52c3fccdcb70 100644 --- a/arch/x86/boot/a20.c +++ b/arch/x86/boot/a20.c @@ -63,6 +63,7 @@ static int a20_test(int loops) while (loops--) { wrgs32(++ctr, A20_TEST_ADDR); io_delay(); /* Serialize and make delay constant */ + barrier(); /* Compiler won't know about fs/gs overlap */ ok =3D rdfs32(A20_TEST_ADDR+0x10) ^ ctr; if (ok) break; diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h index b4eb8405ba55..4d3549ed7987 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -45,7 +45,7 @@ static inline void io_delay(void) =20 /* These functions are used to reference data in other segments. */ =20 -static inline u16 ds(void) +static inline __attribute_const__ u16 ds(void) { u16 seg; asm("movw %%ds,%0" : "=3Drm" (seg)); @@ -54,7 +54,7 @@ static inline u16 ds(void) =20 static inline void set_fs(u16 seg) { - asm volatile("movw %0,%%fs" : : "rm" (seg)); + asm volatile("movw %0,%%fs" : : "rm" (seg) : "memory"); } static inline u16 fs(void) { @@ -65,7 +65,7 @@ static inline u16 fs(void) =20 static inline void set_gs(u16 seg) { - asm volatile("movw %0,%%gs" : : "rm" (seg)); + asm volatile("movw %0,%%gs" : : "rm" (seg) : "memory"); } static inline u16 gs(void) { @@ -76,96 +76,67 @@ static inline u16 gs(void) =20 typedef unsigned int addr_t; =20 +/* + * WARNING: as of clang 21, clang has the following two bugs related + * to __seg_fs and __seg_gs: + * + * 1. The %fs: and %gs: prefix does not get emitted in inline assembly. + * 2. An internal compiler error when addressing symbols directly. + * + * Neither of those constructs are currently used in the boot code. + * If they ever are, and those bugs still remain, then those bugs will + * need to be worked around. + */ static inline u8 rdfs8(addr_t addr) { - u8 *ptr =3D (u8 *)absolute_pointer(addr); - u8 v; - asm volatile("movb %%fs:%1,%0" : "=3Dq" (v) : "m" (*ptr)); - return v; + return *(__seg_fs const u8 *)addr; } static inline u16 rdfs16(addr_t addr) { - u16 *ptr =3D (u16 *)absolute_pointer(addr); - u16 v; - asm volatile("movw %%fs:%1,%0" : "=3Dr" (v) : "m" (*ptr)); - return v; + return *(__seg_fs const u16 *)addr; } static inline u32 rdfs32(addr_t addr) { - u32 *ptr =3D (u32 *)absolute_pointer(addr); - u32 v; - asm volatile("movl %%fs:%1,%0" : "=3Dr" (v) : "m" (*ptr)); - return v; + return *(__seg_fs const u32 *)addr; } =20 static inline void wrfs8(u8 v, addr_t addr) { - u8 *ptr =3D (u8 *)absolute_pointer(addr); - asm volatile("movb %1,%%fs:%0" : "+m" (*ptr) : "qi" (v)); + *(__seg_fs u8 *)addr =3D v; } static inline void wrfs16(u16 v, addr_t addr) { - u16 *ptr =3D (u16 *)absolute_pointer(addr); - asm volatile("movw %1,%%fs:%0" : "+m" (*ptr) : "ri" (v)); + *(__seg_fs u16 *)addr =3D v; } static inline void wrfs32(u32 v, addr_t addr) { - u32 *ptr =3D (u32 *)absolute_pointer(addr); - asm volatile("movl %1,%%fs:%0" : "+m" (*ptr) : "ri" (v)); + *(__seg_fs u32 *)addr =3D v; } =20 static inline u8 rdgs8(addr_t addr) { - u8 *ptr =3D (u8 *)absolute_pointer(addr); - u8 v; - asm volatile("movb %%gs:%1,%0" : "=3Dq" (v) : "m" (*ptr)); - return v; + return *(__seg_gs const u8 *)addr; } static inline u16 rdgs16(addr_t addr) { - u16 *ptr =3D (u16 *)absolute_pointer(addr); - u16 v; - asm volatile("movw %%gs:%1,%0" : "=3Dr" (v) : "m" (*ptr)); - return v; + return *(__seg_gs const u16 *)addr; } static inline u32 rdgs32(addr_t addr) { - u32 *ptr =3D (u32 *)absolute_pointer(addr); - u32 v; - asm volatile("movl %%gs:%1,%0" : "=3Dr" (v) : "m" (*ptr)); - return v; + return *(__seg_gs const u32 *)addr; } =20 static inline void wrgs8(u8 v, addr_t addr) { - u8 *ptr =3D (u8 *)absolute_pointer(addr); - asm volatile("movb %1,%%gs:%0" : "+m" (*ptr) : "qi" (v)); + *(__seg_gs u8 *)addr =3D v; } static inline void wrgs16(u16 v, addr_t addr) { - u16 *ptr =3D (u16 *)absolute_pointer(addr); - asm volatile("movw %1,%%gs:%0" : "+m" (*ptr) : "ri" (v)); + *(__seg_gs u16 *)addr =3D v; } static inline void wrgs32(u32 v, addr_t addr) { - u32 *ptr =3D (u32 *)absolute_pointer(addr); - asm volatile("movl %1,%%gs:%0" : "+m" (*ptr) : "ri" (v)); -} - -/* Note: these only return true/false, not a signed return value! */ -static inline bool memcmp_fs(const void *s1, addr_t s2, size_t len) -{ - bool diff; - asm volatile("fs repe cmpsb" - : "=3D@ccnz" (diff), "+D" (s1), "+S" (s2), "+c" (len)); - return diff; -} -static inline bool memcmp_gs(const void *s1, addr_t s2, size_t len) -{ - bool diff; - asm volatile("gs repe cmpsb" - : "=3D@ccnz" (diff), "+D" (s1), "+S" (s2), "+c" (len)); - return diff; + *(__seg_gs u32 *)addr =3D v; } =20 /* Heap -- available for dynamic lists. */ --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82C1B314D3F for ; Tue, 20 Jan 2026 19:55:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938910; cv=none; b=tLuQnsJjQhB+JqVUXcd8gJgbMRV17R0LOUVv2EVkbw0AK3295rvpIPsSzw/VftODSnqmNqaO48C8LLUi2kkmyu7qbu2MmbsaYZA/pc2SEbUy1qhhBi5dlnCGFK6pSCuvYYLVai6jtP/AEad6HLH97QPSUyy3qNPxmTTuzmnsXsk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938910; c=relaxed/simple; bh=y0qBWJ2JzcE5Wdd6HcJhZkb5zCY7uBDmMo7XTlbmdWI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=d1IBR8LvQXNuOIa+qU6ZpVV+8OG9CLbYkqqhsjrbwZ921dSI+GLy+tHj/RumzRZ4g4ELnsJdwh8es/H4B3MYL4zZasar/35t8aif0J+8XLcIMeoQZK/7yV5qOpROs9VwEuA9Lyh+vVWULBGNZUyeuYHxKljMObsVtgpWGSopP9k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=hmM+wTzY; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="hmM+wTzY" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3J3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:33 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3J3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938873; bh=7CsscAQMogMbkdY3DhSP7qlBg7m319oAvuqW2F5PRns=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hmM+wTzY3VFoB8ydJxnWfOVY48DqRD+WkOiY/yyqC/uK9TGdGlZcx8ZYfMWW1a1wm +h/sy8GTZ/HN+J1H6GZ5wZmtfxdF2ZwXOLJRRCbZA5+tWU3tjxZAG0uy7uW/7uiRbi JwbQbm9SuOnwykzbwtNS7w7zUT/EcX1YR+7fdu8Nrizt3laq4hHHA80wnV8fFpBBFT xr7qMLKSrd7G2hwlUGzxkzlEFhpobSw+KK9S27qVv9pOZjCtH5fZGNxxYqZsuFieC/ HhYSZmQrEPbMVY/32Tnxil1u3DzlX/vXmOq7S29u2AY1d2Z10zfcLjZGzQsdIrGcD0 1CSfbEr7KAqww== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 12/14] x86/boot: tweak a20.c for better code generation Date: Tue, 20 Jan 2026 11:54:04 -0800 Message-ID: <20260120195407.1163051-13-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Do some minor tweaks to arch/x86/boot/a20.c for better code generation, made possible by the __seg_fs/__seg_gs changes. Move the die() call to a20.c itself; there is no reason to push an error code upwards just to die() there. Signed-off-by: H. Peter Anvin (Intel) Acked-by: Uros Bizjak --- arch/x86/boot/a20.c | 24 +++++++++++------------- arch/x86/boot/boot.h | 2 +- arch/x86/boot/pm.c | 3 +-- 3 files changed, 13 insertions(+), 16 deletions(-) diff --git a/arch/x86/boot/a20.c b/arch/x86/boot/a20.c index 52c3fccdcb70..38a1cad8a553 100644 --- a/arch/x86/boot/a20.c +++ b/arch/x86/boot/a20.c @@ -53,24 +53,22 @@ static int empty_8042(void) =20 static int a20_test(int loops) { - int ok =3D 0; int saved, ctr; =20 set_fs(0xffff); =20 saved =3D ctr =3D rdgs32(A20_TEST_ADDR); =20 - while (loops--) { + do { wrgs32(++ctr, A20_TEST_ADDR); io_delay(); /* Serialize and make delay constant */ barrier(); /* Compiler won't know about fs/gs overlap */ - ok =3D rdfs32(A20_TEST_ADDR+0x10) ^ ctr; - if (ok) + if (rdfs32(A20_TEST_ADDR+0x10) !=3D ctr) break; - } + } while (--loops); =20 wrgs32(saved, A20_TEST_ADDR); - return ok; + return loops; } =20 /* Quick test to see if A20 is already enabled */ @@ -125,7 +123,7 @@ static void enable_a20_fast(void) =20 #define A20_ENABLE_LOOPS 255 /* Number of times to try */ =20 -int enable_a20(void) +void enable_a20(void) { int loops =3D A20_ENABLE_LOOPS; int kbc_err; @@ -134,30 +132,30 @@ int enable_a20(void) /* First, check to see if A20 is already enabled (legacy free, etc.) */ if (a20_test_short()) - return 0; + return; =20 /* Next, try the BIOS (INT 0x15, AX=3D0x2401) */ enable_a20_bios(); if (a20_test_short()) - return 0; + return; =20 /* Try enabling A20 through the keyboard controller */ kbc_err =3D empty_8042(); =20 if (a20_test_short()) - return 0; /* BIOS worked, but with delayed reaction */ + return; /* BIOS worked, but with delayed reaction */ =20 if (!kbc_err) { enable_a20_kbc(); if (a20_test_long()) - return 0; + return; } =20 /* Finally, try enabling the "fast A20 gate" */ enable_a20_fast(); if (a20_test_long()) - return 0; + return; } =20 - return -1; + die("A20 gate not responding, unable to boot...\n"); } diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h index 4d3549ed7987..584c89d0738b 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -167,7 +167,7 @@ void copy_to_fs(addr_t dst, void *src, size_t len); void *copy_from_fs(void *dst, addr_t src, size_t len); =20 /* a20.c */ -int enable_a20(void); +void enable_a20(void); =20 /* apm.c */ int query_apm_bios(void); diff --git a/arch/x86/boot/pm.c b/arch/x86/boot/pm.c index 3be89ba4b1b3..e39689ed65ea 100644 --- a/arch/x86/boot/pm.c +++ b/arch/x86/boot/pm.c @@ -106,8 +106,7 @@ void go_to_protected_mode(void) realmode_switch_hook(); =20 /* Enable the A20 gate */ - if (enable_a20()) - die("A20 gate not responding, unable to boot...\n"); + enable_a20(); =20 /* Reset coprocessor (IGNNE#) */ reset_coprocessor(); --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 73DB6425CC4 for ; Tue, 20 Jan 2026 19:55:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938906; cv=none; b=D3rGfW+uj/+2ri3xkt7v7HwwM64WMFzLe+UYU4xrszZmEv9EbrFIznrJs9CLN4GxZAZi4Lp9GN6u+k4w8Qwvoer+xAFFbCaC4LZlqgr55KKC54CxBDxNQsZbkU11CLztmSjhqetuGm9pTiGxLeqL30TmimMpXii+6HlEJeK77c0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938906; c=relaxed/simple; bh=PO0hGbN2ynfz/Y+hYIP3Oh8rREwwpXUxS8eYSpOTHVQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nmtgmRbPk52h2jPUFwSHcEm5kNDGX/5QBL7Inoe4OEx/eCIFXu1y20g2Kc1AEeKJzJLKuFJPL3Gsbt950a1BURIxUYQTwtimCW8bl7ge/S1HVd3m3bGqL5eVjinP/vkRvgyBIz/HxxyP/SDqh6wl3ZbCxa3qIoV1z6dXa6tBrMA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=M3w8slqo; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="M3w8slqo" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3K3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:34 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3K3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938875; bh=Dihytth6aKxCRMsnZBclFnIJrpl/fWy7Q1FJHQ/RCb0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=M3w8slqoNIStG4BFVaWRapoq0fQ4BxKe0sVMCuGxtQwVxr4sy9lin/6VUHFdb2X9D 3AZzmAhF2xpRFhRoQMc7E2IX4WZVy1OvnEKs5PYP/k10NubmO5SdC/c4N+tFvBZGaa ub7OYhfxUbZsDGZysLdgwSjGtMU4R+Ia8m0xwsDhRuDABItbg/cWfXzXgQXtjTJjGS Da35nZxqsV+xQctqvt0ajCErJc/vdc8RUsZwnhTCV5jPwPGmAF3NqzuQh4onNeKvW1 +BWxajcQ3VLPlkewYTWYOxGXEPOqVlBXAu2I3pHN0VGxXcTeoU2rKaBnj1at774d9W Uma5ZvabL1UOg== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH v1 13/14] x86/boot: simplify x86/boot/cmdline.c by using __seg_fs Date: Tue, 20 Jan 2026 11:54:05 -0800 Message-ID: <20260120195407.1163051-14-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" arch/x86/boot/cmdline.c is compiled in 16, 32, or 64-bit mode. In the 16-bit case it needs to access an out-of-data-segment pointer. This has been handled in the past by using a *really* ugly wrapper in the 32/64-bit code combined with an inline function in the 16-bit code. Using __seg_fs for the real-mode case allows for a much cleaner way of handling this difference. Futhermore, moving the code for typing and obtaining the pointer into cmdline.c itself avoids having to create and push an extra argument, which is particularly inefficient in the real-mode code as it requires a range check and pushes the argument count past 3. Furthermore, co-locating this code with the user makes it a lot clearer what the constraints are on this code, even though it means using #ifdef _SETUP. Instead of limit-checking the command line to the real-mode segment limit, limit-check it to COMMAND_LINE_SIZE (which is always less than 64K, and thus automatically incorporates the real-mode segment limit check.) If compiling for 32 bits, trying to add ext_cmd_line_ptr in get_cmd_line_ptr() is futile as unsigned long, and pointers, are only 32 bits wide. Instead, limit-check the command line pointer and fail if it is >=3D 4 GiB, just as the real-mode code fails if the pointer is >=3D 1 MiB. Since the kaslr code depends on get_cmd_line_ptr(), retain it as a global function. Signed-off-by: H. Peter Anvin (Intel) Acked-by: Uros Bizjak --- arch/x86/boot/boot.h | 23 +-------- arch/x86/boot/cmdline.c | 79 +++++++++++++++++++++++------- arch/x86/boot/compressed/cmdline.c | 29 ----------- 3 files changed, 64 insertions(+), 67 deletions(-) diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h index 584c89d0738b..8512db8b3f8e 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -216,27 +216,8 @@ struct biosregs { void intcall(u8 int_no, const struct biosregs *ireg, struct biosregs *oreg= ); =20 /* cmdline.c */ -int __cmdline_find_option(unsigned long cmdline_ptr, const char *option, c= har *buffer, int bufsize); -int __cmdline_find_option_bool(unsigned long cmdline_ptr, const char *opti= on); -static inline int cmdline_find_option(const char *option, char *buffer, in= t bufsize) -{ - unsigned long cmd_line_ptr =3D boot_params.hdr.cmd_line_ptr; - - if (cmd_line_ptr >=3D 0x100000) - return -1; /* inaccessible */ - - return __cmdline_find_option(cmd_line_ptr, option, buffer, bufsize); -} - -static inline int cmdline_find_option_bool(const char *option) -{ - unsigned long cmd_line_ptr =3D boot_params.hdr.cmd_line_ptr; - - if (cmd_line_ptr >=3D 0x100000) - return -1; /* inaccessible */ - - return __cmdline_find_option_bool(cmd_line_ptr, option); -} +int cmdline_find_option(const char *option, char *buffer, int bufsize); +int cmdline_find_option_bool(const char *option); =20 /* cpu.c, cpucheck.c */ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr); diff --git a/arch/x86/boot/cmdline.c b/arch/x86/boot/cmdline.c index 21d56ae83cdf..3f31fcbed673 100644 --- a/arch/x86/boot/cmdline.c +++ b/arch/x86/boot/cmdline.c @@ -11,12 +11,59 @@ */ =20 #include "boot.h" +#include +#include =20 static inline int myisspace(u8 c) { return c <=3D ' '; /* Close enough approximation */ } =20 +#ifdef _SETUP +typedef const char __seg_fs *cptr_t; +static inline cptr_t get_cptr(void) +{ + /* + * Note: there is no reason to check ext_cmd_line_ptr here, + * because it falls outside of boot_params.hdr and therefore + * will always be zero when entering through the real-mode + * entry point. + */ + unsigned long ptr =3D boot_params.hdr.cmd_line_ptr; + + /* + * The -16 here serves two purposes: + * 1. It means the segbase >=3D 0x100000 check also doubles as + * a check for the command line pointer being zero. + * 2. It means this routine won't return a NULL pointer for + * a valid address; it will always return a pointer in the + * range 0x10-0x1f inclusive. + */ + unsigned long segbase =3D (ptr - 16) & ~15; + if (segbase >=3D 0x100000) + return NULL; + + set_fs(segbase >> 4); + return (cptr_t)(ptr - segbase); +} +#else +unsigned long get_cmd_line_ptr(void) +{ + unsigned long ptr =3D boot_params_ptr->hdr.cmd_line_ptr; + if (sizeof(unsigned long) > 4) + ptr +=3D (u64)boot_params_ptr->ext_cmd_line_ptr << 32; + else if (boot_params_ptr->ext_cmd_line_ptr) + return 0; /* Inaccessible due to pointer overflow */ + + return ptr; +} +typedef const char *cptr_t; +static inline cptr_t get_cptr(void) +{ + return (cptr_t)get_cmd_line_ptr(); +} +#endif + /* * Find a non-boolean option, that is, "option=3Dargument". In accordance * with standard Linux practice, if this option is repeated, this returns @@ -25,9 +72,9 @@ static inline int myisspace(u8 c) * Returns the length of the argument (regardless of if it was * truncated to fit in the buffer), or -1 on not found. */ -int __cmdline_find_option(unsigned long cmdline_ptr, const char *option, c= har *buffer, int bufsize) +int cmdline_find_option(const char *option, char *buffer, int bufsize) { - addr_t cptr; + cptr_t cptr, eptr; char c; int len =3D -1; const char *opptr =3D NULL; @@ -39,13 +86,12 @@ int __cmdline_find_option(unsigned long cmdline_ptr, co= nst char *option, char *b st_bufcpy /* Copying this to buffer */ } state =3D st_wordstart; =20 - if (!cmdline_ptr) - return -1; /* No command line */ + cptr =3D get_cptr(); + if (!cptr) + return -1; /* No command line or invalid pointer */ + eptr =3D cptr + COMMAND_LINE_SIZE - 1; =20 - cptr =3D cmdline_ptr & 0xf; - set_fs(cmdline_ptr >> 4); - - while (cptr < 0x10000 && (c =3D rdfs8(cptr++))) { + while (cptr < eptr && (c =3D *cptr++)) { switch (state) { case st_wordstart: if (myisspace(c)) @@ -97,9 +143,9 @@ int __cmdline_find_option(unsigned long cmdline_ptr, con= st char *option, char *b * Returns the position of that option (starts counting with 1) * or 0 on not found */ -int __cmdline_find_option_bool(unsigned long cmdline_ptr, const char *opti= on) +int cmdline_find_option_bool(const char *option) { - addr_t cptr; + cptr_t cptr, eptr; char c; int pos =3D 0, wstart =3D 0; const char *opptr =3D NULL; @@ -109,14 +155,13 @@ int __cmdline_find_option_bool(unsigned long cmdline_= ptr, const char *option) st_wordskip, /* Miscompare, skip */ } state =3D st_wordstart; =20 - if (!cmdline_ptr) - return -1; /* No command line */ - - cptr =3D cmdline_ptr & 0xf; - set_fs(cmdline_ptr >> 4); + cptr =3D get_cptr(); + if (!cptr) + return -1; /* No command line or invalid pointer */ + eptr =3D cptr + COMMAND_LINE_SIZE - 1; =20 - while (cptr < 0x10000) { - c =3D rdfs8(cptr++); + while (cptr <=3D eptr) { + c =3D *cptr++; pos++; =20 switch (state) { diff --git a/arch/x86/boot/compressed/cmdline.c b/arch/x86/boot/compressed/= cmdline.c index e162d7f59cc5..0d9267a21012 100644 --- a/arch/x86/boot/compressed/cmdline.c +++ b/arch/x86/boot/compressed/cmdline.c @@ -1,32 +1,3 @@ // SPDX-License-Identifier: GPL-2.0 #include "misc.h" - -#include - -static unsigned long fs; -static inline void set_fs(unsigned long seg) -{ - fs =3D seg << 4; /* shift it back */ -} -typedef unsigned long addr_t; -static inline char rdfs8(addr_t addr) -{ - return *((char *)(fs + addr)); -} #include "../cmdline.c" -unsigned long get_cmd_line_ptr(void) -{ - unsigned long cmd_line_ptr =3D boot_params_ptr->hdr.cmd_line_ptr; - - cmd_line_ptr |=3D (u64)boot_params_ptr->ext_cmd_line_ptr << 32; - - return cmd_line_ptr; -} -int cmdline_find_option(const char *option, char *buffer, int bufsize) -{ - return __cmdline_find_option(get_cmd_line_ptr(), option, buffer, bufsize); -} -int cmdline_find_option_bool(const char *option) -{ - return __cmdline_find_option_bool(get_cmd_line_ptr(), option); -} --=20 2.52.0 From nobody Sun Feb 8 10:49:17 2026 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38D7C47D941 for ; Tue, 20 Jan 2026 19:55:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938912; cv=none; b=ahIB912m+3wCohJ9Mx21YDtPAcFgjUvSZRPf8/jZf5774RJYV0hBT81VVAU0BKUKjPdortXXGQ/HOZUoEuJk6ZTRRNzd83EETpfqhTRhZA7w/pOBHiN3sfcr5sb3aVP2td9gsyTfdmfbdvdU2clQi0Bl2YOCLFs2oIFjbi5cYwk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768938912; c=relaxed/simple; bh=LVjb51BubXtjCXFlaIflrd6zYn+Fs3tYXyrpiykRI2g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gW9qkYc5o7XoRrpZKhSGIlWcq2ZNmDJtU7AePPL6G2+kj3fyEqgo1uJUvdyhgXlaAHuuQdhsub6WgVOuHZHdOjF12o4CKSnEI2jNv5KGiEp8G3s78BZsklIJx55QgMpu7z1xB7fTBLXHW+MnLVfVozsYBhghKx1DJdARn3U/6PM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=GoCgxtX6; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="GoCgxtX6" Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3L3899199 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 20 Jan 2026 11:54:35 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3L3899199 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025122301; t=1768938877; bh=Y67Y9z1Bfloc55qymo/CX4LxL/c7ZFllEVhyJRIxejU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GoCgxtX6+1Yyzn6zMwaCrDps0qUr+H98ddGIRlV05URMYuXhGrjq8lKpv5fFWQukg ruIvydbBYtfyM1TipOHNtf+MKUjwugJ5VJECsmhkA8VbS1x/B3siefFt6gMqhAwopW nNFhnD19NoB4uJVg0bYgST5zYOCjHkms/Eyuf896wPej2fIU5hT0X4nM33VN/Z4TEY xormATv11e4hYhT5H2ZHGdssl/4URmgdjGpjDXAic1VYOapE6+9WnlQUF7sORaDaUl thIID8VKl0hqX8jq6MkYjzDsbtoOj8BGOhzXdjvDJUhGs5kghGW5wWhT4bhYR6i9CJ 9WcTAB4vF0SMw== From: "H. Peter Anvin" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Uros Bizjak , Petr Mladek , Andrew Morton , Kees Cook , "Peter Zijlstra (Intel)" , Nathan Chancellor , Kiryl Shutsemau , Rick Edgecombe Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Linus Torvalds Subject: [PATCH v1 14/14] compiler-gcc: Remove obsolete RELOC_HIDE() macro Date: Tue, 20 Jan 2026 11:54:06 -0800 Message-ID: <20260120195407.1163051-15-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com> References: <20260119192923.651588-1-hpa@zytor.com> <20260120195407.1163051-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Uros Bizjak Remove the RELOC_HIDE() macro from include/linux/compiler-gcc.h. The GCC specific macro was historically used to workaround very old compiler bugs (including pre-4.1 ppc64 GCC). These compilers are long obsolete. The generic RELOC_HIDE() macro should be used instead. The removal of the GCC specific macro results in the following code size reduction: text data bss dec hex filename 28526453 4823511 737108 34087072 20820a0 vmlinux-old.o 28520945 4823463 737108 34081516 2080aec vmlinux-new.o ./bloat-o-meter vmlinux-old.o vmlinux-new.o add/remove: 4/14 grow/shrink: 189/674 up/down: 4433/-7865 (-3432) ... Total: Before=3D24103512, After=3D24100080, chg -0.01% Signed-off-by: Uros Bizjak Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: "H. Peter Anvin" Cc: Linus Torvalds --- include/linux/compiler-gcc.h | 25 ------------------------- include/linux/compiler.h | 8 ++++++++ 2 files changed, 8 insertions(+), 25 deletions(-) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 5de824a0b3d7..081e658754b9 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -10,31 +10,6 @@ + __GNUC_MINOR__ * 100 \ + __GNUC_PATCHLEVEL__) =20 -/* - * This macro obfuscates arithmetic on a variable address so that gcc - * shouldn't recognize the original var, and make assumptions about it. - * - * This is needed because the C standard makes it undefined to do - * pointer arithmetic on "objects" outside their boundaries and the - * gcc optimizers assume this is the case. In particular they - * assume such arithmetic does not wrap. - * - * A miscompilation has been observed because of this on PPC. - * To work around it we hide the relationship of the pointer and the object - * using this macro. - * - * Versions of the ppc64 compiler before 4.1 had a bug where use of - * RELOC_HIDE could trash r30. The bug can be worked around by changing - * the inline assembly constraint from =3Dg to =3Dr, in this particular - * case either is valid. - */ -#define RELOC_HIDE(ptr, off) \ -({ \ - unsigned long __ptr; \ - __asm__ ("" : "=3Dr"(__ptr) : "0"(ptr)); \ - (typeof(ptr)) (__ptr + (off)); \ -}) - #if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__) #define __latent_entropy __attribute__((latent_entropy)) #endif diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 04487c9bd751..6affb7b44be7 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -148,6 +148,14 @@ void ftrace_likely_update(struct ftrace_likely_data *f= , int val, =3D (unsigned long)&sym; #endif =20 +/* + * This macro obfuscates arithmetic on a variable address so that the comp= iler + * shouldn't recognize the original var, and make assumptions about it. + * + * This is needed because the C standard makes it undefined to do pointer + * arithmetic on "objects" outside their boundaries and compilers assume + * this is the case. In particular they assume such arithmetic does not wr= ap. + */ #ifndef RELOC_HIDE # define RELOC_HIDE(ptr, off) \ ({ unsigned long __ptr; \ --=20 2.52.0