From: Kairui Song <kasong@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: thomas.lendacky@amd.com, ghook@redhat.com, brijesh.singh@amd.com,
kasong@redhat.com, bhe@redhat.com, x86@kernel.org,
kexec@lists.infradead.org, mingo@redhat.com, hpa@zytor.com,
tglx@linutronix.de, bp@suse.de, dyoung@redhat.com
Subject: [PATCH] x86/boot: Fix kexec booting failure after SEV early boot support
Date: Thu, 27 Sep 2018 20:38:45 +0800 [thread overview]
Message-ID: <20180927123845.32052-1-kasong@redhat.com> (raw)
Commit 1958b5fc4010 ("x86/boot: Add early boot support when running
with SEV active") is causing kexec becomes sometimes unstable even if
SEV is not active. kexec reboot won't start a second kernel bypassing
BIOS boot process, instead, the system got reset.
That's because, in get_sev_encryption_bit function, we are using
32-bit RIP-relative addressing to read the value of enc_bit, but
kexec may alloc the early boot up code to a higher location, which
is beyond 32-bit addressing limit. Some garbage will be read and
get_sev_encryption_bit will return the wrong value, which leads to
wrong memory page flag.
This patch removes the use of enc_bit, as currently, enc_bit's only
purpose is to avoid duplicated encryption bit reading, but the overhead
of reading encryption bit is so tiny, so no need to cache that.
Fixes: 1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active")
Suggested-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Kairui Song <kasong@redhat.com>
---
arch/x86/boot/compressed/mem_encrypt.S | 19 -------------------
1 file changed, 19 deletions(-)
diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S
index eaa843a52907..a480356e0ed8 100644
--- a/arch/x86/boot/compressed/mem_encrypt.S
+++ b/arch/x86/boot/compressed/mem_encrypt.S
@@ -25,20 +25,6 @@ ENTRY(get_sev_encryption_bit)
push %ebx
push %ecx
push %edx
- push %edi
-
- /*
- * RIP-relative addressing is needed to access the encryption bit
- * variable. Since we are running in 32-bit mode we need this call/pop
- * sequence to get the proper relative addressing.
- */
- call 1f
-1: popl %edi
- subl $1b, %edi
-
- movl enc_bit(%edi), %eax
- cmpl $0, %eax
- jge .Lsev_exit
/* Check if running under a hypervisor */
movl $1, %eax
@@ -69,15 +55,12 @@ ENTRY(get_sev_encryption_bit)
movl %ebx, %eax
andl $0x3f, %eax /* Return the encryption bit location */
- movl %eax, enc_bit(%edi)
jmp .Lsev_exit
.Lno_sev:
xor %eax, %eax
- movl %eax, enc_bit(%edi)
.Lsev_exit:
- pop %edi
pop %edx
pop %ecx
pop %ebx
@@ -113,8 +96,6 @@ ENTRY(set_sev_encryption_mask)
ENDPROC(set_sev_encryption_mask)
.data
-enc_bit:
- .int 0xffffffff
#ifdef CONFIG_AMD_MEM_ENCRYPT
.balign 8
--
2.17.1
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Kairui Song <kasong@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com,
x86@kernel.org, thomas.lendacky@amd.com, brijesh.singh@amd.com,
bp@suse.de, kasong@redhat.com, kexec@lists.infradead.org,
dyoung@redhat.com, bhe@redhat.com, ghook@redhat.com
Subject: [PATCH] x86/boot: Fix kexec booting failure after SEV early boot support
Date: Thu, 27 Sep 2018 20:38:45 +0800 [thread overview]
Message-ID: <20180927123845.32052-1-kasong@redhat.com> (raw)
Commit 1958b5fc4010 ("x86/boot: Add early boot support when running
with SEV active") is causing kexec becomes sometimes unstable even if
SEV is not active. kexec reboot won't start a second kernel bypassing
BIOS boot process, instead, the system got reset.
That's because, in get_sev_encryption_bit function, we are using
32-bit RIP-relative addressing to read the value of enc_bit, but
kexec may alloc the early boot up code to a higher location, which
is beyond 32-bit addressing limit. Some garbage will be read and
get_sev_encryption_bit will return the wrong value, which leads to
wrong memory page flag.
This patch removes the use of enc_bit, as currently, enc_bit's only
purpose is to avoid duplicated encryption bit reading, but the overhead
of reading encryption bit is so tiny, so no need to cache that.
Fixes: 1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active")
Suggested-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Kairui Song <kasong@redhat.com>
---
arch/x86/boot/compressed/mem_encrypt.S | 19 -------------------
1 file changed, 19 deletions(-)
diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S
index eaa843a52907..a480356e0ed8 100644
--- a/arch/x86/boot/compressed/mem_encrypt.S
+++ b/arch/x86/boot/compressed/mem_encrypt.S
@@ -25,20 +25,6 @@ ENTRY(get_sev_encryption_bit)
push %ebx
push %ecx
push %edx
- push %edi
-
- /*
- * RIP-relative addressing is needed to access the encryption bit
- * variable. Since we are running in 32-bit mode we need this call/pop
- * sequence to get the proper relative addressing.
- */
- call 1f
-1: popl %edi
- subl $1b, %edi
-
- movl enc_bit(%edi), %eax
- cmpl $0, %eax
- jge .Lsev_exit
/* Check if running under a hypervisor */
movl $1, %eax
@@ -69,15 +55,12 @@ ENTRY(get_sev_encryption_bit)
movl %ebx, %eax
andl $0x3f, %eax /* Return the encryption bit location */
- movl %eax, enc_bit(%edi)
jmp .Lsev_exit
.Lno_sev:
xor %eax, %eax
- movl %eax, enc_bit(%edi)
.Lsev_exit:
- pop %edi
pop %edx
pop %ecx
pop %ebx
@@ -113,8 +96,6 @@ ENTRY(set_sev_encryption_mask)
ENDPROC(set_sev_encryption_mask)
.data
-enc_bit:
- .int 0xffffffff
#ifdef CONFIG_AMD_MEM_ENCRYPT
.balign 8
--
2.17.1
next reply other threads:[~2018-09-27 12:39 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-27 12:38 Kairui Song [this message]
2018-09-27 12:38 ` [PATCH] x86/boot: Fix kexec booting failure after SEV early boot support Kairui Song
2018-09-27 13:16 ` Lendacky, Thomas
2018-09-27 13:16 ` Lendacky, Thomas
2018-09-27 19:06 ` [tip:x86/urgent] x86/boot: Fix kexec booting failure in the SEV bit detection code tip-bot for Kairui Song
-- strict thread matches above, loose matches on Subject: below --
2018-09-25 11:10 [PATCH] x86/boot: Fix kexec booting failure after SEV early boot support Kairui Song
2018-09-25 11:10 ` Kairui Song
2018-09-25 14:33 ` Lendacky, Thomas
2018-09-25 14:33 ` Lendacky, Thomas
2018-09-25 17:26 ` Borislav Petkov
2018-09-25 17:26 ` Borislav Petkov
2018-09-26 7:32 ` Baoquan He
2018-09-26 7:32 ` Baoquan He
2018-09-26 10:52 ` Kairui Song
2018-09-26 10:52 ` Kairui Song
2018-09-26 11:22 ` Baoquan He
2018-09-26 11:22 ` Baoquan He
2018-09-26 13:01 ` Lendacky, Thomas
2018-09-26 13:01 ` Lendacky, Thomas
2018-09-26 13:18 ` Borislav Petkov
2018-09-26 13:18 ` Borislav Petkov
2018-09-26 13:21 ` Baoquan He
2018-09-26 13:21 ` Baoquan He
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180927123845.32052-1-kasong@redhat.com \
--to=kasong@redhat.com \
--cc=bhe@redhat.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=dyoung@redhat.com \
--cc=ghook@redhat.com \
--cc=hpa@zytor.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.