From: Nathan Chancellor <nathan@kernel.org>
To: David Woodhouse <dwmw2@infradead.org>
Cc: "Ning, Hongyu" <hongyu.ning@linux.intel.com>,
kexec@lists.infradead.org, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Kai Huang <kai.huang@intel.com>,
Nikolay Borisov <nik.borisov@suse.com>,
linux-kernel@vger.kernel.org, Simon Horman <horms@kernel.org>,
Dave Young <dyoung@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
jpoimboe@kernel.org, bsz@amazon.de
Subject: Re: [PATCH] x86/kexec: Only write through identity mapping of control page
Date: Thu, 12 Dec 2024 13:31:32 -0700 [thread overview]
Message-ID: <20241212203132.GA1627368@ax162> (raw)
In-Reply-To: <9c68688625f409104b16164da30aa6d3eb494e5d.camel@infradead.org>
On Thu, Dec 12, 2024 at 08:11:19PM +0000, David Woodhouse wrote:
> From: David Woodhouse <dwmw@amazon.co.uk>
>
> The virtual mapping of the control page may have been _PAGE_GLOBAL and
> thus its PTE might not have been flushed on the %cr3 switch and it might
> effectively still be read-only. Move the writes to it down into the
> identity_mapped() function where the same %rip-relative addressing will
> get the new mapping.
>
> The stack is fine, as that's using the identity mapped address anyway.
>
> Fixes: 5a82223e0743 ("x86/kexec: Mark relocate_kernel page as ROX instead of RWX")
> Reported-by: Nathan Chancellor <nathan@kernel.org>
> Reported-by: "Ning, Hongyu" <hongyu.ning@linux.intel.com>
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219592
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Tested-by: Nathan Chancellor <nathan@kernel.org>
> ---
> arch/x86/kernel/relocate_kernel_64.S | 32 +++++++++++++++++-----------
> 1 file changed, 20 insertions(+), 12 deletions(-)
>
> diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
> index 553d67845b84..b9c80b3091c8 100644
> --- a/arch/x86/kernel/relocate_kernel_64.S
> +++ b/arch/x86/kernel/relocate_kernel_64.S
> @@ -90,22 +90,17 @@ SYM_CODE_START_NOALIGN(relocate_kernel)
> movq kexec_pa_table_page(%rip), %r9
> movq %r9, %cr3
>
> - /* Save %rsp and CRs. */
> - movq %rsp, saved_rsp(%rip)
> - movq %rax, saved_cr3(%rip)
> - movq %cr0, %rax
> - movq %rax, saved_cr0(%rip)
> - /* Leave CR4 in %r13 to enable the right paging mode later. */
> - movq %cr4, %r13
> - movq %r13, saved_cr4(%rip)
> -
> - /* save indirection list for jumping back */
> - movq %rdi, pa_backup_pages_map(%rip)
> + /*
> + * The control page still might not be writable because the original
> + * kernel PTE may have had the _PAGE_GLOBAL bit set. Don't write to
> + * it except through the *identmap* address.
> + */
>
> /* Save the preserve_context to %r11 as swap_pages clobbers %rcx. */
> movq %rcx, %r11
>
> /* setup a new stack at the end of the physical control page */
> + movq %rsp, %rbp
> lea PAGE_SIZE(%rsi), %rsp
>
> /* jump to identity mapped page */
> @@ -118,6 +113,19 @@ SYM_CODE_END(relocate_kernel)
>
> SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
> UNWIND_HINT_END_OF_STACK
> +
> + /* Save original %rsp and CRs. */
> + movq %rbp, saved_rsp(%rip)
> + movq %rax, saved_cr3(%rip)
> + movq %cr0, %rax
> + movq %rax, saved_cr0(%rip)
> + /* Leave CR4 in %r13 to enable the right paging mode later. */
> + movq %cr4, %r13
> + movq %r13, saved_cr4(%rip)
> +
> + /* save indirection list for jumping back */
> + movq %rdi, pa_backup_pages_map(%rip)
> +
> /*
> * %rdi indirection page
> * %rdx start address
> @@ -185,7 +193,7 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
> * - Machine check exception on TDX guest, if it was enabled before.
> * Clearing MCE might not be allowed in TDX guests, depending on setup.
> *
> - * Use R13 that contains the original CR4 value, read in relocate_kernel().
> + * Use R13 that contains the original CR4 value
> * PAE is always set in the original CR4.
> */
> andl $(X86_CR4_PAE | X86_CR4_LA57), %r13d
> --
> 2.47.0
>
>
next prev parent reply other threads:[~2024-12-12 20:31 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-05 15:05 [PATCH v5 00/20] x86/kexec: Add exception handling for relocate_kernel and further yak-shaving David Woodhouse
2024-12-05 15:05 ` [PATCH v5 01/20] x86/kexec: Restore GDT on return from preserve_context kexec David Woodhouse
2024-12-06 10:16 ` [tip: x86/urgent] x86/kexec: Restore GDT on return from ::preserve_context kexec tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 02/20] x86/kexec: Clean up and document register use in relocate_kernel_64.S David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 03/20] x86/kexec: Use named labels in swap_pages " David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 04/20] x86/kexec: Only swap pages for preserve_context mode David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] x86/kexec: Only swap pages for ::preserve_context mode tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 05/20] x86/kexec: Allocate PGD for x86_64 transition page tables separately David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 06/20] x86/kexec: Copy control page into place in machine_kexec_prepare() David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 07/20] x86/kexec: Invoke copy of relocate_kernel() instead of the original David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-14 23:08 ` [PATCH v5 07/20] " Nathan Chancellor
2024-12-15 7:19 ` David Woodhouse
2024-12-15 10:09 ` David Woodhouse
2024-12-16 5:49 ` Nathan Chancellor
2024-12-16 8:13 ` David Woodhouse
2024-12-16 12:09 ` David Woodhouse
2024-12-17 12:03 ` David Woodhouse
2024-12-18 9:03 ` Josh Poimboeuf
2024-12-18 9:44 ` David Woodhouse
2024-12-18 21:23 ` Josh Poimboeuf
2024-12-18 22:27 ` David Woodhouse
2024-12-19 0:20 ` Josh Poimboeuf
2024-12-19 10:02 ` David Woodhouse
2024-12-19 22:28 ` Josh Poimboeuf
2024-12-05 15:05 ` [PATCH v5 08/20] x86/kexec: Move relocate_kernel to kernel .data section David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 09/20] x86/kexec: Add data section to relocate_kernel David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 10/20] x86/kexec: Drop page_list argument from relocate_kernel() David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 11/20] x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 12/20] x86/kexec: Clean up register usage in relocate_kernel() David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-05 15:05 ` [PATCH v5 13/20] x86/kexec: Mark relocate_kernel page as ROX instead of RWX David Woodhouse
2024-12-06 10:16 ` [tip: x86/boot] " tip-bot2 for David Woodhouse
2024-12-12 1:44 ` [PATCH v5 13/20] " Nathan Chancellor
2024-12-12 10:30 ` David Woodhouse
2024-12-12 15:04 ` Nathan Chancellor
2024-12-12 17:00 ` David Woodhouse
2024-12-12 17:42 ` Nathan Chancellor
2024-12-12 19:31 ` David Woodhouse
2024-12-12 20:11 ` [PATCH] x86/kexec: Only write through identity mapping of control page David Woodhouse
2024-12-12 20:31 ` Nathan Chancellor [this message]
2024-12-12 21:18 ` Dave Hansen
2024-12-12 21:32 ` David Woodhouse
2024-12-12 21:43 ` Dave Hansen
2024-12-12 21:59 ` David Woodhouse
2024-12-12 23:08 ` [PATCH] x86/kexec: Disable global pages before writing to " David Woodhouse
2024-12-13 7:51 ` Ning, Hongyu
2024-12-13 6:47 ` [PATCH] x86/kexec: Only write through identity mapping of " Ning, Hongyu
2024-12-12 3:03 ` [PATCH v5 13/20] x86/kexec: Mark relocate_kernel page as ROX instead of RWX Ning, Hongyu
2024-12-12 10:13 ` David Woodhouse
2024-12-13 6:45 ` Ning, Hongyu
2024-12-13 7:01 ` David Woodhouse
2024-12-13 7:41 ` Ning, Hongyu
2024-12-05 15:05 ` [PATCH v5 14/20] x86/kexec: Add CONFIG_KEXEC_DEBUG option David Woodhouse
2024-12-05 15:05 ` [PATCH v5 15/20] x86/kexec: Debugging support: load a GDT David Woodhouse
2024-12-05 15:05 ` [PATCH v5 16/20] x86/kexec: Debugging support: Load an IDT and basic exception entry points David Woodhouse
2024-12-05 15:05 ` [PATCH v5 17/20] x86/kexec: Debugging support: Dump registers on exception David Woodhouse
2024-12-05 15:05 ` [PATCH v5 18/20] x86/kexec: Add 8250 serial port output David Woodhouse
2024-12-05 15:05 ` [PATCH v5 19/20] x86/kexec: Add 8250 MMIO " David Woodhouse
2024-12-05 15:05 ` [PATCH v5 20/20] [DO NOT MERGE] x86/kexec: Add int3 in kexec path for testing David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241212203132.GA1627368@ax162 \
--to=nathan@kernel.org \
--cc=bp@alien8.de \
--cc=bsz@amazon.de \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw2@infradead.org \
--cc=dyoung@redhat.com \
--cc=hongyu.ning@linux.intel.com \
--cc=horms@kernel.org \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=kai.huang@intel.com \
--cc=kexec@lists.infradead.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.