From: Sean Christopherson <seanjc@google.com>
To: Adam Dunlap <acdunlap@google.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Kim Phillips <kim.phillips@amd.com>,
Juergen Gross <jgross@suse.com>, Ashok Raj <ashok.raj@intel.com>,
Joerg Roedel <jroedel@suse.de>,
Tom Lendacky <thomas.lendacky@amd.com>,
David Hildenbrand <david@redhat.com>,
Mike Rapoport <rppt@kernel.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Nikunj A Dadhania <nikunj@amd.com>,
Dionna Glaze <dionnaglaze@google.com>,
Peter Gonda <pgonda@google.com>,
David Rientjes <rientjes@google.com>,
Khalid ElMously <khalid.elmously@canonical.com>,
Jacob Xu <jacobhxu@google.com>
Subject: Re: [PATCH v2 1/2] x86/sev-es: Allow copy_from_kernel_nofault in earlier boot
Date: Wed, 20 Sep 2023 13:37:40 -0700 [thread overview]
Message-ID: <ZQtYFAA9vD7gJM1t@google.com> (raw)
In-Reply-To: <20230912002703.3924521-2-acdunlap@google.com>
On Mon, Sep 11, 2023, Adam Dunlap wrote:
> Previously, if copy_from_kernel_nofault was called before
> boot_cpu_data.x86_virt_bits was set up, then it would trigger undefined
> behavior due to a shift by 64. This ended up causing boot failures in
> the latest version of ubuntu2204 in the gcp project when using SEV-SNP.
> Specifically, this function is called during an early #VC handler which
> is triggered by a cpuid to check if nx is implemented.
Why not stuff boot_cpu_data.x86_virt_bits to a "default" value that is guaranteed
to be accurate (or at least safe) for the purposes of the early boot code. I.e.
set it to 48 for 64-bit kernels.
That'd avoid the extra conditional, and would avoid laying whack-a-mole with
anything else that consumes x86_virt_bits.
> Fixes: 1aa9aa8ee517 ("x86/sev-es: Setup GHCB-based boot #VC handler")
> Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
> Signed-off-by: Adam Dunlap <acdunlap@google.com>
> ---
> arch/x86/mm/maccess.c | 19 ++++++++++++++-----
> 1 file changed, 14 insertions(+), 5 deletions(-)
>
> diff --git a/arch/x86/mm/maccess.c b/arch/x86/mm/maccess.c
> index 5a53c2cc169c..6993f026adec 100644
> --- a/arch/x86/mm/maccess.c
> +++ b/arch/x86/mm/maccess.c
> @@ -9,12 +9,21 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
> unsigned long vaddr = (unsigned long)unsafe_src;
>
> /*
> - * Range covering the highest possible canonical userspace address
> - * as well as non-canonical address range. For the canonical range
> - * we also need to include the userspace guard page.
> + * Do not allow userspace addresses. This disallows
> + * normal userspace and the userspace guard page:
> */
> - return vaddr >= TASK_SIZE_MAX + PAGE_SIZE &&
> - __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits);
> + if (vaddr < TASK_SIZE_MAX + PAGE_SIZE)
> + return false;
> +
> + /*
> + * Allow everything during early boot before 'x86_virt_bits'
> + * is initialized. Needed for instruction decoding in early
> + * exception handlers.
> + */
> + if (!boot_cpu_data.x86_virt_bits)
> + return true;
> +
> + return __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits);
> }
> #else
> bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
> --
> 2.42.0.283.g2d96d420d3-goog
>
next prev parent reply other threads:[~2023-09-20 20:37 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-12 0:27 [PATCH v2 0/2] x86/sev-es: Resolve early #VC handler UB Adam Dunlap
2023-09-12 0:27 ` [PATCH v2 1/2] x86/sev-es: Allow copy_from_kernel_nofault in earlier boot Adam Dunlap
2023-09-20 20:37 ` Sean Christopherson [this message]
2023-09-20 22:54 ` Dave Hansen
2023-09-28 21:11 ` [tip: x86/mm] x86/sev-es: Allow copy_from_kernel_nofault() " tip-bot2 for Adam Dunlap
2023-09-12 0:27 ` [PATCH v2 2/2] x86/sev-es: Only set x86_virt_bits to correct value Adam Dunlap
2023-09-28 21:11 ` [tip: x86/mm] x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach tip-bot2 for Adam Dunlap
2023-10-02 20:04 ` [PATCH v2 2/2] x86/sev-es: Only set x86_virt_bits to correct value Nathan Chancellor
2023-10-02 21:41 ` Dave Hansen
2023-10-02 21:46 ` Adam Dunlap
2023-10-02 22:00 ` [PATCH] x86/boot: Move x86_cache_alignment initialization to correct spot Dave Hansen
2023-10-02 22:24 ` Nathan Chancellor
2023-10-03 7:28 ` Ingo Molnar
2023-10-03 7:38 ` [tip: x86/mm] " tip-bot2 for Dave Hansen
2023-09-28 20:51 ` [PATCH v2 0/2] x86/sev-es: Resolve early #VC handler UB Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZQtYFAA9vD7gJM1t@google.com \
--to=seanjc@google.com \
--cc=acdunlap@google.com \
--cc=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=dionnaglaze@google.com \
--cc=hpa@zytor.com \
--cc=jacobhxu@google.com \
--cc=jgross@suse.com \
--cc=jroedel@suse.de \
--cc=khalid.elmously@canonical.com \
--cc=kim.phillips@amd.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=rientjes@google.com \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.