From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx1.redhat.com ([209.132.183.28]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g4lHD-0005fx-Vw for kexec@lists.infradead.org; Tue, 25 Sep 2018 11:13:13 +0000 From: Kairui Song Subject: [PATCH] x86/boot: Fix kexec booting failure after SEV early boot support Date: Tue, 25 Sep 2018 19:10:20 +0800 Message-Id: <20180925111020.23834-1-kasong@redhat.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: linux-kernel@vger.kernel.org Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, kasong@redhat.com, x86@kernel.org, kexec@lists.infradead.org, mingo@redhat.com, hpa@zytor.com, tglx@linutronix.de, bp@suse.de, dyoung@redhat.com Commit 1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active") is causing kexec becomes sometimes unstable, kexec reboot won't start a second kernel bypassing BIOS boot process, instead, the system got reset. That's because, in get_sev_encryption_bit function, we are using 32-bit RIP-relative addressing to read the value of enc_bit, but kexec may alloc the early boot up code to a higher location, which is beyond 32-bit addressing limit. Some garbage will be read and get_sev_encryption_bit will return the wrong value, which lead to wrong memory page flag. This patch adds a get_sev_encryption_bit_64 function to avoid this problem. 64-bit early boot code will use this function instead, it uses native RIP addressing to read the enc_bit which have no problem with any location. Fixes: 1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active") Signed-off-by: Kairui Song --- arch/x86/boot/compressed/mem_encrypt.S | 64 ++++++++++++++++++-------- 1 file changed, 45 insertions(+), 19 deletions(-) diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S index eaa843a52907..41933550449a 100644 --- a/arch/x86/boot/compressed/mem_encrypt.S +++ b/arch/x86/boot/compressed/mem_encrypt.S @@ -18,27 +18,13 @@ .text .code32 -ENTRY(get_sev_encryption_bit) +do_get_sev_encryption_bit: xor %eax, %eax #ifdef CONFIG_AMD_MEM_ENCRYPT push %ebx push %ecx push %edx - push %edi - - /* - * RIP-relative addressing is needed to access the encryption bit - * variable. Since we are running in 32-bit mode we need this call/pop - * sequence to get the proper relative addressing. - */ - call 1f -1: popl %edi - subl $1b, %edi - - movl enc_bit(%edi), %eax - cmpl $0, %eax - jge .Lsev_exit /* Check if running under a hypervisor */ movl $1, %eax @@ -69,25 +55,65 @@ ENTRY(get_sev_encryption_bit) movl %ebx, %eax andl $0x3f, %eax /* Return the encryption bit location */ - movl %eax, enc_bit(%edi) jmp .Lsev_exit .Lno_sev: xor %eax, %eax - movl %eax, enc_bit(%edi) .Lsev_exit: - pop %edi pop %edx pop %ecx pop %ebx +#endif /* CONFIG_AMD_MEM_ENCRYPT */ + + ret + +ENTRY(get_sev_encryption_bit) + xor %eax, %eax + +#ifdef CONFIG_AMD_MEM_ENCRYPT + push %edi + + /* + * RIP-relative addressing is needed to access the encryption bit + * variable. Since we are running in 32-bit mode we need this call/pop + * sequence to get the proper relative addressing. + */ + call 1f +1: popl %edi + subl $1b, %edi + + movl enc_bit(%edi), %eax + cmpl $0, %eax + jge 2f + + call do_get_sev_encryption_bit + movl %eax, enc_bit(%edi) +2: + pop %edi #endif /* CONFIG_AMD_MEM_ENCRYPT */ ret ENDPROC(get_sev_encryption_bit) .code64 +ENTRY(get_sev_encryption_bit_64) + xor %rax, %rax + +#ifdef CONFIG_AMD_MEM_ENCRYPT + movl enc_bit(%rip), %eax + cmpl $0, %eax + jge 1f + + call do_get_sev_encryption_bit + movl %eax, enc_bit(%rip) +1: +#endif /* CONFIG_AMD_MEM_ENCRYPT */ + + ret +ENDPROC(get_sev_encryption_bit_64) + ENTRY(set_sev_encryption_mask) #ifdef CONFIG_AMD_MEM_ENCRYPT push %rbp @@ -95,7 +121,7 @@ ENTRY(set_sev_encryption_mask) movq %rsp, %rbp /* Save current stack pointer */ - call get_sev_encryption_bit /* Get the encryption bit position */ + call get_sev_encryption_bit_64 /* Get the encryption bit position */ testl %eax, %eax jz .Lno_sev_mask -- 2.17.1 _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec