[PATCH v2 0/6] x86/boot: Clean up handling of boot_params pointer

[PATCH v2 0/6] x86/boot: Clean up handling of boot_params pointer

[Brian Gerst]

On entry from the bootloader, RSI contains the pointer to the boot_params
data structure.  The pointer is passed to x86_64_start_kernel(), which
requires preserving RSI all the way though the early boot asm code.
Change it to copy the boot_params data as soon as possible, which also
has the benefit of not needing to remap the real mode data pages if
memory encryption is enabled.

Note: The memory encryption changes are untested due to lack of hardware.

Brian Gerst (6):
  x86/boot: Move sanitize_boot_params()
  x86/boot: Remove extra call to copy_bootdata()
  x86/boot: Clean up get_cmd_line_ptr()
  x86/boot: Move copy_bootdata() to very early boot.
  x86/boot: Use copied boot data in __startup_64()
  x86/boot: Use copied boot data in sme_enable()

 arch/x86/include/asm/mem_encrypt.h |  4 +-
 arch/x86/include/asm/setup.h       |  9 +++--
 arch/x86/kernel/head64.c           | 59 ++++++++++-------------------
 arch/x86/kernel/head_64.S          | 26 +++----------
 arch/x86/kernel/setup.c            |  2 +-
 arch/x86/mm/mem_encrypt_amd.c      | 61 ------------------------------
 arch/x86/mm/mem_encrypt_identity.c | 42 ++++++++++----------
 arch/x86/xen/enlighten_pv.c        |  2 +-
 8 files changed, 58 insertions(+), 147 deletions(-)

-- 
2.39.2

[PATCH v2 1/6] x86/boot: Move sanitize_boot_params()

[Brian Gerst]

sanitize_boot_params() contains a static table that would need to be
addressed in a PIC manner if it were executed early in the boot process
while using the identity-mapped page tables.  Separate it from
copy_bootdata().

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/kernel/head64.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 387e4b12e823..4a3b195c9002 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -455,7 +455,6 @@ static void __init copy_bootdata(char *real_mode_data)
 	sme_map_bootdata(real_mode_data);
 
 	memcpy(&boot_params, real_mode_data, sizeof(boot_params));
-	sanitize_boot_params(&boot_params);
 	cmd_line_ptr = get_cmd_line_ptr();
 	if (cmd_line_ptr) {
 		command_line = __va(cmd_line_ptr);
@@ -543,6 +542,8 @@ void __init x86_64_start_reservations(char *real_mode_data)
 	if (!boot_params.hdr.version)
 		copy_bootdata(__va(real_mode_data));
 
+	sanitize_boot_params(&boot_params);
+
 	x86_early_init_platform_quirks();
 
 	switch (boot_params.hdr.hardware_subarch) {
-- 
2.39.2

[PATCH v2 2/6] x86/boot: Remove extra call to copy_bootdata()

[Brian Gerst]

The call to copy_bootdata() in x86_64_start_reservations() is only
applicable to Xen, since native has already call it.  Xen on the other
hand, has already filled in boot_params and just passes its address in,
so the copy ends up being a no-op and can be removed.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/include/asm/setup.h | 2 +-
 arch/x86/kernel/head64.c     | 8 ++------
 arch/x86/xen/enlighten_pv.c  | 2 +-
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h
index f37cbff7354c..fd409b7dda74 100644
--- a/arch/x86/include/asm/setup.h
+++ b/arch/x86/include/asm/setup.h
@@ -129,7 +129,7 @@ asmlinkage void __init i386_start_kernel(void);
 
 #else
 asmlinkage void __init x86_64_start_kernel(char *real_mode);
-asmlinkage void __init x86_64_start_reservations(char *real_mode_data);
+asmlinkage void __init x86_64_start_reservations(void);
 
 #endif /* __i386__ */
 #endif /* _SETUP */
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 4a3b195c9002..6e0f53a66678 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -533,15 +533,11 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
 	/* set init_top_pgt kernel high mapping*/
 	init_top_pgt[511] = early_top_pgt[511];
 
-	x86_64_start_reservations(real_mode_data);
+	x86_64_start_reservations();
 }
 
-void __init x86_64_start_reservations(char *real_mode_data)
+void __init x86_64_start_reservations(void)
 {
-	/* version is always not zero if it is copied */
-	if (!boot_params.hdr.version)
-		copy_bootdata(__va(real_mode_data));
-
 	sanitize_boot_params(&boot_params);
 
 	x86_early_init_platform_quirks();
diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
index 5a034a994682..a4db5c28af57 100644
--- a/arch/x86/xen/enlighten_pv.c
+++ b/arch/x86/xen/enlighten_pv.c
@@ -1430,7 +1430,7 @@ asmlinkage __visible void __init xen_start_kernel(struct start_info *si)
 
 	/* Start the world */
 	cr4_init_shadow(); /* 32b kernel does this in i386_start_kernel() */
-	x86_64_start_reservations((char *)__pa_symbol(&boot_params));
+	x86_64_start_reservations();
 }
 
 static int xen_cpu_up_prepare_pv(unsigned int cpu)
-- 
2.39.2

[PATCH v2 3/6] x86/boot: Clean up get_cmd_line_ptr()

[Brian Gerst]

Pass in the boot_params pointer, and use the appropriate return type.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/kernel/head64.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 6e0f53a66678..08ea521041bf 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -434,19 +434,18 @@ void __init clear_bss(void)
 	       (unsigned long) __brk_limit - (unsigned long) __brk_base);
 }
 
-static unsigned long get_cmd_line_ptr(void)
+static char *get_cmd_line_ptr(struct boot_params *bp)
 {
-	unsigned long cmd_line_ptr = boot_params.hdr.cmd_line_ptr;
+	unsigned long cmd_line_ptr = bp->hdr.cmd_line_ptr;
 
-	cmd_line_ptr |= (u64)boot_params.ext_cmd_line_ptr << 32;
+	cmd_line_ptr |= (u64)bp->ext_cmd_line_ptr << 32;
 
-	return cmd_line_ptr;
+	return (char *)cmd_line_ptr;
 }
 
 static void __init copy_bootdata(char *real_mode_data)
 {
-	char * command_line;
-	unsigned long cmd_line_ptr;
+	char *cmd_line_ptr;
 
 	/*
 	 * If SME is active, this will create decrypted mappings of the
@@ -455,11 +454,9 @@ static void __init copy_bootdata(char *real_mode_data)
 	sme_map_bootdata(real_mode_data);
 
 	memcpy(&boot_params, real_mode_data, sizeof(boot_params));
-	cmd_line_ptr = get_cmd_line_ptr();
-	if (cmd_line_ptr) {
-		command_line = __va(cmd_line_ptr);
-		memcpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
-	}
+	cmd_line_ptr = get_cmd_line_ptr(&boot_params);
+	if (cmd_line_ptr)
+		memcpy(boot_command_line, __va(cmd_line_ptr), COMMAND_LINE_SIZE);
 
 	/*
 	 * The old boot data is no longer needed and won't be reserved,
-- 
2.39.2

[PATCH v2 4/6] x86/boot: Move copy_bootdata() to very early boot.

[Brian Gerst]

Copy the boot data very early in the boot process.  Since at this point
the kernel is running on identity-mapped pagetables, pointers to global
data need to be adjusted.

By copying the data early before memory encryption is enabled, it is no
longer necessary to remap the real mode data as unencrypted.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/include/asm/setup.h  |  5 ++-
 arch/x86/kernel/head64.c      | 29 +++++------------
 arch/x86/kernel/head_64.S     | 20 ++++--------
 arch/x86/kernel/setup.c       |  2 +-
 arch/x86/mm/mem_encrypt_amd.c | 61 -----------------------------------
 5 files changed, 19 insertions(+), 98 deletions(-)

diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h
index fd409b7dda74..47eac5d877a8 100644
--- a/arch/x86/include/asm/setup.h
+++ b/arch/x86/include/asm/setup.h
@@ -128,7 +128,10 @@ void clear_bss(void);
 asmlinkage void __init i386_start_kernel(void);
 
 #else
-asmlinkage void __init x86_64_start_kernel(char *real_mode);
+
+asmlinkage void __init copy_bootdata(unsigned long physbase,
+				     struct boot_params *real_mode_data);
+asmlinkage void __init x86_64_start_kernel(void);
 asmlinkage void __init x86_64_start_reservations(void);
 
 #endif /* __i386__ */
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 08ea521041bf..9be8ce41d021 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -443,31 +443,20 @@ static char *get_cmd_line_ptr(struct boot_params *bp)
 	return (char *)cmd_line_ptr;
 }
 
-static void __init copy_bootdata(char *real_mode_data)
+asmlinkage __visible void __init copy_bootdata(unsigned long physbase,
+					       struct boot_params *real_mode_data)
 {
 	char *cmd_line_ptr;
+	struct boot_params *bp = fixup_pointer(&boot_params, physbase);
+	char *command_line = fixup_pointer(&boot_command_line, physbase);
 
-	/*
-	 * If SME is active, this will create decrypted mappings of the
-	 * boot data in advance of the copy operations.
-	 */
-	sme_map_bootdata(real_mode_data);
-
-	memcpy(&boot_params, real_mode_data, sizeof(boot_params));
-	cmd_line_ptr = get_cmd_line_ptr(&boot_params);
+	memcpy(bp, real_mode_data, sizeof(boot_params));
+	cmd_line_ptr = get_cmd_line_ptr(bp);
 	if (cmd_line_ptr)
-		memcpy(boot_command_line, __va(cmd_line_ptr), COMMAND_LINE_SIZE);
-
-	/*
-	 * The old boot data is no longer needed and won't be reserved,
-	 * freeing up that memory for use by the system. If SME is active,
-	 * we need to remove the mappings that were created so that the
-	 * memory doesn't remain mapped as decrypted.
-	 */
-	sme_unmap_bootdata(real_mode_data);
+		memcpy(command_line, cmd_line_ptr, COMMAND_LINE_SIZE);
 }
 
-asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
+asmlinkage __visible void __init x86_64_start_kernel(void)
 {
 	/*
 	 * Build-time sanity checks on the kernel image and module
@@ -520,8 +509,6 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
 	/* Needed before cc_platform_has() can be used for TDX */
 	tdx_early_init();
 
-	copy_bootdata(__va(real_mode_data));
-
 	/*
 	 * Load microcode early on BSP.
 	 */
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index a5df3e994f04..83fb0dc97ba5 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -64,8 +64,6 @@ SYM_CODE_START_NOALIGN(startup_64)
 	/* Set up the stack for verify_cpu() */
 	leaq	(__end_init_task - PTREGS_SIZE)(%rip), %rsp
 
-	leaq	_text(%rip), %rdi
-
 	/* Setup GSBASE to allow stack canary access for C code */
 	movl	$MSR_GS_BASE, %ecx
 	leaq	INIT_PER_CPU_VAR(fixed_percpu_data)(%rip), %rdx
@@ -73,6 +71,12 @@ SYM_CODE_START_NOALIGN(startup_64)
 	shrq	$32,  %rdx
 	wrmsr
 
+	leaq	_text(%rip), %rdi
+	pushq	%rsi
+	call	copy_bootdata
+	popq	%rsi
+
+	leaq	_text(%rip), %rdi
 	pushq	%rsi
 	call	startup_64_setup_env
 	popq	%rsi
@@ -125,8 +129,6 @@ SYM_CODE_START(secondary_startup_64)
 	 * At this point the CPU runs in 64bit mode CS.L = 1 CS.D = 0,
 	 * and someone has loaded a mapped page table.
 	 *
-	 * %rsi holds a physical pointer to real_mode_data.
-	 *
 	 * We come here either from startup_64 (using physical addresses)
 	 * or from trampoline.S (using virtual addresses).
 	 *
@@ -197,13 +199,9 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
 	 * hypervisor could lie about the C-bit position to perform a ROP
 	 * attack on the guest by writing to the unencrypted stack and wait for
 	 * the next RET instruction.
-	 * %rsi carries pointer to realmode data and is callee-clobbered. Save
-	 * and restore it.
 	 */
-	pushq	%rsi
 	movq	%rax, %rdi
 	call	sev_verify_cbit
-	popq	%rsi
 
 	/*
 	 * Switch to new page-table
@@ -294,9 +292,7 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
 	wrmsr
 
 	/* Setup and Load IDT */
-	pushq	%rsi
 	call	early_setup_idt
-	popq	%rsi
 
 	/* Check if nx is implemented */
 	movl	$0x80000001, %eax
@@ -332,10 +328,6 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
 	pushq $0
 	popfq
 
-	/* rsi is pointer to real mode structure with interesting info.
-	   pass it to C */
-	movq	%rsi, %rdi
-
 .Ljump_to_C_code:
 	/*
 	 * Jump to run C code and to be on a real kernel address.
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 16babff771bd..256262cb29c0 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -74,7 +74,7 @@ RESERVE_BRK(dmi_alloc, 65536);
 unsigned long _brk_start = (unsigned long)__brk_base;
 unsigned long _brk_end   = (unsigned long)__brk_base;
 
-struct boot_params boot_params;
+struct boot_params boot_params __section(".data");
 
 /*
  * These are the four main kernel memory regions, we put them into
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index e0b51c09109f..120e9c09c04b 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -154,67 +154,6 @@ void __init sme_early_decrypt(resource_size_t paddr, unsigned long size)
 	__sme_early_enc_dec(paddr, size, false);
 }
 
-static void __init __sme_early_map_unmap_mem(void *vaddr, unsigned long size,
-					     bool map)
-{
-	unsigned long paddr = (unsigned long)vaddr - __PAGE_OFFSET;
-	pmdval_t pmd_flags, pmd;
-
-	/* Use early_pmd_flags but remove the encryption mask */
-	pmd_flags = __sme_clr(early_pmd_flags);
-
-	do {
-		pmd = map ? (paddr & PMD_MASK) + pmd_flags : 0;
-		__early_make_pgtable((unsigned long)vaddr, pmd);
-
-		vaddr += PMD_SIZE;
-		paddr += PMD_SIZE;
-		size = (size <= PMD_SIZE) ? 0 : size - PMD_SIZE;
-	} while (size);
-
-	flush_tlb_local();
-}
-
-void __init sme_unmap_bootdata(char *real_mode_data)
-{
-	struct boot_params *boot_data;
-	unsigned long cmdline_paddr;
-
-	if (!cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT))
-		return;
-
-	/* Get the command line address before unmapping the real_mode_data */
-	boot_data = (struct boot_params *)real_mode_data;
-	cmdline_paddr = boot_data->hdr.cmd_line_ptr | ((u64)boot_data->ext_cmd_line_ptr << 32);
-
-	__sme_early_map_unmap_mem(real_mode_data, sizeof(boot_params), false);
-
-	if (!cmdline_paddr)
-		return;
-
-	__sme_early_map_unmap_mem(__va(cmdline_paddr), COMMAND_LINE_SIZE, false);
-}
-
-void __init sme_map_bootdata(char *real_mode_data)
-{
-	struct boot_params *boot_data;
-	unsigned long cmdline_paddr;
-
-	if (!cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT))
-		return;
-
-	__sme_early_map_unmap_mem(real_mode_data, sizeof(boot_params), true);
-
-	/* Get the command line address after mapping the real_mode_data */
-	boot_data = (struct boot_params *)real_mode_data;
-	cmdline_paddr = boot_data->hdr.cmd_line_ptr | ((u64)boot_data->ext_cmd_line_ptr << 32);
-
-	if (!cmdline_paddr)
-		return;
-
-	__sme_early_map_unmap_mem(__va(cmdline_paddr), COMMAND_LINE_SIZE, true);
-}
-
 void __init sev_setup_arch(void)
 {
 	phys_addr_t total_mem = memblock_phys_mem_size();
-- 
2.39.2

[PATCH v2 5/6] x86/boot: Use copied boot data in __startup_64()

[Brian Gerst]

Use the copied version instead of the original real mode data.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/include/asm/setup.h | 2 +-
 arch/x86/kernel/head64.c     | 4 ++--
 arch/x86/kernel/head_64.S    | 2 --
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h
index 47eac5d877a8..f6c04b137d67 100644
--- a/arch/x86/include/asm/setup.h
+++ b/arch/x86/include/asm/setup.h
@@ -49,7 +49,7 @@ extern unsigned long saved_video_mode;
 
 extern void reserve_standard_io_resources(void);
 extern void i386_reserve_resources(void);
-extern unsigned long __startup_64(unsigned long physaddr, struct boot_params *bp);
+extern unsigned long __startup_64(unsigned long physaddr);
 extern void startup_64_setup_env(unsigned long physbase);
 extern void early_setup_idt(void);
 extern void __init do_early_exception(struct pt_regs *regs, int trapnr);
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 9be8ce41d021..c7d3976a04d6 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -176,9 +176,9 @@ static unsigned long __head sme_postprocess_startup(struct boot_params *bp, pmdv
  * boot-time crashes. To work around this problem, every global pointer must
  * be adjusted using fixup_pointer().
  */
-unsigned long __head __startup_64(unsigned long physaddr,
-				  struct boot_params *bp)
+unsigned long __head __startup_64(unsigned long physaddr)
 {
+	struct boot_params *bp = fixup_pointer(&boot_params, physaddr);
 	unsigned long load_delta, *p;
 	unsigned long pgtable_flags;
 	pgdval_t *pgd;
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 83fb0dc97ba5..c7b2ef379f42 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -113,9 +113,7 @@ SYM_CODE_START_NOALIGN(startup_64)
 	 * programmed into CR3.
 	 */
 	leaq	_text(%rip), %rdi
-	pushq	%rsi
 	call	__startup_64
-	popq	%rsi
 
 	/* Form the CR3 value being sure to include the CR3 modifier */
 	addq	$(early_top_pgt - __START_KERNEL_map), %rax
-- 
2.39.2

[PATCH v2 6/6] x86/boot: Use copied boot data in sme_enable()

[Brian Gerst]

Use the copied version instead of the original real mode data.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/include/asm/mem_encrypt.h |  4 +--
 arch/x86/kernel/head_64.S          |  8 +-----
 arch/x86/mm/mem_encrypt_identity.c | 42 ++++++++++++++++--------------
 3 files changed, 26 insertions(+), 28 deletions(-)

diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
index b7126701574c..74f094eb88a6 100644
--- a/arch/x86/include/asm/mem_encrypt.h
+++ b/arch/x86/include/asm/mem_encrypt.h
@@ -40,7 +40,7 @@ void __init sme_early_init(void);
 void __init sev_setup_arch(void);
 
 void __init sme_encrypt_kernel(struct boot_params *bp);
-void __init sme_enable(struct boot_params *bp);
+void __init sme_enable(void);
 
 int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size);
 int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size);
@@ -70,7 +70,7 @@ static inline void __init sme_early_init(void) { }
 static inline void __init sev_setup_arch(void) { }
 
 static inline void __init sme_encrypt_kernel(struct boot_params *bp) { }
-static inline void __init sme_enable(struct boot_params *bp) { }
+static inline void __init sme_enable(void) { }
 
 static inline void sev_es_init_vc_handling(void) { }
 
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index c7b2ef379f42..c6ea37712921 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -72,14 +72,11 @@ SYM_CODE_START_NOALIGN(startup_64)
 	wrmsr
 
 	leaq	_text(%rip), %rdi
-	pushq	%rsi
+	/* RSI contains address of real_mode_data */
 	call	copy_bootdata
-	popq	%rsi
 
 	leaq	_text(%rip), %rdi
-	pushq	%rsi
 	call	startup_64_setup_env
-	popq	%rsi
 
 #ifdef CONFIG_AMD_MEM_ENCRYPT
 	/*
@@ -88,10 +85,7 @@ SYM_CODE_START_NOALIGN(startup_64)
 	 * which needs to be done before any CPUID instructions are executed in
 	 * subsequent code.
 	 */
-	movq	%rsi, %rdi
-	pushq	%rsi
 	call	sme_enable
-	popq	%rsi
 #endif
 
 	/* Now switch to __KERNEL_CS so IRET works reliably */
diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index c6efcf559d88..e75e4f5a8a71 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -502,8 +502,9 @@ void __init sme_encrypt_kernel(struct boot_params *bp)
 	native_write_cr3(__native_read_cr3());
 }
 
-void __init sme_enable(struct boot_params *bp)
+void __init sme_enable(void)
 {
+	struct boot_params *bp;
 	const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off;
 	unsigned int eax, ebx, ecx, edx;
 	unsigned long feature_mask;
@@ -513,6 +514,27 @@ void __init sme_enable(struct boot_params *bp)
 	bool snp;
 	u64 msr;
 
+	/*
+	 * Fixups have not been applied to phys_base yet and we're running
+	 * identity mapped, so we must obtain the address to global data
+	 * using rip-relative addressing.
+	 */
+	asm("lea sme_cmdline_arg(%%rip), %0"
+	    : "=r" (cmdline_arg)
+	    : "p" (sme_cmdline_arg));
+	asm("lea sme_cmdline_on(%%rip), %0"
+	    : "=r" (cmdline_on)
+	    : "p" (sme_cmdline_on));
+	asm("lea sme_cmdline_off(%%rip), %0"
+	    : "=r" (cmdline_off)
+	    : "p" (sme_cmdline_off));
+	asm("lea boot_params(%%rip), %0"
+	    : "=r" (bp)
+	    : "m" (boot_params));
+	asm("lea boot_command_line(%%rip), %0"
+	    : "=r" (cmdline_ptr)
+	    : "p" (boot_command_line));
+
 	snp = snp_init(bp);
 
 	/* Check for the SME/SEV support leaf */
@@ -577,29 +599,11 @@ void __init sme_enable(struct boot_params *bp)
 		goto out;
 	}
 
-	/*
-	 * Fixups have not been applied to phys_base yet and we're running
-	 * identity mapped, so we must obtain the address to the SME command
-	 * line argument data using rip-relative addressing.
-	 */
-	asm ("lea sme_cmdline_arg(%%rip), %0"
-	     : "=r" (cmdline_arg)
-	     : "p" (sme_cmdline_arg));
-	asm ("lea sme_cmdline_on(%%rip), %0"
-	     : "=r" (cmdline_on)
-	     : "p" (sme_cmdline_on));
-	asm ("lea sme_cmdline_off(%%rip), %0"
-	     : "=r" (cmdline_off)
-	     : "p" (sme_cmdline_off));
-
 	if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT))
 		active_by_default = true;
 	else
 		active_by_default = false;
 
-	cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
-				     ((u64)bp->ext_cmd_line_ptr << 32));
-
 	if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
 		return;
 
-- 
2.39.2