From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F334CC05023 for ; Wed, 20 Sep 2023 20:37:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229732AbjITUhu (ORCPT ); Wed, 20 Sep 2023 16:37:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229463AbjITUhs (ORCPT ); Wed, 20 Sep 2023 16:37:48 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A92FB9 for ; Wed, 20 Sep 2023 13:37:43 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d84acda47aeso405877276.3 for ; Wed, 20 Sep 2023 13:37:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1695242262; x=1695847062; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ke8Z55Fzu2JKAUQugjnNSN+yilI9hv8hL0qCM2xQHoo=; b=JBgzipvxH4GpmAsPpkmBXsJ2OynGNULO/ECE5o8ZtF8PPnEasLeKDo99fYYWL34RFI Avp+gZ/q81y/fb6LwsYzj72VLnZE/na6geNE4CsBhLvd+RoLV/8cfsqZuPqdrnm+CKTg CXZp75nNA7ZIbVeoR43E6AKPSP4xOJq4+Aeh+csccnLYigsA54WhH7hWdLXTSOMlRd2c BBsbpItfWY7rJD2FPMAKAP2vAtYPrNd/eblMSUNmdi1owfs3zVaNw39BDibjs/iCs702 1Z6ITxnwOBoOkQhis/VSE2Q8Zz6fSW1uqkCeP39xDDosiKLcQY9gi7IIxjJ1Psq7SBUX oqRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695242262; x=1695847062; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ke8Z55Fzu2JKAUQugjnNSN+yilI9hv8hL0qCM2xQHoo=; b=mG4mkwny783Q3x+ciaFGKQrMs75LOS/M3R27Iz+72OK6pk+dLUPrWds4vianrROi5m tXTO9BzmO0nk8+qXXmFn3tZ1JLGm8Vhyrs0xvYdg2rhZvoijbRJBMy960Hv3kgbstI8x m7v5JptkZFtFwnQy+RcEHzKSlrAr/dvuOmYQNhZVjCGTDnIymtJrEGdK2nquQaomwN1K R+VbiApS2GNjhQ4A3f/BHPGRSeitCASFxUENBBidiFEmQDlPk+HXhwzfKN/v++vtmO5N w/HWLwm/2sbS6E6Qd/VnYEj4KlON4hZ08hMlUa5uKTtalmcJy1pJ6Ar+KD/T+t+Ptsvb gs1A== X-Gm-Message-State: AOJu0YzLUhj59ITOCQvGaoi189QvcYxoyUJm+7qghZZHyCat9OUFmd28 CQD2JY9A6to9W5Zz/i2q3A9lZD+/iNA= X-Google-Smtp-Source: AGHT+IH8CNIWITFsrgppaygErXmKK03IDLuJcOpZJ7gFWKpVHRpldBqCXG7nsBI/YtgK51P/0FDFxn70SaY= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:ca8b:0:b0:d77:bcce:eb11 with SMTP id a133-20020a25ca8b000000b00d77bcceeb11mr53094ybg.10.1695242262250; Wed, 20 Sep 2023 13:37:42 -0700 (PDT) Date: Wed, 20 Sep 2023 13:37:40 -0700 In-Reply-To: <20230912002703.3924521-2-acdunlap@google.com> Mime-Version: 1.0 References: <20230912002703.3924521-1-acdunlap@google.com> <20230912002703.3924521-2-acdunlap@google.com> Message-ID: Subject: Re: [PATCH v2 1/2] x86/sev-es: Allow copy_from_kernel_nofault in earlier boot From: Sean Christopherson To: Adam Dunlap Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Kim Phillips , Juergen Gross , Ashok Raj , Joerg Roedel , Tom Lendacky , David Hildenbrand , Mike Rapoport , "Kirill A. Shutemov" , Nikunj A Dadhania , Dionna Glaze , Peter Gonda , David Rientjes , Khalid ElMously , Jacob Xu Content-Type: text/plain; charset="us-ascii" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 11, 2023, Adam Dunlap wrote: > Previously, if copy_from_kernel_nofault was called before > boot_cpu_data.x86_virt_bits was set up, then it would trigger undefined > behavior due to a shift by 64. This ended up causing boot failures in > the latest version of ubuntu2204 in the gcp project when using SEV-SNP. > Specifically, this function is called during an early #VC handler which > is triggered by a cpuid to check if nx is implemented. Why not stuff boot_cpu_data.x86_virt_bits to a "default" value that is guaranteed to be accurate (or at least safe) for the purposes of the early boot code. I.e. set it to 48 for 64-bit kernels. That'd avoid the extra conditional, and would avoid laying whack-a-mole with anything else that consumes x86_virt_bits. > Fixes: 1aa9aa8ee517 ("x86/sev-es: Setup GHCB-based boot #VC handler") > Suggested-by: Dave Hansen > Signed-off-by: Adam Dunlap > --- > arch/x86/mm/maccess.c | 19 ++++++++++++++----- > 1 file changed, 14 insertions(+), 5 deletions(-) > > diff --git a/arch/x86/mm/maccess.c b/arch/x86/mm/maccess.c > index 5a53c2cc169c..6993f026adec 100644 > --- a/arch/x86/mm/maccess.c > +++ b/arch/x86/mm/maccess.c > @@ -9,12 +9,21 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) > unsigned long vaddr = (unsigned long)unsafe_src; > > /* > - * Range covering the highest possible canonical userspace address > - * as well as non-canonical address range. For the canonical range > - * we also need to include the userspace guard page. > + * Do not allow userspace addresses. This disallows > + * normal userspace and the userspace guard page: > */ > - return vaddr >= TASK_SIZE_MAX + PAGE_SIZE && > - __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits); > + if (vaddr < TASK_SIZE_MAX + PAGE_SIZE) > + return false; > + > + /* > + * Allow everything during early boot before 'x86_virt_bits' > + * is initialized. Needed for instruction decoding in early > + * exception handlers. > + */ > + if (!boot_cpu_data.x86_virt_bits) > + return true; > + > + return __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits); > } > #else > bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) > -- > 2.42.0.283.g2d96d420d3-goog >