From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B6C52032A for ; Mon, 8 Apr 2024 06:49:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712558990; cv=none; b=sknCisj+/HD0VgyjK7SqUYckCJ2JjN6V+9EO9Y72N86XAxA4Mh0ahdARkZMIHvDdkeNrZSOQbrfsz/n/FmyM0L5pAiJyHN0tgVAoLIZmwFuRBTuJQl5Njvo8Zo+QtvAt8TeO5u4GHOHfZkERii6bhkpLu1BuG+ldIxqIwl/TCqQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712558990; c=relaxed/simple; bh=AH9y05PYV0Dp/9e2tI9LxqebCspRt+oSeHWbkuVlKUs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=dquXQ0vKnNTuT5IHgr9Bvs+WTPNkoNc4ysBySWdevvqabW8dudJh3TUAf+Rixe4aLaCeXhCFAC+RcZJPQeRwc3iAn1eorl/TRqZ8j8ux2Ie9lZnPWQdghmSkOSSpc3xLII7x/AIB8QMUZR1Fyybo1kTpIbDPPRh73anEz+9ZfnU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=o56/3pTK; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="o56/3pTK" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-609fe93b5cfso57983707b3.0 for ; Sun, 07 Apr 2024 23:49:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712558987; x=1713163787; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=B1fZfS1yUXZTcxfOG7WKQMgWT5kZ+O3GX03uYphDLng=; b=o56/3pTKA1a81iCp/UM04MQS9/zmY4gjVMUu5JCXsCmDLfTdwwzCXPT9IuoHurJ/B+ C/+j1ppm70XbRM5FzuYsGnT7H+l45iy93u2EuN6gpTTup59dmiIwnK3LTycvGw13NHI/ eH1FH30t/VZE8ZhogZ58L/wMI/7Zi5xHLVQwrTjvVDR1uFN2ZgMIKh8YhRAyEqiZex73 PuNKG113OceiK6t9dqET9DXU3t4CgWqrZl4bgEr0EVvptvOsM4tpC9ex8YQfylAkZ4Bm h06KBicI+57zVbmQXOmxs44yfe2L1/Olzq0ji0e9a/v5C8UAwCGzDtNtjbqdB5XyLKlx W1dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712558987; x=1713163787; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=B1fZfS1yUXZTcxfOG7WKQMgWT5kZ+O3GX03uYphDLng=; b=JXzveuM0nQJ1djam7HmBOAu9TY7TOegT4z4N7F8bRFqQHFPw3wfrNplBRpoR2T5YHA 8HXVZov7AjhJo7nLCstJ+yudAp7cGcI9TmShYFv/6ovbJBvdcpbD3h6wfU5HSNdbIGaM hC1ay8LT8pG/UY/S827FTvHhelbEh5KjOb0szYpD4GPb51TBcB0b7/mmyAK3f0JW5fea 8VokUWETfs45pfPadrgr2V0bkpTj/msHehFhs55IXmmFPGSbAFr0+1SATHwWxDFDhKGz cqny/TuE17xw6D1j6Q2n5F2pgK7aJ7L9xwk+Xr0FpGIDPl5/aNL7GzFeBqD1tL84Bc4H yKyg== X-Gm-Message-State: AOJu0Yz+kpspSh9eLqEaHI7yYFnxIN91X7UHDZXTx2DOEigSaVBkVkyO 5IwLD8AMETTC1NWlfqduR9IN0IpU03q9cS+ei7T47J1hQk+X0NMs5n+lfsVWuy4lXr1gBAQL7cs 6o9QGLtqjHH2p69ifx6yd+uWWsVraQAdo/lSQcw5UzvIZGYq3bNk+uB8N4pNoSt6Gr74Snd3Yb3 /NMQK1MSSCVJRiOldNqFPOug== X-Google-Smtp-Source: AGHT+IF1RNHnwCodlKUHjQnequwLIGsEV4Q5mEoma9+6lNUuALTI11ambg7xkp8GazmkSmUfhwBJ4BFX X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6902:20c9:b0:dd9:312c:83c8 with SMTP id dj9-20020a05690220c900b00dd9312c83c8mr381117ybb.10.1712558987117; Sun, 07 Apr 2024 23:49:47 -0700 (PDT) Date: Mon, 8 Apr 2024 08:49:22 +0200 In-Reply-To: <20240408064917.3391405-8-ardb+git@google.com> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240408064917.3391405-8-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=8342; i=ardb@kernel.org; h=from:subject; bh=EHrz3mjOij5GoEU4xfEVwhiLmC3xoMpMZWvGOsUTksg=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU14ctEdszfHS4ttTyUsElvIKTfBMcfy9JK5WdeZT71gF jrOI/+2o5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEykVobhf2mU38PryvkC6vNy 9Ob2Ob2IOivc/mdurNKUG0Uv0z7olzH8U14kPK2m76LEB6WEs+fYEkQk7ya4c5s9/HrfJeVv/D9 rRgA= X-Mailer: git-send-email 2.44.0.478.gd926399ef9-goog Message-ID: <20240408064917.3391405-12-ardb+git@google.com> Subject: [PATCH -for-stable-v6.6+ 4/6] x86/sme: Move early SME kernel encryption handling into .head.text From: Ard Biesheuvel To: stable@vger.kernel.org Cc: Ard Biesheuvel Content-Type: text/plain; charset="UTF-8" From: Ard Biesheuvel [ Commit 48204aba801f1b512b3abed10b8e1a63e03f3dd1 upstream ] The .head.text section is the initial primary entrypoint of the core kernel, and is entered with the CPU executing from a 1:1 mapping of memory. Such code must never access global variables using absolute references, as these are based on the kernel virtual mapping which is not active yet at this point. Given that the SME startup code is also called from this early execution context, move it into .head.text as well. This will allow more thorough build time checks in the future to ensure that early startup code only uses RIP-relative references to global variables. Also replace some occurrences of __pa_symbol() [which relies on the compiler generating an absolute reference, which is not guaranteed] and an open coded RIP-relative access with RIP_REL_REF(). Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Tested-by: Tom Lendacky Link: https://lore.kernel.org/r/20240227151907.387873-18-ardb+git@google.com Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/mem_encrypt.h | 8 ++-- arch/x86/mm/mem_encrypt_identity.c | 42 ++++++++------------ 2 files changed, 21 insertions(+), 29 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index f4f526984629..76081a34fc23 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -46,8 +46,8 @@ void __init sme_unmap_bootdata(char *real_mode_data); void __init sme_early_init(void); void __init sev_setup_arch(void); -void __init sme_encrypt_kernel(struct boot_params *bp); -void __init sme_enable(struct boot_params *bp); +void sme_encrypt_kernel(struct boot_params *bp); +void sme_enable(struct boot_params *bp); int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size); int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size); @@ -81,8 +81,8 @@ static inline void __init sme_unmap_bootdata(char *real_mode_data) { } static inline void __init sme_early_init(void) { } static inline void __init sev_setup_arch(void) { } -static inline void __init sme_encrypt_kernel(struct boot_params *bp) { } -static inline void __init sme_enable(struct boot_params *bp) { } +static inline void sme_encrypt_kernel(struct boot_params *bp) { } +static inline void sme_enable(struct boot_params *bp) { } static inline void sev_es_init_vc_handling(void) { } diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index d210c7fc8fa2..64b5005d49e5 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -41,6 +41,7 @@ #include #include +#include #include #include #include @@ -94,7 +95,7 @@ struct sme_populate_pgd_data { */ static char sme_workarea[2 * PMD_SIZE] __section(".init.scratch"); -static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) +static void __head sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; pgd_t *pgd_p; @@ -109,7 +110,7 @@ static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) memset(pgd_p, 0, pgd_size); } -static pud_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) +static pud_t __head *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) { pgd_t *pgd; p4d_t *p4d; @@ -146,7 +147,7 @@ static pud_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) return pud; } -static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *ppd) +static void __head sme_populate_pgd_large(struct sme_populate_pgd_data *ppd) { pud_t *pud; pmd_t *pmd; @@ -162,7 +163,7 @@ static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *ppd) set_pmd(pmd, __pmd(ppd->paddr | ppd->pmd_flags)); } -static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) +static void __head sme_populate_pgd(struct sme_populate_pgd_data *ppd) { pud_t *pud; pmd_t *pmd; @@ -188,7 +189,7 @@ static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); } -static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) +static void __head __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd_large(ppd); @@ -198,7 +199,7 @@ static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) } } -static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) +static void __head __sme_map_range_pte(struct sme_populate_pgd_data *ppd) { while (ppd->vaddr < ppd->vaddr_end) { sme_populate_pgd(ppd); @@ -208,7 +209,7 @@ static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) } } -static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, +static void __head __sme_map_range(struct sme_populate_pgd_data *ppd, pmdval_t pmd_flags, pteval_t pte_flags) { unsigned long vaddr_end; @@ -232,22 +233,22 @@ static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, __sme_map_range_pte(ppd); } -static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) +static void __head sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) { __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } -static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) +static void __head sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); } -static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data *ppd) +static void __head sme_map_range_decrypted_wp(struct sme_populate_pgd_data *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); } -static unsigned long __init sme_pgtable_calc(unsigned long len) +static unsigned long __head sme_pgtable_calc(unsigned long len) { unsigned long entries = 0, tables = 0; @@ -284,7 +285,7 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) return entries + tables; } -void __init sme_encrypt_kernel(struct boot_params *bp) +void __head sme_encrypt_kernel(struct boot_params *bp) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; @@ -319,9 +320,8 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * memory from being cached. */ - /* Physical addresses gives us the identity mapped virtual addresses */ - kernel_start = __pa_symbol(_text); - kernel_end = ALIGN(__pa_symbol(_end), PMD_SIZE); + kernel_start = (unsigned long)RIP_REL_REF(_text); + kernel_end = ALIGN((unsigned long)RIP_REL_REF(_end), PMD_SIZE); kernel_len = kernel_end - kernel_start; initrd_start = 0; @@ -338,14 +338,6 @@ void __init sme_encrypt_kernel(struct boot_params *bp) } #endif - /* - * We're running identity mapped, so we must obtain the address to the - * SME encryption workarea using rip-relative addressing. - */ - asm ("lea sme_workarea(%%rip), %0" - : "=r" (workarea_start) - : "p" (sme_workarea)); - /* * Calculate required number of workarea bytes needed: * executable encryption area size: @@ -355,7 +347,7 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * pagetable structures for the encryption of the kernel * pagetable structures for workarea (in case not currently mapped) */ - execute_start = workarea_start; + execute_start = workarea_start = (unsigned long)RIP_REL_REF(sme_workarea); execute_end = execute_start + (PAGE_SIZE * 2) + PMD_SIZE; execute_len = execute_end - execute_start; @@ -498,7 +490,7 @@ void __init sme_encrypt_kernel(struct boot_params *bp) native_write_cr3(__native_read_cr3()); } -void __init sme_enable(struct boot_params *bp) +void __head sme_enable(struct boot_params *bp) { unsigned int eax, ebx, ecx, edx; unsigned long feature_mask; -- 2.44.0.478.gd926399ef9-goog