From patchwork Wed Sep 21 14:54:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608058 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14544ECAAD8 for ; Wed, 21 Sep 2022 14:54:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230054AbiIUOyf (ORCPT ); Wed, 21 Sep 2022 10:54:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43128 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229720AbiIUOyd (ORCPT ); Wed, 21 Sep 2022 10:54:33 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A03D111C; Wed, 21 Sep 2022 07:54:32 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A8950630C8; Wed, 21 Sep 2022 14:54:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40D79C433D6; Wed, 21 Sep 2022 14:54:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772071; bh=qoG8AUDHmOU2I5I4l0QdhUgPfOVgczFVdg4duM/N0ck=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B1KbvWqxAwksjPMHixAS6kKYquLxXXPBc43J7TpVJhEbsguJdEPVp9vtWPVINWHuc 2XBjjCoWHYix3WRVTmKzYwk19DGGKsE7+OUM7QClUrJeYJzBDSKNtIio6f1aRtDC4B +RkfxHlEV92bm9/S/qAA5XAob4okLub67CNW3gdFZ+hJOmrdMExGHVX/RIkYLnJirR ZDEUlOXyJo20Wq0GFL0jrNMcdrw00ob5eMzaAsLRZHdP3/jYzEDQkxme1kODYq8rsG /1oBi8vNUJsstVe/gTQg38clY7VfNoOO8zJmtt8WK6M6STjrE3/sIFo86PNFr8lwQi rlj4kSllZzuAg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 01/16] x86/compressed: efi-mixed: rename efi_thunk_64.S to efi-mixed.S Date: Wed, 21 Sep 2022 16:54:07 +0200 Message-Id: <20220921145422.437618-2-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1568; i=ardb@kernel.org; h=from:subject; bh=qoG8AUDHmOU2I5I4l0QdhUgPfOVgczFVdg4duM/N0ck=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWELtrdLtAR/KkA68TrBETYomSqf5o5QE0faqqd /ugXebaJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslhAAKCRDDTyI5ktmPJCwQDA CozSGlv+5tNXgtL7BiYeb/foFMHqbRay+0Lrn3ezbrxsGqqQd9BnZ9Mhu2OvCMLS6Dft5HZDCHrTa/ uVDfEDz0X3dIXpE/o44GwwAM8gt/4DgvgUDYuIwpAz6w5lSpUvx7dZEAxy3Pa2cQIBHWczD2goKC/6 fectwWEcxmy1uE+C8XQO2w5IS/cJGdR+h9TpQJ+31ciUQHCrgiuBoNlLB8MnqUi1Ecd4hYwgAupqZe Z2CdWsUJYL1iiSXCqhjOaf7b6TxVQ9FJlO6yMBZ/dEGjR3TY/6L41/Yyhwv80HYi9Zc5rSR8q0v1f2 b7A4QqE/50IhtcUzm9KH1x7C1kw3E+ogRg93lEje6DzyY3eazAaGNPCkTq8Qi+x0wAcTrC/T1DwU2v +KViOYEudnxvVOoJVOlo2ZuN6yWbi1OmuObPVUce+iy2TZ7zo6dz2vtjkwtKw+IiAj1XpCr9W6JXqo Wy7Wknuf0lxaPc3ZM5sw7Fn4koe/Xm5q5e7NcEddi/I60= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org In preparation for moving the mixed mode specific code out of head_64.S, rename the existing file to clarify that it contains more than just the mixed mode thunk. While at it, clean up the Makefile rules that add it to the build. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 6 +++--- arch/x86/boot/compressed/{efi_thunk_64.S => efi_mixed.S} | 0 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 35ce1a64068b..d6dbb46696a2 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -107,11 +107,11 @@ endif vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o -vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o -efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a +vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o +vmlinux-objs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a -$(obj)/vmlinux: $(vmlinux-objs-y) $(efi-obj-y) FORCE +$(obj)/vmlinux: $(vmlinux-objs-y) FORCE $(call if_changed,ld) OBJCOPYFLAGS_vmlinux.bin := -R .comment -S diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_mixed.S similarity index 100% rename from arch/x86/boot/compressed/efi_thunk_64.S rename to arch/x86/boot/compressed/efi_mixed.S From patchwork Wed Sep 21 14:54:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608057 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D49BFECAAD8 for ; Wed, 21 Sep 2022 14:54:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230103AbiIUOyk (ORCPT ); Wed, 21 Sep 2022 10:54:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43248 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229718AbiIUOyi (ORCPT ); Wed, 21 Sep 2022 10:54:38 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33113AE6E; Wed, 21 Sep 2022 07:54:36 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id ADAFFB83028; Wed, 21 Sep 2022 14:54:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 86383C433B5; Wed, 21 Sep 2022 14:54:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772073; bh=5V76Xsth0euhhz1QsgMDnrfFoaPcgyyzA5zjmBHSST0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IGZREX0JzehUBdZFbLHBuO+8ZumcoyIPaEJjKhgSfqr5KC6P6Jb91+2EyjX+H/2zj REqs9iOkkS/b7NhxfKoe0SgQFLJhancGTMD2E6oWNY2KHJPDDtpM7qwzyawcRveOjb HopCH44DDZxFkDLAWHntcheLQuLJuu6ocEw4BYQTlYDJ/3RvUQQCYcARaFrMCiz57O A4tAOiHKduk7ykULICr3nphkeWQHyqUTwooi6Xgr1VSD51SAdTtJSF6BgV47UfoyW6 x+Qdvgfk1lvioLA7ahO0RPCaBemTW7Gg+Xl0AdYk2/LMu8P1IdAcF2RR+pjw6Auf9W gRf5YOMq2z72w== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 02/16] x86/compressed: efi-mixed: move 32-bit entrypoint code into .text section Date: Wed, 21 Sep 2022 16:54:08 +0200 Message-Id: <20220921145422.437618-3-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2148; i=ardb@kernel.org; h=from:subject; bh=5V76Xsth0euhhz1QsgMDnrfFoaPcgyyzA5zjmBHSST0=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWGnPukk4waMSCu0HVqcFUn8kLOxKo4Gy9c8qZx ydwjOiiJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslhgAKCRDDTyI5ktmPJKmUC/ 0QiVgehXCkiHIq44VgWErny0BR4Q0khljnRiqzWqAJOGiyWsDSlEHAtB+8uDc+IlFelxvTHi+JtOp3 3iqafseDNfQsyqfhnvQHQQ/kCR8iC5Dm/4nRHiZHq0iDEceUGi4rVzCkQb61UTUy4sy3cc+aZvXJ42 y7tqRCO6LHu1NMhETQfGw4jXtypMId2UNfckHGwwlhJ8lROl/Ibh23aw7kQ1uLQtH6L636jpBE6e9f 3vwnLG1MkcYFbhqstBZUmWX809AGsHVryr+hoBt00sHBgjh0RZCyYQoxCjJ4DZUg9Ynk6931u0ChPD A9iKMno/g0QOumoBrhcOnA9ZuWn76cFvL9KvPN4r2yPZ80J9VaiLguzGBJhdQ91W4fQJX233mH/KlZ KCXmnGUjpacZOnVISgMbrMuHEEHQ4aEOjQzRBhAYqEfCh3gN+FUCSqUXaIrbLBK5Ij1yJPQiG1dUN3 jRYa4LvppmzoHy62OvqgFmSRLTsjEwljXgwtCWwDnTydE= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Move the code that stores the arguments passed to the EFI entrypoint into the .text section, so that it can be moved into a separate compilation unit in a subsequent patch. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 34 ++++++++++++-------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index d33f060900d2..1ba2fc2357e6 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -303,24 +303,28 @@ SYM_FUNC_START(efi32_stub_entry) popl %ecx popl %edx popl %esi + jmp efi32_entry +SYM_FUNC_END(efi32_stub_entry) + .text +SYM_FUNC_START_LOCAL(efi32_entry) call 1f -1: pop %ebp - subl $ rva(1b), %ebp - - movl %esi, rva(efi32_boot_args+8)(%ebp) -SYM_INNER_LABEL(efi32_pe_stub_entry, SYM_L_LOCAL) - movl %ecx, rva(efi32_boot_args)(%ebp) - movl %edx, rva(efi32_boot_args+4)(%ebp) - movb $0, rva(efi_is64)(%ebp) +1: pop %ebx /* Save firmware GDTR and code/data selectors */ - sgdtl rva(efi32_boot_gdt)(%ebp) - movw %cs, rva(efi32_boot_cs)(%ebp) - movw %ds, rva(efi32_boot_ds)(%ebp) + sgdtl (efi32_boot_gdt - 1b)(%ebx) + movw %cs, (efi32_boot_cs - 1b)(%ebx) + movw %ds, (efi32_boot_ds - 1b)(%ebx) /* Store firmware IDT descriptor */ - sidtl rva(efi32_boot_idt)(%ebp) + sidtl (efi32_boot_idt - 1b)(%ebx) + + /* Store boot arguments */ + leal (efi32_boot_args - 1b)(%ebx), %ebx + movl %ecx, 0(%ebx) + movl %edx, 4(%ebx) + movl %esi, 8(%ebx) + movb $0x0, 12(%ebx) // efi_is64 /* Disable paging */ movl %cr0, %eax @@ -328,7 +332,8 @@ SYM_INNER_LABEL(efi32_pe_stub_entry, SYM_L_LOCAL) movl %eax, %cr0 jmp startup_32 -SYM_FUNC_END(efi32_stub_entry) +SYM_FUNC_END(efi32_entry) + __HEAD #endif .code64 @@ -831,7 +836,8 @@ SYM_FUNC_START(efi32_pe_entry) */ subl %esi, %ebx movl %ebx, rva(image_offset)(%ebp) // save image_offset - jmp efi32_pe_stub_entry + xorl %esi, %esi + jmp efi32_entry 2: popl %edi // restore callee-save registers popl %ebx From patchwork Wed Sep 21 14:54:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608415 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9291ECAAD8 for ; Wed, 21 Sep 2022 14:54:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230177AbiIUOys (ORCPT ); Wed, 21 Sep 2022 10:54:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230098AbiIUOyk (ORCPT ); Wed, 21 Sep 2022 10:54:40 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 848FE64CA; Wed, 21 Sep 2022 07:54:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E0DD4B82FFB; Wed, 21 Sep 2022 14:54:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CCD05C43470; Wed, 21 Sep 2022 14:54:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772075; bh=f4hAaP+nZQiGjfEdHOfloyDSCBg7MiQpQpgjB8eSSLU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qx9uT5gdNAZ+8XcoMzrMKWSAxEYyRB4B05jTvbm2uNa+xui/lTdSXF7GX2N+QE2Nv rlNtBzUgbF1wE249SbfGb/sTZTwWyZlwPLt2WalBpsbchtLRIPjrADCNTUM0b3Dc+8 SGJFeMGzNj7m5nAImxr5HUdUqbONIZ/rlfdL8L0Vma4XNYL56ovesZtVVxZoSSQvVF eW+5PgrZt1yIXnJWCHeVeWuB7M3AusvsnO801MCiS2ghe+33qldA0k1EXGLuRtuZJP SwDTHEk1bHMBljSqxwglw8Gov6nisAvPOXSjUFZxqrJYteOJjn83WBAukIBigv+ziO H9o+eeqFTRKYA== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 03/16] x86/compressed: efi-mixed: move bootargs parsing out of 32-bit startup code Date: Wed, 21 Sep 2022 16:54:09 +0200 Message-Id: <20220921145422.437618-4-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4615; i=ardb@kernel.org; h=from:subject; bh=f4hAaP+nZQiGjfEdHOfloyDSCBg7MiQpQpgjB8eSSLU=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWHvdK1Lg7oMDR8exKa/vsM1svazbixC/Fq3jBe 9YXmSZeJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslhwAKCRDDTyI5ktmPJI8sDA CV2vV5iKwTQSd3XuGdHUY3eNptgd3hcn7rkx9I5PiI/RkRGuE21kgPg6OGcWgwQSL1kYjR7AxVKulD nU8x7L3wXd0By0CUqGqpxKCHX2Bg6R31HGjp7a9SPxNOnU5LRjPBiQ61IVgvFq8kKDsMCOrArnq8dY 7hdwOAXpwf30+QtJhAS3vE8BdQw9dbn8jeC2YpyI0hqkgwNPXBYKY+P4whsqlHxdtZyIXdAs8liTHD nbBn4OgagUSlgPsmVokLzEsQBe4QSjbd+Set1C/8EV5bNK0Sbjy/CdCdHy78leCaWgoGdvEULYdYh+ MIbsdcTfoYZ7H+4yFe+qz/dpJ3UBg/f5CHe5i/L2qqaRyXAn+eepLsqiCL74JjuncQSY/ok7RjVGWH 4q9j91L1uiiwO6VhbXbaAJ5da4750Y4wUk8rD5lmhlil/FqETbKf0X+GXU27ZEyF5M5lyKVuiekRJ7 Hz6qtIErrWzhNQRIYDIE0atcmhj1BqlhYzsoHTsr9V+so= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Move the logic that chooses between the different EFI entrypoints out of the 32-bit boot path, and into a 64-bit helper that can perform the same task much more cleanly. While at it, document the mixed mode boot flow in a code comment. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 43 ++++++++++++++++++++ arch/x86/boot/compressed/head_64.S | 24 ++--------- 2 files changed, 47 insertions(+), 20 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index 67e7edcdfea8..77e77c3ea393 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -22,6 +22,49 @@ .code64 .text +/* + * When booting in 64-bit mode on 32-bit EFI firmware, startup_64_mixedmode() + * is the first thing that runs after switching to long mode. Depending on + * whether the EFI handover protocol or the compat entry point was used to + * enter the kernel, it will either branch to the 64-bit EFI handover + * entrypoint at offset 0x390 in the image, or to the 64-bit EFI PE/COFF + * entrypoint efi_pe_entry(). In the former case, the bootloader must provide a + * struct bootparams pointer as the third argument, so the presence of such a + * pointer is used to disambiguate. + * + * +--------------+ + * +------------------+ +------------+ +------>| efi_pe_entry | + * | efi32_pe_entry |---->| | | +-----------+--+ + * +------------------+ | | +------+---------------+ | + * | startup_32 |---->| startup_64_mixedmode | | + * +------------------+ | | +------+---------------+ V + * | efi32_stub_entry |---->| | | +------------------+ + * +------------------+ +------------+ +---->| efi64_stub_entry | + * +-------------+----+ + * +------------+ +----------+ | + * | startup_64 |<----| efi_main |<--------------+ + * +------------+ +----------+ + */ +SYM_FUNC_START(startup_64_mixedmode) + lea efi32_boot_args(%rip), %rdx + mov 0(%rdx), %edi + mov 4(%rdx), %esi + mov 8(%rdx), %edx // saved bootparams pointer + test %edx, %edx + jnz efi64_stub_entry + /* + * efi_pe_entry uses MS calling convention, which requires 32 bytes of + * shadow space on the stack even if all arguments are passed in + * registers. We also need an additional 8 bytes for the space that + * would be occupied by the return address, and this also results in + * the correct stack alignment for entry. + */ + sub $40, %rsp + mov %rdi, %rcx // MS calling convention + mov %rsi, %rdx + jmp efi_pe_entry +SYM_FUNC_END(startup_64_mixedmode) + SYM_FUNC_START(__efi64_thunk) push %rbp push %rbx diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 1ba2fc2357e6..b51f0e107c2e 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -261,25 +261,9 @@ SYM_FUNC_START(startup_32) */ leal rva(startup_64)(%ebp), %eax #ifdef CONFIG_EFI_MIXED - movl rva(efi32_boot_args)(%ebp), %edi - testl %edi, %edi - jz 1f - leal rva(efi64_stub_entry)(%ebp), %eax - movl rva(efi32_boot_args+4)(%ebp), %esi - movl rva(efi32_boot_args+8)(%ebp), %edx // saved bootparams pointer - testl %edx, %edx - jnz 1f - /* - * efi_pe_entry uses MS calling convention, which requires 32 bytes of - * shadow space on the stack even if all arguments are passed in - * registers. We also need an additional 8 bytes for the space that - * would be occupied by the return address, and this also results in - * the correct stack alignment for entry. - */ - subl $40, %esp - leal rva(efi_pe_entry)(%ebp), %eax - movl %edi, %ecx // MS calling convention - movl %esi, %edx + cmpb $1, rva(efi_is64)(%ebp) + je 1f + leal rva(startup_64_mixedmode)(%ebp), %eax 1: #endif /* Check if the C-bit position is correct when SEV is active */ @@ -766,7 +750,7 @@ SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) SYM_DATA(image_offset, .long 0) #endif #ifdef CONFIG_EFI_MIXED -SYM_DATA_LOCAL(efi32_boot_args, .long 0, 0, 0) +SYM_DATA(efi32_boot_args, .long 0, 0, 0) SYM_DATA(efi_is64, .byte 1) #define ST32_boottime 60 // offsetof(efi_system_table_32_t, boottime) From patchwork Wed Sep 21 14:54:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608414 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BE2EC6FA82 for ; Wed, 21 Sep 2022 14:55:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230174AbiIUOzD (ORCPT ); Wed, 21 Sep 2022 10:55:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230137AbiIUOys (ORCPT ); Wed, 21 Sep 2022 10:54:48 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F9FC1A07A; Wed, 21 Sep 2022 07:54:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id A0365CE1D79; Wed, 21 Sep 2022 14:54:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1E0B3C433D6; Wed, 21 Sep 2022 14:54:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772077; bh=o0vOap9iIN4E2+BoQRyEvyx6kjfq+JQHm6p7vOAdphQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CydRzpRM6uWJd794U0eoO1hyIAmaszkW0nCLn8rZFPMBDK+BVKUQoET6lHBsdDuN9 9EtzHt9Odwdgy7nIxKPuDvBFLkCOIiuc8GCrICH7/Yys1pPdD5B7uoWP2Iw3lK8cfE lbhIbWJHUv9t+z72QEP34my90cIsZss1+MSDu3MPnu/q5VpPNSnr0KmJBwJbFCsAVn iNP45aQYeMQ7eikKvy6NOhXVu3OrEfIDH8fBf5iJ34J+0TB6qMYrL/+3nzjtS25X7T GWkk7P7mgvs/IpY7SV0YPhuzqbDWJX7F8KBTlbgQ3o+nD71ywHTPz8IZhCTuewjRJm +k8h9IvkAMzKg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 04/16] x86/compressed: efi-mixed: move efi32_pe_entry into .text section Date: Wed, 21 Sep 2022 16:54:10 +0200 Message-Id: <20220921145422.437618-5-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1945; i=ardb@kernel.org; h=from:subject; bh=o0vOap9iIN4E2+BoQRyEvyx6kjfq+JQHm6p7vOAdphQ=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWJixTl48qDMM2yLff5o3nACI0mWOfouqzJ3uNp AsZzdvqJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYysliQAKCRDDTyI5ktmPJN8lC/ 0a/BUrkVxZiA1BltDvFqMgNFWU+KA2Ek0RXT/49vnQGfCZknlrv5MnPH8Q1BkGjhyYsFLJSffyaKTY wWKyVqmoXZ92uruEvWcxH6eaWCRP5CBTbBRcb/uxP5Uvt5bomfzc6cmLV7Dczqi/C9FkrOk3+LvHfV 8nOb3O7Af56X6pOcUDrxTdoxAQRJu6BV8goclbK5+OT45J1M3lCetieTMXDK/Kc+ZfRhH0pmkIRM6r KZhgv98EhSXO62U7AkUbN4JshSNPS8ig4Oe8UmUdSQaQuai+4Yl2xjLl4HDuM58DICT/A6yoY+91XI A1IzFi6ojQEsYhezOeUyXs+V0YeEoPNW19w8UcMFZOSV1Rws/pqVARNiD5maIHFDIB0sLmRTqRw8nV i+fYaUeGeVqm1Mr4pteDXtfKRaHlIvQEiB9Glmyb52gKBz5pwnFuqSx6b94aCmAnM6ltrpcI8cwhVh 3MewTsqtSoZUP1sVRlaX7GQgyR+ahpl/qvFk93AyQ8IFg= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Move efi32_pe_entry() into the .text section, so that it can be moved out of head_64.S and into a separate compilation unit in a subsequent patch. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index b51f0e107c2e..9ae6ddccd3ef 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -757,7 +757,7 @@ SYM_DATA(efi_is64, .byte 1) #define BS32_handle_protocol 88 // offsetof(efi_boot_services_32_t, handle_protocol) #define LI32_image_base 32 // offsetof(efi_loaded_image_32_t, image_base) - __HEAD + .text .code32 SYM_FUNC_START(efi32_pe_entry) /* @@ -779,12 +779,11 @@ SYM_FUNC_START(efi32_pe_entry) call 1f 1: pop %ebx - subl $ rva(1b), %ebx /* Get the loaded image protocol pointer from the image handle */ leal -4(%ebp), %eax pushl %eax // &loaded_image - leal rva(loaded_image_proto)(%ebx), %eax + leal (loaded_image_proto - 1b)(%ebx), %eax pushl %eax // pass the GUID address pushl 8(%ebp) // pass the image handle @@ -813,13 +812,13 @@ SYM_FUNC_START(efi32_pe_entry) movl 12(%ebp), %edx // sys_table movl -4(%ebp), %esi // loaded_image movl LI32_image_base(%esi), %esi // loaded_image->image_base - movl %ebx, %ebp // startup_32 for efi32_pe_stub_entry + leal (startup_32 - 1b)(%ebx), %ebp // runtime address of startup_32 /* * We need to set the image_offset variable here since startup_32() will * use it before we get to the 64-bit efi_pe_entry() in C code. */ - subl %esi, %ebx - movl %ebx, rva(image_offset)(%ebp) // save image_offset + subl %esi, %ebp // calculate image_offset + movl %ebp, (image_offset - 1b)(%ebx) // save image_offset xorl %esi, %esi jmp efi32_entry From patchwork Wed Sep 21 14:54:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608056 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AA66C6FA82 for ; Wed, 21 Sep 2022 14:54:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230110AbiIUOyw (ORCPT ); Wed, 21 Sep 2022 10:54:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230116AbiIUOyn (ORCPT ); Wed, 21 Sep 2022 10:54:43 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 381422AFC; Wed, 21 Sep 2022 07:54:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C69F3630CF; Wed, 21 Sep 2022 14:54:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63092C433B5; Wed, 21 Sep 2022 14:54:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772080; bh=hjePMKZyCOenQTSHV4pGP5IYB9bZ4b3la+cxQPIBsrY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eOGQpxsG98m6Fox2F5dU2wuSzf0M6XmV8Ilp83LqMUqc9w2xhZMr5nojVmeWH47ea XJzRdKCfW+MYXDzQPjPIXnXz8aNprXJhaW2VvzC6dPNmQ/wTfpoj4C7guudElhgfUA I0JCUIHPtLF3OAneuP4KxLdhLAAZ9JC6jaETXIWj9XMXwJ8+zgg78q8Ui5arFrh22x t7bnu7XmktKlhaVFY2l/FdX6VoT7VpR1a9gp/f6H7LkeuJ3XUHhjU3q5CTFqcBNCZX u4VaOu1nepHFRLEknOOgPgotPMESUvtQly/bAXdeSaXlRj1b+eW29c9zM1Dv3KBZr1 t/HX77vUxcVhA== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 05/16] x86/compressed: efi-mixed: move efi32_entry out of head_64.S Date: Wed, 21 Sep 2022 16:54:11 +0200 Message-Id: <20220921145422.437618-6-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3927; i=ardb@kernel.org; h=from:subject; bh=hjePMKZyCOenQTSHV4pGP5IYB9bZ4b3la+cxQPIBsrY=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWLVXF3ze3IV/DZKGamQFIJQTrLYmFVZTd1mPTv UeKZFKyJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYysliwAKCRDDTyI5ktmPJKjNC/ 9QxC+Hyf23IsALZspJ4N4tYNyyXNS/9AJ9F84+vyLnuSO4wk7quDdWvjKBH4rfsgTnQhci8jd5PY/L oXK7dVE4Hy60kRq0PzMjR84XkIuXFb3BKIr7o7a3CZcQXBI1PCfgpX57sfdgCMovbqDgM6X28FrOSt LZ1ZZOp719f3ZE5XfxG8xDH3XGeYz2WKSPODWihkCkp3jr5elPIhNapebM60x6zZEqKD6TmDxvsJ0g BOY5L4xvT4xKTV5+pFbylST3+QAMoXWruIrrYC2pAUmVZ7Co821SupIANUX8yh090aRZ9qTa4LCxv8 dlD6AUjg9ysEgBrVWAx2sGa6mwUs7uuDfFeJACB7vFlBrWRC0+fyPj1/ITX5/Q9obt5wg+BPq/e+bg s4zR68NBvQkdscFT3uu++fAzB5Sn46EWKo8q1p56R4QEs0jEligSU+hrD8+HwajnaSIJN7XsD8WTTO KXQTTOo3eieCtdRK5kbbUQTHjyX/Fk+mILFBfPZMxy1X4= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Move the efi32_entry() routine out of head_64.S and into efi-mixed.S, which reduces clutter in the complicated startup routines. It also permits linkage of some symbols used by code to be made local. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 44 +++++++++++++++----- arch/x86/boot/compressed/head_64.S | 32 -------------- 2 files changed, 34 insertions(+), 42 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index 77e77c3ea393..5007a44cd966 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -105,7 +105,7 @@ SYM_FUNC_START(__efi64_thunk) /* * Switch to IDT and GDT with 32-bit segments. This is the firmware GDT * and IDT that was installed when the kernel started executing. The - * pointers were saved at the EFI stub entry point in head_64.S. + * pointers were saved by the efi32_entry() routine below. * * Pass the saved DS selector to the 32-bit code, and use far return to * restore the saved CS selector. @@ -217,22 +217,46 @@ SYM_FUNC_START_LOCAL(efi_enter32) lret SYM_FUNC_END(efi_enter32) +SYM_FUNC_START(efi32_entry) + call 1f +1: pop %ebx + + /* Save firmware GDTR and code/data selectors */ + sgdtl (efi32_boot_gdt - 1b)(%ebx) + movw %cs, (efi32_boot_cs - 1b)(%ebx) + movw %ds, (efi32_boot_ds - 1b)(%ebx) + + /* Store firmware IDT descriptor */ + sidtl (efi32_boot_idt - 1b)(%ebx) + + /* Store boot arguments */ + leal (efi32_boot_args - 1b)(%ebx), %ebx + movl %ecx, 0(%ebx) + movl %edx, 4(%ebx) + movl %esi, 8(%ebx) + movb $0x0, 12(%ebx) // efi_is64 + + /* Disable paging */ + movl %cr0, %eax + btrl $X86_CR0_PG_BIT, %eax + movl %eax, %cr0 + + jmp startup_32 +SYM_FUNC_END(efi32_entry) + .data .balign 8 -SYM_DATA_START(efi32_boot_gdt) +SYM_DATA_START_LOCAL(efi32_boot_gdt) .word 0 .quad 0 SYM_DATA_END(efi32_boot_gdt) -SYM_DATA_START(efi32_boot_idt) +SYM_DATA_START_LOCAL(efi32_boot_idt) .word 0 .quad 0 SYM_DATA_END(efi32_boot_idt) -SYM_DATA_START(efi32_boot_cs) - .word 0 -SYM_DATA_END(efi32_boot_cs) - -SYM_DATA_START(efi32_boot_ds) - .word 0 -SYM_DATA_END(efi32_boot_ds) +SYM_DATA_LOCAL(efi32_boot_cs, .word 0) +SYM_DATA_LOCAL(efi32_boot_ds, .word 0) +SYM_DATA_LOCAL(efi32_boot_args, .long 0, 0, 0) +SYM_DATA(efi_is64, .byte 1) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 9ae6ddccd3ef..be95d5685717 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -289,35 +289,6 @@ SYM_FUNC_START(efi32_stub_entry) popl %esi jmp efi32_entry SYM_FUNC_END(efi32_stub_entry) - - .text -SYM_FUNC_START_LOCAL(efi32_entry) - call 1f -1: pop %ebx - - /* Save firmware GDTR and code/data selectors */ - sgdtl (efi32_boot_gdt - 1b)(%ebx) - movw %cs, (efi32_boot_cs - 1b)(%ebx) - movw %ds, (efi32_boot_ds - 1b)(%ebx) - - /* Store firmware IDT descriptor */ - sidtl (efi32_boot_idt - 1b)(%ebx) - - /* Store boot arguments */ - leal (efi32_boot_args - 1b)(%ebx), %ebx - movl %ecx, 0(%ebx) - movl %edx, 4(%ebx) - movl %esi, 8(%ebx) - movb $0x0, 12(%ebx) // efi_is64 - - /* Disable paging */ - movl %cr0, %eax - btrl $X86_CR0_PG_BIT, %eax - movl %eax, %cr0 - - jmp startup_32 -SYM_FUNC_END(efi32_entry) - __HEAD #endif .code64 @@ -750,9 +721,6 @@ SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) SYM_DATA(image_offset, .long 0) #endif #ifdef CONFIG_EFI_MIXED -SYM_DATA(efi32_boot_args, .long 0, 0, 0) -SYM_DATA(efi_is64, .byte 1) - #define ST32_boottime 60 // offsetof(efi_system_table_32_t, boottime) #define BS32_handle_protocol 88 // offsetof(efi_boot_services_32_t, handle_protocol) #define LI32_image_base 32 // offsetof(efi_loaded_image_32_t, image_base) From patchwork Wed Sep 21 14:54:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608055 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48F08ECAAD8 for ; Wed, 21 Sep 2022 14:55:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230326AbiIUOzJ (ORCPT ); Wed, 21 Sep 2022 10:55:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230204AbiIUOyt (ORCPT ); Wed, 21 Sep 2022 10:54:49 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0746621274; Wed, 21 Sep 2022 07:54:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 13904CE1D9A; Wed, 21 Sep 2022 14:54:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A8D8FC43470; Wed, 21 Sep 2022 14:54:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772082; bh=NK01Ptc0Knri4fwSSxLTZJDwNsU8cyDPzfvm17IQIMA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NKIvydovmE+HTQL6rh7YDVbwepaQGLFvsTTPsIbyXoq6tIujsKAQskYJm69/+2P+i rwUCrqZ8Hi+SLxbnyLKAEjde+CxPvTu/i/cswT2L+9UXb9KYO2VmnZi/qGL+1R7xQz jSa9K/tV0YscEdSHfQtdqbzPfXDVGnolGY29hHCSXADeFrlQWF5hJvaE6m7dIHq1z/ BiLEbHNYuxsX2fsmWUSUwDBIn/v67wMFuzvGSWqKv8E7V7Q5HR48w7PrFzyMz06RJi 9qvb/YgOR4aT/DPcmP2Pw1CniwsV7PTWUR+ifJ667ZsSeCj/MMNTX+D5SvbINWWpq0 de7kenMpa2v8w== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 06/16] x86/compressed: efi-mixed: move efi32_pe_entry() out of head_64.S Date: Wed, 21 Sep 2022 16:54:12 +0200 Message-Id: <20220921145422.437618-7-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=6576; i=ardb@kernel.org; h=from:subject; bh=NK01Ptc0Knri4fwSSxLTZJDwNsU8cyDPzfvm17IQIMA=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWNuDyGXEdoWMwh7dkHdqw1aCMN9m22aDQW5bnh 1cHq00SJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYysljQAKCRDDTyI5ktmPJKA2C/ 4rPM9OTTMPG29oXbepy6QAATfyQS8V2f8xbll8wz94P7OKOjrOZqlO89XMqpTslRIktV3A5i8ev4tA /Vpn70D4OQTUqlNJijM/VQvVSShS7qbgBnUaEbeWQtrvmXtO2ENOFwZFXWgVcVW9H/BmUJpVUncWRx Q5gpMzE2KxHqkc8QtcyGcJ0njpJ63Vkz9dF/mKFJT/Ar91ybY3VZB1dA3njq4dVAd/iB+QWij5zv2/ P7ltrzEo2dKFXu32lE0viunoGIATlK8oHdZ7yLUUe+r5yprMv7PdFhKoOWUocStVJS+PcDczFewxy3 XP/pnK4LbhCDrj/5RaNEX/h3OMqTrUa0dV90AgP+QyKLzc/DXu2f0PWMG7By9dkH0pVZw+BHiJtU9v INviqX7LRLLIC0G8rVFotr9NUWV1YuHPjSO9eYlSUtzEMgPlDc+dQT/2MnIXYFtjIItFr/9sw8LRSU nNIQIIS6cVYSWVH0JbVxc13y840Db9KH3RCYzh5nEnWv0= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Move the implementation of efi32_pe_entry() into efi-mixed.S, which is a more suitable location that only gets built if EFI mixed mode is actually enabled. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 81 ++++++++++++++++++ arch/x86/boot/compressed/head_64.S | 86 +------------------- 2 files changed, 82 insertions(+), 85 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index 5007a44cd966..838514f7685a 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -244,6 +244,87 @@ SYM_FUNC_START(efi32_entry) jmp startup_32 SYM_FUNC_END(efi32_entry) +#define ST32_boottime 60 // offsetof(efi_system_table_32_t, boottime) +#define BS32_handle_protocol 88 // offsetof(efi_boot_services_32_t, handle_protocol) +#define LI32_image_base 32 // offsetof(efi_loaded_image_32_t, image_base) + +/* + * efi_status_t efi32_pe_entry(efi_handle_t image_handle, + * efi_system_table_32_t *sys_table) + */ +SYM_FUNC_START(efi32_pe_entry) + pushl %ebp + movl %esp, %ebp + pushl %eax // dummy push to allocate loaded_image + + pushl %ebx // save callee-save registers + pushl %edi + + call verify_cpu // check for long mode support + testl %eax, %eax + movl $0x80000003, %eax // EFI_UNSUPPORTED + jnz 2f + + call 1f +1: pop %ebx + + /* Get the loaded image protocol pointer from the image handle */ + leal -4(%ebp), %eax + pushl %eax // &loaded_image + leal (loaded_image_proto - 1b)(%ebx), %eax + pushl %eax // pass the GUID address + pushl 8(%ebp) // pass the image handle + + /* + * Note the alignment of the stack frame. + * sys_table + * handle <-- 16-byte aligned on entry by ABI + * return address + * frame pointer + * loaded_image <-- local variable + * saved %ebx <-- 16-byte aligned here + * saved %edi + * &loaded_image + * &loaded_image_proto + * handle <-- 16-byte aligned for call to handle_protocol + */ + + movl 12(%ebp), %eax // sys_table + movl ST32_boottime(%eax), %eax // sys_table->boottime + call *BS32_handle_protocol(%eax) // sys_table->boottime->handle_protocol + addl $12, %esp // restore argument space + testl %eax, %eax + jnz 2f + + movl 8(%ebp), %ecx // image_handle + movl 12(%ebp), %edx // sys_table + movl -4(%ebp), %esi // loaded_image + movl LI32_image_base(%esi), %esi // loaded_image->image_base + leal (startup_32 - 1b)(%ebx), %ebp // runtime address of startup_32 + /* + * We need to set the image_offset variable here since startup_32() will + * use it before we get to the 64-bit efi_pe_entry() in C code. + */ + subl %esi, %ebp // calculate image_offset + movl %ebp, (image_offset - 1b)(%ebx) // save image_offset + xorl %esi, %esi + jmp efi32_entry + +2: popl %edi // restore callee-save registers + popl %ebx + leave + RET +SYM_FUNC_END(efi32_pe_entry) + + .section ".rodata" + /* EFI loaded image protocol GUID */ + .balign 4 +SYM_DATA_START_LOCAL(loaded_image_proto) + .long 0x5b1b31a1 + .word 0x9562, 0x11d2 + .byte 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b +SYM_DATA_END(loaded_image_proto) + .data .balign 8 SYM_DATA_START_LOCAL(efi32_boot_gdt) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index be95d5685717..8da2396a35a8 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -673,6 +673,7 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lno_longmode) jmp 1b SYM_FUNC_END(.Lno_longmode) + .globl verify_cpu #include "../../kernel/verify_cpu.S" .data @@ -720,91 +721,6 @@ SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) #ifdef CONFIG_EFI_STUB SYM_DATA(image_offset, .long 0) #endif -#ifdef CONFIG_EFI_MIXED -#define ST32_boottime 60 // offsetof(efi_system_table_32_t, boottime) -#define BS32_handle_protocol 88 // offsetof(efi_boot_services_32_t, handle_protocol) -#define LI32_image_base 32 // offsetof(efi_loaded_image_32_t, image_base) - - .text - .code32 -SYM_FUNC_START(efi32_pe_entry) -/* - * efi_status_t efi32_pe_entry(efi_handle_t image_handle, - * efi_system_table_32_t *sys_table) - */ - - pushl %ebp - movl %esp, %ebp - pushl %eax // dummy push to allocate loaded_image - - pushl %ebx // save callee-save registers - pushl %edi - - call verify_cpu // check for long mode support - testl %eax, %eax - movl $0x80000003, %eax // EFI_UNSUPPORTED - jnz 2f - - call 1f -1: pop %ebx - - /* Get the loaded image protocol pointer from the image handle */ - leal -4(%ebp), %eax - pushl %eax // &loaded_image - leal (loaded_image_proto - 1b)(%ebx), %eax - pushl %eax // pass the GUID address - pushl 8(%ebp) // pass the image handle - - /* - * Note the alignment of the stack frame. - * sys_table - * handle <-- 16-byte aligned on entry by ABI - * return address - * frame pointer - * loaded_image <-- local variable - * saved %ebx <-- 16-byte aligned here - * saved %edi - * &loaded_image - * &loaded_image_proto - * handle <-- 16-byte aligned for call to handle_protocol - */ - - movl 12(%ebp), %eax // sys_table - movl ST32_boottime(%eax), %eax // sys_table->boottime - call *BS32_handle_protocol(%eax) // sys_table->boottime->handle_protocol - addl $12, %esp // restore argument space - testl %eax, %eax - jnz 2f - - movl 8(%ebp), %ecx // image_handle - movl 12(%ebp), %edx // sys_table - movl -4(%ebp), %esi // loaded_image - movl LI32_image_base(%esi), %esi // loaded_image->image_base - leal (startup_32 - 1b)(%ebx), %ebp // runtime address of startup_32 - /* - * We need to set the image_offset variable here since startup_32() will - * use it before we get to the 64-bit efi_pe_entry() in C code. - */ - subl %esi, %ebp // calculate image_offset - movl %ebp, (image_offset - 1b)(%ebx) // save image_offset - xorl %esi, %esi - jmp efi32_entry - -2: popl %edi // restore callee-save registers - popl %ebx - leave - RET -SYM_FUNC_END(efi32_pe_entry) - - .section ".rodata" - /* EFI loaded image protocol GUID */ - .balign 4 -SYM_DATA_START_LOCAL(loaded_image_proto) - .long 0x5b1b31a1 - .word 0x9562, 0x11d2 - .byte 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b -SYM_DATA_END(loaded_image_proto) -#endif #ifdef CONFIG_AMD_MEM_ENCRYPT __HEAD From patchwork Wed Sep 21 14:54:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608413 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97730C6FA82 for ; Wed, 21 Sep 2022 14:55:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230205AbiIUOzM (ORCPT ); Wed, 21 Sep 2022 10:55:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230212AbiIUOyu (ORCPT ); Wed, 21 Sep 2022 10:54:50 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 073A121240; Wed, 21 Sep 2022 07:54:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5987D630C3; Wed, 21 Sep 2022 14:54:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EE108C433C1; Wed, 21 Sep 2022 14:54:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772084; bh=uI/n1D/cboZT1jrtlffhHbdFUWjlSPDxuGUAYiDSWp0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Aofb6ZGc0NlP1mav4bY9tR+fAre3QiyThbzf/mqFTKExtrXUeoGD7+iOb876HLx4u whVKqCt63R9muN9kh9i6hbsZiWcXwHn9dIIQ5TfDouq4PN5qBFuqZtOhE6Cp8z8pqQ ei7/PGwFAdwpOEzOr/vP+sTVvlAO2AfgQslUViNPYpQeILnhZNnF/smCKYyRWLZf4P 4cni3MO3SyYbIRwogTBzP2X5H25kdqRhUeU7OW4w7cxu+qsQDckZkCUNGzGTuyiREe dNMBYdUDvrerh0ySBjQhA2C7aNxfStDuOGO5mn5JN8e0RJ0V0DlrcmDAOBQ+rL+Rwp I0Lrt1Rc6hGHA== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 07/16] x86/compressed: efi: merge multiple definitions of image_offset into one Date: Wed, 21 Sep 2022 16:54:13 +0200 Message-Id: <20220921145422.437618-8-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1844; i=ardb@kernel.org; h=from:subject; bh=uI/n1D/cboZT1jrtlffhHbdFUWjlSPDxuGUAYiDSWp0=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWOkJsMuTut8aXD0VKY/3aaMzcCi2kAHJoYZMSc ha/CFGOJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYysljgAKCRDDTyI5ktmPJB4xDA CilFP5qGKXtfvEdsj3hI9ZDF/Xc5Rxk+VVdUnxCFKtG0MyYI0gMNV1SGoczAStX6FAp4v0f9JGZheJ bP3cUyrmNVRKaO6bvsSPoIH151T7POy9KzKk9N/LbAjESZndTao6zA2qo2/cZ8fagS8zKgcCjvsOb7 xIex3Gt8tjdRdY5qn+zkfxnvPmBcZNc5CHMMzJ9sysX+22psqDD8DDxtnXm3CRKeg9GA1hbnzJK99a w9uWo6z385p4KxlXYiJ0PVx/m80FmOBxrdRWTQkhiWd3Met2KBhd+8kYXtnyFwMUT2Cu6IcJXdQL9O iGqyYCpodRbKcFgChbJer1E/7lzgcY5EatNZE+8QTzQipx8vTu3Max4j/ZS0PPSDT15oPmLnZj1y5q 8/jexT19dIorbhARwslSJS2+iikvbpGfHcMbsC273DH1Z2huNKr7RRx0slLZJ6rmqnEQUOO6IzvpE9 gqNe8BzWJWYJKkuLq13Vd+AQVbW7ss9iJMlhXJIGFUdAw= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org There is no need for head_32.S and head_64.S both declaring a copy of the globale 'image_offset' variable, so drop those and make the extern C declaration the definition. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_32.S | 4 ---- arch/x86/boot/compressed/head_64.S | 4 ---- drivers/firmware/efi/libstub/x86-stub.c | 2 +- 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 3b354eb9516d..6589ddd4cfaf 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -208,10 +208,6 @@ SYM_DATA_START_LOCAL(gdt) .quad 0x00cf92000000ffff /* __KERNEL_DS */ SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end) -#ifdef CONFIG_EFI_STUB -SYM_DATA(image_offset, .long 0) -#endif - /* * Stack and heap for uncompression */ diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 8da2396a35a8..90b119fbef58 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -718,10 +718,6 @@ SYM_DATA_START(boot32_idt) SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) #endif -#ifdef CONFIG_EFI_STUB -SYM_DATA(image_offset, .long 0) -#endif - #ifdef CONFIG_AMD_MEM_ENCRYPT __HEAD .code32 diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 05ae8bcc9d67..9083ccc1d46b 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -23,7 +23,7 @@ const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; -extern u32 image_offset; +u32 image_offset; static efi_loaded_image_t *image = NULL; static efi_status_t From patchwork Wed Sep 21 14:54:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608054 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48CCEECAAD8 for ; Wed, 21 Sep 2022 14:55:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230365AbiIUOzq (ORCPT ); Wed, 21 Sep 2022 10:55:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230263AbiIUOzC (ORCPT ); Wed, 21 Sep 2022 10:55:02 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9CF5C27CC3; Wed, 21 Sep 2022 07:54:48 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A220B630D0; Wed, 21 Sep 2022 14:54:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3F416C433B5; Wed, 21 Sep 2022 14:54:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772087; bh=9QnYVj6z/B1v2rUoK+Ldcmd4eGkNmNagz5RXwwVDZGA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LV5F1pc72XgMbSfBcXvFa8f798xK73hAo9+GcK7JAexOkNiWrsfxHfToYrJ1u7UK1 2NjzhH+SRwfY7JMRNg7swmQMFTbcNd9YgxBibfHVchkuGgMpUjWemJlAFeS9WG9EnZ A6kt911jmqK6AK4GPdsz+EvuPOrUX11Cpz9UJ8c49iaxqszxleDNWH9fpOgbGz5NLH 9wLCcqcAYEbIvATmuCvxkqkJSev2IT1KSrwPywyJYhbPjPU8dt/zGgfYJmE3MJeKaD MANuhbOem/a9v91o0hL+7ZraShb2mhFKjkZfB/CxMNoibiI7/zNLGaUyB7QuL0NcoQ O5OxZV0B0hEiQ== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 08/16] x86/compressed: efi-mixed: simplify IDT/GDT preserve/restore Date: Wed, 21 Sep 2022 16:54:14 +0200 Message-Id: <20220921145422.437618-9-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1655; i=ardb@kernel.org; h=from:subject; bh=9QnYVj6z/B1v2rUoK+Ldcmd4eGkNmNagz5RXwwVDZGA=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWQ3Ag0DM2zo9H8bBKsNY/cqI7OhW4UARHecPw4 H+NV04iJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslkAAKCRDDTyI5ktmPJHJoC/ 9zKUezLXemPXQfjghbahMwiJfosOLNu3nSZv4NsjAIRqUFe62kdapZjUdrHVuDuXvocNX9wG6G7W7c 88Hj8TLAbtHthl0J3JuiDA3+WU3tiK8eVSQaW3mPEBzdz4QGHKVtvwy8CjPB4QANf+LxhhBmw6H2iH oyp1erDEahDcycZ5B3eYOjRn3mg8XuIdsgRcmRcuqZVof31KRADuVyAbYlrm/7xPDk8ldwlm/35qLd s9+GLXLH06Uba5NYXJGcVufVHi/rlMhzpW5LyiqdrEJMa/JiMFXVv8fEZqHcRZvKTIU2ipwY+qgZXZ sAWm4Q89XxQZfMwwKHpEqHIfc+LoTldBYCt9rV+caF1IKRHCA2Crdc2EylqnbL1i3DgfP08kjRWK9L 5nl9aYQJfYM/K2JLC0i6xLeRcPl281OJTs6r75cNjfAN0tzWuxIfQE+kw/F9oodRILNDaLPdKlDyh8 FHTiMFUEgCGUztYjlRF745urnUP6GCeUfQgtD/1Jo9zXM= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Tweak the asm and remove some redundant instructions. While at it, fix the associated comment for style and correctness. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index 838514f7685a..e5b8f1d2310c 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -96,24 +96,20 @@ SYM_FUNC_START(__efi64_thunk) leaq 0x20(%rsp), %rbx sgdt (%rbx) - - addq $16, %rbx - sidt (%rbx) + sidt 16(%rbx) leaq 1f(%rip), %rbp /* - * Switch to IDT and GDT with 32-bit segments. This is the firmware GDT - * and IDT that was installed when the kernel started executing. The - * pointers were saved by the efi32_entry() routine below. + * Switch to IDT and GDT with 32-bit segments. These are the firmware + * GDT and IDT that were installed when the kernel started executing. + * The pointers were saved by the efi32_entry() routine below. * * Pass the saved DS selector to the 32-bit code, and use far return to * restore the saved CS selector. */ - leaq efi32_boot_idt(%rip), %rax - lidt (%rax) - leaq efi32_boot_gdt(%rip), %rax - lgdt (%rax) + lidt efi32_boot_idt(%rip) + lgdt efi32_boot_gdt(%rip) movzwl efi32_boot_ds(%rip), %edx movzwq efi32_boot_cs(%rip), %rax @@ -187,9 +183,7 @@ SYM_FUNC_START_LOCAL(efi_enter32) */ cli - lidtl (%ebx) - subl $16, %ebx - + lidtl 16(%ebx) lgdtl (%ebx) movl %cr4, %eax From patchwork Wed Sep 21 14:54:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608412 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B57A5C6FA8E for ; Wed, 21 Sep 2022 14:55:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230195AbiIUOzv (ORCPT ); Wed, 21 Sep 2022 10:55:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45016 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230292AbiIUOzE (ORCPT ); Wed, 21 Sep 2022 10:55:04 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2043D2A24E; Wed, 21 Sep 2022 07:54:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8BDCCB82FFB; Wed, 21 Sep 2022 14:54:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8407EC433C1; Wed, 21 Sep 2022 14:54:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772089; bh=Mx/PIkv+IJsR2kRCaN1LFYMt4suxqTqn0Z2DZ65HT2g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KI1HIH1B3UIqqKYDe2y8/OfovTvzY7qeU2FFb5KcN+X8PvcimVrS0kTTGB5eI2UGw CeDeUYAbpRpDnw7TiAPnxu72bL94URrRZGlXB+nfCb7qCby2X72EC8ztgZWaSdczJl +VfUPtOZ11pwpnWIhUsEXgiH41GYqK/0TYfFgNy0qfo9s7bBjAy8iLMEq02Bk9bdrm 9Q94LCEuKHXMhyy5YLa4YZhEjp1ip5YpXvi7Ss1MJ5Cppc5QU9SwFxV2OWonQwRK0v dVZnYVWq9iMUR1BXGYG8MxSrtWR28D/vCT/ZshUUZYA2S/n6nUsQ87EWj3WDHuypz1 IMe1XRh38ytBA== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 09/16] x86/compressed: avoid touching ECX in startup32_set_idt_entry() Date: Wed, 21 Sep 2022 16:54:15 +0200 Message-Id: <20220921145422.437618-10-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1564; i=ardb@kernel.org; h=from:subject; bh=Mx/PIkv+IJsR2kRCaN1LFYMt4suxqTqn0Z2DZ65HT2g=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWSszwdIxgcgQI2r3csojaetczLgrN62zrr6DKI jolMsPaJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslkgAKCRDDTyI5ktmPJOUNDA C1mFPmt8GXzx8NbyDpyg3eF/l2Rp4krkOTg0xRjZFmKFihtuBDVnSiP5M80Oq3+tav6OuvW2aZCTa9 YWd0gbwmi8bR/vRfnHQBXWXWRy06nbsbIom7m8c0eJNPsFSuBiKJF06WVyIz2VsyY5AjsIz8ofAnGs 9KJ2B1VMVTBTm7gc49G2HT9PI0kPsLXd8V9P3e93B8z6Vf1pLFvueDvqc+SCX5XtaDHsA6aN8kpO7/ pEG91f2GMvCsgFMtdzzbFe3yhc5rvtjkri3gOSWTlHCGVaZNDVI3W6r7bphh4JTKLD5oc33YkRBpLJ OEqZVy/MZdr8lMKpYy7SXgo15phvT40w9+7Bwta79cGFOIK5E7UzrJPt5/FIFw3yf9cf7LkZ55LAHy z3Rj3/QlL1VhgOZCJslmqNIOuGXujd4SLTHyrGAfl4isUwxSZnTeEk1KfEFCy8Oa5q1mV5TYjMon5f M3Ry2j/GlKXlzzqh/b3j0qWid7vGgshFU1YN8a0ebJNxc= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Avoid touching register %ecx in startup32_set_idt_entry(), by folding the MOV, SHL and ORL instructions into a single ORL which no longer requires a temp register. This permits ECX to be used as a function argument in a subsequent patch. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 90b119fbef58..3db7e4a634b0 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -733,7 +733,6 @@ SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) */ SYM_FUNC_START(startup32_set_idt_entry) push %ebx - push %ecx /* IDT entry address to %ebx */ leal rva(boot32_idt)(%ebp), %ebx @@ -742,10 +741,8 @@ SYM_FUNC_START(startup32_set_idt_entry) /* Build IDT entry, lower 4 bytes */ movl %eax, %edx - andl $0x0000ffff, %edx # Target code segment offset [15:0] - movl $__KERNEL32_CS, %ecx # Target code segment selector - shl $16, %ecx - orl %ecx, %edx + andl $0x0000ffff, %edx # Target code segment offset [15:0] + orl $(__KERNEL32_CS << 16), %edx # Target code segment selector /* Store lower 4 bytes to IDT */ movl %edx, (%ebx) @@ -758,7 +755,6 @@ SYM_FUNC_START(startup32_set_idt_entry) /* Store upper 4 bytes to IDT */ movl %edx, 4(%ebx) - pop %ecx pop %ebx RET SYM_FUNC_END(startup32_set_idt_entry) From patchwork Wed Sep 21 14:54:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608411 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58D7FC6FA8E for ; Wed, 21 Sep 2022 14:55:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230454AbiIUOzz (ORCPT ); Wed, 21 Sep 2022 10:55:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229691AbiIUOzJ (ORCPT ); Wed, 21 Sep 2022 10:55:09 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9197D2F02D; Wed, 21 Sep 2022 07:54:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 5CA57CE16ED; Wed, 21 Sep 2022 14:54:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CB0A3C433D6; Wed, 21 Sep 2022 14:54:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772091; bh=bi7gERI8Rh2eJxvUwkTokQpvaPF1xle6ajVfQJZQAL8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=D5fJSq2EIFbcZzRQSmb4uKZuUlZvYXZsUYjwfI5HVkx+k2onFY8GrdSgg1jhpJLXB dDLqKMt8z2Gurn9Kudgv5MlFsfvDNATjS5d3em+jztqFkomYTQjFL0V6kJYjp1vD25 aC05xU43Nvgzh+KaUXsq4LrgdQMEs4TqOMvYHgakQQB62k/67pyOuzV1DW2poDDuBm bouzkPt02n1rCxAQglrfn8UGUWJUEDUEY3fRXEiwq3lDrhtYKwZoUTOPr5b6EH/2sL 7Wkv4FjAfyqpGiDy7jaT3zxRZaB7Zr+ChIC1qhQSCuqMydBuz0/7Txou9cHJOwf5Ou fNRumZxPM5S9A== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 10/16] x86/compressed: pull global variable ref up into startup32_load_idt() Date: Wed, 21 Sep 2022 16:54:16 +0200 Message-Id: <20220921145422.437618-11-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2230; i=ardb@kernel.org; h=from:subject; bh=bi7gERI8Rh2eJxvUwkTokQpvaPF1xle6ajVfQJZQAL8=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWTSpfnxSFRCxSL6xi4PzPwnBo4ZCR+TLZSieo1 v0Fazo+JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslkwAKCRDDTyI5ktmPJCyQC/ 0c2tKgZkrS9+xkRm2T4k5D/oy57fpIKXGKl8u2kv0fBHVFPOq17JcV+1chPVlytcBAwYZ0updumfaq NewdPtSmDONEiY3CF2iDiYnx6YbGKen7nBhDNXYY5zdPYMPPPkx1Zm+fU3Ty5XeLg03cWHvOTAQQY/ L8JokqK3/mOOlb+xadZFd7HYjXlLiY+K5ZcsFVkX/fAOWYhoraiJva+nSr23bzRqe8sWdUUBs0LJRq XCf4ii8QlYfgTnD9JPryUDNiEJlcMfRHUPKFGhayS+jtCT82lLcAXwMBdPV5U7PghYK4PXmMkn3Joz 3Ja3QY6kskSs+DICg2pm0VgT3WDy3Z95ecX3dgth4ZvmrWOW/XMsa/3GvFom1/4fJCMhqPC2ArqwSo FXWf7C5jtXyBfew4yGYrIA3S52FzyDKxc6EkopzvWuuHyjEFAaV0INASAMBgzfp+wfmtQdU9h6eHVm DaSslWF8RJ1onu1fHjRn7bK7ykzyXeACp1u+ysz2EVBuE= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org In preparation for moving startup32_load_idt() out of head_64.S and turning it into an ordinary function using the ordinary 32-bit calling convention, pull the global variable reference to boot32_idt up into startup32_load_idt() so that startup32_set_idt_entry() does not need to discover its own runtime physical address, which will no longer be correlated with startup_32 once this code is moved into .text. While at it, give startup32_set_idt_entry() static linkage. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 3db7e4a634b0..a1f893dd5bbf 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -728,16 +728,11 @@ SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) * * %eax: Handler address * %edx: Vector number - * - * Physical offset is expected in %ebp + * %ecx: IDT address */ -SYM_FUNC_START(startup32_set_idt_entry) - push %ebx - - /* IDT entry address to %ebx */ - leal rva(boot32_idt)(%ebp), %ebx - shl $3, %edx - addl %edx, %ebx +SYM_FUNC_START_LOCAL(startup32_set_idt_entry) + /* IDT entry address to %ecx */ + leal (%ecx, %edx, 8), %ecx /* Build IDT entry, lower 4 bytes */ movl %eax, %edx @@ -745,7 +740,7 @@ SYM_FUNC_START(startup32_set_idt_entry) orl $(__KERNEL32_CS << 16), %edx # Target code segment selector /* Store lower 4 bytes to IDT */ - movl %edx, (%ebx) + movl %edx, (%ecx) /* Build IDT entry, upper 4 bytes */ movl %eax, %edx @@ -753,15 +748,16 @@ SYM_FUNC_START(startup32_set_idt_entry) orl $0x00008e00, %edx # Present, Type 32-bit Interrupt Gate /* Store upper 4 bytes to IDT */ - movl %edx, 4(%ebx) + movl %edx, 4(%ecx) - pop %ebx RET SYM_FUNC_END(startup32_set_idt_entry) #endif SYM_FUNC_START(startup32_load_idt) #ifdef CONFIG_AMD_MEM_ENCRYPT + leal rva(boot32_idt)(%ebp), %ecx + /* #VC handler */ leal rva(startup32_vc_handler)(%ebp), %eax movl $X86_TRAP_VC, %edx From patchwork Wed Sep 21 14:54:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608053 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6AD9ECAAD8 for ; Wed, 21 Sep 2022 14:55:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230449AbiIUOzy (ORCPT ); Wed, 21 Sep 2022 10:55:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45254 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230335AbiIUOzJ (ORCPT ); Wed, 21 Sep 2022 10:55:09 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 919D92F38D; Wed, 21 Sep 2022 07:54:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 305FEB83016; Wed, 21 Sep 2022 14:54:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D1DFC433B5; Wed, 21 Sep 2022 14:54:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772093; bh=XGOv1f+E6PQRclir8TXJx9cDwDQezaGlv4nQIiVk7vs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DoiETaFSwfGSaAXMxwffH9Xxis1cYu8jMM3VSD21rYwOLkhCRBMoYjSw2kp0yhmTQ UOAN0EvbOIyq1GEl7hhUal2Hh+a8ZsAWF05by41gbMyiMNZAiQqInwNVRFNnrLFXCA 8/7G93J73LxoZRLJg5JATSgGLp+FnGHYzI/9k6bfF0CXWzx78I3RcnoUUurEhlb9Me 4lL7QXASEZfIwX0TlSOCotK1NGVpiBLnyy4ujKyJXfZ/SAz1r0KrlszTGsidNux/4H CXa4q/lVPBnkH0AlIvPjGHyX0yslxu9apw6rCYtWhHPXK4MCmk8gs57asm3lSu+/FD 3fQy6FGrXKSxw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 11/16] x86/compressed: move startup32_load_idt() into .text section Date: Wed, 21 Sep 2022 16:54:17 +0200 Message-Id: <20220921145422.437618-12-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2494; i=ardb@kernel.org; h=from:subject; bh=XGOv1f+E6PQRclir8TXJx9cDwDQezaGlv4nQIiVk7vs=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWVnp/7Hjms7eUQhcYnrLlxJDyZ+gJO3OZu8xtm WwvUe0CJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYysllQAKCRDDTyI5ktmPJLTvC/ 98A6Cxj06piaelMbbPTO924O3aPixByu15CpFLSTm7st2dVCjR6M+XbGBmbC5FhFk0q7WJqohOcn3B 3Kuv1sUyabIe/lXHlUHiIXa9bBwoH8JtoHPN/qlvpk+wKbr36pruah0bvNkSVz5632Ozd3y91qZay5 iQJ9UZ3h+KDlxpFfggar3TXgltclQmzZlSWnkDye7SglY0W5lVf2pnWuhSC5+XnylBnetQB4QQsf3S tnDYnIgVEFnLQ7pcyfmlJKffAJR7nGTNN3BdrN/gpTSuMP2AbIDDADLgrALU7aDRn4kj8QfiXZ98TV JsnMZMQvlm7v9F745bYlgnSPtyANaeQnbkiDG14XJqWt59runSYtM8BdsiVHG5tpy75zjztt966l+H kyuI18QVhXYXkj9fyzVC4FuKT1GQycCGHpLKm1wEglU75FhyKuv4n4UYehue15SSRCQL9ab0e0xf+L 9z7BtNYmaWy1TSnM0c64NQTtcAAk0MPUtgsAfkRMA+W0Y= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Convert startup32_load_idt() into an ordinary function and move it into the .text section. This involves turning the rva() immediates into ones derived from a local label, and preserving/restoring the %ebp and %ebx as per the calling convention. Also move the #ifdef to the only existing call site. This makes it clear that the function call does nothing if support for memory encryption is not compiled in. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 29 ++++++++++++++------ 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index a1f893dd5bbf..b4b2b76ed1af 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -118,7 +118,9 @@ SYM_FUNC_START(startup_32) 1: /* Setup Exception handling for SEV-ES */ +#ifdef CONFIG_AMD_MEM_ENCRYPT call startup32_load_idt +#endif /* Make sure cpu supports long mode. */ call verify_cpu @@ -719,7 +721,7 @@ SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) #endif #ifdef CONFIG_AMD_MEM_ENCRYPT - __HEAD + .text .code32 /* * Write an IDT entry into boot32_idt @@ -752,24 +754,32 @@ SYM_FUNC_START_LOCAL(startup32_set_idt_entry) RET SYM_FUNC_END(startup32_set_idt_entry) -#endif SYM_FUNC_START(startup32_load_idt) -#ifdef CONFIG_AMD_MEM_ENCRYPT - leal rva(boot32_idt)(%ebp), %ecx + push %ebp + push %ebx + + call 1f +1: pop %ebp + + leal (boot32_idt - 1b)(%ebp), %ebx /* #VC handler */ - leal rva(startup32_vc_handler)(%ebp), %eax + leal (startup32_vc_handler - 1b)(%ebp), %eax movl $X86_TRAP_VC, %edx + movl %ebx, %ecx call startup32_set_idt_entry /* Load IDT */ - leal rva(boot32_idt)(%ebp), %eax - movl %eax, rva(boot32_idt_desc+2)(%ebp) - lidt rva(boot32_idt_desc)(%ebp) -#endif + leal (boot32_idt_desc - 1b)(%ebp), %ecx + movl %ebx, 2(%ecx) + lidt (%ecx) + + pop %ebx + pop %ebp RET SYM_FUNC_END(startup32_load_idt) +#endif /* * Check for the correct C-bit position when the startup_32 boot-path is used. @@ -788,6 +798,7 @@ SYM_FUNC_END(startup32_load_idt) * succeed. An incorrect C-bit position will map all memory unencrypted, so that * the compare will use the encrypted random data and fail. */ + __HEAD SYM_FUNC_START(startup32_check_sev_cbit) #ifdef CONFIG_AMD_MEM_ENCRYPT pushl %eax From patchwork Wed Sep 21 14:54:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608052 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 854D3C6FA90 for ; Wed, 21 Sep 2022 14:55:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229844AbiIUOz4 (ORCPT ); Wed, 21 Sep 2022 10:55:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230340AbiIUOzL (ORCPT ); Wed, 21 Sep 2022 10:55:11 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E38E836879; Wed, 21 Sep 2022 07:54:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 71A7DB83032; Wed, 21 Sep 2022 14:54:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 62DE7C433D6; Wed, 21 Sep 2022 14:54:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772096; bh=nlSUhbGA0ylsVYAt77oav3fesjwMW7rDea8nZZxp6aA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=quVsnzRLyj9UipR5MACVwJzqUP03IWwXX5bo0ZlYa+ordoXKGVnhA06Pad2Yz07+6 mUk8Guu6/36opXySWRZ9eaKEtn1JUvoMHQV2rxhXOVfPqV8RJePcf//5ONP4HI2kso uI/pyPkfzktG3CDd4GtkjEf5hnI5Z6AxrIsYU+AUp+MkwqVeWK9430U+2ppI75o6mt GC3VOaOydX/tb87Srcn3H/w+2/v2c3Aoi0jH8qxj9vQICQ0AAcAorBhMyvdF5y9Vg3 iM5i/RWaqybmRjbe7CHyYB526FYdKCJqTfXHb6JANFMNgAGJvOo8Qkz6BoI0Is1NV1 61+k7PaYuuQAQ== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 12/16] x86/compressed: move startup32_load_idt() out of head_64.S Date: Wed, 21 Sep 2022 16:54:18 +0200 Message-Id: <20220921145422.437618-13-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4991; i=ardb@kernel.org; h=from:subject; bh=nlSUhbGA0ylsVYAt77oav3fesjwMW7rDea8nZZxp6aA=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWXnT+thXk9WFAYzVZ5ocJoz5PcVuJHGitoDGwK HFoMHGCJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYysllwAKCRDDTyI5ktmPJIl/DA Cp2FqDmbmvyiQDd9MYzjBjQZ+P2LJxT2a6EOoIg1IB6VDrHhN9nF6nQm/8flEZIfPYTucjSPhMd1ll ieYowd0QfXV6HC1CUF9d4SY+wUaPLj9ZxgGpAeIrFfFWGouzrp0zKSwjCKBpQDymm4P1zySNrSdmYh Sck3Vyeu3Myo8rOkVQ4CiSMzm6Tx2GUAqyuRK2zoyxU0Ybq9nq2uXA9ynAyoBXBr3Ov+hy6u2N6NIZ r0TU7BQWAODxeHZGt3tInOIQ9n7Z4vhcpI6oUWnNeTuLmgGBO/z0bZnbeG1t50o4DitvO3j91Z6KtG miB2iXdMBz9oYWEh1DfW0w/xm3UepnDsFzQ96hfdaJ8eKk/k1zI41FlAMcDWnwy1pag94/6QdJpcn4 R+3w+r2MBwk3hrG55xbPHkS/OO7fL3m90oPuhAODw+n07+3BYGBpI12NS0OLzJNJyCnz6ZSwcfSn/7 RgpHPLpsgoim4Bv8y7H2NZZzJUE0k5cnp2zbgEbZFoxuk= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Now that startup32_load_idt() has been refactored into an ordinary callable function, move it into mem-encrypt.S where it belongs. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 74 -------------------- arch/x86/boot/compressed/mem_encrypt.S | 72 ++++++++++++++++++- 2 files changed, 71 insertions(+), 75 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index b4b2b76ed1af..abb5a650a816 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -707,80 +707,6 @@ SYM_DATA_START(boot_idt) .endr SYM_DATA_END_LABEL(boot_idt, SYM_L_GLOBAL, boot_idt_end) -#ifdef CONFIG_AMD_MEM_ENCRYPT -SYM_DATA_START(boot32_idt_desc) - .word boot32_idt_end - boot32_idt - 1 - .long 0 -SYM_DATA_END(boot32_idt_desc) - .balign 8 -SYM_DATA_START(boot32_idt) - .rept 32 - .quad 0 - .endr -SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end) -#endif - -#ifdef CONFIG_AMD_MEM_ENCRYPT - .text - .code32 -/* - * Write an IDT entry into boot32_idt - * - * Parameters: - * - * %eax: Handler address - * %edx: Vector number - * %ecx: IDT address - */ -SYM_FUNC_START_LOCAL(startup32_set_idt_entry) - /* IDT entry address to %ecx */ - leal (%ecx, %edx, 8), %ecx - - /* Build IDT entry, lower 4 bytes */ - movl %eax, %edx - andl $0x0000ffff, %edx # Target code segment offset [15:0] - orl $(__KERNEL32_CS << 16), %edx # Target code segment selector - - /* Store lower 4 bytes to IDT */ - movl %edx, (%ecx) - - /* Build IDT entry, upper 4 bytes */ - movl %eax, %edx - andl $0xffff0000, %edx # Target code segment offset [31:16] - orl $0x00008e00, %edx # Present, Type 32-bit Interrupt Gate - - /* Store upper 4 bytes to IDT */ - movl %edx, 4(%ecx) - - RET -SYM_FUNC_END(startup32_set_idt_entry) - -SYM_FUNC_START(startup32_load_idt) - push %ebp - push %ebx - - call 1f -1: pop %ebp - - leal (boot32_idt - 1b)(%ebp), %ebx - - /* #VC handler */ - leal (startup32_vc_handler - 1b)(%ebp), %eax - movl $X86_TRAP_VC, %edx - movl %ebx, %ecx - call startup32_set_idt_entry - - /* Load IDT */ - leal (boot32_idt_desc - 1b)(%ebp), %ecx - movl %ebx, 2(%ecx) - lidt (%ecx) - - pop %ebx - pop %ebp - RET -SYM_FUNC_END(startup32_load_idt) -#endif - /* * Check for the correct C-bit position when the startup_32 boot-path is used. * diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S index a73e4d783cae..6747e5e4c696 100644 --- a/arch/x86/boot/compressed/mem_encrypt.S +++ b/arch/x86/boot/compressed/mem_encrypt.S @@ -12,6 +12,8 @@ #include #include #include +#include +#include .text .code32 @@ -98,7 +100,7 @@ SYM_CODE_START_LOCAL(sev_es_req_cpuid) jmp 1b SYM_CODE_END(sev_es_req_cpuid) -SYM_CODE_START(startup32_vc_handler) +SYM_CODE_START_LOCAL(startup32_vc_handler) pushl %eax pushl %ebx pushl %ecx @@ -184,6 +186,63 @@ SYM_CODE_START(startup32_vc_handler) jmp .Lfail SYM_CODE_END(startup32_vc_handler) +/* + * Write an IDT entry into boot32_idt + * + * Parameters: + * + * %eax: Handler address + * %edx: Vector number + * %ecx: IDT address + */ +SYM_FUNC_START_LOCAL(startup32_set_idt_entry) + /* IDT entry address to %ecx */ + leal (%ecx, %edx, 8), %ecx + + /* Build IDT entry, lower 4 bytes */ + movl %eax, %edx + andl $0x0000ffff, %edx # Target code segment offset [15:0] + orl $(__KERNEL32_CS << 16), %edx # Target code segment selector + + /* Store lower 4 bytes to IDT */ + movl %edx, (%ecx) + + /* Build IDT entry, upper 4 bytes */ + movl %eax, %edx + andl $0xffff0000, %edx # Target code segment offset [31:16] + orl $0x00008e00, %edx # Present, Type 32-bit Interrupt Gate + + /* Store upper 4 bytes to IDT */ + movl %edx, 4(%ecx) + + RET +SYM_FUNC_END(startup32_set_idt_entry) + +SYM_FUNC_START(startup32_load_idt) + push %ebp + push %ebx + + call 1f +1: pop %ebp + + leal (boot32_idt - 1b)(%ebp), %ebx + + /* #VC handler */ + leal (startup32_vc_handler - 1b)(%ebp), %eax + movl $X86_TRAP_VC, %edx + movl %ebx, %ecx + call startup32_set_idt_entry + + /* Load IDT */ + leal (boot32_idt_desc - 1b)(%ebp), %ecx + movl %ebx, 2(%ecx) + lidt (%ecx) + + pop %ebx + pop %ebp + RET +SYM_FUNC_END(startup32_load_idt) + .code64 #include "../../kernel/sev_verify_cbit.S" @@ -195,4 +254,15 @@ SYM_CODE_END(startup32_vc_handler) SYM_DATA(sme_me_mask, .quad 0) SYM_DATA(sev_status, .quad 0) SYM_DATA(sev_check_data, .quad 0) + +SYM_DATA_START_LOCAL(boot32_idt) + .rept 32 + .quad 0 + .endr +SYM_DATA_END(boot32_idt) + +SYM_DATA_START_LOCAL(boot32_idt_desc) + .word . - boot32_idt - 1 + .long 0 +SYM_DATA_END(boot32_idt_desc) #endif From patchwork Wed Sep 21 14:54:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608410 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90847C6FA91 for ; Wed, 21 Sep 2022 14:55:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230461AbiIUOz6 (ORCPT ); Wed, 21 Sep 2022 10:55:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46222 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230346AbiIUOz1 (ORCPT ); Wed, 21 Sep 2022 10:55:27 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B0A13C8F0; Wed, 21 Sep 2022 07:55:01 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B51B9B83034; Wed, 21 Sep 2022 14:54:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A8BD9C433D7; Wed, 21 Sep 2022 14:54:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772098; bh=x9QO33G0fBHlsuj0aKM/8I+ExRaFzYG1mzjARFUKdJo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ewcr9Qou6blbp16BAOckV+lTnOAxrp/LCppV9UzzKOt2fXy/Uomr6shLKwNWYUYxc hq9fqz7+/ew/5uF86IyfllLNU+26mZvOtDmI7xlEwbMPRxExCqrAlW5S25udqcwhXS t9TmSU8GB57UEo2xlvnvqQrN6E4lLrR50AVegXNqhvU7bgJlx2PtCgIaCaHrQUOouf t3zQMS/VQvlqCBFDZXg74rM3ecGDt1NkZUHYKSqC6ss/tA3+e5qoyx46W1TzEwmONg HJoOGhw3AF0xBYvUM48HXdLIdxBI5HhG/4qZE3ph2cn0H573i56/u1ijih5phwhSed XnnNqGmaVdUrw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 13/16] x86/compressed: move startup32_check_sev_cbit() into .text Date: Wed, 21 Sep 2022 16:54:19 +0200 Message-Id: <20220921145422.437618-14-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3026; i=ardb@kernel.org; h=from:subject; bh=x9QO33G0fBHlsuj0aKM/8I+ExRaFzYG1mzjARFUKdJo=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWYJKX7uFQWXpZctogrnphhHrnCH05LWnz8ZuZ1 RZI5PVaJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslmAAKCRDDTyI5ktmPJAcPDA CPpNdahgItmk3RFn+NLP19E2XOFiv7zhzJ8YkkaHjNi3Yx5bpz+TLdt3nZAJ2SsUh39m0fRfY739TK bFzAF9FkJQAOEw+XFkIPzIG9YZKbjdTZjY5AdBw6bYyPR6QtfCauxBFnpE4+3wTiHffXT5M0kpWgyn ejCeRpPqafLj6OvPoGynsWijtjCamIXVghDiVJt8hxotku4enQwP2YQnL6SQiNnrvM33dOeZjchpO3 1NTGyPhWYRV3fyBQtq4Nh9BMHtwL91t3lS6u8T9OUqF5XvudEFzfx/SecrzTvbyGKmWycqr6SHztDY 6/6EXq758Epl9oz435crIz7qNts6fnF+UPz07+0naAWB+qT4rl476oNEQPCs3OPqbwmeawIAxNQvfo m7DHellT6Pcx2M8GCu2HFF87J+fGSiPZtKe9nPPr8XJGQGaZ/AytLXoJyjVBjPxqOFQP6I8vvhzWxe 9RgcJhLDCGAwfE8/50jBP9YxRfzX8lpgJ6rzQle/1Y6V0= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Move startup32_check_sev_cbit() into the .text section and turn it into an ordinary function using the ordinary 32-bit calling convention, instead of saving/restoring the registers that are known to be live at the only call site. This improves maintainability, and makes it possible to move this function out of head_64.S and into a separate compilation unit that is specific to memory encryption. Note that this requires the call site to be moved before the mixed mode check, as %eax will be live otherwise. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 35 +++++++++++--------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index abb5a650a816..639f688e4949 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -251,6 +251,11 @@ SYM_FUNC_START(startup_32) movl $__BOOT_TSS, %eax ltr %ax +#ifdef CONFIG_AMD_MEM_ENCRYPT + /* Check if the C-bit position is correct when SEV is active */ + call startup32_check_sev_cbit +#endif + /* * Setup for the jump to 64bit mode * @@ -268,8 +273,6 @@ SYM_FUNC_START(startup_32) leal rva(startup_64_mixedmode)(%ebp), %eax 1: #endif - /* Check if the C-bit position is correct when SEV is active */ - call startup32_check_sev_cbit pushl $__KERNEL_CS pushl %eax @@ -724,16 +727,17 @@ SYM_DATA_END_LABEL(boot_idt, SYM_L_GLOBAL, boot_idt_end) * succeed. An incorrect C-bit position will map all memory unencrypted, so that * the compare will use the encrypted random data and fail. */ - __HEAD -SYM_FUNC_START(startup32_check_sev_cbit) #ifdef CONFIG_AMD_MEM_ENCRYPT - pushl %eax + .text +SYM_FUNC_START(startup32_check_sev_cbit) pushl %ebx - pushl %ecx - pushl %edx + pushl %ebp + + call 0f +0: popl %ebp /* Check for non-zero sev_status */ - movl rva(sev_status)(%ebp), %eax + movl (sev_status - 0b)(%ebp), %eax testl %eax, %eax jz 4f @@ -748,17 +752,18 @@ SYM_FUNC_START(startup32_check_sev_cbit) jnc 2b /* Store to memory and keep it in the registers */ - movl %eax, rva(sev_check_data)(%ebp) - movl %ebx, rva(sev_check_data+4)(%ebp) + leal (sev_check_data - 0b)(%ebp), %ebp + movl %eax, 0(%ebp) + movl %ebx, 4(%ebp) /* Enable paging to see if encryption is active */ movl %cr0, %edx /* Backup %cr0 in %edx */ movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */ movl %ecx, %cr0 - cmpl %eax, rva(sev_check_data)(%ebp) + cmpl %eax, 0(%ebp) jne 3f - cmpl %ebx, rva(sev_check_data+4)(%ebp) + cmpl %ebx, 4(%ebp) jne 3f movl %edx, %cr0 /* Restore previous %cr0 */ @@ -770,13 +775,11 @@ SYM_FUNC_START(startup32_check_sev_cbit) jmp 3b 4: - popl %edx - popl %ecx + popl %ebp popl %ebx - popl %eax -#endif RET SYM_FUNC_END(startup32_check_sev_cbit) +#endif /* * Stack and heap for uncompression From patchwork Wed Sep 21 14:54:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608050 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DAB3ECAAD8 for ; Wed, 21 Sep 2022 14:56:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230488AbiIUO4X (ORCPT ); Wed, 21 Sep 2022 10:56:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47432 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230368AbiIUOzr (ORCPT ); Wed, 21 Sep 2022 10:55:47 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A23B3D5BB; Wed, 21 Sep 2022 07:55:05 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 85136CE1D97; Wed, 21 Sep 2022 14:55:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EE773C4314D; Wed, 21 Sep 2022 14:54:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772100; bh=wGMXGGR/LSLMUL86xmhmJr93fjH2ByIOKwd/q4PBA1k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Lhz8rM0rsHrh7/NDCcd/kSFYDLk5kzGIlx3MoI97OFyqptKYLFpd76rivLPgBu/3S HbGNy6R3j+ClPJskCwX4sK2/9HOSEJzwE8sEvmQx0rae/bT4REp5uAQTRuqhpJKEqB 7U/aYpMTvkcKLMAd9omVLbRZ7TleNUw4VKI8XhnFPuwK5KDpJuKPW8mFVc5twJYbfc thakF3BCyk43rHibvb0dLm2oT3OzDWeHYlG36BxFU0C2vF7wIyOowDHcVjQgt0JzLl OroaNy5V9vP5Lnub6+LEcNgPCEDqS4jzOJ++YZF+K6T8QqI7v3YBp26u0gZvHFMV2m bdSOPEreB54gw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 14/16] x86/compressed: move startup32_check_sev_cbit() out of head_64.S Date: Wed, 21 Sep 2022 16:54:20 +0200 Message-Id: <20220921145422.437618-15-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5275; i=ardb@kernel.org; h=from:subject; bh=wGMXGGR/LSLMUL86xmhmJr93fjH2ByIOKwd/q4PBA1k=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWaPY1SJA8qCJZi2MDi/OmCM8P0Cjs4fG4+n96x wJd0dW+JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslmgAKCRDDTyI5ktmPJAMvDA CvAKgw0ju+TsjnsYBAFzqoCLreVONbNkxrzKXwwSZwrkCOdOA/3j/3fECaKQaiwPIokeINsR7zcYQ4 Z53wbKrFZjQVcpzW3E9+ftmFpR4MkzpdLoSIq+lu9NYH7e1QfOxy0PxbeziKEC8LEOt9vQwDC1qxcn Lv9On4FQofAffNUjY6oVBlU+kKgbu1ldLUIM9xXjwLi6x52SzPuvLydM/rBVzAru/ih6VVrmw8WWaG ThudXRfIMkonMzw8HHbpZiC9v65apPa8HSdkncQj1Dl197ck0V850jYE4325jm05HKx/+3Gx0cpVNJ KfTP+K/kTct2RFzslr8xPIk7UcmbhQRbaDciqLaOwOUd3ge8Qq3XgEy0tVKcPlqmBaIprWsuTzzyF8 GvfwfMQoy1QGFmEFS4O1DVjyoOc/9A3a9Nk+50MsQTR+DRHSuSb/HeNBWW4fjtIhmh9yh/gwDoMgBb UUCKleTQmf1lOAqBMzGWvPBHs2u9uvxjaLqFrFZjlayPE= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Now that the startup32_check_sev_cbit() routine can execute from anywhere and behaves like an ordinary function, we no longer need to keep it in head_64.S. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 71 -------------------- arch/x86/boot/compressed/mem_encrypt.S | 68 +++++++++++++++++++ 2 files changed, 68 insertions(+), 71 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 639f688e4949..232cd3fa3e84 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -710,77 +710,6 @@ SYM_DATA_START(boot_idt) .endr SYM_DATA_END_LABEL(boot_idt, SYM_L_GLOBAL, boot_idt_end) -/* - * Check for the correct C-bit position when the startup_32 boot-path is used. - * - * The check makes use of the fact that all memory is encrypted when paging is - * disabled. The function creates 64 bits of random data using the RDRAND - * instruction. RDRAND is mandatory for SEV guests, so always available. If the - * hypervisor violates that the kernel will crash right here. - * - * The 64 bits of random data are stored to a memory location and at the same - * time kept in the %eax and %ebx registers. Since encryption is always active - * when paging is off the random data will be stored encrypted in main memory. - * - * Then paging is enabled. When the C-bit position is correct all memory is - * still mapped encrypted and comparing the register values with memory will - * succeed. An incorrect C-bit position will map all memory unencrypted, so that - * the compare will use the encrypted random data and fail. - */ -#ifdef CONFIG_AMD_MEM_ENCRYPT - .text -SYM_FUNC_START(startup32_check_sev_cbit) - pushl %ebx - pushl %ebp - - call 0f -0: popl %ebp - - /* Check for non-zero sev_status */ - movl (sev_status - 0b)(%ebp), %eax - testl %eax, %eax - jz 4f - - /* - * Get two 32-bit random values - Don't bail out if RDRAND fails - * because it is better to prevent forward progress if no random value - * can be gathered. - */ -1: rdrand %eax - jnc 1b -2: rdrand %ebx - jnc 2b - - /* Store to memory and keep it in the registers */ - leal (sev_check_data - 0b)(%ebp), %ebp - movl %eax, 0(%ebp) - movl %ebx, 4(%ebp) - - /* Enable paging to see if encryption is active */ - movl %cr0, %edx /* Backup %cr0 in %edx */ - movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */ - movl %ecx, %cr0 - - cmpl %eax, 0(%ebp) - jne 3f - cmpl %ebx, 4(%ebp) - jne 3f - - movl %edx, %cr0 /* Restore previous %cr0 */ - - jmp 4f - -3: /* Check failed - hlt the machine */ - hlt - jmp 3b - -4: - popl %ebp - popl %ebx - RET -SYM_FUNC_END(startup32_check_sev_cbit) -#endif - /* * Stack and heap for uncompression */ diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S index 6747e5e4c696..14cf04a1ed09 100644 --- a/arch/x86/boot/compressed/mem_encrypt.S +++ b/arch/x86/boot/compressed/mem_encrypt.S @@ -243,6 +243,74 @@ SYM_FUNC_START(startup32_load_idt) RET SYM_FUNC_END(startup32_load_idt) +/* + * Check for the correct C-bit position when the startup_32 boot-path is used. + * + * The check makes use of the fact that all memory is encrypted when paging is + * disabled. The function creates 64 bits of random data using the RDRAND + * instruction. RDRAND is mandatory for SEV guests, so always available. If the + * hypervisor violates that the kernel will crash right here. + * + * The 64 bits of random data are stored to a memory location and at the same + * time kept in the %eax and %ebx registers. Since encryption is always active + * when paging is off the random data will be stored encrypted in main memory. + * + * Then paging is enabled. When the C-bit position is correct all memory is + * still mapped encrypted and comparing the register values with memory will + * succeed. An incorrect C-bit position will map all memory unencrypted, so that + * the compare will use the encrypted random data and fail. + */ +SYM_FUNC_START(startup32_check_sev_cbit) + pushl %ebx + pushl %ebp + + call 0f +0: popl %ebp + + /* Check for non-zero sev_status */ + movl (sev_status - 0b)(%ebp), %eax + testl %eax, %eax + jz 4f + + /* + * Get two 32-bit random values - Don't bail out if RDRAND fails + * because it is better to prevent forward progress if no random value + * can be gathered. + */ +1: rdrand %eax + jnc 1b +2: rdrand %ebx + jnc 2b + + /* Store to memory and keep it in the registers */ + leal (sev_check_data - 0b)(%ebp), %ebp + movl %eax, 0(%ebp) + movl %ebx, 4(%ebp) + + /* Enable paging to see if encryption is active */ + movl %cr0, %edx /* Backup %cr0 in %edx */ + movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */ + movl %ecx, %cr0 + + cmpl %eax, 0(%ebp) + jne 3f + cmpl %ebx, 4(%ebp) + jne 3f + + movl %edx, %cr0 /* Restore previous %cr0 */ + + jmp 4f + +3: /* Check failed - hlt the machine */ + hlt + jmp 3b + +4: + popl %ebp + popl %ebx + RET +SYM_FUNC_END(startup32_check_sev_cbit) + .code64 #include "../../kernel/sev_verify_cbit.S" From patchwork Wed Sep 21 14:54:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608051 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57B57ECAAD8 for ; Wed, 21 Sep 2022 14:56:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230075AbiIUO4D (ORCPT ); Wed, 21 Sep 2022 10:56:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229995AbiIUOzn (ORCPT ); Wed, 21 Sep 2022 10:55:43 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B18681834C; Wed, 21 Sep 2022 07:55:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A981F630B4; Wed, 21 Sep 2022 14:55:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40560C433B5; Wed, 21 Sep 2022 14:55:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772103; bh=WbgVHaEsv5DRy1pEnyeBQ/OqX8UNa7Fs1hsnZgK0mbI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=p2bc0kbCvcuAPSActZg/u0iWc9IK+6wA6qp3E6RksO7tBA12uIpO8X6MVHspBtSs8 AuBdbZoSJ3cu8I0ThN0e0RLbPoss8DZNUdKSVs5eh9fcpaF6YzijJapfB6Psuv4xLD hcitweaOVUCj22DCGCTE+HRNZN7OdlQXL+7O9TFuVnG3qcCfof4xiKZNsfs/LEEP3D A/ocLuRwUfyCi+ypkK6V1FGPXRFO7Ya+LG4lTnDo2N3dUTM7AzTMbiyQ9J+8qUvbpg obfaDAOAH72/yVUhdnW6Pe3sk15SHpSIwlwY5Hhld85X2LS/xfRAVnJR28+5rg2DIw jYwuPapccNYPg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 15/16] x86/compressed: adhere to calling convention in get_sev_encryption_bit() Date: Wed, 21 Sep 2022 16:54:21 +0200 Message-Id: <20220921145422.437618-16-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1893; i=ardb@kernel.org; h=from:subject; bh=WbgVHaEsv5DRy1pEnyeBQ/OqX8UNa7Fs1hsnZgK0mbI=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWcevoeMnFcfMXlfXHL30Iq3+wkmMmF/rwOYRei I6uhA3WJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslnAAKCRDDTyI5ktmPJCUmC/ 9PIkfSMlPNkplXoVMIGJv1kha8yGwZcGkLAusvMD/tOWh7GhO77LFwxHgAdqqGV++BRskKw5CCpR7p kyWMqZVadBPVk36naHLD3eOwi1pI7IAbYVc8aCkY77OFZxd9kzWcfRzGNzQlrWo6tx1uFdV8q+jjIm VRdWFfI7z2vsnM28gg+DGlw+N1vPCJJ/V6tSqITg7aXuK7JHJW0Zjs5iz13DhC78gBaq4B+canV6Ps Uz/o/bt1X7suyIJA7CmCWMLr2bN4W7m99J/DCq2JiiU0Ilz0FCg9zDn18ssoIW5+QbSwP75WsTgNE7 aEPXOzap/8hRadAa6Cwr2Vy83CnkLPDmRFkJ0UOH5vRQ5c+ULFyYO9v4E8neTxCMNSmSDLdHsviI8x TXlfNp6egbZhFIxAufVJo1szP2/laiYOA22vETgDaCZGLyKWgh5bRxBkaIXOTNrvFmdaYFfZImsBqS hw262c2MifxwvCyt7C6xe7QVB+Nf5ox3Uie/lMPEtiQQA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Make get_sev_encryption_bit() follow the ordinary i386 calling convention, and only call it if CONFIG_AMD_MEM_ENCRYPT is actually enabled. This clarifies the calling code, and makes it more maintainable. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_64.S | 5 +++-- arch/x86/boot/compressed/mem_encrypt.S | 10 ---------- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 232cd3fa3e84..a7bbc8d73a08 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -180,12 +180,13 @@ SYM_FUNC_START(startup_32) */ /* * If SEV is active then set the encryption mask in the page tables. - * This will insure that when the kernel is copied and decompressed + * This will ensure that when the kernel is copied and decompressed * it will be done so encrypted. */ - call get_sev_encryption_bit xorl %edx, %edx #ifdef CONFIG_AMD_MEM_ENCRYPT + call get_sev_encryption_bit + xorl %edx, %edx testl %eax, %eax jz 1f subl $32, %eax /* Encryption bit is always above bit 31 */ diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S index 14cf04a1ed09..e69674588a31 100644 --- a/arch/x86/boot/compressed/mem_encrypt.S +++ b/arch/x86/boot/compressed/mem_encrypt.S @@ -18,12 +18,7 @@ .text .code32 SYM_FUNC_START(get_sev_encryption_bit) - xor %eax, %eax - -#ifdef CONFIG_AMD_MEM_ENCRYPT push %ebx - push %ecx - push %edx movl $0x80000000, %eax /* CPUID to check the highest leaf */ cpuid @@ -54,12 +49,7 @@ SYM_FUNC_START(get_sev_encryption_bit) xor %eax, %eax .Lsev_exit: - pop %edx - pop %ecx pop %ebx - -#endif /* CONFIG_AMD_MEM_ENCRYPT */ - RET SYM_FUNC_END(get_sev_encryption_bit) From patchwork Wed Sep 21 14:54:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 608409 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2330C6FA82 for ; Wed, 21 Sep 2022 14:56:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230479AbiIUO4I (ORCPT ); Wed, 21 Sep 2022 10:56:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230358AbiIUOzo (ORCPT ); Wed, 21 Sep 2022 10:55:44 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A56E3DF3E; Wed, 21 Sep 2022 07:55:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EEA28630B7; Wed, 21 Sep 2022 14:55:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85B6DC433C1; Wed, 21 Sep 2022 14:55:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663772105; bh=GRNNjfUheFArH6xmtKiNIrGEgX9ISMmOlJTsXW58G4w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QpQax4iCtvqh4Pjn9EIgCg6fV8z7Huc8qi3177mlVPjdX/5j102xc8lnXi1FuZJ7n 7QiDK90wxJ5NvsRlmpBOtCYLcF0MJntbkfLTsBz47dR+PYt2grC/O9CPS8ofiDxDg5 x4ZRgXj8sesitU17ieNGiS/RoMg29lOzVpVyTEUG0o3GuuhdK34QNbSzmc6cVGh9N6 +O4uu1NMNi9VxULOKqmn9LryoIUGk7JvjjVdkpSBEwyhiqQnRTg2rVBjzeJDbE0AHZ FwO15MHP5ulW17hog/83B6EV6DxgT4+pZAqxcPNzIWid7BV1ZBxpl/JczN+r3BNc/e GiwqG2Vp5keJw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth Subject: [PATCH v2 16/16] x86/compressed: only build mem_encrypt.S if AMD_MEM_ENCRYPT=y Date: Wed, 21 Sep 2022 16:54:22 +0200 Message-Id: <20220921145422.437618-17-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220921145422.437618-1-ardb@kernel.org> References: <20220921145422.437618-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1495; i=ardb@kernel.org; h=from:subject; bh=GRNNjfUheFArH6xmtKiNIrGEgX9ISMmOlJTsXW58G4w=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjKyWdPEfMguby108NnEU4ECQAoQlEPvzEoskygBGm DmjkjkGJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYyslnQAKCRDDTyI5ktmPJHaCDA CBzRJ/f+ONa/8lKnHtS45mqVY0PNhPpMcNSIF0rWi9pYZ7/owkxS6suGK6sB1Eoh6ADuyp7zG58INx 1k8WV6Sqw7aXPtCwZS2ORxNr6tUMHuV2nbT8NHDaZ+8XIm/nydZDX2upasFV5cecjiVe2atUNRJyPR b04oXqIelv8CLa6HrWFgch9TUR4vzD8i/G7lZ9ukgnTp6kJECePzPtltF4fGG6QvvEECo69gTWSRYw bJ7A8ITo8jWzr8cmkFzvxo4/Dxqi3QJ26Sx/0Er9ufnelgEmzFEZMidBMloB4lv2QT927M3RiDsRJA +pZ59SWDLuAFXSfksxO3Hkp5oVrlIHHjdfiv/qOJqnc1IBBi8CJcuS25sc+EZUlYoGTzrI66JlZtNB aj4+y0rV/dVNow5ES+J37PFYbuaEUeCeHboe58aTzolli32VmgS+Hr7IKVmhYiZF2TID3aY7m9FhPB pU1IKq0LjYG9Y6ObussierX2LdMbDMYULxPYzldFJbogI= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Avoid building the mem_encrypt.o object if memory encryption support is not enabled to begin with. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/mem_encrypt.S | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index d6dbb46696a2..9aad9ddcf3b4 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -99,7 +99,7 @@ vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/kaslr.o ifdef CONFIG_X86_64 vmlinux-objs-y += $(obj)/ident_map_64.o vmlinux-objs-y += $(obj)/idt_64.o $(obj)/idt_handlers_64.o - vmlinux-objs-y += $(obj)/mem_encrypt.o + vmlinux-objs-$(CONFIG_AMD_MEM_ENCRYPT) += $(obj)/mem_encrypt.o vmlinux-objs-y += $(obj)/pgtable_64.o vmlinux-objs-$(CONFIG_AMD_MEM_ENCRYPT) += $(obj)/sev.o endif diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S index e69674588a31..32f7cc8a8625 100644 --- a/arch/x86/boot/compressed/mem_encrypt.S +++ b/arch/x86/boot/compressed/mem_encrypt.S @@ -307,7 +307,6 @@ SYM_FUNC_END(startup32_check_sev_cbit) .data -#ifdef CONFIG_AMD_MEM_ENCRYPT .balign 8 SYM_DATA(sme_me_mask, .quad 0) SYM_DATA(sev_status, .quad 0) @@ -323,4 +322,3 @@ SYM_DATA_START_LOCAL(boot32_idt_desc) .word . - boot32_idt - 1 .long 0 SYM_DATA_END(boot32_idt_desc) -#endif