From patchwork Mon Feb 10 17:49:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 863942 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B46E925B67A for ; Mon, 10 Feb 2025 17:50:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209806; cv=none; b=oRte31NwtkJYmb6/XbIxUk2iJ2XuhIig0kBjxI18syZDhLIiB4PLlEFc8A1xo3adueKByj4aRCLGurSg7tGIiD6zCZ7G4pdrFKkey+ooXQQrZGNBdbmYZOWsviPPS00aONtNCkL14x61TkPGCD2TXvUJA3057uGDhoXBC6Gx0zI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209806; c=relaxed/simple; bh=tLEyE2tKrHLRRQGioPc6T8phbHPB5uM9AntkbE/t6tQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=t93yzgtXpaBX7i9HvU5/w4aVmoy6zbT+ab8KHSMcFhK8UrvTIprjD8Jr4VBgXnoRipjr7Ga//+BzHcdLVO+1iPjJccw8YgiRQXDyQVDSN6lxbsxPR9ebK6guZE1f8HC+6b5qPjmRUF7WgDmOe5qzbnPvzFqbU26Jhyu2rTK64U8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=h8rz4Et9; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="h8rz4Et9" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4388eee7073so26624235e9.0 for ; Mon, 10 Feb 2025 09:50:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1739209803; x=1739814603; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=oXOCVBev49S8HtAUK1KjciNSffJFpbFvgi16EMD1kdo=; b=h8rz4Et9H/np0u9gRIskGIt50bicoh+JHg1xmm9r25lt6kowwzWbX56jqp5PVdSgfh PvoOBLO+wS1jxapOPCCYj5HNPQrwaflWoVTTLvVH4qbN32MoyB+xArEiY06A4HhwDuEb zQ7n3II0UWrREJbDwXPrBlfZqfOW52pr8eLmAXwD7AOuSwCmzVu2q/Do0O0JlklREwig 2fGHZ6lqeFi3v8qHW8skK/O98C9yocLH242VZXJSr2f0CblBQX+UeVipXhpZFrtGx7Q+ HAeUkVMXhS39nt++HpBU7YQL+fponL8Pfc9cCGA+UGdft1Ylfg33qIdaG2KRZdRQ9Ec9 +KMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739209803; x=1739814603; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=oXOCVBev49S8HtAUK1KjciNSffJFpbFvgi16EMD1kdo=; b=nZx1GMzU0k5CX4csLda4xVv/RhJT0zsheOPrHs/2qX7fKp3K0fZomNNw4AcdlefFVk wCNHt342kZma5FaB40bLEMQskfv2tN6J6udu9iewS8b26FFiARUmXEvx7jydZW0sbMFH tyuQFz8W6VhffIELcDMJb+ZCo/eJFVUkJQZGrOiO8vpBFrxhlzFWJauhYqqzcDqI+u96 NrZi7PxkwJfvrqkrfE0qpP3TXqyNH3BQrHA75HhJjIy9lChz05ejfRc5MuzqWUi1dIa8 /dC4tjTHQLM/oCKpHaTpice3h1dCg7Ss8Je5dCbFvdOJC8k0OCQ/N8x5DqFKnN05sF0g LkNA== X-Gm-Message-State: AOJu0Yxp+56x1b5R9LmzWz+NYzsDHzhFiHZUOv0sN0u9Ssvv7D1daucU 2dT68hsl9m0VjiaqtYhx71XE3k8kv6qDvG+cq6nFCNSi6ehsK1oqThBrRQSymXIzlerNnMnrDqQ NrVQYzx7zcZq+cp5MnZNibtYOWFauXtVN3BVzlwu9oNoWuPabIMJ60p+4LGxEZ4uTfoZK/1ZhRp 8IHjtkt6aRih9z7P7Gg6rgWenIiQ== X-Google-Smtp-Source: AGHT+IFMwV3Zl2miORohuHKLaVKpfbC1gQO191AdtI4XdCPtkIaeVrthh7V1NY3okRjP28dtIFZTxAd3 X-Received: from wmrn35.prod.google.com ([2002:a05:600c:5023:b0:436:3ea:c491]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3acc:b0:434:f3d8:62db with SMTP id 5b1f17b1804b1-4394ceb0edemr2299045e9.2.1739209803159; Mon, 10 Feb 2025 09:50:03 -0800 (PST) Date: Mon, 10 Feb 2025 18:49:43 +0100 In-Reply-To: <20250210174941.3251435-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250210174941.3251435-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7137; i=ardb@kernel.org; h=from:subject; bh=5ybDI+xFhLmI8ZUbV0+NjWEPb8LdfPJ9G7/rWPzerkg=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIX2VjZljt5OGXpuuyb5dLsYLTr/4bc78YJ21dKnx/6eXz XZOb9/bUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACayXovhf51x5bnCx3yc3dms vb3VR24+FDQJvjDndNmjU8xbnsZ9FGH47/XgsBDbjN/XqiYdSOcQkPwRmH9TsIDhcczx45r1j0Q VuAA= X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <20250210174941.3251435-10-ardb+git@google.com> Subject: [PATCH v2 1/7] x86/efistub: Merge PE and handover entrypoints From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hdegoede@redhat.com, Ard Biesheuvel From: Ard Biesheuvel The difference between the PE and handover entrypoints in the EFI stub is that the former allocates a struct boot_params whereas the latter expects one from the caller. Currently, these are two completely separate entrypoints, duplicating some logic and both relying of efi_exit() to return straight back to the firmware on an error. Simplify this by making the PE entrypoint call the handover entrypoint with NULL as the argument for the struct boot_params parameter. This makes the code easier to follow, and removes the need to support two different calling conventions in the mixed mode asm code. While at it, move the assignment of boot_params_ptr into the function that actually calls into the legacy decompressor, which is where its value is required. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 16 +----- drivers/firmware/efi/libstub/x86-stub.c | 52 +++++++++++--------- 2 files changed, 30 insertions(+), 38 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index 876fc6d46a13..d681e30c6732 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -56,22 +56,8 @@ SYM_FUNC_START(startup_64_mixed_mode) movl efi32_boot_sp(%rip), %esp andl $~7, %esp -#ifdef CONFIG_EFI_HANDOVER_PROTOCOL mov 8(%rdx), %edx // saved bootparams pointer - test %edx, %edx - jnz efi_stub_entry -#endif - /* - * efi_pe_entry uses MS calling convention, which requires 32 bytes of - * shadow space on the stack even if all arguments are passed in - * registers. We also need an additional 8 bytes for the space that - * would be occupied by the return address, and this also results in - * the correct stack alignment for entry. - */ - sub $40, %rsp - mov %rdi, %rcx // MS calling convention - mov %rsi, %rdx - jmp efi_pe_entry + call efi_stub_entry SYM_FUNC_END(startup_64_mixed_mode) SYM_FUNC_START(__efi64_thunk) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 863910e9eefc..cafc90d4caaf 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -397,17 +397,13 @@ static void __noreturn efi_exit(efi_handle_t handle, efi_status_t status) asm("hlt"); } -void __noreturn efi_stub_entry(efi_handle_t handle, - efi_system_table_t *sys_table_arg, - struct boot_params *boot_params); - /* * Because the x86 boot code expects to be passed a boot_params we * need to create one ourselves (usually the bootloader would create * one for us). */ -efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, - efi_system_table_t *sys_table_arg) +static efi_status_t efi_allocate_bootparams(efi_handle_t handle, + struct boot_params **bp) { efi_guid_t proto = LOADED_IMAGE_PROTOCOL_GUID; struct boot_params *boot_params; @@ -416,21 +412,15 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, unsigned long alloc; char *cmdline_ptr; - efi_system_table = sys_table_arg; - - /* Check if we were booted by the EFI firmware */ - if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) - efi_exit(handle, EFI_INVALID_PARAMETER); - status = efi_bs_call(handle_protocol, handle, &proto, (void **)&image); if (status != EFI_SUCCESS) { efi_err("Failed to get handle for LOADED_IMAGE_PROTOCOL\n"); - efi_exit(handle, status); + return status; } status = efi_allocate_pages(PARAM_SIZE, &alloc, ULONG_MAX); if (status != EFI_SUCCESS) - efi_exit(handle, status); + return status; boot_params = memset((void *)alloc, 0x0, PARAM_SIZE); hdr = &boot_params->hdr; @@ -446,14 +436,14 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, cmdline_ptr = efi_convert_cmdline(image); if (!cmdline_ptr) { efi_free(PARAM_SIZE, alloc); - efi_exit(handle, EFI_OUT_OF_RESOURCES); + return EFI_OUT_OF_RESOURCES; } efi_set_u64_split((unsigned long)cmdline_ptr, &hdr->cmd_line_ptr, &boot_params->ext_cmd_line_ptr); - efi_stub_entry(handle, sys_table_arg, boot_params); - /* not reached */ + *bp = boot_params; + return EFI_SUCCESS; } static void add_e820ext(struct boot_params *params, @@ -740,13 +730,16 @@ static efi_status_t parse_options(const char *cmdline) return efi_parse_options(cmdline); } -static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) +static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry, + struct boot_params *boot_params) { unsigned long virt_addr = LOAD_PHYSICAL_ADDR; unsigned long addr, alloc_size, entry; efi_status_t status; u32 seed[2] = {}; + boot_params_ptr = boot_params; + /* determine the required size of the allocation */ alloc_size = ALIGN(max_t(unsigned long, output_len, kernel_total_size), MIN_KERNEL_ALIGN); @@ -777,7 +770,7 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) seed[0] = 0; } - boot_params_ptr->hdr.loadflags |= KASLR_FLAG; + boot_params->hdr.loadflags |= KASLR_FLAG; } status = efi_random_alloc(alloc_size, CONFIG_PHYSICAL_ALIGN, &addr, @@ -815,20 +808,27 @@ static void __noreturn enter_kernel(unsigned long kernel_addr, void __noreturn efi_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) + { efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; - struct setup_header *hdr = &boot_params->hdr; const struct linux_efi_initrd *initrd = NULL; unsigned long kernel_entry; + struct setup_header *hdr; efi_status_t status; - boot_params_ptr = boot_params; - efi_system_table = sys_table_arg; /* Check if we were booted by the EFI firmware */ if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); + if (!IS_ENABLED(CONFIG_EFI_HANDOVER_PROTOCOL) || !boot_params) { + status = efi_allocate_bootparams(handle, &boot_params); + if (status != EFI_SUCCESS) + efi_exit(handle, status); + } + + hdr = &boot_params->hdr; + if (have_unsupported_snp_features()) efi_exit(handle, EFI_UNSUPPORTED); @@ -870,7 +870,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_mem_encrypt > 0) hdr->xloadflags |= XLF_MEM_ENCRYPTION; - status = efi_decompress_kernel(&kernel_entry); + status = efi_decompress_kernel(&kernel_entry, boot_params); if (status != EFI_SUCCESS) { efi_err("Failed to decompress kernel\n"); goto fail; @@ -940,6 +940,12 @@ void __noreturn efi_stub_entry(efi_handle_t handle, efi_exit(handle, status); } +efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, + efi_system_table_t *sys_table_arg) +{ + efi_stub_entry(handle, sys_table_arg, NULL); +} + #ifdef CONFIG_EFI_HANDOVER_PROTOCOL void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) From patchwork Mon Feb 10 17:49:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 864199 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DD7B2253B0 for ; Mon, 10 Feb 2025 17:50:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209808; cv=none; b=tX+XKm5L/wF/AOBCPkGCwnMmUvBsunnJ6Edxu9Tnco4dQN+CIbC2fTdKLASn3ERFFEXkmVJO0CNyIu/LWbKOptzOLLn1HEv8n0XaV+OF3H27f59C9vAvVD9nAOzWORtrQ2Bl2ssIcXGpmJSkfhYy+lEiCiZQQBrDHdU97i0AIAU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209808; c=relaxed/simple; bh=k39SCFeSHAU4CYdRvtTwQK6t3nFmgSLXRcx+MAbvLOo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=e+27ymyee6ouLSH16r7KTZzmFS/8rydJ57oo6C35Tw9uHR4nvF0hkkfyzoK9jFJ/LYaT7E+0WFcEDgr6y9R8IoRRMYM682kpR19toMv5biuJgE5oS+A/X/RX0O4LMwywc4M/Qj0AmcQzGHE69Yt3CordeAlyOyNzBNqwWbIvDfE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=olHAv1Lq; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="olHAv1Lq" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-38de0923dbaso513406f8f.0 for ; Mon, 10 Feb 2025 09:50:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1739209805; x=1739814605; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=iCkblRi5eUoBW/pssVZErNimz/PZ82lgWhxEO8/ACJs=; b=olHAv1LqbFADvLVY7Cg0xjfw8y2Ced6rA7qzATje48BD4Gay0y3yqTdyBVVibQECX/ tfDQVFGZEDcTqoiE9Wc/MfdnyIjgb7R5ujm8SJotajv7TgerJD9QUDAwr2l/ReWH4LZh 7lnaZjld7vrXYicXV4ig9ja77Sho3cc3raT6nJZI6ehi3Rtp1RScZS0It6f9umY9kEgf n1nDuXtlD8XusOjlzwefPLjQJNHdO+x428M7Mxge/wiuKWe3r1qCF0uhRKLA6JH4T0o7 ov1Rq9d0RIu4iunc/gPk1uw1x4GKOVu2xo2zk73w/Ygk3V6DWmuynhzowJVAO3LyDtEp H5Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739209805; x=1739814605; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iCkblRi5eUoBW/pssVZErNimz/PZ82lgWhxEO8/ACJs=; b=WH0YGUFaetX6QaR+osaYGdOpd73nsaf3Kutc2Z/HA3uywwpEN3l5jZlQVOjYacxfXH js56tl0dVqmzXE55J/0eIpzlqjjmkW9LaBldFHmT9gymUv95k9MMberaMilX6w9vmVWv Gs87GkSDJnW6laQoDsO8b8Figw8g/YLuLhJz90wPCCIVo8ymmcT7Qgm9HoWdtejLhX7j btECHlZFj0E3x6pL2magLEG6QXjsYsKgqHYkS2I5cpLZVWCkYPEzY54FPaaO6Sn79fgW Bv+tl0M9DPU8wR1C0breSnNYLxs8SEYRpn0tHw/Zv0/b2EHHhj9VZury2yRpwvVwUnS+ /2XA== X-Gm-Message-State: AOJu0YxSh55e/BZK0R1Tj1KWcakZI9CAwdsdxHb/jiNnMb0o0hj+62t5 9hDmzyHGItKA0Lu/lLAXjInxOCRT86O0KeAE3bAqTzDRU+NmnCIaaOuQvstTRfcVQ0OQvLSADPk HRt4UNvxjUwi7H+4pBMRdIor+ydRZywwMGuHIUWNeXTlezzb6Cz5BOdiYwniP954qrFcNAnTX5I OEKx3ANNa2u7X6pDq/iHLK/sePMA== X-Google-Smtp-Source: AGHT+IGjAGv3fwkytnbmpQPB16snyWZnYfJ4yOE1arZGK8Mjb1nOZou16lBvQeu9nn0m0EsCa9XRalUK X-Received: from wmbea15.prod.google.com ([2002:a05:600c:674f:b0:439:38a1:e52]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:6d8b:0:b0:38d:e016:a67b with SMTP id ffacd0b85a97d-38de41be85fmr538811f8f.39.1739209805125; Mon, 10 Feb 2025 09:50:05 -0800 (PST) Date: Mon, 10 Feb 2025 18:49:44 +0100 In-Reply-To: <20250210174941.3251435-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250210174941.3251435-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1856; i=ardb@kernel.org; h=from:subject; bh=/dO898kQXEjoQLrU/9r0JGYqSR+mG5aN2BZaklDsnBo=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIX2VjbnWyoAsrQP6J67N2Rw7Y9WXn3/+2ortybonx7Hsz uI6q73rOkpZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBEmK0ZGQ5LvRM+vD75fuSr bemFLnbSfk2L3kiyVD4zZGt6l2+zooPhf+1rF0lRRQ+9qsync07mV++Z9+8ab0LYujC5kiXM2uk HWAA= X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <20250210174941.3251435-11-ardb+git@google.com> Subject: [PATCH v2 2/7] x86/efi/mixed: Check CPU compatibility without relying on verify_cpu() From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hdegoede@redhat.com, Ard Biesheuvel From: Ard Biesheuvel In order for the EFI mixed mode startup code to be reusable in a context where the legacy decompressor is not used, replace the call to verify_cpu() [which performs an elaborate set of checks] with a simple check against the 'long mode' bit in the appropriate CPUID leaf. This is reasonable, given that EFI support is implied when booting in this manner, and so there is no need to consider very old CPUs when performing this check. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 22 ++++++++------------ 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index d681e30c6732..b7886e2591fc 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -279,24 +279,20 @@ SYM_FUNC_END(efi32_entry) * efi_system_table_32_t *sys_table) */ SYM_FUNC_START(efi32_pe_entry) - pushl %ebp - movl %esp, %ebp pushl %ebx // save callee-save registers - pushl %edi - - call verify_cpu // check for long mode support - testl %eax, %eax - movl $0x80000003, %eax // EFI_UNSUPPORTED - jnz 2f - movl 8(%ebp), %ecx // image_handle - movl 12(%ebp), %edx // sys_table + /* Check whether the CPU supports long mode */ + movl $0x80000001, %eax // assume extended info support + cpuid + btl $29, %edx // check long mode bit + jnc 1f + leal 8(%esp), %esp // preserve stack alignment + movl (%esp), %ecx // image_handle + movl 4(%esp), %edx // sys_table jmp efi32_entry // pass %ecx, %edx // no other registers remain live - -2: popl %edi // restore callee-save registers +1: movl $0x80000003, %eax // EFI_UNSUPPORTED popl %ebx - leave RET SYM_FUNC_END(efi32_pe_entry) From patchwork Mon Feb 10 17:49:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 863941 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2A5024BD06 for ; Mon, 10 Feb 2025 17:50:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209810; cv=none; b=h6fSD9giUi9p9rrmS2pyt84DtVRYDDAC/A9sA3ohOQ3IBMpNnG5b7wyW7azqLpUVcWq8L13BPWIEul7FAXq3tyI/ZDCPwxLXL7ssjGdNLlHHDma8sdEGIMfot4dGMXDiOHpVFPBucEUQznHDfBe0FT3qQHPtEkDQepsOD6YSNOU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209810; c=relaxed/simple; bh=G5bgzA1i0JexLpJUuL+udRJGEluZcdR0IcmYEAloLcA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=iu2+4fZwiSoqcmxDgoPF8rRP3WT6x5igDjakJ7tAXiUdE7IbjlevTEXKxii8wCzPD9DOhZ4g+iMWyk3gHDAKPBuPuehlhaA4GheoFn3AOzElch+v9IeTICJI425cPzpcDy/NZCAKjMiLEcU20OG3r0hlIYu/fyuVFU39BoXTLow= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=PmormK+z; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="PmormK+z" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-38de12153d4so639522f8f.0 for ; Mon, 10 Feb 2025 09:50:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1739209807; x=1739814607; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=fkAzosm8jxvfCHu0gcd5Qhm8qoV8uLpEa5VS5jM7qwI=; b=PmormK+zs0QTGmRefoHg3z24Pb2/ONhGw8xkyvTAhXRGqIxrheavgUtIVqVX9jo0au yRQnC19Tw48sTnf5IA07gAjd2KAVDvXLw2Jd6sJoPE4nmAagtvYjhHQn6ojScGETmFie a2PgIU52o7JLdV7dda9NBjQ5AsfOt0NPFVKIMYOav6w+EJgUyTEtAfGTY49WJ5wxfNWE G7vsgMUPREupA3DOxpmEUHlnuP9h4rlA2GVpu636H2siTi2e+8oq3eWweWtlltfxCWXS hrIp62qJKSuLm0wMzVUp7X+r2ReNcrb8VvCIje4DeqaCVbYt3aUd3vwL9qN/wEAVgAhp VwCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739209807; x=1739814607; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fkAzosm8jxvfCHu0gcd5Qhm8qoV8uLpEa5VS5jM7qwI=; b=KZNg/mg4ycTIRtl0Mf5qMXZMjHnPDaobKNVWTQEy58db7kQim+hUYtQSI1IWiRY3ab 5K4AlmKDO6cLo3Uz68WzQ0ZdlYSidM+192qUNHsSA7ruDKNz3GZYAhCYtLGF0iuV1dHa Kw9UrTYD6xaBYNLdmfY5HS0mTEGbbmgmCoyCylLgeOp7oBMjNkFv9V6ZM+lRCu2Y2TrI 7yIxSGePCX9P/f/KZZ1IkHHP3V66LG/32K6xZ5ZppKRhHtm+Zfh4/YIEBsS521wM2/VN iVeeYuYdKoEuUGwZxnssYbV7wZpi7YBX/kC2oVQdXfItiMWwDXjMGDJ0UVIKimjahES4 Cu5Q== X-Gm-Message-State: AOJu0YwLeDK2iibWy3Z6AZZlNVZev+Ccn/UMOHo6Yb8vxEx9tohNRwem +3zK8QfLIcI1eB69SAoSVUNvilyHAR+v+3lH0aDwH0hwT9Lt1Zi5es9pMHXHG5fS/AWJqSL0maM AR2RMrxdYmk/P00ah95pTztsSw1n6qxO7C4Ps0V8V9rEFqE2Gv+8rbZ339hVX9d5yt5do3INXz8 nQysitPA+3hFSRaUhAWoAPDZMRGQ== X-Google-Smtp-Source: AGHT+IG+VvMjqwPmxscsDUKG0E78+g6xTP/xB9+9wt/8NrZrtcQpHQnuSBRdw0akfa85CdEW0jfWOijI X-Received: from wmbfp27.prod.google.com ([2002:a05:600c:699b:b0:436:1a60:654e]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:6d03:0:b0:38d:d664:67d8 with SMTP id ffacd0b85a97d-38dd6646bddmr5499501f8f.11.1739209807039; Mon, 10 Feb 2025 09:50:07 -0800 (PST) Date: Mon, 10 Feb 2025 18:49:45 +0100 In-Reply-To: <20250210174941.3251435-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250210174941.3251435-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2088; i=ardb@kernel.org; h=from:subject; bh=pDo4LLvdeMJ133Ru7rxDyvLMRfDLzKvHZSwUtXn8YcY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIX2VjcWe4EenT3+xuVeh0TmrQvx74c3798MPblatDgnOq Xv3QnFaRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhIBiMjwxz/nnsXdNsnvto1 4fuV+1Pduzaqd07L9azssPmce4xnthAjw8d502+uMCrUetwubWe4++/54/nPgiVCkzR6pMtNd// LZgMA X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <20250210174941.3251435-12-ardb+git@google.com> Subject: [PATCH v2 3/7] x86/efi/mixed: Factor out and clean up long mode entry From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hdegoede@redhat.com, Ard Biesheuvel From: Ard Biesheuvel Entering long mode involves setting the EFER_LME and CR4.PAE bits before enabling paging by setting CR0.PG bit. It also involves disabling interrupts, given that the firmware's 32-bit IDT becomes invalid as soon as the CPU transitions into long mode. Reloading the CR3 register is not necessary at boot time, given that the EFI firmware as well as the kernel's EFI stub use a 1:1 mapping of the 32-bit addressable memory in the system. Break out this code into a separate helper for clarity, and so that it can be reused in a subsequent patch. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 29 ++++++++++---------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index b7886e2591fc..0b6b37b08f82 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -170,10 +170,6 @@ SYM_FUNC_START_LOCAL(efi_enter32) movl %edx, %gs movl %edx, %ss - /* Reload pgtables */ - movl %cr3, %eax - movl %eax, %cr3 - /* Disable paging */ movl %cr0, %eax btrl $X86_CR0_PG_BIT, %eax @@ -199,30 +195,35 @@ SYM_FUNC_START_LOCAL(efi_enter32) lidtl 16(%ebx) lgdtl (%ebx) + xorl %eax, %eax + lldt %ax + + call efi32_enable_long_mode + + pushl $__KERNEL_CS + pushl %ebp + lret +SYM_FUNC_END(efi_enter32) + +SYM_FUNC_START_LOCAL(efi32_enable_long_mode) movl %cr4, %eax btsl $(X86_CR4_PAE_BIT), %eax movl %eax, %cr4 - movl %cr3, %eax - movl %eax, %cr3 - movl $MSR_EFER, %ecx rdmsr btsl $_EFER_LME, %eax wrmsr - xorl %eax, %eax - lldt %ax - - pushl $__KERNEL_CS - pushl %ebp + /* Disable interrupts - the firmware's IDT does not work in long mode */ + cli /* Enable paging */ movl %cr0, %eax btsl $X86_CR0_PG_BIT, %eax movl %eax, %cr0 - lret -SYM_FUNC_END(efi_enter32) + ret +SYM_FUNC_END(efi32_enable_long_mode) /* * This is the common EFI stub entry point for mixed mode. From patchwork Mon Feb 10 17:49:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 864198 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B35EC25B67F for ; Mon, 10 Feb 2025 17:50:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209812; cv=none; b=nSthLQyZ+WO+hsWELcjUUz7oLhpgRCSeBEbAXm+l/JBZKQ7uqEqHiSBKSMcZKpMX98NyfIbprTzxAGOuu8UN7N0lJVzcS4Uj9pdNTLK1WNgOKpvqUjhgmXdkRVjxqz6jZPy9SEK14uKk6+PYW1HmmK1ipyFRraDPYhzMTrdxIVE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209812; c=relaxed/simple; bh=BPQL4qz+CwE1nln0yB0Q+bmvIJrYUTyUpIosm0Fn90c=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VZamsijCBejTetmfSVPLJZfGyzBMk4k4JxBDGoOOwUhLYRIulOIhXPsUVaBVG7IxW+pxMJVVQhrZQfOJxLc0CL48J6C+19JT0oncHgSoScvbvMPtStIAcONAjuyEwxvVA+Kb6B3+WtvV8w4fCuqGRpKvmjZ5ZRgUl7dSonVhazc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RsqVLuBc; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RsqVLuBc" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4394c489babso2096035e9.1 for ; Mon, 10 Feb 2025 09:50:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1739209809; x=1739814609; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hh74QRVg975Yn36UPeoHsaCV8mpHRm2Eeaz4w9agUgo=; b=RsqVLuBc7IqX6fcGeV/HRmBnTxoKGVjpMeInvDVye2necl21pB3zervqzuvl/7bKW5 7oqqSSNqdCfWx9giZoEZanVgBML6baDVcpfMhySJqjAbHqToNFwjZehKzK48bIQtfp/x BNMBuHShvV77m2xYzBOiSahk5HHX/QiMrsvOKkvdQGTP/LJ6apJ/NUTw1Kk63kZbe4a6 U73NsizCwnM9TYpPCds6iXqcEAOd28Ubv6O/6OQYrSSTsveXpl5FptFx1EWQBiyNRBTq cmuEKvGdKJ8tE1od7Kw2EhGrxhjC2fAtefsRnJ67WthYRv1mHxj9zFz1TfYpua4ELGfN t9Ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739209809; x=1739814609; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hh74QRVg975Yn36UPeoHsaCV8mpHRm2Eeaz4w9agUgo=; b=ZqtzsosHYhXO26W17SHyk0hd2YrhF8p9MeU0dP2khHrl19WK2IDII2YpxAjCjiheFr OmL0vdGSCeuRGoqkezjyMz0c1aNaEZGg2qDSjvg/WWvPIz26LhtfLxr4ZvoUvh0M+KEi GOrM8Gv3HM281dA9WwYtZ83/Awx4OZYzTutYKhSL3rEbPCBkdmxy2pU2oBspkGPp9enn mN1hVJz5FHHcKqsUBeaAKLdbGxsDXitxHlBbv9iKHcO3JNH/hLa6oDrXIvTWRcq8lcxn QI49Z3geasZ6qef+zsG/X/rQdpcZtUfNRGsTd56CsMPVbzUpCOSYoH0CuKCdutjkARVA GN3Q== X-Gm-Message-State: AOJu0YyClvMJ+/JNKdF0BUm6wwCvChX3M3MbLC8tEA+U/ZvaWmmuDs2O VRZ3sHuAbgShavsnVU48G4owODs1ZgBXSRDhUadtqMHWg0gmIpBSFhunMeHRr294J4N3TFpk4cX 13LcP3Yvl1dAEjg33dIDWVhADQ8MF2YnZkb5Fwy/wF9oFJcNkD0TgI9yQTTTtjNUx/FC2fPRl2l rZQkiG4KEqkMDTCVX3q8qjN2GufA== X-Google-Smtp-Source: AGHT+IFwMpjejKGq4zSaHHg3Yrb1Cdc7Qvm2uJhPIf6PcN5QjlB9F0ngBMiQQbc0uf1hRx6vvOIkMLNn X-Received: from wmqd12.prod.google.com ([2002:a05:600c:34cc:b0:439:4c05:bc93]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:64a1:0:b0:38d:e092:3ced with SMTP id ffacd0b85a97d-38de0923ea3mr3197232f8f.7.1739209809182; Mon, 10 Feb 2025 09:50:09 -0800 (PST) Date: Mon, 10 Feb 2025 18:49:46 +0100 In-Reply-To: <20250210174941.3251435-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250210174941.3251435-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2195; i=ardb@kernel.org; h=from:subject; bh=AQk1Sy/0lsOpbE/ScFnaBLKdmk/x/n9ewr/JrO+BO7s=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIX2VjeWXTvGDxVPVgu/MeLw17wVb9c+kU1Ydyf82bHPaa JHsXVTeUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACbyfhrDb3bmt9bHj6TPCmRz uu/zYIFm02WF2NUB/O6Tq/vbH2QefMTwv3JVndSc5VzvLr8r2Rh7cOn3AJuHX5w9dk/85S4895l NER8A X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <20250210174941.3251435-13-ardb+git@google.com> Subject: [PATCH v2 4/7] x86/efi/mixed: Set up 1:1 mapping of lower 4GiB in the stub From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hdegoede@redhat.com, Ard Biesheuvel From: Ard Biesheuvel In preparation for dropping the dependency on startup_32 entirely in the next patch, add the code that sets up the 1:1 mapping of the lower 4 GiB of system RAM to the mixed mode stub. The reload of CR3 after the long mode switch will be removed in a subsequent patch, when it is no longer needed. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 29 ++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index 0b6b37b08f82..dca916c3e6f0 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,9 @@ SYM_FUNC_START(startup_64_mixed_mode) mov 0(%rdx), %edi mov 4(%rdx), %esi + leaq (pte + 5 * PAGE_SIZE)(%rip), %rax + movq %rax, %cr3 // reload after startup_32 + /* Switch to the firmware's stack */ movl efi32_boot_sp(%rip), %esp andl $~7, %esp @@ -267,11 +271,32 @@ SYM_FUNC_START_LOCAL(efi32_entry) movl $_end - 1b, BP_init_size(%esi) subl $startup_32 - 1b, BP_init_size(%esi) + call 1f +1: pop %edi + /* Disable paging */ movl %cr0, %eax btrl $X86_CR0_PG_BIT, %eax movl %eax, %cr0 + /* Set up 1:1 mapping */ + leal (pte - 1b)(%edi), %eax + movl $_PAGE_PRESENT | _PAGE_RW | _PAGE_PSE, %ecx + leal (_PAGE_PRESENT | _PAGE_RW)(%eax), %edx +2: movl %ecx, (%eax) + addl $8, %eax + addl $PMD_SIZE, %ecx + jnc 2b + + movl $PAGE_SIZE, %ecx + .irpc l, 0123 + movl %edx, \l * 8(%eax) + addl %ecx, %edx + .endr + addl %ecx, %eax + movl %edx, (%eax) + movl %eax, %cr3 + jmp startup_32 SYM_FUNC_END(efi32_entry) @@ -322,3 +347,7 @@ SYM_DATA_LOCAL(efi32_boot_ds, .word 0) SYM_DATA_LOCAL(efi32_boot_sp, .long 0) SYM_DATA_LOCAL(efi32_boot_args, .long 0, 0, 0) SYM_DATA(efi_is64, .byte 1) + + .bss + .balign PAGE_SIZE +SYM_DATA_LOCAL(pte, .fill 6 * PAGE_SIZE, 1, 0) From patchwork Mon Feb 10 17:49:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 863940 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C67C42566E8 for ; Mon, 10 Feb 2025 17:50:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209815; cv=none; b=amhJbMZfb0zbfT7stFeZYCjRvnUTfN5jsnbwShzYTzg0+ETp4URC6Ep6dw61c3ao2VGdC933WU57pXT1aZFijVRePznCAEmiG6B4sU5eCF1RjJi31LBKhleikW1XBvOo1eVm5i9/jWXJqR1UKaQ2eBAxMW2yTcQWMS48R4pHZ2A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209815; c=relaxed/simple; bh=RhCgnWZ9ZIivzE3UX2zteqDlKIKGz2XoML7SymksA48=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Rpo0/sRnaZIG3XAFW1+QG8CNGA0fLYVgwsWH9HP0x7siFTCRQ1Kg5T1nKMllWAjmSfttUVUGlcuudDAOGynS7/R1Tk1DjeBOfmSjJzAzJveetlT3amettVL+fjl57DRAAK1RP+nZivvjmy0Q2uy/hr7AHDqLQk8nIU6nM+a/uM4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=T5T6/Kny; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="T5T6/Kny" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-439385b08d1so14156915e9.1 for ; Mon, 10 Feb 2025 09:50:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1739209811; x=1739814611; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=UkHSm3nFrWe2qkbNOypQL173sC1ybsFxg1WLBfNOstk=; b=T5T6/KnyVh8Jd5idPJ2cNghR9T8WAwoshd3vVTKS1CYH+JvLJuedDXm6M1X3noavz3 a5PPwyGUdRXFYDu6/SAVbixJuMI+AVRpY54AeetFBrhU0ekXr4gzQ7c7XCMxidSAwbtf 0JwTqaZh3aXZHsWPq//J/NiX+adj867Q8drV20tx3LK+InUJFsZV7UA/pAwNGJRYxAHI AOhy4V3nV5Uh3YdxPZSmIRubiSNFWqEnTGPESBc7tk026pQEqQwgT/bIaSU8cUgP40gf JSl4hrFdBU8SoVpR6KVZpZ35sb5/DHw4V1winrBbiBLwUHhYA2EZusoboJULoJ02sidk wnjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739209811; x=1739814611; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UkHSm3nFrWe2qkbNOypQL173sC1ybsFxg1WLBfNOstk=; b=kDdQubnuRvjrNKGHl8dU7wsuvIaCv4VHsRLzT2Qlubz68p773fiRHBAN1jndiBewxI vcANIuMyQfm50LWx8/0t9yKROf4lqFVqFGm+fG5xr8qSnWvD/oPuGByRlP9sGTtE67FP 7dIppFB87IazXmp6mOh3kRanntaR71qXmFdB56Hc2kF+hiXGY+FPBiTEgiOql0SQdYPi 2eh6CrKk9pF3Nb+iHZ7SadJ7WEP2Q71aAkxrkUP0gVMVGpkFZDycDn1UKS9kcGU0Vixw JhSP6nXwuy8uIvqkrwpnw2lc3EIylIvpgo+So4ZWR2qY5JKdNq4t/C8y4mKJ+QC4CU8y nviA== X-Gm-Message-State: AOJu0Yy4j8t8+4hCBc1Yj24yFA8d90O3+Wlsqs1E+3FflJc0QyDYuekL OVTrXSaPQSUPt3DxfF6tZAiU6m5BzJ3Sld4OKhYKv/mxgl3fZL38XSWT/Iyt9a/PEXcldUmtKGX d4ZuWxtFg6fxWr+N2N6jn7WQ8f/YqMNM6ZWFQH4UZEi8iC9abAl6QQE+7wVi2fYnHdctHLMp3Ep pb6dlawJOnFu6V1sDPfJ7ZTAztNQ== X-Google-Smtp-Source: AGHT+IGb2eO16cVGwjpqCVoPfyo2bJWxNAYQw/3FS7pPE/rc9D7weRiU6tQCRMQN/rg5FKZbm5803Mz5 X-Received: from wmpz12.prod.google.com ([2002:a05:600c:a0c:b0:435:51:727b]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:35c3:b0:42c:c28c:e477 with SMTP id 5b1f17b1804b1-43925f56263mr108752915e9.23.1739209811073; Mon, 10 Feb 2025 09:50:11 -0800 (PST) Date: Mon, 10 Feb 2025 18:49:47 +0100 In-Reply-To: <20250210174941.3251435-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250210174941.3251435-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=11401; i=ardb@kernel.org; h=from:subject; bh=a/4jm8fa7VhuTfEsMN2hOjD+QudmHq3bVwODumrNJtk=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIX2VjVWrZ4KDwelPW5QmRzSUM17oWHA8j+MK+xuLz1PqL z/q92nuKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNZbcnwT1laOuWh5WvbkxNN ijV4TsjWaX15LPwvqUDr5UaN9BK17YwMN+yPpqWzXny1vynZ4YZm/BXFkP+MF3U3Odq1bXxRmmT OAQA= X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <20250210174941.3251435-14-ardb+git@google.com> Subject: [PATCH v2 5/7] x86/efi/mixed: Remove dependency on legacy startup_32 code From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hdegoede@redhat.com, Ard Biesheuvel From: Ard Biesheuvel The EFI mixed mode startup code calls into startup_32() in the legacy decompressor, passing a mocked up boot_params struct, only to get it to set up the 1:1 mapping of the lower 4 GiB of memory and switch to a GDT that supports 64-bit mode. In order to be able to reuse the EFI mixed mode startup code in EFI boot images that do not incorporate the legacy decompressor code, decouple it, by populating the GDT directly. Doing so allows constructing a GDT that is compatible with the one the firmware uses, with one additional entry for a 64-bit mode code segment appended. This removes the need entirely to switch between GDTs and IDTs or data segment selector values on every call into the firmware, and all of this code can be removed. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 227 ++++++-------------- arch/x86/boot/compressed/head_64.S | 7 - 2 files changed, 65 insertions(+), 169 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index dca916c3e6f0..984956931ed7 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -15,70 +15,23 @@ */ #include -#include +#include #include #include #include #include #include -#include .code64 .text -/* - * When booting in 64-bit mode on 32-bit EFI firmware, startup_64_mixed_mode() - * is the first thing that runs after switching to long mode. Depending on - * whether the EFI handover protocol or the compat entry point was used to - * enter the kernel, it will either branch to the common 64-bit EFI stub - * entrypoint efi_stub_entry() directly, or via the 64-bit EFI PE/COFF - * entrypoint efi_pe_entry(). In the former case, the bootloader must provide a - * struct bootparams pointer as the third argument, so the presence of such a - * pointer is used to disambiguate. - * - * +--------------+ - * +------------------+ +------------+ +------>| efi_pe_entry | - * | efi32_pe_entry |---->| | | +-----------+--+ - * +------------------+ | | +------+----------------+ | - * | startup_32 |---->| startup_64_mixed_mode | | - * +------------------+ | | +------+----------------+ | - * | efi32_stub_entry |---->| | | | - * +------------------+ +------------+ | | - * V | - * +------------+ +----------------+ | - * | startup_64 |<----| efi_stub_entry |<--------+ - * +------------+ +----------------+ - */ -SYM_FUNC_START(startup_64_mixed_mode) - lea efi32_boot_args(%rip), %rdx - mov 0(%rdx), %edi - mov 4(%rdx), %esi - - leaq (pte + 5 * PAGE_SIZE)(%rip), %rax - movq %rax, %cr3 // reload after startup_32 - - /* Switch to the firmware's stack */ - movl efi32_boot_sp(%rip), %esp - andl $~7, %esp - - mov 8(%rdx), %edx // saved bootparams pointer - call efi_stub_entry -SYM_FUNC_END(startup_64_mixed_mode) - SYM_FUNC_START(__efi64_thunk) push %rbp push %rbx - movl %ds, %eax - push %rax - movl %es, %eax - push %rax - movl %ss, %eax - push %rax - /* Copy args passed on stack */ - movq 0x30(%rsp), %rbp - movq 0x38(%rsp), %rbx - movq 0x40(%rsp), %rax + movq 0x18(%rsp), %rbp + movq 0x20(%rsp), %rbx + movq 0x28(%rsp), %rax /* * Convert x86-64 ABI params to i386 ABI @@ -93,44 +46,14 @@ SYM_FUNC_START(__efi64_thunk) movl %ebx, 0x18(%rsp) movl %eax, 0x1c(%rsp) - leaq 0x20(%rsp), %rbx - sgdt (%rbx) - sidt 16(%rbx) - leaq 1f(%rip), %rbp + movl %cs, %ebx - /* - * Switch to IDT and GDT with 32-bit segments. These are the firmware - * GDT and IDT that were installed when the kernel started executing. - * The pointers were saved by the efi32_entry() routine below. - * - * Pass the saved DS selector to the 32-bit code, and use far return to - * restore the saved CS selector. - */ - lidt efi32_boot_idt(%rip) - lgdt efi32_boot_gdt(%rip) - - movzwl efi32_boot_ds(%rip), %edx - movzwq efi32_boot_cs(%rip), %rax - pushq %rax - leaq efi_enter32(%rip), %rax - pushq %rax - lretq + ljmpl *efi32_call(%rip) 1: addq $64, %rsp movq %rdi, %rax - pop %rbx - movl %ebx, %ss - pop %rbx - movl %ebx, %es - pop %rbx - movl %ebx, %ds - /* Clear out 32-bit selector from FS and GS */ - xorl %ebx, %ebx - movl %ebx, %fs - movl %ebx, %gs - pop %rbx pop %rbp RET @@ -141,7 +64,6 @@ SYM_FUNC_END(__efi64_thunk) SYM_FUNC_START(efi32_stub_entry) call 1f 1: popl %ecx - leal (efi32_boot_args - 1b)(%ecx), %ebx /* Clear BSS */ xorl %eax, %eax @@ -153,11 +75,8 @@ SYM_FUNC_START(efi32_stub_entry) rep stosl add $0x4, %esp /* Discard return address */ - popl %ecx - popl %edx - popl %esi - movl %esi, 8(%ebx) - jmp efi32_entry + movl 8(%esp), %ebx /* struct boot_params pointer */ + jmp efi32_startup SYM_FUNC_END(efi32_stub_entry) #endif @@ -167,13 +86,6 @@ SYM_FUNC_END(efi32_stub_entry) * The stack should represent the 32-bit calling convention. */ SYM_FUNC_START_LOCAL(efi_enter32) - /* Load firmware selector into data and stack segment registers */ - movl %edx, %ds - movl %edx, %es - movl %edx, %fs - movl %edx, %gs - movl %edx, %ss - /* Disable paging */ movl %cr0, %eax btrl $X86_CR0_PG_BIT, %eax @@ -190,21 +102,9 @@ SYM_FUNC_START_LOCAL(efi_enter32) /* We must preserve return value */ movl %eax, %edi - /* - * Some firmware will return with interrupts enabled. Be sure to - * disable them before we switch GDTs and IDTs. - */ - cli - - lidtl 16(%ebx) - lgdtl (%ebx) - - xorl %eax, %eax - lldt %ax - call efi32_enable_long_mode - pushl $__KERNEL_CS + pushl %ebx pushl %ebp lret SYM_FUNC_END(efi_enter32) @@ -230,50 +130,56 @@ SYM_FUNC_START_LOCAL(efi32_enable_long_mode) SYM_FUNC_END(efi32_enable_long_mode) /* - * This is the common EFI stub entry point for mixed mode. + * This is the common EFI stub entry point for mixed mode. It sets up the GDT + * and page tables needed for 64-bit execution, after which it calls the + * common 64-bit EFI entrypoint efi_stub_entry(). * - * Arguments: %ecx image handle - * %edx EFI system table pointer + * Arguments: 0(%esp) image handle + * 4(%esp) EFI system table pointer + * %ebx struct boot_params pointer (or NULL) * * Since this is the point of no return for ordinary execution, no registers * are considered live except for the function parameters. [Note that the EFI * stub may still exit and return to the firmware using the Exit() EFI boot * service.] */ -SYM_FUNC_START_LOCAL(efi32_entry) - call 1f -1: pop %ebx - - /* Save firmware GDTR and code/data selectors */ - sgdtl (efi32_boot_gdt - 1b)(%ebx) - movw %cs, (efi32_boot_cs - 1b)(%ebx) - movw %ds, (efi32_boot_ds - 1b)(%ebx) - - /* Store firmware IDT descriptor */ - sidtl (efi32_boot_idt - 1b)(%ebx) - - /* Store firmware stack pointer */ - movl %esp, (efi32_boot_sp - 1b)(%ebx) - - /* Store boot arguments */ - leal (efi32_boot_args - 1b)(%ebx), %ebx - movl %ecx, 0(%ebx) - movl %edx, 4(%ebx) - movb $0x0, 12(%ebx) // efi_is64 - - /* - * Allocate some memory for a temporary struct boot_params, which only - * needs the minimal pieces that startup_32() relies on. - */ - subl $PARAM_SIZE, %esp - movl %esp, %esi - movl $PAGE_SIZE, BP_kernel_alignment(%esi) - movl $_end - 1b, BP_init_size(%esi) - subl $startup_32 - 1b, BP_init_size(%esi) +SYM_FUNC_START_LOCAL(efi32_startup) + movl %esp, %ebp + + subl $8, %esp + sgdtl (%esp) /* Save GDT descriptor to the stack */ + movl 2(%esp), %esi /* Existing GDT pointer */ + movzwl (%esp), %ecx /* Existing GDT limit */ + inc %ecx /* Existing GDT size */ + andl $~7, %ecx /* Ensure size is multiple of 8 */ + + subl %ecx, %esp /* Allocate new GDT */ + andl $~15, %esp /* Realign the stack */ + movl %esp, %edi /* New GDT address */ + leal 7(%ecx), %eax /* New GDT limit */ + pushw %cx /* Push 64-bit CS (for LJMP below) */ + pushl %edi /* Push new GDT address */ + pushw %ax /* Push new GDT limit */ + + /* Copy GDT to the stack and add a 64-bit code segment at the end */ + movl $GDT_ENTRY(DESC_CODE64, 0, 0xfffff) & 0xffffffff, (%edi,%ecx) + movl $GDT_ENTRY(DESC_CODE64, 0, 0xfffff) >> 32, 4(%edi,%ecx) + shrl $2, %ecx + cld + rep movsl /* Copy the firmware GDT */ + lgdtl (%esp) /* Switch to the new GDT */ call 1f 1: pop %edi + /* Record mixed mode entry */ + movb $0x0, (efi_is64 - 1b)(%edi) + + /* Set up indirect far call to re-enter 32-bit mode */ + leal (efi32_call - 1b)(%edi), %eax + addl %eax, (%eax) + movw %cs, 4(%eax) + /* Disable paging */ movl %cr0, %eax btrl $X86_CR0_PG_BIT, %eax @@ -297,8 +203,17 @@ SYM_FUNC_START_LOCAL(efi32_entry) movl %edx, (%eax) movl %eax, %cr3 - jmp startup_32 -SYM_FUNC_END(efi32_entry) + call efi32_enable_long_mode + + /* Set up far jump to 64-bit mode (CS is already on the stack) */ + leal (efi_stub_entry - 1b)(%edi), %eax + movl %eax, 2(%esp) + + movl 0(%ebp), %edi + movl 4(%ebp), %esi + movl %ebx, %edx + ljmpl *2(%esp) +SYM_FUNC_END(efi32_startup) /* * efi_status_t efi32_pe_entry(efi_handle_t image_handle, @@ -313,10 +228,8 @@ SYM_FUNC_START(efi32_pe_entry) btl $29, %edx // check long mode bit jnc 1f leal 8(%esp), %esp // preserve stack alignment - movl (%esp), %ecx // image_handle - movl 4(%esp), %edx // sys_table - jmp efi32_entry // pass %ecx, %edx - // no other registers remain live + xor %ebx, %ebx // no struct boot_params pointer + jmp efi32_startup // only ESP and EBX remain live 1: movl $0x80000003, %eax // EFI_UNSUPPORTED popl %ebx RET @@ -332,20 +245,10 @@ SYM_FUNC_END(efi64_stub_entry) .data .balign 8 -SYM_DATA_START_LOCAL(efi32_boot_gdt) - .word 0 - .quad 0 -SYM_DATA_END(efi32_boot_gdt) - -SYM_DATA_START_LOCAL(efi32_boot_idt) - .word 0 - .quad 0 -SYM_DATA_END(efi32_boot_idt) - -SYM_DATA_LOCAL(efi32_boot_cs, .word 0) -SYM_DATA_LOCAL(efi32_boot_ds, .word 0) -SYM_DATA_LOCAL(efi32_boot_sp, .long 0) -SYM_DATA_LOCAL(efi32_boot_args, .long 0, 0, 0) +SYM_DATA_START_LOCAL(efi32_call) + .long efi_enter32 - . + .word 0x0 +SYM_DATA_END(efi32_call) SYM_DATA(efi_is64, .byte 1) .bss diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 1dcb794c5479..5db6495a3bb9 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -263,13 +263,6 @@ SYM_FUNC_START(startup_32) * used to perform that far jump. */ leal rva(startup_64)(%ebp), %eax -#ifdef CONFIG_EFI_MIXED - cmpb $1, rva(efi_is64)(%ebp) - je 1f - leal rva(startup_64_mixed_mode)(%ebp), %eax -1: -#endif - pushl $__KERNEL_CS pushl %eax From patchwork Mon Feb 10 17:49:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 864197 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 907A02566C1 for ; Mon, 10 Feb 2025 17:50:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209816; cv=none; b=TcNgSwWUzVOnk43fcGw9D6X2wUb436zDiA4Dn+VkoioefhtQgpt2YV7clv1HqJtHpEXAhIwG3KSYcL1sq2dJw+GWd6/SFW625Nu7/tAxj4zQvdwH2jZriXoX9zLcesoPh5nFhgF4v14jstBsClgJ0XMatCXSdyZHYNmW1zyZWHc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209816; c=relaxed/simple; bh=7iSijZUrTtrRR03PZDgH1zpU7xqM0ZMrFF0nsmlrrpE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=RzTjcbbKZ887f1QaQmMcTllPvda9lQt952EzqfPJGBdcVjGp9n2Z9FKOzlMfBMtq+ciEacvvYCKSmrpzW7Pb1Vi1xP41YPexp9UI8QwITo8Jsx3qj7/+PYntZnfGFsi84Xq41ClUxYQJTQw4Lv0MiDofY0lwVueqiHcmyHzhd7I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=d/xKN1OM; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="d/xKN1OM" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-38dc32f753dso1675166f8f.3 for ; Mon, 10 Feb 2025 09:50:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1739209813; x=1739814613; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=laE9eRboDAND4J5qc5k+GSW4SOFEdoYWGFcZSQBsh/M=; b=d/xKN1OMa/CLaF4e5TqSkfiemECz9A55e4VvxGsoHy3e8IAUzqN9nw6PrhUgiLSR+P TU1+fYB0/ZXDd4Cp0y7IR+stshN98g28yGM3OZ6Wln8WqNd8GXBHGjGOKXGwryCYW2gz qYJFda8FQ/Tcg7ZLpgWUEC/XBvkLXibjP2Dc2Y4+9xFe29v7HMCLcku6GbzeR+mbuyJH nvO6eVkwy3aJe5Y7crW235fGDH9I+Zb57IIRGDXcuezLJLlP5kP4YwV7iJet/q1PAOre ZdPfXv+sId2HGSS5ODicvsqKrYNSg7rAXy5FgNGFFYmykPtupXyZHpV7ChOegrxJhXjX Pc9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739209813; x=1739814613; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=laE9eRboDAND4J5qc5k+GSW4SOFEdoYWGFcZSQBsh/M=; b=V6Syo5ciqPHUtK/ZxB5FfxDJTlooM0LL4dgtS5+6tatfs+Ym/sLvLYk+gcQLozSXC9 +1K4xcwfyM8U7rJJqv4RU1qlv4bVFm/rA+3MC7yMNXkOI9W34U5XHs5iyyhtDzJi9hfr U51Lf0OOGq6dMsT2yDPnMPOeC20uCXhlrWmcbGLaTxwfaVCFNz+LdcYt5umoQU9044+y z5RpqbwFlSETd6MHk6HBSRGVDzj0I5X7uHK44NzfmpkdO6kTC31TUoP0nl2y6HlYWRIm Zoh5QKp9SkNX4zAuHjLK0w2aUd/fqzpw7So8PLVLwzvMbkWUKxcRVdFPKzTr64ILQHgN 0qqA== X-Gm-Message-State: AOJu0YylqMBF0vonX3ZOtAebWGXUZ24jg08U/i8WhtVygMJTUgZp1l1A 5M9uJvVb0yKW4qv1B5KqMI8oRqxMOv5KhB2mHZZHnqMPp4dYSuiA4l65n5QczJatbej6363e6uF xI7fhdwy3jU5kO/qgk+55yQCwNfHjfYpeaGMy76GJklmHQRC7ybql4LIGF/RY5a7ncoXL4ksL3o LTT5Sj0TaW4fiRUCDthCA/vbmP8Q== X-Google-Smtp-Source: AGHT+IHEVhlSJynqCf5ga+kvT437lPhHVY+w3I8rLxdLC3rp6YXrxz1vR/G4EGZ9cSCMXYWv9sIfrVZ5 X-Received: from wmbeo3.prod.google.com ([2002:a05:600c:82c3:b0:435:f81b:bac8]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:6d8b:0:b0:38d:e016:a67b with SMTP id ffacd0b85a97d-38de41be85fmr539245f8f.39.1739209812969; Mon, 10 Feb 2025 09:50:12 -0800 (PST) Date: Mon, 10 Feb 2025 18:49:48 +0100 In-Reply-To: <20250210174941.3251435-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250210174941.3251435-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3293; i=ardb@kernel.org; h=from:subject; bh=q2h484d7VXWpPU8ScxpoIvyL7JuzBh691XDsMq6nSoU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIX2VjbWjpu3mLk6py7ZKYiemGF4uSzl3a9HHtx8fPbpy+ JIos8unjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRX8sY/scIrtlqn6F1/tie o7I27Krm//8/Tk3LMGv0qZ0nuch72T1GhslvU8y+rpW571C25Nu+h8+E1V5Zm6er3JoUc/DkUqX SsywA X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <20250210174941.3251435-15-ardb+git@google.com> Subject: [PATCH v2 6/7] x86/efi/mixed: Simplify and document thunking logic From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hdegoede@redhat.com, Ard Biesheuvel From: Ard Biesheuvel Now that the GDT/IDT and data segment selector preserve/restore logic has been removed from the boot-time EFI mixed mode thunking routines, the remaining logic to handle the function arguments can be simplified: the setup of the arguments on the stack can be moved into the 32-bit callee, which is able to use a more idiomatic sequence of PUSH instructions. This, in turn, allows the far call and far return to be issued using plain LCALL and LRET instructions, removing the need to set up the return explicitly. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 77 ++++++++++---------- 1 file changed, 37 insertions(+), 40 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index 984956931ed7..e04ed99bc449 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -22,43 +22,7 @@ #include #include - .code64 .text -SYM_FUNC_START(__efi64_thunk) - push %rbp - push %rbx - - /* Copy args passed on stack */ - movq 0x18(%rsp), %rbp - movq 0x20(%rsp), %rbx - movq 0x28(%rsp), %rax - - /* - * Convert x86-64 ABI params to i386 ABI - */ - subq $64, %rsp - movl %esi, 0x0(%rsp) - movl %edx, 0x4(%rsp) - movl %ecx, 0x8(%rsp) - movl %r8d, 0xc(%rsp) - movl %r9d, 0x10(%rsp) - movl %ebp, 0x14(%rsp) - movl %ebx, 0x18(%rsp) - movl %eax, 0x1c(%rsp) - - leaq 1f(%rip), %rbp - movl %cs, %ebx - - ljmpl *efi32_call(%rip) - -1: addq $64, %rsp - movq %rdi, %rax - - pop %rbx - pop %rbp - RET -SYM_FUNC_END(__efi64_thunk) - .code32 #ifdef CONFIG_EFI_HANDOVER_PROTOCOL SYM_FUNC_START(efi32_stub_entry) @@ -81,11 +45,26 @@ SYM_FUNC_END(efi32_stub_entry) #endif /* - * EFI service pointer must be in %edi. + * Called using a far call from __efi64_thunk() below, using the x86_64 SysV + * ABI (except for R8/R9 which are inaccessible to 32-bit code - EAX/EBX are + * used instead). EBP+16 points to the arguments passed via the stack. * - * The stack should represent the 32-bit calling convention. + * The first argument (EDI) is a pointer to the boot service or protocol, to + * which the remaining arguments are passed, each truncated to 32 bits. */ SYM_FUNC_START_LOCAL(efi_enter32) + /* + * Convert x86-64 SysV ABI params to i386 ABI + */ + pushl 32(%ebp) /* Up to 3 args passed via the stack */ + pushl 24(%ebp) + pushl 16(%ebp) + pushl %ebx /* R9 */ + pushl %eax /* R8 */ + pushl %ecx + pushl %edx + pushl %esi + /* Disable paging */ movl %cr0, %eax btrl $X86_CR0_PG_BIT, %eax @@ -104,11 +83,29 @@ SYM_FUNC_START_LOCAL(efi_enter32) call efi32_enable_long_mode - pushl %ebx - pushl %ebp + addl $32, %esp + movl %edi, %eax lret SYM_FUNC_END(efi_enter32) + .code64 +SYM_FUNC_START(__efi64_thunk) + push %rbp + movl %esp, %ebp + push %rbx + + /* Move args #5 and #6 into 32-bit accessible registers */ + movl %r8d, %eax + movl %r9d, %ebx + + lcalll *efi32_call(%rip) + + pop %rbx + pop %rbp + RET +SYM_FUNC_END(__efi64_thunk) + + .code32 SYM_FUNC_START_LOCAL(efi32_enable_long_mode) movl %cr4, %eax btsl $(X86_CR4_PAE_BIT), %eax From patchwork Mon Feb 10 17:49:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 863939 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 85FAD25742F for ; Mon, 10 Feb 2025 17:50:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209818; cv=none; b=RphUEE9cKa2doFPYvVqIY9Ma3YqRjobw+DZleYyzINYfb6UoZV+ABUDb8kcBXx4jEMXJXxyArZ6kmp/7ujAvEILeM7K+5WAQlG27u2brAglP5vzCRuj7Xmg3Syh2kB7G1atCllqL1sBvGwafylUk9kverEz+bqzLEavNJs7y/VE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739209818; c=relaxed/simple; bh=b5Y7ZBwua8q6S8xoX8bJWja8rSBdbaXg1go2fucz19o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KJn8FMCHN5Xd5/ij3aHifXVgu8bIrAGUa6cIKuptf7KodvurwnVESS3AYeE7+r4+TvBH+17PqDMMcodqw+0iDoPK+hVPZCCNxxTzcBKj1dYOGzDUhAXlOCB8SBreke89CfTxgWyU1YCwQmCoWQrnZ/Ft4n2O2wv9B3TdTdtRgPA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=JZoLnnnu; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="JZoLnnnu" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-38ddba9814bso682575f8f.3 for ; Mon, 10 Feb 2025 09:50:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1739209815; x=1739814615; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2tIHDOPF0PNls1nT25rio5qx/bjBew1n2yApk83FuUI=; b=JZoLnnnuc1RB97KG6XplP2Rn0PPRj2d1gHHMA337tl2VduP9TZbVUUMqIdxNxCvnJX Elg9ABrpMGDZD4A5vV5h7jrAYQsnkhJCzC/matektP1++y9lzA+85icjRoGzS0y1XnBk zUt/96acAa7dW4j+o7G2DnguflAxELymuc6+n0bcnzwwFIOu3HthfgmAJn6j7p5a/1rj J/M8CrBe3MrKRMhdV05w6GMT/Nc5uuTCyD31+zu5atB/xSjuz24CwvyJ02yx6kZI4NNO 12OjpgAcLSam2T3cxgT9BZU1WhU1ARg8nmERIbSOuTNDLs//pwKn65ot/2HSlAUFhGy9 eW7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739209815; x=1739814615; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2tIHDOPF0PNls1nT25rio5qx/bjBew1n2yApk83FuUI=; b=G46A7yxAEUlqkxwsad3tzg0xB0vmK+JED83E3ePR1///yQVAvBkWQT4YsCW8ZcXwlY FMijz28QDu+NW4bW1vN+58m+vRcFY24aw3J19mkK4gzDRQ2wr7JfUYyh/v/N2hGJQexp px5Cjmw2zmot8JgkM0eR+Pu16Ww5ViCIeIkzjr2hNwhmTbec9dTS6NIrQ0U9t2D9B8if 63phwwVXuz3tHxqaN2mlSC4H84eNE3oF+nQTp+m3fnkwXVcppn5fhICZFTITnoXyG3TJ +PCS7sBDK8M2KAM+KqUlqz7dh1wYj9SuubaTwu8TzcJEMCfRNakG3pynn41Hrcb6yus9 n2Rw== X-Gm-Message-State: AOJu0YyQcAXCHBOEswpeWD8iBcrrTzj5NYuogv2rtLZyNkdVC7nu3InG U9hN5/Diuc+hzJfMKZQIduf5fQ8U5gm4XzHe+ybbzHn5fD6Q86XEzitF98JHK0/RC8LNh95UDTX 7AHBsHm+q9DhnfzuSkqf/9j7AXom+SpikGHUzyfrlFGyjqNoC2ryqdK/gxD/04V7dKG5fM7pAqY 1Tn8M1umlzjoVc2jEtuglUVTLzoQ== X-Google-Smtp-Source: AGHT+IHAUj/EzxRvKtgJ7QJN3LKDxgNe/A0xr0/YERyNf+9C200o4bBPmgSHauUpcJYocmkxvKfPsVKl X-Received: from wmqd4.prod.google.com ([2002:a05:600c:34c4:b0:439:4c13:57e5]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:1883:b0:385:f7ef:a57f with SMTP id ffacd0b85a97d-38dc9233968mr11826038f8f.27.1739209814970; Mon, 10 Feb 2025 09:50:14 -0800 (PST) Date: Mon, 10 Feb 2025 18:49:49 +0100 In-Reply-To: <20250210174941.3251435-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250210174941.3251435-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2573; i=ardb@kernel.org; h=from:subject; bh=f8GMXZVc+ZgqfzipyO2wKCTDym84g0qfwV9FVQOEoyI=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIX2VjfW5siSre++kNEo+q6+8viNWfFN8/+R3PvYS7nNvr 55w3Um7o5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEyk6wQjw1olLrm/vxfb6H+u kegTlJXMky4WvijZf2PV6t8O07gijzEyNF955r9ATrrvxU37RbOPae2Ovuw9wf0A88JtW90XOB7 ZywIA X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <20250210174941.3251435-16-ardb+git@google.com> Subject: [PATCH v2 7/7] x86/efi/mixed: Move mixed mode startup code into libstub From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hdegoede@redhat.com, Ard Biesheuvel From: Ard Biesheuvel The EFI mixed mode code has been decoupled from the legacy decompressor, in order to be able to reuse it with generic EFI zboot images for x86. Move the source file into the libstub source directory to facilitate this. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 1 - drivers/firmware/efi/libstub/Makefile | 3 +++ arch/x86/boot/compressed/efi_mixed.S => drivers/firmware/efi/libstub/x86-mixed.S | 0 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index f2051644de94..fc5563704466 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -104,7 +104,6 @@ vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o $(obj)/td vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/mem.o vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o -vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o vmlinux-libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a $(obj)/vmlinux: $(vmlinux-objs-y) $(vmlinux-libs-y) FORCE diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 1141cd06011f..903afd2d3d58 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -62,6 +62,8 @@ KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO), $(KBUILD_CFLAGS)) # `-fdata-sections` flag from KBUILD_CFLAGS_KERNEL KBUILD_CFLAGS_KERNEL := $(filter-out -fdata-sections, $(KBUILD_CFLAGS_KERNEL)) +KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ + lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o \ file.o mem.o random.o randomalloc.o pci.o \ skip_spaces.o lib-cmdline.o lib-ctype.o \ @@ -83,6 +85,7 @@ lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o string.o intrinsics.o systable.o \ lib-$(CONFIG_ARM) += arm32-stub.o lib-$(CONFIG_ARM64) += kaslr.o arm64.o arm64-stub.o smbios.o lib-$(CONFIG_X86) += x86-stub.o smbios.o +lib-$(CONFIG_EFI_MIXED) += x86-mixed.o lib-$(CONFIG_X86_64) += x86-5lvl.o lib-$(CONFIG_RISCV) += kaslr.o riscv.o riscv-stub.o lib-$(CONFIG_LOONGARCH) += loongarch.o loongarch-stub.o diff --git a/arch/x86/boot/compressed/efi_mixed.S b/drivers/firmware/efi/libstub/x86-mixed.S similarity index 100% rename from arch/x86/boot/compressed/efi_mixed.S rename to drivers/firmware/efi/libstub/x86-mixed.S