2020-02-11 14:15:10

by Joerg Roedel

[permalink] [raw]
Subject: [PATCH 23/62] x86/idt: Move IDT to data segment

From: Joerg Roedel <[email protected]>

With SEV-ES, exception handling is needed very early, even before the
kernel has cleared the bss segment. In order to prevent clearing the
currently used IDT, move the IDT to the data segment.

Signed-off-by: Joerg Roedel <[email protected]>
---
arch/x86/kernel/idt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c
index 87ef69a72c52..7f81c1294847 100644
--- a/arch/x86/kernel/idt.c
+++ b/arch/x86/kernel/idt.c
@@ -166,7 +166,7 @@ static const __initconst struct idt_data dbg_idts[] = {
#endif

/* Must be page-aligned because the real IDT is used in a fixmap. */
-gate_desc idt_table[IDT_ENTRIES] __page_aligned_bss;
+gate_desc idt_table[IDT_ENTRIES] __page_aligned_data;

struct desc_ptr idt_descr __ro_after_init = {
.size = (IDT_ENTRIES * 2 * sizeof(unsigned long)) - 1,
--
2.17.1


2020-02-11 22:43:28

by Andy Lutomirski

[permalink] [raw]
Subject: Re: [PATCH 23/62] x86/idt: Move IDT to data segment

On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <[email protected]> wrote:
>
> From: Joerg Roedel <[email protected]>
>
> With SEV-ES, exception handling is needed very early, even before the
> kernel has cleared the bss segment. In order to prevent clearing the
> currently used IDT, move the IDT to the data segment.

Ugh. At the very least this needs a comment in the code.

I had a patch to fix the kernel ELF loader to clear BSS, which would
fix this problem once and for all, but it didn't work due to the messy
way that the decompressor handles memory. I never got around to
fixing this, sadly.

2020-02-12 11:55:53

by Joerg Roedel

[permalink] [raw]
Subject: Re: [PATCH 23/62] x86/idt: Move IDT to data segment

On Tue, Feb 11, 2020 at 02:41:25PM -0800, Andy Lutomirski wrote:
> On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <[email protected]> wrote:
> >
> > From: Joerg Roedel <[email protected]>
> >
> > With SEV-ES, exception handling is needed very early, even before the
> > kernel has cleared the bss segment. In order to prevent clearing the
> > currently used IDT, move the IDT to the data segment.
>
> Ugh. At the very least this needs a comment in the code.

Yes, right, added a comment for that.

> I had a patch to fix the kernel ELF loader to clear BSS, which would
> fix this problem once and for all, but it didn't work due to the messy
> way that the decompressor handles memory. I never got around to
> fixing this, sadly.

Aren't there other ways of booting (Xen-PV?) which don't use the kernel
ELF loader?

Regards,

Joerg

2020-02-12 16:25:22

by Andy Lutomirski

[permalink] [raw]
Subject: Re: [PATCH 23/62] x86/idt: Move IDT to data segment



> On Feb 12, 2020, at 3:55 AM, Joerg Roedel <[email protected]> wrote:
>
> On Tue, Feb 11, 2020 at 02:41:25PM -0800, Andy Lutomirski wrote:
>>> On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <[email protected]> wrote:
>>>
>>> From: Joerg Roedel <[email protected]>
>>>
>>> With SEV-ES, exception handling is needed very early, even before the
>>> kernel has cleared the bss segment. In order to prevent clearing the
>>> currently used IDT, move the IDT to the data segment.
>>
>> Ugh. At the very least this needs a comment in the code.
>
> Yes, right, added a comment for that.
>
>> I had a patch to fix the kernel ELF loader to clear BSS, which would
>> fix this problem once and for all, but it didn't work due to the messy
>> way that the decompressor handles memory. I never got around to
>> fixing this, sadly.
>
> Aren't there other ways of booting (Xen-PV?) which don't use the kernel
> ELF loader?

Dunno. I would hope the any sane loader would clear BSS before executing anything. This isn’t currently the case, though. Oh well.

>
> Regards,
>
> Joerg

2020-02-12 16:29:14

by Jürgen Groß

[permalink] [raw]
Subject: Re: [PATCH 23/62] x86/idt: Move IDT to data segment

On 12.02.20 17:23, Andy Lutomirski wrote:
>
>
>> On Feb 12, 2020, at 3:55 AM, Joerg Roedel <[email protected]> wrote:
>>
>> On Tue, Feb 11, 2020 at 02:41:25PM -0800, Andy Lutomirski wrote:
>>>> On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <[email protected]> wrote:
>>>>
>>>> From: Joerg Roedel <[email protected]>
>>>>
>>>> With SEV-ES, exception handling is needed very early, even before the
>>>> kernel has cleared the bss segment. In order to prevent clearing the
>>>> currently used IDT, move the IDT to the data segment.
>>>
>>> Ugh. At the very least this needs a comment in the code.
>>
>> Yes, right, added a comment for that.
>>
>>> I had a patch to fix the kernel ELF loader to clear BSS, which would
>>> fix this problem once and for all, but it didn't work due to the messy
>>> way that the decompressor handles memory. I never got around to
>>> fixing this, sadly.
>>
>> Aren't there other ways of booting (Xen-PV?) which don't use the kernel
>> ELF loader?
>
> Dunno. I would hope the any sane loader would clear BSS before executing anything. This isn’t currently the case, though. Oh well.

Xen-PV is clearing BSS as the very first action.


Juergen

2020-02-19 10:42:47

by Joerg Roedel

[permalink] [raw]
Subject: Re: [PATCH 23/62] x86/idt: Move IDT to data segment

Hi J?rgen,

On Wed, Feb 12, 2020 at 05:28:21PM +0100, J?rgen Gro? wrote:
> Xen-PV is clearing BSS as the very first action.

In the kernel image? Or in the ELF loader before jumping to the kernel
image?

Regards,

Joerg

2020-02-19 10:49:02

by Jürgen Groß

[permalink] [raw]
Subject: Re: [PATCH 23/62] x86/idt: Move IDT to data segment

On 19.02.20 11:42, Joerg Roedel wrote:
> Hi Jürgen,
>
> On Wed, Feb 12, 2020 at 05:28:21PM +0100, Jürgen Groß wrote:
>> Xen-PV is clearing BSS as the very first action.
>
> In the kernel image? Or in the ELF loader before jumping to the kernel
> image?

In the kernel image.

See arch/x86/xen/xen-head.S - startup_xen is the entry point of the
kernel.


Juergen