Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp3962568rwr; Mon, 8 May 2023 00:13:01 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4x13OLGDxHETqRZPCvbF+DhT2xKK2pi7Mgs4Hb75zOGHyNnWtq97z+MWHbzmoTW175E9Qv X-Received: by 2002:a05:6a20:2591:b0:f0:6def:6b93 with SMTP id k17-20020a056a20259100b000f06def6b93mr12118461pzd.56.1683529981502; Mon, 08 May 2023 00:13:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683529981; cv=none; d=google.com; s=arc-20160816; b=DyeVXGpUUc1wtlzL5aHQyxmCPeup4I92/gwV67ygnVLPvpSII5FgN+uaW6HFrSNE1s +bu0YAUkFO6uJrqk4J6wkPBT1RUSz1HM/YWmX3iT58gOyXrGXxzKGCkDZ+bXxtJMAZax xAsz5RlcASJwG/z/pe2tDG8KRA2/SxXKODDX56w169b3SzPAq5BTkUobKrVrY8yiZjeL FCXYc4Po48GLMh3zzV1O30BG7AlFanMpVXMzBjn1t8cQQS7z9uXH3SJLbVM8WdmPaNiL GdhmLhxRk1sRBHOMqg3oraIni7tklyFA/oGL1Pylab1FnhZcnJntzQqVRjp09KT9h6Nd D9gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/EjJ6R2izI2jbQWL8EoHPCkvdlhk1fCLxtYK/9cDyL4=; b=HUjVk+M72CdqIt8cbv+tFcfA5yQE7SX47R8VyFlDJTARjIrxlSl9I5BWaTOVRWC+t2 jS1wf4qgtYRDlNae/MJe0nwMBN/oL9hqPHb3CtYh52fp6Xqe5IiXv1Av59gwR1WaGhHC X9FPbK+5VjdaM7Mile4y7xcmy2VopKQhTG6q58Roeb72hOTWx7LVB9Dh0Hh67HTSTZ7O fYxC7eH6JxaUP9YCsWewGgIsWqRHSh42YoVgOF3/TtSdfpONQSR2FVZsofHZabnnhUqt Gyr8zLp5KyIKN9xwjPC0q1ABp2Khsnb8AWs8BOF6QVjxD/JVc9U15CnDp6Ss7yzykz0k CJiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MV7+bAoM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b26-20020a63715a000000b0051b280be4a2si7748502pgn.486.2023.05.08.00.12.46; Mon, 08 May 2023 00:13:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MV7+bAoM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232542AbjEHHGD (ORCPT + 99 others); Mon, 8 May 2023 03:06:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233110AbjEHHF2 (ORCPT ); Mon, 8 May 2023 03:05:28 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 151221A624; Mon, 8 May 2023 00:04:46 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1C3A461F94; Mon, 8 May 2023 07:04:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BBA35C4339E; Mon, 8 May 2023 07:04:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683529483; bh=pOa0uLaUQL7guzGpAfdDsFjGbf6C6UXPFUPb62ISdKo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MV7+bAoMq5TAPFw31XJPnDEkdUatdL34ctMBvUACIDpuRCOIQxcv+cN/fP7ZodXf0 gOEE+FpmtfxP4aUbUKQeWKvA4ei6eyh1fVC/D7JGOPc6yYKBKoqEZCaWgsl5YTQ9yW N/88DSSx10p7kdCFoonhniqFcxDqBFvVi29/SLa54MQp45eXYT1KqZEF/tK86jsno9 ToHNSl7xjju+mjwvvGVfSe08BXB/s5Rwp2sOFK3wDPbbMikayQZp7EjgP5soEjJMUo 56dTotecWxzGNGQYRBDrSEqJlRSs4HxPqfc5X/98Dr+kYI4wDUiTA31yguu5keD/nv jglyCJqT6Rqrg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds Subject: [PATCH v2 15/20] x86: head_64: Switch to kernel CS before enabling memory encryption Date: Mon, 8 May 2023 09:03:25 +0200 Message-Id: <20230508070330.582131-16-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230508070330.582131-1-ardb@kernel.org> References: <20230508070330.582131-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1479; i=ardb@kernel.org; h=from:subject; bh=pOa0uLaUQL7guzGpAfdDsFjGbf6C6UXPFUPb62ISdKo=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JISVi3p5L2//eS8mLWR1Vc7Go4HNebujRny93XNr8vmr6W nOJ9WcTO0pZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBEjt9mZPiyxNAv8PrbkOz5 Ey1z2rK7PW887NTq/fNOhIE1+6u5jC0jwzUfW7MwB4fv+6/4zvfYoHOyTognumiRo2m0bNPrFUs CuAE= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The SME initialization triggers #VC exceptions due to the use of CPUID instructions, and returning from an exception restores the code segment that was active when the exception was taken. This means we should ensure that we switch the code segment to one that is described in the GDT we just loaded before running the SME init code. Reported-by: Tom Lendacky Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/head_64.S | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 95b12fdae10e1dc9..a128ac62956ff7c4 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -76,6 +76,15 @@ SYM_CODE_START_NOALIGN(startup_64) call startup_64_setup_env + /* Now switch to __KERNEL_CS so IRET works reliably */ + pushq $__KERNEL_CS + leaq .Lon_kernel_cs(%rip), %rax + pushq %rax + lretq + +.Lon_kernel_cs: + UNWIND_HINT_END_OF_STACK + #ifdef CONFIG_AMD_MEM_ENCRYPT /* * Activate SEV/SME memory encryption if supported/enabled. This needs to @@ -87,15 +96,6 @@ SYM_CODE_START_NOALIGN(startup_64) call sme_enable #endif - /* Now switch to __KERNEL_CS so IRET works reliably */ - pushq $__KERNEL_CS - leaq .Lon_kernel_cs(%rip), %rax - pushq %rax - lretq - -.Lon_kernel_cs: - UNWIND_HINT_END_OF_STACK - /* Sanitize CPU configuration */ call verify_cpu -- 2.39.2