Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1111000rwd; Thu, 18 May 2023 08:06:23 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4kixn/YpeVKqovVcz+juMtIGqQWzCFFvWD+awcZgd68mikzE2fEInUJ2t3HdUQnNMpMh8R X-Received: by 2002:a05:6a00:2ea4:b0:64a:f8c9:a421 with SMTP id fd36-20020a056a002ea400b0064af8c9a421mr5123705pfb.32.1684422382783; Thu, 18 May 2023 08:06:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684422382; cv=none; d=google.com; s=arc-20160816; b=UwsU0TycSG2O8DwJtAsClOWl/iW9BT07TtCKA6RY3fdSTzCau/RplboB5FOnNscuVo swd1AVnnIG/DkbRA7+332M7y6j+P0ijqGCIQxbpJ8jSvqnJdGIHL/Mh1oHgesMoEdLjn P0QFDpchwqy4WD6YkMnAL6ttfRQFzcmMU+EumqJCAx8H1b3l0715SKsJeUCqCWj9qKyn +DO1Xf3p92iFQwYyqUB2DqD5nfIMrYOK8Sl8cPRHLEEaYAi+Ftd3NVn+5PllDRDRDEUu yYtnDIbnFjyzw9du5Kyd1UMzkpTDtMls8PMxb75liIg3wZQ5iSQG1WXl4l5B5jGaDEq4 9abw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ifxFjP7mSxjFsQB+UHwAoP0H0sijEMyk2M2AJQ5v0oA=; b=W/a8lbod09Y6xioOygDk63jxKFSYHcLTbwnIgidQ57DDTZ2hHCYMaWsRDOzoCgY2g3 1Z5W+k21aVbTCeBE0Cxwy8XeEWFHXfwWmAl7YegqtKYe3EPJfF2Em51W60QZTTFtmo2L Z8ESm3fxQYvKWwO93YNtIlaQdMUcrjGflpAAVKMTqx44pIY73I4JDDeRJ+fw3M5SGdJE cpLTgyiu+R1K4MXXYvaYjDdPcOtvQH9fuNWj6sKN6hWAaoUnGVICPxPrZEbhMdZTAnOE Jmt9V4M04ZvFlPP6qvXm17jyyuU95ZbFLD3J4aGBRptdLhRdkHMAfcX8ekHh1gxjc9uW Pxfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Piyb3MXk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s5-20020a625e05000000b0063b7f1ed115si1866653pfb.167.2023.05.18.08.06.04; Thu, 18 May 2023 08:06:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Piyb3MXk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230101AbjERO51 (ORCPT + 99 others); Thu, 18 May 2023 10:57:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36570 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230175AbjERO4z (ORCPT ); Thu, 18 May 2023 10:56:55 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D98E91FE6; Thu, 18 May 2023 07:56:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6721165001; Thu, 18 May 2023 14:56:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CAB5DC433EF; Thu, 18 May 2023 14:56:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684421768; bh=yC1q2lmvQjUSReD7N0Uo4kMc1+QDGL5VVCy7s1obnkM=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Piyb3MXkTWiyfdtcgxnfoOV3tTtXBdkcFE3OSX6Eu47XmD/Z6Z60UTPbaNHH0exOm 0JIFfaa656yPYz/DBBp+24wqQD/k5THt2uJsV3JgDrMpEjNv6akZmF7MwXVY8Rgfzx Zhj+jVardbBUTGygkqKwiEU9AMYrzW94OgltjwmwiTgWaIzTajdaoTvMOZ2uyGcUVa +I0i2bQfHyY3oIfsL5NvcIemq1sT2eEareQBH/eLrxPw2XR2RdMiRMF3WMl0Xbxx8N d1H1Z3nwVwd+3uC1kh0pkpmzMkHXwOcQz5UYgcUMH+ViRUtnohdptEoLoxgCOpcot2 jeCUfjhWSED9A== Received: by mail-lf1-f47.google.com with SMTP id 2adb3069b0e04-4f24ceae142so2407662e87.3; Thu, 18 May 2023 07:56:08 -0700 (PDT) X-Gm-Message-State: AC+VfDxL7R30XtLmVW+SM7VgBiJBYjDkQj3aEHLxwzCC+mnT1gSkuLj+ G0igIM9ysI1Febq31DsOVITmRSo0K/wkSs55Xdw= X-Received: by 2002:a19:f80e:0:b0:4f1:4ed6:4a6e with SMTP id a14-20020a19f80e000000b004f14ed64a6emr1562627lff.28.1684421766869; Thu, 18 May 2023 07:56:06 -0700 (PDT) MIME-Version: 1.0 References: <20230508070330.582131-1-ardb@kernel.org> <20230508070330.582131-6-ardb@kernel.org> <6f858998-bb56-689b-76a7-0952d73f5ab8@amd.com> In-Reply-To: <6f858998-bb56-689b-76a7-0952d73f5ab8@amd.com> From: Ard Biesheuvel Date: Thu, 18 May 2023 16:55:55 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 05/20] x86: decompressor: Avoid the need for a stack in the 32-bit trampoline To: Tom Lendacky Cc: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , "Kirill A . Shutemov" , Linus Torvalds Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 18 May 2023 at 00:40, Tom Lendacky wrote: > > On 5/8/23 02:03, Ard Biesheuvel wrote: > > The 32-bit trampoline no longer uses the stack for anything except > > performing a long return back to long mode. Currently, this stack is > > allocated in the same page that carries the trampoline code, which means > > this page must be mapped writable and executable, and the stack is > > therefore executable as well. > > > > So let's do a long jump instead: that way, we can pre-calculate the > > return address and poke it into the code before we call it. In a later > > patch, we will take advantage of this by removing writable permissions > > (and adding executable ones) explicitly when booting via the EFI stub. > > > > Not playing with the stack pointer also makes it more straight-forward > > to call the trampoline code as an ordinary 64-bit function from C code. > > > > Signed-off-by: Ard Biesheuvel > > --- > > arch/x86/boot/compressed/head_64.S | 34 ++++---------------- > > arch/x86/boot/compressed/pgtable.h | 6 ++-- > > arch/x86/boot/compressed/pgtable_64.c | 12 ++++++- > > 3 files changed, 21 insertions(+), 31 deletions(-) > > > > diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S > > index b1f8a867777120bb..3b5fc851737ffc39 100644 > > --- a/arch/x86/boot/compressed/head_64.S > > +++ b/arch/x86/boot/compressed/head_64.S > > @@ -460,9 +460,6 @@ SYM_CODE_START(startup_64) > > leaq TRAMPOLINE_32BIT_CODE_OFFSET(%rax), %rax > > call *%rax > > > > - /* Restore the stack, the 32-bit trampoline uses its own stack */ > > - leaq rva(boot_stack_end)(%rbx), %rsp > > - > > /* > > * cleanup_trampoline() would restore trampoline memory. > > * > > @@ -563,24 +560,17 @@ SYM_FUNC_END(.Lrelocated) > > * EDI contains the base address of the trampoline memory. > > * Non-zero ESI means trampoline needs to enable 5-level paging. > > */ > > + .section ".rodata", "a", @progbits > > SYM_CODE_START(trampoline_32bit_src) > > - popq %r8 > > /* Switch to compatibility mode (CS.L = 0 CS.D = 1) via far return */ > > pushq $__KERNEL32_CS > > leaq 0f(%rip), %rax > > pushq %rax > > lretq > > +.Lret: retq > > Maybe just add a comment above this to explain that this is a target of > the long jump below to get back into long mode and be able to return > without setting up a new stack for the 32-bit code. > > And then a corresponding comment on the long jump itself. I think it would > make it easier to understand what is going on in this part of the code. > Fair point. I'll add that in the next version.