Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp32225486rwd; Fri, 7 Jul 2023 10:24:18 -0700 (PDT) X-Google-Smtp-Source: APBJJlEiR+JAl4oC0vSOrgcmE4sJ6hgLxRH3aAGrlrSGiqQMcUjZNA/ojfFPOzOM/xlPeRaZfxzj X-Received: by 2002:a05:6a20:1448:b0:130:a4aa:9fec with SMTP id a8-20020a056a20144800b00130a4aa9fecmr2115364pzi.49.1688750658288; Fri, 07 Jul 2023 10:24:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688750658; cv=none; d=google.com; s=arc-20160816; b=S1ytr91VGRrEFc18Ip79qwvLt+3vGf8gQ3UvXLTu59q3YtOxbaoe8jKxRGH9Nwk7SM KyFVLcVRS33ns1qfoMQUsgScTbDNb/9vVr3Eqm1/cHtX1KJJF6Gzr0AfXuXpKTlnY8iB m94bIKuMDZehXzlKZ4UD8fHnyjQqSFDZOd7RCXRAv1vYzPtqfJy98Jarff8kWdY/VyIN JmJXctrDKyIt8f+WIvP4WjLawXtWd7YW9rQjH7LXdURRF8v+3kgsW1UI95nQg18Fl1X0 dp/OlUt4sxWggz7Gh2RToIIRghTRmZuW58PSTg2BhGcvPqTjBaAC2Y2vJ0rYpyslytX2 ft2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=6OzTAM5FK7zuWehbwIgNlYhTn7gz7QucEzqfEJ1uQTI=; fh=DugZ1FdyYC3ytnKL3QqsnduH7ptt3mHMGs0BJPL8430=; b=fx8wf+5XZVG3Qu8JFXahSHg+KMf/tSypb5FwLOz+Qe6XDQLA4/2VN6PeCsr3UKjyG1 9LwtWSe5xvUsH/ccmcwqugrYt2o2aIuM9sRHco9npo4iZCnP6hYmp9HoTDffNN6qS70T yJ41MOgPiWaeLtx02LeYAJtVOZgIY997rDFzZvmGDkBJRGnq3dUsKwUt4AkfmdlhXUFM 52KzsG7AMDFmgDJVfsV97hwlOPuftgAuWRIKBt0XrpR9l+T1WjLLo7GQE/sJfXNA1v8R 1Kx9Gvg2Ln/pad/0F5WcL0ac4mKwS/yqtBB54oz9APIvDsxzTFHATPYGZvzsxJ+yxV9Q MVjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Ofn5vYHU; dkim=pass header.i=@alien8.de header.s=alien8 header.b=VDJmOTTL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t10-20020a170902b20a00b001b58767a0f7si3902319plr.60.2023.07.07.10.24.06; Fri, 07 Jul 2023 10:24:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Ofn5vYHU; dkim=pass header.i=@alien8.de header.s=alien8 header.b=VDJmOTTL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229904AbjGGRMo (ORCPT + 99 others); Fri, 7 Jul 2023 13:12:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229571AbjGGRMm (ORCPT ); Fri, 7 Jul 2023 13:12:42 -0400 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D4E71BE8; Fri, 7 Jul 2023 10:12:41 -0700 (PDT) Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id B2CAD1EC0398; Fri, 7 Jul 2023 19:12:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1688749959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=6OzTAM5FK7zuWehbwIgNlYhTn7gz7QucEzqfEJ1uQTI=; b=Ofn5vYHULl96suxbDMl8V3puQxjmh25Tno5YjGIbEsBkrPiFJOa5NlyzTLaPt/R+MIeZUF Uizt9oJ9o7OW5R7R0wiP5jGIcMGUQymN8GRm9OGilHmdIYUahjq81dg90dw0ypAi4zDjKX MzwRASzQ5bETaid2gx4d3LR0NYyAHck= X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=pass (4096-bit key) header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id k6gAkJSP5-z2; Fri, 7 Jul 2023 17:12:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1688749957; bh=6OzTAM5FK7zuWehbwIgNlYhTn7gz7QucEzqfEJ1uQTI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=VDJmOTTLG3llFmdDaKnj+N0q1BVcJThGqAiKNp1ZUHH+UiMBMRE9/QEtwiG/3cfZa 6rTjON9AFVVjHpGKcTOar3LrWQr0lV8K/BgOUzXLMHwOiR0/Yjk1jJq7dbJuekJCZZ X1L1rEMgfxlKC1xabfQg0YhvZXBAy4/oGeDF5opiQWZitjBa/mM1tWJQx2zQtPs0mE Slke0oVL8p5vYisoWC64IVbAy6pQR3qyMtzzqu705q4V4TaeXMJFcqZWEzLsLtSqKG vaIcWmD9wbRSP69U8m6r+t9uVZYxZr+bLuK0UJg52fwTrY3DIdcLtZ5PGFbb+QM3QJ ogtoWsUN71NuW3F1148tAjUqcyrk+mxw/qakHSeAu1/Qjg00Lo9qvzvGV8cZ3hlncG WcCi5e4Zqqch83l9g15JQ47DLEcuzjVt2Re6m8TlSmf0jRO/tVJuxy28y1UkjmI8Gz 1cMm4q/vM3OOmdd/1RnoZcsln5QfAzBlHBYq8UKcev62KeIra9IrhsnYh3c7kTccoR 6g7bNed2WfC0zbQsMSBCUBzH5xpzsES6JeHUXfHFgK/v3JyuB7rt5mLVkBpm+bwgcz e9yOY7qHCeETWZv6Yp/CuCVbtVWJVLhaAeysDmoY5OLOgEoPJPwT3cv6Kzl0shauJ7 rD30uRnap9KWpwAVvKoxo2ec= Received: from zn.tnic (pd9530d32.dip0.t-ipconnect.de [217.83.13.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id CECA740E0140; Fri, 7 Jul 2023 17:12:21 +0000 (UTC) Date: Fri, 7 Jul 2023 19:12:17 +0200 From: Borislav Petkov To: Michael Roth Cc: Joerg Roedel , Baoquan He , Tao Liu , thomas.lendacky@amd.com, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, linux-kernel@vger.kernel.org, dyoung@redhat.com, kexec@lists.infradead.org, linux-efi@vger.kernel.org Subject: Re: [PATCH v2] x86/kexec: Add EFI config table identity mapping for kexec kernel Message-ID: <20230707171217.GHZKhHcffp4nn6RgR/@fat_crate.local> References: <20230601072043.24439-1-ltao@redhat.com> <20230705173359.GDZKWphyFbNE8id6Jm@fat_crate.local> <20230707085712.GBZKfTaGJXnzhEenxj@fat_crate.local> <20230707152515.42gpfzjgvfwe6rf7@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230707152515.42gpfzjgvfwe6rf7@amd.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 07, 2023 at 10:25:15AM -0500, Michael Roth wrote: > ... > It would be unfortunate if we finally abandoned this path because of the > issue being hit here though. I think the patch posted here is the proper > resolution to the issue being hit, and I'm hoping at this point we've > identified all the similar cases where EFI/setup_data-related structures > were missing explicit mappings. But if we still think it's too much of a > liability to access the EFI config table outside of SEV-enabled guests, > then I can work on re-implementing things based on the above logic. Replying here to Tom's note too... So, I like the idea of rechecking CPUID. Yes, let's do the sev_status check. As a result, we either fail the guest - no problem - or we boot and we recheck. Thus, we don't run AMD code on !AMD machines, if the HV is not a lying bastard. Now, if we've gotten a valid setup_data SETUP_EFI entry with a valid pointer to an EFI config table, then that should happen in the generic path - initialize_identity_maps(), for example - like you've done in b57feed2cc26 - not in the kexec code because kexec *happens* to need it. We want to access the EFI config table? Sure, by all means, but make that generic for all code. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette