Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3743476rdg; Wed, 18 Oct 2023 05:03:36 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFoNQvmEABMoBpfMG3mHDkTYLCTIKT5saobRws2haGey/KpQ+vYKnqMK5m5OwGay2azDUro X-Received: by 2002:a05:6e02:1cae:b0:357:9fc9:eae0 with SMTP id x14-20020a056e021cae00b003579fc9eae0mr3213368ill.20.1697630615725; Wed, 18 Oct 2023 05:03:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697630615; cv=none; d=google.com; s=arc-20160816; b=lTQ9vU/2Ens55hB53CTn44hDWMWCUo2tJZRNDmT021DERemuBE3FJXfQi4faDuY3fr 8eFqXbNyhPhVCUPrdyNuyuMjWTdTj8cIWuWbfQn5bV13ShhSNtFwIWuYaBeVVghC15Af lJq6MXESBlyiB/+HNsxjJ9c7dkdBd88OpLqwNDDNNamdO4JGxOP75LT7cZThMTMZYWTo FRl7IGm6vie/Lqet5vnWtbeARbxIHGMcboPdOhhyBMTti5JF9z34Eqc5XXGQ3pzyihxc JyZJ/FALtk/10IypnAP9KMlqefFc/ziyGnBj9siiDdr42h8TBbsB8AyA8/ik5ykiWkPA HKAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=VxHVnrzD5mVzDn2zKilwepMOOQyI7N9tXfOMCaUkN90=; fh=qBumzs4gcfSlMo23CvtkzBZmlgO8YPZex0Z9LTU3sN8=; b=CuNBbL4bK9X1UHLacpFbawlJAYj1zgEL77o3HUhY4OAGEerZHfVNhXBaERGz83ctzp S/lUt/mAjv3q64sPgif1wvl6haN+6CBoamfb4tnANbo8B3Iaz1CbcNvWzbe68P2Galnm 3DKuIaAQ3zGy6DymDT8zovh0yPTq8KLTMoucqILYypi8rC2QY5IbieqqGjY8tPXVzsUh 5REAHu4DsE3FRALShRc3RYRkhw+wE7Su1urxZidytb1OZEr1kl3M+uWls3ucfS/OTGWp tONKATP/CyJHQQ2Dkw48qKtOpMLQ30jfg7fj3SXy3+ZRaSkuzluffz4YqrwNMTAlDvpv G9KA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id d7-20020a656207000000b00563de199314si1935934pgv.896.2023.10.18.05.03.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 05:03:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 6B36380E4FDF; Wed, 18 Oct 2023 05:03:33 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230201AbjJRMDY (ORCPT + 99 others); Wed, 18 Oct 2023 08:03:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229846AbjJRMDX (ORCPT ); Wed, 18 Oct 2023 08:03:23 -0400 Received: from out0-217.mail.aliyun.com (out0-217.mail.aliyun.com [140.205.0.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B13F95 for ; Wed, 18 Oct 2023 05:03:19 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R131e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018047211;MF=houwenlong.hwl@antgroup.com;NM=1;PH=DS;RN=16;SR=0;TI=SMTPD_---.V21j794_1697630594; Received: from localhost(mailfrom:houwenlong.hwl@antgroup.com fp:SMTPD_---.V21j794_1697630594) by smtp.aliyun-inc.com; Wed, 18 Oct 2023 20:03:15 +0800 Date: Wed, 18 Oct 2023 20:03:14 +0800 From: "Hou Wenlong" To: Ingo Molnar Cc: linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE 32-BIT AND 64-BIT" , "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Tom Lendacky , Andrew Morton , Steve Rutherford , Michael Kelley , Alexander Shishkin , Arnd Bergmann Subject: Re: [PATCH 2/2] x86/sme: Mark the code as __head in mem_encrypt_identity.c Message-ID: <20231018120314.GA11219@k08j02272.eu95sqa> References: <20231018071347.GA87734@k08j02272.eu95sqa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-0.7 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 18 Oct 2023 05:03:33 -0700 (PDT) On Wed, Oct 18, 2023 at 06:20:15PM +0800, Ingo Molnar wrote: > > * Hou Wenlong wrote: > > > On Tue, Oct 17, 2023 at 08:52:46PM +0800, Ingo Molnar wrote: > > > > > > * Hou Wenlong wrote: > > > > > > > The functions sme_enable() and sme_encrypt_kernel() are only called by > > > > the head code which runs in identity virtual address. Therefore, it's > > > > better to mark them as __head as well. > > > > > > > > Signed-off-by: Hou Wenlong > > > > --- > > > > arch/x86/include/asm/mem_encrypt.h | 8 ++++---- > > > > arch/x86/mm/mem_encrypt_identity.c | 27 ++++++++++++++------------- > > > > 2 files changed, 18 insertions(+), 17 deletions(-) > > > > > > > > diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h > > > > index 359ada486fa9..48469e22a75e 100644 > > > > --- a/arch/x86/include/asm/mem_encrypt.h > > > > +++ b/arch/x86/include/asm/mem_encrypt.h > > > > @@ -46,8 +46,8 @@ void __init sme_unmap_bootdata(char *real_mode_data); > > > > > > > > void __init sme_early_init(void); > > > > > > > > -void __init sme_encrypt_kernel(struct boot_params *bp); > > > > -void __init sme_enable(struct boot_params *bp); > > > > +void sme_encrypt_kernel(struct boot_params *bp); > > > > +void sme_enable(struct boot_params *bp); > > > > > > > > int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size); > > > > int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size); > > > > @@ -75,8 +75,8 @@ static inline void __init sme_unmap_bootdata(char *real_mode_data) { } > > > > > > > > static inline void __init sme_early_init(void) { } > > > > > > > > -static inline void __init sme_encrypt_kernel(struct boot_params *bp) { } > > > > -static inline void __init sme_enable(struct boot_params *bp) { } > > > > +static inline void sme_encrypt_kernel(struct boot_params *bp) { } > > > > +static inline void sme_enable(struct boot_params *bp) { } > > > > > > So I think we should preserve the previous convention of marking functions > > > __init in the header-declaration and at the definition site as well, and do > > > the same with __head as well? > > > > > Hi Ingo, > > > > I tried to include into and mark the > > function declaration as __head, but it resulted in a build failure. This > > is because is not self-contained; the type "pgd_t" is > > defined in , which includes , > > leading to mutual inclusion of header files. To avoid the issue of > > complicated header file inclusion, I removed the annotation from the > > function declaration. > > The right solution at that point is to make self-contained... > The "pgd_t" is a typedef declaration in , so it cannot be forward declared. Therefore, I had to include into to make it self-contained. However, includes . If I include into to mark functions as __head in the header-declaration, it would result in mutual inclusion of header files. It appears that is a base header that is included in multiple headers, so adding one more header to it would complicate things. In reality, if it is acceptable, I could move the __head definition into . > > Actually, initially, I noticed that the __init definition is in > > , so I first placed the __head definition in > > as well. However, this conflicted with the local variable > > in the "list_next_or_null_rcu" macro in . Then I > > realized that __head was only used in x86, so I made the decision to put > > it in the architecture-specific header. Considering simplicity, I chose > > to put the definition in . I also attempted to put the > > definition in other headers such as and > > , and included them in , but > > the build still failed. > > When exporting a localized definition you should consider namespace > collisions - the name '__head' is way too generic, no wonder it caused > problems elsewhere. > > I'd suggest naming it __init_head or so, but still keep it in a x86-only > header. > > I presume keeping it all in the separate section and widening its usage has a > specific purpose? Please outline that in the changelog as well. > Based on my understanding, the __head section contains the early boot code that runs at a low identity address instead of the compile-time address. Therefore, it must use RIP-relative addressing to access memory. This makes the __head section special. However, when it comes to C source code, the compiler may generate absolute addressing, which can result in boot failure. That's why the fixup_pointer() function is introduced in head64.c. So maybe we could consider validating the memory access instructions in this section using objtool to ensure that the generated instructions are PC-relative. Then we should mark all the early boot code as __head. Thanks! > Ie. instead of mechanical patches that try to follow existing patterns > cargo-cult style, this area of x86 code requires well-argued, well thought > out patches that show background knowledge of the area. > > Thanks, > > Ingo