Received: by 2002:a05:7412:ba23:b0:fa:4c10:6cad with SMTP id jp35csp2133866rdb; Sun, 21 Jan 2024 08:50:06 -0800 (PST) X-Google-Smtp-Source: AGHT+IF8VSvOEAzvM2tCyV7DroY1JQu8DylVRB3cqGoyOXc9KhbteGApCY9Yz30r7e8UNf0FHvLm X-Received: by 2002:a7b:c5cb:0:b0:40d:889a:4eab with SMTP id n11-20020a7bc5cb000000b0040d889a4eabmr1688631wmk.87.1705855806098; Sun, 21 Jan 2024 08:50:06 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705855806; cv=pass; d=google.com; s=arc-20160816; b=09BrgvY80VNltzzOfSm4GVvnJnmG+78SD58TA0t+Q3m2icg9vziXg9xdBRL31+44ON yjFg1/vQtKt7eX/taqZCCLXqOEfnLQtPJ1a9j3fGuzxNooYEVCiIhWx24ju/a67mVw+G NiVfMP4YhWYp6/aFiSiPpyrsYKsPFwjqfckFkLa1i1BMpMPq1jEYz3n4wQERudiOcEGO DQoA+tKhOZPlSnPSVJgqw6x9OdAQDZkR2vqY283kCNTrI8ROeav1SnSJQ6okCOXzBaeb l4SMiXKw/KJNTl4xzWL4GIVErUqc5CikOXdXyXBCtGCC+utSrR3FGoXJ/c7ex8AnQk6Q 9wnw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=L2Z0h1j37EEJefh55KuCYFSb+C9XWWrOqvTUUoARXpo=; fh=L6TYtGuh/PZqVR6w7GSO+3qMlfQrERDmJhoSqK7eVDo=; b=Lk2CK0K88lygSJb8zgMsM4uu11/Z9wWx/4GHwO694ZPaRk4zBUJl0QVUaNoNP5ufTF 04eRCFFUskgMnJduFECRV4+dgpYedBuZBbYKqDA7BkkPmXBXr1jVek7xkRgrb0xDbkE2 GGGtLlJexQ30s4HTl88brr4372aRL7yVbRiL7GC+iDMBCCrgsMwK+BoqQCVrmR0qAcjb UYbfW9zbKbB0eXRtF1+Z2DMfNz1dEa0laWnkc7wkV6KzHR7Jto5pLvmm6Ez0TAaT6SlE cMadBQ2kGU7m9TqlM9DvqBDMBFi6vRVPnJOUA0HXiBZUFohLaIhG4ws/op2nUhHhlAc6 0GqA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YifFATis; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-32120-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-32120-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id v16-20020a509550000000b0055a6f9ec38asi2491064eda.23.2024.01.21.08.50.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Jan 2024 08:50:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-32120-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YifFATis; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-32120-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-32120-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id D792A1F21F25 for ; Sun, 21 Jan 2024 16:50:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 59DB737710; Sun, 21 Jan 2024 16:49:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YifFATis" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7657A381AD for ; Sun, 21 Jan 2024 16:49:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705855798; cv=none; b=YXbgMDNTLngNAB7UxD7R5lqHIEuiJytUv7avHD5gjRf5FgJZsdpyimah0/47O89ktewlFUj/OPT55S1ZyOD1+qXpVVVTbOZNJlAZ3dnsFOp0a5cMlQETBZZ3IuXINEGWy6FWHEQW4Okw3IBSjPaNo9hBYww9vBrONY0phxMancQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705855798; c=relaxed/simple; bh=Yu2mnmzL/2zG52YkN0D/5mY9ox1CRlA9H7snmZd4sAg=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=Dfyy+fidc4tz8IvAdqQ7y8bfvicm0Gk/zp/FtMkqTGQJ/J4REQ+tnFmfMbV09oDMpHCkUPU4HZjGtI88TLcursCf1K981BzKYj+wuFpdJ4JslrAvwTpMMqRqfsULgFIbHwhXc+HH7kXAogddsaxSMtxkgRIqGyiUi5/YrvYtx2w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YifFATis; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1BCBDC43330 for ; Sun, 21 Jan 2024 16:49:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1705855798; bh=Yu2mnmzL/2zG52YkN0D/5mY9ox1CRlA9H7snmZd4sAg=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=YifFATisI4S9mzV53Yaxg2FHC9cxCheQBRH1SBe53+9QBCSn8s/x3+A35TCG/EuC/ /90uMLiBSObEMGDnSdCGvXatnN1T29M00Fz4tUUcW50meVi/pkvrPJ1B+RnqKp7BGJ pnA8qS0DyQYN52wN0U8WW+CjXKFD2GP5n2BvukE5n3x5n75hZKKrLMhdvDI8QXrqae UaIFL6+7A3gj3wicPM6HJYCNh89IvQShOCrO/GgLFTBlvKrULFeLtYHfzS+AUMHNvU jUpzyTH0VL0/YYiKsU/dAHvEQf8DTKyAn3MQDSAX6ftzkusPyE+wqqzHoyHITyBz+T GHf5xG2n7t6ZA== Received: by mail-lj1-f173.google.com with SMTP id 38308e7fff4ca-2cd2f472665so21749111fa.2 for ; Sun, 21 Jan 2024 08:49:58 -0800 (PST) X-Gm-Message-State: AOJu0YwGHZW5SSXxpugBuetxD1Qg7hMad6rVKwJzNTNsTLn3sw+/AII7 zz0hUmRqrZZN57EiNOfWzCgfvJy2sWrYwExpB3OXro2eWhEsWRYn577GkTsiocIIp+DyLQc7o5Y ZkfFYZvxxhE4lCkknJLXj6AlhF1I= X-Received: by 2002:a2e:a784:0:b0:2cd:463f:6c34 with SMTP id c4-20020a2ea784000000b002cd463f6c34mr1315834ljf.78.1705855796240; Sun, 21 Jan 2024 08:49:56 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240111223650.3502633-1-kevinloughlin@google.com> <20240115204634.GHZaWZqsVyU_fvn_RW@fat_crate.local> <20240117130557.GDZafQtfRyeVFbBUXA@fat_crate.local> <20240121153702.GAZa06Hvt8b0hQ4LjR@fat_crate.local> In-Reply-To: <20240121153702.GAZa06Hvt8b0hQ4LjR@fat_crate.local> From: Ard Biesheuvel Date: Sun, 21 Jan 2024 17:49:44 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2] x86/sev: enforce RIP-relative accesses in early SEV/SME code To: Borislav Petkov Cc: Kevin Loughlin , Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Tom Lendacky , Michael Kelley , Pankaj Gupta , Stephen Rothwell , Arnd Bergmann , Steve Rutherford , Alexander Shishkin , Hou Wenlong , Vegard Nossum , Josh Poimboeuf , Yuntao Wang , Wang Jinchao , David Woodhouse , Brian Gerst , Hugh Dickins , Joerg Roedel , Randy Dunlap , Bjorn Helgaas , Dionna Glaze , Brijesh Singh , Michael Roth , "Kirill A. Shutemov" , linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-coco@lists.linux.dev, Ashish Kalra , Andi Kleen , Adam Dunlap , Peter Gonda , Jacob Xu , Sidharth Telang Content-Type: text/plain; charset="UTF-8" On Sun, 21 Jan 2024 at 16:38, Borislav Petkov wrote: > > On Sun, Jan 21, 2024 at 03:12:56PM +0100, Ard Biesheuvel wrote: > > The SEV boot code is especially tricky here as very few > > people can even test it, > > No worries about that - us, the Google cloud folks, AWS and a bunch of > others are people I could think of who could help out. :-) > Yeah. I have been trying to find people internally at Google that can help me set up some CI that I can throw kernel builds at and they will be test booted in a SEV guest, but so far progress has been slow. > > 1) > > WARNING: modpost: vmlinux: section mismatch in reference: > > startup_64_pi+0x33 (section: .pi.text) -> sme_enable (section: > > .init.text) > > sme_enable() is in the 1:1 mapping TU > arch/x86/mm/mem_encrypt_identity.c, see > > 1cd9c22fee3a ("x86/mm/encrypt: Move page table helpers into separate translation unit") > > so might as well move it to .pi.text > Ack. > The rest below look like they'd need more serious untangling. > > Btw, I just had another idea: we could remove -mcmodel=kernel from the > build flags of the whole kernel once -fPIC is enabled so that gcc can be > forced to do rIP-relative addressing. > > I'm being told the reason it doesn't allow mcmodel=kernel with -fPIC is > only a matter of removing that check and that it *should* otherwise work > but someone needs to try that. And then there are older gccs which we > cannot fix. > -fPIE -mcmodel=small should work fine afaik. The only problem i encountered is that it changes the default per-CPU base register to FS but that can be overridden on the command line. The problem with building the entire kernel -fPIE is that it increases code size: RIP-relative LEA instructions are 1 byte longer than absolute 32-bit MOVs.