Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp551405rdb;
        Mon, 29 Jan 2024 10:06:56 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHK/nIJqSXbPnN7/3WF5uXgs5CkxUxtxi1Fy4l1ni4ev5bjlMDeYvRb0rRBwP4RaQ9uEGS+
X-Received: by 2002:a05:622a:cc:b0:42a:8b47:bdad with SMTP id p12-20020a05622a00cc00b0042a8b47bdadmr6797611qtw.24.1706551616341;
        Mon, 29 Jan 2024 10:06:56 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706551616; cv=pass;
        d=google.com; s=arc-20160816;
        b=BBn8FWJorw/8SvWe3AQZI1CMZHKd/IwLnVg3ra1zlJ8Q5F6yibjFr6hJhcSSJ3ASRQ
         npK7sHPyDeqiX/OcDUh+rqkYcLcENURfYXSIEy7eSewcpO/G9a4jzHiPJ0FvcxfKRjT0
         p2Yql57BRlB3LqVp3yiux0ifK1ce2WV9vw2nvkz3eLf5P0ba8PkHlzdAX1F08QN3uQxd
         S3IYBnnCrh8COI0L8UVUxwKbk9PP/pFhNQMpQ+PEEsFpH5QmA6uk9LN9fokMHDHJRK7J
         6U+nC8so/vizEw63Fu94+X5I1x4NvGTFNpdfa4R1j4bfXORll6ZuuphDKTGO9dZpb9/d
         9Wow==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:from:subject:message-id:references:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date
         :dkim-signature;
        bh=zW2Nb503VpTEmBC1IeOy5LYeXYJ6a1J8kf+z75WkqKU=;
        fh=fMhMPvo8duafGkM4xZHdH7fULbau3etefTGsKa+Qy7I=;
        b=QcXC71laYBeTrSieO/1YHweRvEh8St5o0b5g23/77VOb0faqPoNXUGSG93wsl/cm2u
         elOLhShFLvzPohs84wdLcYcB4Pw4UxcYKnGWGUyoFKfAVKHEU/Fh6TKgNbL7emrLN4fe
         PQjK8hYhkbUCDsOubuFBRIGIFtFljf0EZOx+KIFttJjrim8gMOKXTiIGs1RpC3fL4/EX
         nkMz8O+mkICW7ZuP1qTtjNoPL4xIMrBHkPrNXj4zPQeWnfgxrXwDNPROFZFAI9pWNyaz
         rHoxZiYs+v1bjUKeR66YPDHOv308gZsoqsgKL0h1KENpP8yh7yencjk2rtkc1XhXa6Td
         tdKA==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b="Z1WrCPS/";
       arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-43272-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-43272-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-43272-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id w3-20020ac87e83000000b0042aa6ac0db8si2391528qtj.330.2024.01.29.10.06.56
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 29 Jan 2024 10:06:56 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-43272-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b="Z1WrCPS/";
       arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-43272-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-43272-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0E4E01C23C3F
	for <linux.lists.archive@gmail.com>; Mon, 29 Jan 2024 18:06:56 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id AB25F157041;
	Mon, 29 Jan 2024 18:05:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Z1WrCPS/"
Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C01176059
	for <linux-kernel@vger.kernel.org>; Mon, 29 Jan 2024 18:05:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1706551543; cv=none; b=mOqkAxXccgmfZ62uADrkr/gzxRkzTQHUYG9DOnRrc5tXMeVVNiEPMMAUDB8KLu/Py5XILwzanGh34uav5HUNQFa0JwvwLriG54F72Hgvae6fuRdNFr8CJScmcJSEhIeuJDSDab8JymbgetodqBqf/Y2yS3ff8lPMqPjdtnjH4VI=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1706551543; c=relaxed/simple;
	bh=eEloesx5WYIVvdIkhwITl3KfZCfyKY4osgEzAPlzJuE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type; b=pf1L5TqjXJyqI9qX+H5VDqAoZWYvHVa4zFEcNKEJivHwst5/Ng7c166Irie91/g/pAMWLvhpuO5bxEJxX9dOp3JciqEwKe6/SZK5+FF8Mwcp2cyS2Zz+fKYo9jQDHwPGWtbA+meoDj3Kzj0OlxyY5AJ9MUqporVY6JBQz3EquAY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Z1WrCPS/; arc=none smtp.client-ip=209.85.219.201
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-dc604c99e95so3278475276.1
        for <linux-kernel@vger.kernel.org>; Mon, 29 Jan 2024 10:05:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1706551541; x=1707156341; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=zW2Nb503VpTEmBC1IeOy5LYeXYJ6a1J8kf+z75WkqKU=;
        b=Z1WrCPS/4+R/EvI2fSSa4gSVK1FU7pbLA5GaL3tWhRQUfs1pwlf+lH5LrxACuRn79Y
         vE8L82E61vy8ogm3lIczvMhpBsEuEI6dPvh8f733kQXXiXjekXoi0RGyklkpVEGMa7MJ
         ONFh4VGsHRXDh4mKw9X9vTKOIpHIEAzyB/EvKbfQ4KgEhMajcVFUNjCry3n53Yk+fAUR
         pyQy8fLsXFj/794CCHnVzHJRx0SK3HR980ss6jpOTp6NKetiYrLjR4AHKWQI9aqB0EU0
         klrn3dZ41aV3zSdYe0KreWabGbTakOo5VcoBUfTgWQbKC/klJw+7hq8A5TLjB+GMVpgG
         AcNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1706551541; x=1707156341;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=zW2Nb503VpTEmBC1IeOy5LYeXYJ6a1J8kf+z75WkqKU=;
        b=BcmMRfTrHqFq4MD6naGZ8yy0MGqs2dh0mOoB9lIfScGHXUJWkoCIPZqMDWi6PqacYD
         C9XIIJHj+OhSj2WmX+klCQWl7cCPzv8dp6Sw3tT3B3qbui7Sv4CWWkwOWQ2ereZS2s2A
         BXlMqpdPGCAdWm0ktw6B/pXnIDH8mMs/IKNxHLmx3v43QTRSbOb9RasvRFVDK8BmsmGp
         ZpjfkS/X7IoPFJMdIC8npfkMSAKBQj4wPfmapNzUsWaovcMCzPs+U1iH47A/Sco4K9aV
         qcHgA42TO/vsqrFyavkiXLW7IVpY9rf59a2JmTCthFM+LvijvRhXBvz/ntMKwwsCQR/J
         JyIw==
X-Gm-Message-State: AOJu0YzoONe2ERzQa1pW4V3ii50I4B73inCHBvI9tjwgwmucW969/Dq1
	RK7x1/85Fb0OtuqNrsAz8H+9Pvqn2VDk22Z9oQVE7Vn/ExNsQX6WUwfBfZ9jyTNb3EMcmg5PotB
	a/mcW6yYAE+1HadoI1GT9METPW/SESiMaecmyhDrae12yAI58Ocu0KYmVhxeVlf6z2MUTCO0sQu
	IrKHMr/T1LwSs/dJDmzXA13ayNPqkoUQ==
X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:6902:2503:b0:dc2:661d:11fc with SMTP id
 dt3-20020a056902250300b00dc2661d11fcmr358172ybb.8.1706551541086; Mon, 29 Jan
 2024 10:05:41 -0800 (PST)
Date: Mon, 29 Jan 2024 19:05:08 +0100
In-Reply-To: <20240129180502.4069817-21-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240129180502.4069817-21-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2468; i=ardb@kernel.org;
 h=from:subject; bh=N1gJDIfI4P+Gstfr/XNIaKJ5tEagJPCWb57TREbNgFg=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIXX7iytN/vLW339JiJ8PO9e3Z/3ET1Pub2Zt2uCvYNRvv
 M//oB1XRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhIbwgjw//8s5OSP57Rn9Hh
 f71rV/YhgY/1/IprLy4+HWhSn3qj6wHDP+1tetd/u38wCl61S0asJVPs5xlJU6n+D+77zl9u8m6 LYwUA
X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog
Message-ID: <20240129180502.4069817-26-ardb+git@google.com>
Subject: [PATCH v3 05/19] x86/startup_64: Simplify CR4 handling in startup code
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Kevin Loughlin <kevinloughlin@google.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>, Dionna Glaze <dionnaglaze@google.com>, 
	Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, 
	Dave Hansen <dave.hansen@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, 
	Arnd Bergmann <arnd@arndb.de>, Nathan Chancellor <nathan@kernel.org>, 
	Nick Desaulniers <ndesaulniers@google.com>, Justin Stitt <justinstitt@google.com>, 
	Kees Cook <keescook@chromium.org>, Brian Gerst <brgerst@gmail.com>, linux-arch@vger.kernel.org, 
	llvm@lists.linux.dev
Content-Type: text/plain; charset="UTF-8"

From: Ard Biesheuvel <ardb@kernel.org>

When executing in long mode, the CR4.PAE and CR4.LA57 control bits
cannot be updated, and so they can simply be preserved rather than
reason about whether or not they need to be set. CR4.PSE has no effect
in long mode so it can be omitted.

CR4.PGE is used to flush the TLBs, by clearing it if it was set, and
subsequently re-enabling it. So there is no need to set it just to
disable and re-enable it later.

CR4.MCE must be preserved unless the kernel was built without
CONFIG_X86_MCE, in which case it must be cleared.

Reimplement the above logic in a more straight-forward way, by defining
a mask of CR4 bits to preserve, and applying that to CR4 at the point
where it needs to be updated anyway.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/kernel/head_64.S | 27 ++++++++------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 6d24c2014759..ca46995205d4 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -179,6 +179,12 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
 
 1:
 
+	/*
+	 * Define a mask of CR4 bits to preserve. PAE and LA57 cannot be
+	 * modified while paging remains enabled. PGE will be toggled below if
+	 * it is already set.
+	 */
+	movl	$(X86_CR4_PAE | X86_CR4_PGE | X86_CR4_LA57), %edx
 #ifdef CONFIG_X86_MCE
 	/*
 	 * Preserve CR4.MCE if the kernel will enable #MC support.
@@ -187,22 +193,9 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
 	 * configured will crash the system regardless of the CR4.MCE value set
 	 * here.
 	 */
-	movq	%cr4, %rcx
-	andl	$X86_CR4_MCE, %ecx
-#else
-	movl	$0, %ecx
+	orl	$X86_CR4_MCE, %edx
 #endif
 
-	/* Enable PAE mode, PSE, PGE and LA57 */
-	orl	$(X86_CR4_PAE | X86_CR4_PSE | X86_CR4_PGE), %ecx
-#ifdef CONFIG_X86_5LEVEL
-	testb	$1, __pgtable_l5_enabled(%rip)
-	jz	1f
-	orl	$X86_CR4_LA57, %ecx
-1:
-#endif
-	movq	%rcx, %cr4
-
 	/*
 	 * Switch to new page-table
 	 *
@@ -218,10 +211,10 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
 	 * entries from the identity mapping are flushed.
 	 */
 	movq	%cr4, %rcx
-	movq	%rcx, %rax
-	xorq	$X86_CR4_PGE, %rcx
+	andl	%edx, %ecx
+0:	btcl	$X86_CR4_PGE_BIT, %ecx
 	movq	%rcx, %cr4
-	movq	%rax, %cr4
+	jc	0b
 
 	/* Ensure I am executing from virtual addresses */
 	movq	$1f, %rax
-- 
2.43.0.429.g432eaa2c6b-goog