Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp1105136rdb; Fri, 2 Feb 2024 14:00:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IG/yQNKQIqO2+UL8F9Igl5lgn11FMbC3zB4YRJ7aijOR96PW9biGwRbAX/I55xwvMv8uoSy X-Received: by 2002:a17:90a:c7d6:b0:296:221c:f358 with SMTP id gf22-20020a17090ac7d600b00296221cf358mr5356442pjb.20.1706911252353; Fri, 02 Feb 2024 14:00:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706911252; cv=pass; d=google.com; s=arc-20160816; b=dyQdyKEt+ZgUldDYBkTXH99P9QAVpJxZ2MHozwFWySyCYF7KfKe0d+Rt47XMZR97cd UHCr5tbwR3jHhME9P5tZFIdD/eKBWQ5gnysbZp8wW+g5MsY4j8Ywj4nlG7zLMRyJ09Tw 4qCA5YXoOzPvGCaYJRF5RKtDgsvLyIi/Avw+WLS83YHn/cipHKSchOrN+gvNSw2n55Sc q3VrUNL0a0rJ7wiR+VwauneV+BtOPbwIpSNRIoXbxSz/Zy/Z8w+UwtH6pcG6xou/P1ZA iYB1IP+Rs0Ir6y+w54+Xm7Hs7uotSdCOojj4j1CS0PEUhXjmUV95FYFTiWDZIYzylE4Q dN0Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=hry1ZKGYXn0PLELk19zPrbAcJfAf3mQKU3XmGI8OhDs=; fh=UlSEfCigQ9XhH/QrvNJqOct644cnuTWznRZVw233CkI=; b=Q/qzj7hHNOAx4rP+MPAOOIbWDVGAVER1IchwqmN8jYsT+1MZyZTDR2YLY2B1RCTtys ZbSrR2Gvu/8lr7gGOiBAAfrabLR4fx9fYwYiFeOFLfNtum4gduRNuEmuYHxbSA6fJo7a 4AUSLj6FF8uvb4HtmGbWCyqfr3IImbUw4z5g158f5mcwAPbqtPJu7+AWrBXB3vONjhvd pdRHoSoi53p4TDJ43dAaXQoVhCiQvI0xw3GxrSCMJHBYE2cySAFvj2Lt4fpgSRKA2+Cz hgCA9leQDgGB8qrphRljAUeCBay5ou6SRblc3MdSQHG0RTS5KFwOsOTXoHwUNNKNGfdN j+iA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=pKOlwM2A; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50629-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50629-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCVAUhp4Tf8gj1UclM6WwijRcERaGgyITTFFlhug8QvF+qlGQPAisp16+AckdnQPOvnXEuh8VXtX9vkEEZRM7a+cvGM22PbpMSNnZjpAwA== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id e89-20020a17090a6fe200b0029625680676si520082pjk.175.2024.02.02.14.00.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 14:00:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-50629-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=pKOlwM2A; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50629-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50629-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 62BD428A465 for ; Fri, 2 Feb 2024 22:00:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8E18283A02; Fri, 2 Feb 2024 22:00:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pKOlwM2A" Received: from mail-vs1-f49.google.com (mail-vs1-f49.google.com [209.85.217.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1CFC583A06 for ; Fri, 2 Feb 2024 22:00:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.217.49 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706911244; cv=none; b=dsNxSAQbEvsoe6+bUejpMHIoCCyKFD6/Nc6ROdX7NTQbo8ukqu/tB5UQyqIGz/KOkY8aTQIW8O9KQTczZGF1RV7PQI6GbeAE3ql+zMAgtsgKwo3RPsVuokGRybow2INrRRrXqKLwoOkAJR4g1B1N4IME71GxnbOXG9KQb3jq8BQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706911244; c=relaxed/simple; bh=T1MXEQB746wrX62S7IpUJjq100rQ6d7kzLltQ5g3nRE=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=FD1+kOCm1iwG8qS5peRnOKX54/aj31uhYHt37e6JdM5b1Nrb/uRxoYcu25UqKD8eqUUPHYepIXC30F0Ku04sNuBJGtFkINJdDyBU8/RyH2J7SpVkLcVcr/hNqC4CmxkSMdNnIWuNGGjAMYNRrYYWCxbAo5aW85jsnxXMsiZgq4A= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pKOlwM2A; arc=none smtp.client-ip=209.85.217.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-vs1-f49.google.com with SMTP id ada2fe7eead31-4681b72f2f9so1069346137.1 for ; Fri, 02 Feb 2024 14:00:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706911242; x=1707516042; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=hry1ZKGYXn0PLELk19zPrbAcJfAf3mQKU3XmGI8OhDs=; b=pKOlwM2AZDyxgSowALIIaIncYsHqDOrUj18iE21VT2vz7KT8tUQdZYQYpoiYl6tX6s b+HGs+GPHnaZYxHi7in+RR+jzxvublgsI43vpOmRNotd2LJN6lMkPuFLgvjnJaCZXeWl mxv0vrHk48bsaJMIf2qyrMpYAkSNhg9uATfAfngzRNQA6cALdPJBbODkYynkG62erHhh BuFi97na/axg/6T2STZSKwKjQeDZkwMQFTlWu2eRBOotRlRaMhvOYkSRI47sJt2tFvoQ oq5y5cNXAVqjVNOtGCPSsXHa1g6jkt/wcXJpxzfNFoWOb7Botn+EcaZyb2UbUEZFV9jd AWzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706911242; x=1707516042; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hry1ZKGYXn0PLELk19zPrbAcJfAf3mQKU3XmGI8OhDs=; b=Im4h1JHdhtO9IE5n2tkKhU/CFEvr0nx2VxFlQJjEht0BicG4uEcFMKZ3uhbuo+s/6M WFElAWfwwXBpWZWEGBIXlFmJ1tgrxsADVHb4AT4ir3Ft7TiWc8T2/km+/yzOgZkaJ+iZ rrmWwU3XwBruLt0gLG5GA8NXCkQJW7sz4niOYtw6aS1ej3jkLX53yTOcpbaAlXwzWyIy 1QN/IDii02RrD2t5GBfIk9qYtA4bhkuh68wXBYaR4XHF00qevZC9IMpSAqSnTtoDwHgd ykTGFwV6Loar3N6EMZmKbxa/4gJKIrJ6SIlfIDYrnBGafgNsV6vIepkAC8kCW8yK+FFX h3IQ== X-Gm-Message-State: AOJu0YyWu0muvvpu9w6eNPKeCbZa6NqgGr7IP5zyNnWOOFPgO7033Sl2 WmxWSDtfCgrShBTOEh9EaF9x92pbpv4tK8oulelgZJjKSoz0b1MZnfI3kuc+uAYcO2cGWS+bmtb 3jC0TncyFxm0Ah/ur42VJ8ocBwQA4r0loRwlu X-Received: by 2002:a05:6102:a15:b0:46b:42f5:ae94 with SMTP id t21-20020a0561020a1500b0046b42f5ae94mr8595652vsa.22.1706911241549; Fri, 02 Feb 2024 14:00:41 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240121182040.GBZa1geI5NxWSslvt0@fat_crate.local> <20240130220845.1978329-2-kevinloughlin@google.com> <4ljfvg7c23g2wx4hcqz6x6tx7uvp6fffayqvu4ptsmfqajlujr@zngokbd2awma> In-Reply-To: <4ljfvg7c23g2wx4hcqz6x6tx7uvp6fffayqvu4ptsmfqajlujr@zngokbd2awma> From: Kevin Loughlin Date: Fri, 2 Feb 2024 14:00:30 -0800 Message-ID: Subject: Re: [PATCH v3 1/2] x86/sev: enforce RIP-relative accesses in early SEV/SME code To: "Kirill A. Shutemov" Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Nick Desaulniers , Justin Stitt , Tom Lendacky , Pankaj Gupta , Hou Wenlong , Ard Biesheuvel , Dionna Glaze , Brijesh Singh , Michael Roth , linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-coco@lists.linux.dev, Ashish Kalra , Andi Kleen , Adam Dunlap , Peter Gonda , Jacob Xu , Sidharth Telang Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Jan 31, 2024 at 12:20=E2=80=AFAM Kirill A. Shutemov wrote: > > On Tue, Jan 30, 2024 at 10:08:44PM +0000, Kevin Loughlin wrote: > > diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/= mem_encrypt.h > > index 359ada486fa9..b65e66ee79c4 100644 > > --- a/arch/x86/include/asm/mem_encrypt.h > > +++ b/arch/x86/include/asm/mem_encrypt.h > > @@ -17,6 +17,20 @@ > > > > #include > > > > +/* > > + * Like the address operator "&", evaluates to the address of a LHS va= riable > > + * "var", but also enforces the use of RIP-relative logic. This macro = can be > > + * used to safely access global data variables prior to kernel relocat= ion. > > + */ > > +#define RIP_RELATIVE_ADDR(var) \ > > +({ \ > > + void *rip_rel_ptr; \ > > + asm ("lea "#var"(%%rip), %0" \ > > + : "=3Dr" (rip_rel_ptr) \ > > + : "p" (&var)); \ > > + rip_rel_ptr; \ > > +}) > > + > > I don't think it is the right place for the macro. The next patch uses fo= r > things unrelated to memory encryption. You're right; with the cleanup, I agree it becomes more general. We can move it to arch/x86/include/asm/asm.h. > > > @@ -239,14 +244,14 @@ unsigned long __head __startup_64(unsigned long p= hysaddr, > > */ > > > > next_pgt_ptr =3D fixup_pointer(&next_early_pgt, physaddr); > > - pud =3D fixup_pointer(early_dynamic_pgts[(*next_pgt_ptr)++], phys= addr); > > - pmd =3D fixup_pointer(early_dynamic_pgts[(*next_pgt_ptr)++], phys= addr); > > + early_dynamic_pgts_ptr =3D fixup_pointer(early_dynamic_pgts, phys= addr); > > + pud =3D (pudval_t *) early_dynamic_pgts_ptr[(*next_pgt_ptr)++]; > > + pmd =3D (pmdval_t *) early_dynamic_pgts_ptr[(*next_pgt_ptr)++]; > > > > This change doesn't belong to this patch. Maybe move it into the next > patch and combine with removing fixup_pointer(). I'll put it in a separate commit even preceding this one, as it's actually a bug in the existing fixup pointer logic that I noticed when transitioning to the use of the RIP-relative macro. Specifically, early_dynamic_pgts is a global variable just like next_early_pgt and thus also needs to be fixed up to guarantee the correct address is used across toolchains.