Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1986088rbb;
        Tue, 27 Feb 2024 07:19:32 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCV1ILDxYJw84hJrqhTlti/BjaYv3fLNoiV2QezQ4BgI/tdwYuZ4b88CUr/zfzYibK/nSyWesWtfGKX91VvijreRMn+D+ev2ruofhg4j/Q==
X-Google-Smtp-Source: AGHT+IGYUfsx8IIGkAgMGBl77uT58vwmUvyxYCwMNMraGuJHOKnpFLp9URzE/Vt85DRIoCDalwTO
X-Received: by 2002:ac8:5a51:0:b0:42e:a292:c8c2 with SMTP id o17-20020ac85a51000000b0042ea292c8c2mr1316720qta.7.1709047172450;
        Tue, 27 Feb 2024 07:19:32 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709047172; cv=pass;
        d=google.com; s=arc-20160816;
        b=UhUCPAK0nGFdu3N7TdfHtnWRR3GWWNMp3s3t9EicCdPhILJJZXVc5NwZn57al8Bi4I
         bfcYW7O68S89J9V8APIlEsvMc4gBsj4IAu7LC3VVQ120dM/OPsA0vMpcDQLVjYh54Met
         qOAIaRZY4o9TI+uUDIU2euHsQl1+slkPL6B+5VQ/rCAubWbsK/XCt8BDvTtY/b4XOEsV
         4SvimKXpDDwcejMDRzrKFyWPHYvgUt6UFcarxEtWwUyW590h+j2eRcmMTpjB3Fr4+2ea
         ovkOAlxB/AooEXZp6RUDNfL+zAk/OAYEQbC7W/74wLy/A0JuPGy7VgpkIZoVFD7pijdt
         powg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:from:subject:message-id:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:dkim-signature;
        bh=lDEMapjacix0ENmdibCWnKJR+d2XnUSO8oxDsRs717I=;
        fh=GwInpN0wyaUEy1HIz2WqUneHJB46QWkS/TNrezKinns=;
        b=KGKrMy9waExycH4r+Jx/lcAGGmh6vg4U9gerRyzuqLtI02EjUl1rY82iud7As+Q8sM
         r7bfD0cqYxoEE8/ojwzJb3ouszxWXTsobvWtToRFVrRBg4eaHAoBY1rtGIxsf3FxMDZ8
         iUfFxL23Wq1IfSINMr2LRgQDLDRE0eaTPv7BlRw9C63f7G/c3fDasZoL0DT8nc0zAnJr
         9MQH2BXQVQKXVLM+7o0vsjb7cV70pVgD/0/GLUx1b5saIaERzaqr49Sxeg4YvLnLDOKQ
         UGKpgbhq33jiBSbG/vwAfxtEZQ1zuMfFuRB2gN6E941VM6vibxM19609eENq2mxkfewP
         oPYA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=aVhV4hp4;
       arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-83486-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83486-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-83486-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id jy13-20020a05622a818d00b0042e7cdc950csi5660103qtb.791.2024.02.27.07.19.32
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 27 Feb 2024 07:19:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-83486-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=aVhV4hp4;
       arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-83486-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83486-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 319E71C2315D
	for <linux.lists.archive@gmail.com>; Tue, 27 Feb 2024 15:19:32 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 4BD9D143C4B;
	Tue, 27 Feb 2024 15:19:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="aVhV4hp4"
Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 443C6130E2A
	for <linux-kernel@vger.kernel.org>; Tue, 27 Feb 2024 15:19:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709047166; cv=none; b=H+Sf0wo2YYrMs12u8gj0Aghtdm9K80BPy/hXItjYdz87jpGcKXVVQjqNspZprdcAued2TkrpsRXL4Xc7CHVSKb716Hn06wTqBygBO+KzQ3QCEhvIk5uSnD7G1KB6A+mt9NsFSlzlu+xCSLehnLC4UNBSHLzilSSrZpFoiKu1WwM=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709047166; c=relaxed/simple;
	bh=jdfhN4OyjXzPUDJIXCeW6MFLh4wMP85IT2RawiFJ310=;
	h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=FJV6eRZotkVXrDDw4bzMfe5Qhy53ukPDp0ocOuj+RCtK4yOS5MGF3ELkZDDfrpBL8i7g/qCp9w9R9EO5NVV3+PEMQ2NpG7cZKPaCOocW+bEHxHEbti6+BGBbbel1vLZDQ/TrcFR25IiKYbKw+afXzpS5PYJOpAG2piirqwN+Vy0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=aVhV4hp4; arc=none smtp.client-ip=209.85.221.73
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-33dadb50731so2310899f8f.1
        for <linux-kernel@vger.kernel.org>; Tue, 27 Feb 2024 07:19:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1709047162; x=1709651962; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=lDEMapjacix0ENmdibCWnKJR+d2XnUSO8oxDsRs717I=;
        b=aVhV4hp4hEZJtXPmH0ohbPL4E4rcD1CXuybBNeX5WU90lVMdnJvDr95zo7QbcJrFBG
         N/BEcmV2yiIuz5BNvsBtU4Ipg814c6O+QnYj0B5+B3MrD4ZsmDh6V2/NcyAPQ3Gk9Akd
         gWEW+ki+Hj0ibwObRq6l/6jtlrk6GLUbzhbLMU1/CWIDnFoVasKaOYmVCg98qS9Y1QQu
         YyCTEu0BcinK/0YxgMao96CkZpkxUfLtLhZbtE1vXJ3PwcHiGVnxa0EDDWbpYLMD1lrF
         rhGUTLUTXhGgrtLNXAqGEkW5ej2mqlOJ3Gf9bRyTwfOF4RIF+lKHxysaSIrvj4a62KvW
         BsgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709047162; x=1709651962;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=lDEMapjacix0ENmdibCWnKJR+d2XnUSO8oxDsRs717I=;
        b=au6JYRElvy5J7sqruG5JV7MvNio+XD/zVWj+Q6TVX3JLnloMe3BTHTzzheJWeRg5Rr
         SDpJajUlnn5lmsD22RC9+4lVy3kToOyX7g/eFNVs32wL3kqqKF/yKkSiyiQyCqi3vhTX
         jsGslSy1mNr2YfYo2iWuuvUaMcuGC+lVInqOecdKq619e4pwemA/9CuLF9PghcKBArP+
         hoh5X6/mMc1StEnxWQF1z/T+3umvlu6mvtDrVPM5Hjn1c5qTweZp32KRPa6BpMCCv+/h
         wVGex/NEArCnMqa0Nr2onsp/e4jUrlsSqM0WKnel+OM25yIoo+VwmvygLoAOdB76ecSn
         XYEQ==
X-Gm-Message-State: AOJu0Yx3cx9N3NLFSOQavV6v2oi8SEqR13l46/4h7mKWVCLlWp0Loree
	ZdSz+jLRAcWbG6ABNH1DAgWKT6ghxiW/inMGPWIybYFWUxWHJPYi8rMl+zCKGk5NtJhk93eFG6e
	lFkR+D/TeW2IgVYNFtEERbewv9foAfL3xnyWI1LeJdDEaR2xL+J1sU+v2XdAVIrbluQqFEQEC2y
	KKiC7wcK73FpAQaMrcUFSiU5/OpdSqkQ==
X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:6000:259:b0:33d:a40d:3599 with SMTP id
 m25-20020a056000025900b0033da40d3599mr19369wrz.0.1709047162295; Tue, 27 Feb
 2024 07:19:22 -0800 (PST)
Date: Tue, 27 Feb 2024 16:19:08 +0100
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
X-Mailer: git-send-email 2.44.0.rc1.240.g4c46232300-goog
Message-ID: <20240227151907.387873-11-ardb+git@google.com>
Subject: [PATCH v7 0/9] x86: Confine early 1:1 mapped startup code
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Kevin Loughlin <kevinloughlin@google.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>, Dionna Glaze <dionnaglaze@google.com>, 
	Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, 
	Dave Hansen <dave.hansen@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, 
	Brian Gerst <brgerst@gmail.com>
Content-Type: text/plain; charset="UTF-8"

From: Ard Biesheuvel <ardb@kernel.org>

This is resend #2 of v5 [0] with some touchups applied. 

Changes since v6:
- Drop flawed patch to move some SME/SEV related calls out of the early
  boot path to avoid the potential need for backporting patches #6/#7
  to kernels where SEV support may not be crucial. This problem will be
  dealt with if/when it arises while doing those backports.

Changes since v5:
- drop patches that have been merged
- rebase onto latest tip/x86/boot
- fix comment regarding CR4.PGE wrt flushing of global TLB entries
- avoid adding startup code to .noinstr.text as it triggers objtool
  warnings

[0] https://lore.kernel.org/all/20240221113506.2565718-18-ardb+git@google.com/

Cc: Kevin Loughlin <kevinloughlin@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Dionna Glaze <dionnaglaze@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Brian Gerst <brgerst@gmail.com>

Ard Biesheuvel (9):
  x86/startup_64: Simplify CR4 handling in startup code
  x86/startup_64: Defer assignment of 5-level paging global variables
  x86/startup_64: Simplify calculation of initial page table address
  x86/startup_64: Simplify virtual switch on primary boot
  efi/libstub: Add generic support for parsing mem_encrypt=
  x86/boot: Move mem_encrypt= parsing to the decompressor
  x86/sme: Move early SME kernel encryption handling into .head.text
  x86/sev: Move early startup code into .head.text section
  x86/startup_64: Drop global variables keeping track of LA57 state

 arch/x86/boot/compressed/misc.c                | 15 ++++
 arch/x86/boot/compressed/misc.h                |  4 -
 arch/x86/boot/compressed/pgtable_64.c          | 12 ---
 arch/x86/boot/compressed/sev.c                 |  3 +
 arch/x86/boot/compressed/vmlinux.lds.S         |  1 +
 arch/x86/include/asm/mem_encrypt.h             |  8 +-
 arch/x86/include/asm/pgtable_64_types.h        | 43 ++++-----
 arch/x86/include/asm/sev.h                     | 10 +--
 arch/x86/include/uapi/asm/bootparam.h          |  1 +
 arch/x86/kernel/cpu/common.c                   |  2 -
 arch/x86/kernel/head64.c                       | 61 ++-----------
 arch/x86/kernel/head_64.S                      | 93 ++++++++------------
 arch/x86/kernel/sev-shared.c                   | 23 +++--
 arch/x86/kernel/sev.c                          | 14 +--
 arch/x86/lib/Makefile                          | 13 ---
 arch/x86/mm/kasan_init_64.c                    |  3 -
 arch/x86/mm/mem_encrypt_identity.c             | 83 +++++------------
 drivers/firmware/efi/libstub/efi-stub-helper.c |  8 ++
 drivers/firmware/efi/libstub/efistub.h         |  2 +-
 drivers/firmware/efi/libstub/x86-stub.c        |  3 +
 20 files changed, 147 insertions(+), 255 deletions(-)

-- 
2.44.0.rc1.240.g4c46232300-goog