Received: by 2002:ab2:788f:0:b0:1ee:8f2e:70ae with SMTP id b15csp606005lqi; Thu, 7 Mar 2024 06:42:50 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXvv1GjCWp3yqh/W5asr9usUe6rCHIlhcpmdBUHatrSrnbip87CHuBP3o8vATtu1JlaSb85hF/qnWkCud8w65pb8YquAh4mNv7sLHSy0A== X-Google-Smtp-Source: AGHT+IHpVScicf4Apryt8ayiavmjpV7zTWyyaDY4xgKWvHWcr9Oy42mH0w+H7JdVDnR5HeS4RjiN X-Received: by 2002:a05:6402:8d1:b0:567:fb9b:37d5 with SMTP id d17-20020a05640208d100b00567fb9b37d5mr2472433edz.32.1709822570122; Thu, 07 Mar 2024 06:42:50 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709822570; cv=pass; d=google.com; s=arc-20160816; b=MFaknmoBLZcY5eEi7E5il4qUCLLSiKJrN9nHgcRrkOAWP+wBtga02byT4xtWBzsrQD QYy79sdi2pHfpOFBp3EIulC6C3tnjvt/P3DGSqv3MqhIIynuIjCiCJ7WYLotla7HXcoo XKdtIk1zpoWKnkmB0duEVIviobKOJyNDLCRXPwojHcb1p3Uzjq+NcwObVzXFouV5B6d4 OkX1KC/BGwTRZxE4A+/h3yP2ClNevEkV8ZYSajShB7NC9TwmYlqwBJPzfbVL68NutdvJ GZUOP5+Ns4nEaJH96A5ACSysMkfm7Y0uvzu1OEYBDc4tLAylaThi43cZOKoZvDLz2Hv0 iwVw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=quWfxAw8XIdzm5Hy5TsYuoc57qWV//sdJ3Z5+5+1bgo=; fh=XOkYwdiXfPwMDcO/H4KDe9GBRYEzVFj1ZuF7f8D2xjo=; b=0WluTGmSCu9BTBux9ggnz/Qczq6Gwn54TzLXmKwSqCJSIrYJhY1dqW/+P27YLlvwvN OoIZYXr6LtsK8iC00gMUvM++6/YNp3JhGfaqLzBYY287JNB8fj5GAIsT9ZydUlVpuEHO lm2NywHodC+pWe3K0Gp+hwwvFUmB0Mqsr2/ZEO4z7rhBDJ4eFheIe42UU07QV7bBcyJF ejFTW2VrVYz9H4Pb1CT+Igf8oLsayP3Y9oTxYKmK0D6tW2qZKnyqsPttbHmgedwbJ7CB LruIDxqbB+7Qo9lrICb3ORHORUxArubwdmwbRw5H717PiJncd1Bm+xnWDnyf63q1oB69 q2MA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eaJG8oek; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-95757-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-95757-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id y2-20020a056402440200b00565d035f48esi7187205eda.158.2024.03.07.06.42.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 06:42:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-95757-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eaJG8oek; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-95757-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-95757-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 870391F23B88 for ; Thu, 7 Mar 2024 14:42:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7A5171E868; Thu, 7 Mar 2024 14:42:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="eaJG8oek" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A230F12D74E for ; Thu, 7 Mar 2024 14:42:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709822558; cv=none; b=URscer033I/5Wp4eOmhgZu+y0oAy3cpsTmSQJCFOIjskDAgix1sxukAH5i8+2KATuWGWuEL4BN0dr0a9n4oDDc+3TkOfL2w4Ih1z257Ic8lEF8Vkm0Wa7CpeMl6wGdkFvjNBvUPFEaWz8/vxKqMRHk8dQXGwUTz9YZtCtNYGfFE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709822558; c=relaxed/simple; bh=BCtC0J1BVQyEhzMboPoohzaFXtASIbM0oBUt0fB0/Ug=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=g5bPG2vOoiaP8R1Zye6JcGh+vLMKGa9/Yb7UrxQo1gcm8VkiTrVE0QK/vEhf/FA1iVm8MC9vlYHB7QWU08DXw/M8fdHLmcfqeHI8zf/EjKPPLZM5uxspYQMAyKQ5YHszVnT5czppEtOp56Wzhz+U38rJHb+avKdn94kubdWQOYw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=eaJG8oek; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3189DC43330 for ; Thu, 7 Mar 2024 14:42:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1709822558; bh=BCtC0J1BVQyEhzMboPoohzaFXtASIbM0oBUt0fB0/Ug=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=eaJG8oekAIxXciMpwN+qhP4SLNx02nipx7srXZ31nAPGHx496I7ge1B/JIzZJ35c9 q/F7go0cCHlB8BV2kqFvt6CeJJ72WXCRVJ5KwVyWBodoMR8HMckv01r1o8AH4GSma0 MOO/SA/xzDZYouY704KoqF+UZAVxfM3yylPLdBIHDMHg0J9h54Oy/BPtYnseLy19mh RBStJGhLW1/Z5D10gjj/QQ6froCQc/qvqb451baDS3qWyMfcx62s3cauAdAqXJ0uLi mjFGNJ3PXLqIUnI1LvcRiEiB0y+NjqWLvMkUU+jA43o7PstFTECRFn7cQK1qJDiZIq yFufdgNI4fgXw== Received: by mail-lf1-f47.google.com with SMTP id 2adb3069b0e04-5131f3fc695so1026815e87.1 for ; Thu, 07 Mar 2024 06:42:38 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUpMGz1+nbcY+3IFw9bwbiFf27Pd2ZoC/RkDsJ0Db3TpL160qj28Q76MuDz4AckOqmVpWiDxRuebSGTkMr7xJbyXy0vLMqWpkYp+YIs X-Gm-Message-State: AOJu0YwCbuUNQnLJUWAZ9ufgJSprExFfn2kPUEPW1/hhPcVDVpQvMKc0 JyG5EDXmod6vOGkF5ETEWgYE93Xn6j4sP2SDlkMLymefi855CcVFuJ7YUK4nL3xBPQBnJsP7bQI 1MNb/59xyMcgdiHd2QyPUa/WkEKU= X-Received: by 2002:a05:6512:2386:b0:513:577b:df89 with SMTP id c6-20020a056512238600b00513577bdf89mr1823101lfv.51.1709822556144; Thu, 07 Mar 2024 06:42:36 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240307143027.206179-6-ardb+git@google.com> In-Reply-To: <20240307143027.206179-6-ardb+git@google.com> From: Ard Biesheuvel Date: Thu, 7 Mar 2024 15:42:24 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v6.10 0/4] x86: Rid .head.text of all abs references To: Ard Biesheuvel Cc: Kevin Loughlin , Tom Lendacky , Dionna Glaze , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Kees Cook , Brian Gerst , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" (remove bogus 'linux-kernel@google.com' from the To: line) On Thu, 7 Mar 2024 at 15:30, Ard Biesheuvel wrote: > > From: Ard Biesheuvel > > Questions below! > > This series removes the last remaining absolute symbol references from > .head.text. Doing so is necessary because code in this section may be > called from a 1:1 mapping of memory, which deviates from the mapping > this code was linked and/or relocated to run at. This is not something > that the toolchains support: even PIC/PIE code is still assumed to > execute from the same mapping that it was relocated to run from by the > startup code or dynamic loader. This means we are basically on our own > here, and need to add measures to ensure the code works as expected in > this manner. (This work was inspired by boot problems on Clang-built > SEV-SNP guest kernels, where the confusion between RIP-relative and > absolute references was causing variable accesses to fault) > > Given that the startup code needs to create the kernel virtual mapping > in the page tables, early references to some kernel virtual addresses > are valid even if they cannot be dereferenced yet. To avoid having to > make this distinction at build time, patches #3 and #4 replace such > valid references with RIP-relative references with an offset applied. > > Patches #1 and #2 remove some absolute references from .head.text that > don't need to be there in the first place. > > Questions: > - How can we police this at build time? Could we teach objtool to check > for absolute ELF relocations in .head.text, or does this belong in > modpost perhaps? > > - Checking for absolute symbol references is not a complete solution, as > .head.text code could call into other code as well. Do we need rigid > checks for that too? Or could we have a soft rule that says you should > only call __head code from __head code? > > Cc: Kevin Loughlin > Cc: Tom Lendacky > Cc: Dionna Glaze > Cc: Thomas Gleixner > Cc: Ingo Molnar > Cc: Borislav Petkov > Cc: Dave Hansen > Cc: Andy Lutomirski > Cc: Arnd Bergmann > Cc: Kees Cook > Cc: Brian Gerst > Cc: linux-kernel@vger.kernel.org > > Ard Biesheuvel (4): > x86/sev: Avoid WARN()s in early boot code > x86/xen/pvh: Move startup code into .ref.text > x86/boot/64: Determine VA/PA offset before entering C code > x86/boot/64: Avoid intentional absolute symbol references in > .head.text > > arch/x86/include/asm/setup.h | 3 +- > arch/x86/kernel/head64.c | 38 ++++++++++++-------- > arch/x86/kernel/head_64.S | 2 ++ > arch/x86/kernel/sev.c | 15 +++----- > arch/x86/platform/pvh/head.S | 2 +- > 5 files changed, 33 insertions(+), 27 deletions(-) > > > base-commit: 428080c9b19bfda37c478cd626dbd3851db1aff9 > -- > 2.44.0.278.ge034bb2e1d-goog >