Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp111539rdb; Wed, 14 Feb 2024 14:38:52 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCU+yyuGaINdlqo0v0/SVSPO1/mfcqX2QXmu0JToaqkXdFk14/BSKINT7TZc+O7wWK6fGm5lqIrwsvkgugXCnQ0bQ4Xx8BrTpuhSMDvUkQ== X-Google-Smtp-Source: AGHT+IG4Yc4fhsLmAKQ3Xkqtjx6oN6wJo9FvrzwnR800VOX7G+/rn2uS/bmX1SO077Ezd+9k+HsR X-Received: by 2002:a05:622a:1802:b0:42d:c8d9:808d with SMTP id t2-20020a05622a180200b0042dc8d9808dmr1202952qtc.31.1707950332201; Wed, 14 Feb 2024 14:38:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707950332; cv=pass; d=google.com; s=arc-20160816; b=g8YwYbTMBXcl/Ku8kID3BOz4hFMPtr6w0UIKHfhj7jXRX6fjKtfimMxYyHblSVTdbk 9j5z/rgYfSTWK4Kmi56B6BkeVuqfIGYMP7I/9heIdXm/O3SAFbx6ACSq8/HpwbI/hd6w nJJbwZ9XNl6n6x0n4DPXwBY3eMiLN03Q+eTjn9AuFz1HcHGHHXyaQsyxkKTPsjgZ2UfV e0ggHef04fuRyNsUcKkJ1c9YNPQgbwIyqfSHhiifiFecjQNNy+VJLsctZvRlel672sU6 mmlr+HYYZEc2DQkmZC2LKLebZRK4+rVgfPm2PF85T0h/qtxPIpgYIc6CTFt6YauByzm9 eqhA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=V4prafnbK9N6Yd37++Nhfulk+Ru0PJbtWvEZwMJYEyk=; fh=0RMKT4+I5mzntydGaBo7Km3dDfkLCSH6MnUv+QJCqqY=; b=s2Ees+3XpaJrPmlb/mrlVYlXg1A/ZJKY7tec4jx2Pmu2rteD6xNzDgRILjDd78bxx5 LaEmG5bGok4DurHgHepqUXJEwN6rvYeVROnsK/w2d0Y5dDsoP8UwNF/OcVHUSo5AFQiv h4Ap4qbmM/CTipXzWx0F6U7mY3mToo+KmmqbyTmjQExJ9bEcNB4fJqtAoWVJ8/RxLer4 YYgp0rvLTwZXbA6LWNAFYePWBRimVOGAaVoGs38S8xLpxp3xQ+/Y+9NUoo8eN2BICZL7 sYgvlTZl8msWr2Or/K+BxSSo7E73u/wy1d3PD4JBksHTM8dHVAmi3uoAu68OfX1Cwf5q 9ruw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-11-20 header.b=LlLPnGrF; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-crypto+bounces-2057-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2057-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com X-Forwarded-Encrypted: i=2; AJvYcCUTqZYoASIeJbc++jEsVG62B96VstLqbvWHWWPuh+UPQf6lE8co9h0VMeSwHdEXnuPH0gw1al2WldwFARd2uidW9Y521CGOV/YmfqKZSg== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id v21-20020a05622a189500b0042bedccb018si6946338qtc.531.2024.02.14.14.38.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 14:38:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-2057-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-11-20 header.b=LlLPnGrF; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-crypto+bounces-2057-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2057-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id E21821C20E90 for ; Wed, 14 Feb 2024 22:38:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4A09B14534E; Wed, 14 Feb 2024 22:36:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="LlLPnGrF" X-Original-To: linux-crypto@vger.kernel.org Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53BBB145343; Wed, 14 Feb 2024 22:36:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.165.32 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707950196; cv=none; b=SCIv2f+gCyUAyO5zT+zrWlu/L6xI7kTu2nUln+t/Xpbl3+HZlbI7s5zhIovOV+txE+uu55bRDo5CGOES0YhOXIFqMfF04PMSEkaTASGkEQ10nXJihT00zLo8QMp7CQ56l406JDBxarkIZQgPUlQ5UAMkYwXUhl9Qb4Md/VTIfVg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707950196; c=relaxed/simple; bh=CnndK9c2LWe4N82R7Ysohai6pj/NRUWm7P3NoFIbyyk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UfWB1jdmkF8QbpdOcwbs8mLaf/iYItpp5fXirUKz6k2Wxhu2ZKQ0Dcdvv0d7E6QODJ+2F4d8zuXApZXdYAA0zdFCHrzKdJ3uRinyFyF6Y6WXKiC7IqAkzlpCEhyW3fQS1aKTGFlsTBFgT/cp/NRmyD5R3ZI+2Nn1rRjqgIaAUYQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=LlLPnGrF; arc=none smtp.client-ip=205.220.165.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 41ELibbR015442; Wed, 14 Feb 2024 22:31:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2023-11-20; bh=V4prafnbK9N6Yd37++Nhfulk+Ru0PJbtWvEZwMJYEyk=; b=LlLPnGrF1/raVowv1XHaaT/uzo9/VBQi9laPjx2TwJTHW43fxv1EigPLLX0haj9mw8yY o2nFenThXWGE/G7/PVSFvMk0us1puVWz3PfV4SMCc47j5VSNbf+vysD4uajMjl9eidE2 bIRGmVIyfjnmplz+tOtSbUdysWo8sT3JZu5opN5vNVR+h6hy9rzQmKkIPIteZrnf40AR sxHk+xyyvJAfrapIfLjplOcZzVDgY+ejKQgf40LPRtrGYnt6hvUZRk88MDcUw3xsoAQP k9wD/GzVEE2V8cPnNqLG/7flxBqM/CtsX+tqyGgWdJQ3BCt2hm1UG66Cb2Vhvg9qHW1S XA== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3w92s70gv8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 14 Feb 2024 22:31:42 +0000 Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 41EMAG4f000681; Wed, 14 Feb 2024 22:31:40 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3w5yk9n7b6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 14 Feb 2024 22:31:40 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 41EMVTVC004281; Wed, 14 Feb 2024 22:31:39 GMT Received: from bur-virt-x6-2-100.us.oracle.com (bur-virt-x6-2-100.us.oracle.com [10.153.92.40]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3w5yk9n72r-10 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 14 Feb 2024 22:31:39 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu, herbert@gondor.apana.org.au, davem@davemloft.net, kanth.ghatraju@oracle.com, trenchboot-devel@googlegroups.com Subject: [PATCH v8 09/15] x86: Secure Launch SMP bringup support Date: Wed, 14 Feb 2024 14:18:41 -0800 Message-Id: <20240214221847.2066632-10-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240214221847.2066632-1-ross.philipson@oracle.com> References: <20240214221847.2066632-1-ross.philipson@oracle.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-14_14,2024-02-14_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 phishscore=0 mlxscore=0 bulkscore=0 spamscore=0 malwarescore=0 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2402140170 X-Proofpoint-GUID: jiuIEDJncH4Vf-BfrUmzdgYrt3-A0iUB X-Proofpoint-ORIG-GUID: jiuIEDJncH4Vf-BfrUmzdgYrt3-A0iUB On Intel, the APs are left in a well documented state after TXT performs the late launch. Specifically they cannot have #INIT asserted on them so a standard startup via INIT/SIPI/SIPI cannot be performed. Instead the early SL stub code uses MONITOR and MWAIT to park the APs. The realmode/init.c code updates the jump address for the waiting APs with the location of the Secure Launch entry point in the RM piggy after it is loaded and fixed up. As the APs are woken up by writing the monitor, the APs jump to the Secure Launch entry point in the RM piggy which mimics what the real mode code would do then jumps to the standard RM piggy protected mode entry point. Signed-off-by: Ross Philipson --- arch/x86/include/asm/realmode.h | 3 ++ arch/x86/kernel/smpboot.c | 58 +++++++++++++++++++++++++++- arch/x86/realmode/init.c | 3 ++ arch/x86/realmode/rm/header.S | 3 ++ arch/x86/realmode/rm/trampoline_64.S | 32 +++++++++++++++ 5 files changed, 97 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 87e5482acd0d..339b48e2543d 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -38,6 +38,9 @@ struct real_mode_header { #ifdef CONFIG_X86_64 u32 machine_real_restart_seg; #endif +#ifdef CONFIG_SECURE_LAUNCH + u32 sl_trampoline_start32; +#endif }; /* This must match data at realmode/rm/trampoline_{32,64}.S */ diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c index 3f57ce68a3f1..74511be5b779 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -60,6 +60,7 @@ #include #include #include +#include #include #include @@ -987,6 +988,56 @@ int common_cpu_up(unsigned int cpu, struct task_struct *idle) return 0; } +#ifdef CONFIG_SECURE_LAUNCH + +static bool slaunch_is_txt_launch(void) +{ + if ((slaunch_get_flags() & (SL_FLAG_ACTIVE|SL_FLAG_ARCH_TXT)) == + (SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT)) + return true; + + return false; +} + +/* + * TXT AP startup is quite different than normal. The APs cannot have #INIT + * asserted on them or receive SIPIs. The early Secure Launch code has parked + * the APs using monitor/mwait. This will wake the APs by writing the monitor + * and have them jump to the protected mode code in the rmpiggy where the rest + * of the SMP boot of the AP will proceed normally. + */ +static void slaunch_wakeup_cpu_from_txt(int cpu, int apicid) +{ + struct sl_ap_wake_info *ap_wake_info; + struct sl_ap_stack_and_monitor *stack_monitor = NULL; + + ap_wake_info = slaunch_get_ap_wake_info(); + + stack_monitor = (struct sl_ap_stack_and_monitor *)__va(ap_wake_info->ap_wake_block + + ap_wake_info->ap_stacks_offset); + + for (unsigned int i = TXT_MAX_CPUS - 1; i >= 0; i--) { + if (stack_monitor[i].apicid == apicid) { + /* Write the monitor */ + stack_monitor[i].monitor = 1; + break; + } + } +} + +#else + +static inline bool slaunch_is_txt_launch(void) +{ + return false; +} + +static inline void slaunch_wakeup_cpu_from_txt(int cpu, int apicid) +{ +} + +#endif /* !CONFIG_SECURE_LAUNCH */ + /* * NOTE - on most systems this is a PHYSICAL apic ID, but on multiquad * (ie clustered apic addressing mode), this is a LOGICAL apic ID. @@ -996,7 +1047,7 @@ int common_cpu_up(unsigned int cpu, struct task_struct *idle) static int do_boot_cpu(u32 apicid, int cpu, struct task_struct *idle) { unsigned long start_ip = real_mode_header->trampoline_start; - int ret; + int ret = 0; #ifdef CONFIG_X86_64 /* If 64-bit wakeup method exists, use the 64-bit mode trampoline IP */ @@ -1041,12 +1092,15 @@ static int do_boot_cpu(u32 apicid, int cpu, struct task_struct *idle) /* * Wake up a CPU in difference cases: + * - Intel TXT DRTM launch uses its own method to wake the APs * - Use a method from the APIC driver if one defined, with wakeup * straight to 64-bit mode preferred over wakeup to RM. * Otherwise, * - Use an INIT boot APIC message */ - if (apic->wakeup_secondary_cpu_64) + if (slaunch_is_txt_launch()) + slaunch_wakeup_cpu_from_txt(cpu, apicid); + else if (apic->wakeup_secondary_cpu_64) ret = apic->wakeup_secondary_cpu_64(apicid, start_ip); else if (apic->wakeup_secondary_cpu) ret = apic->wakeup_secondary_cpu(apicid, start_ip); diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index f9bc444a3064..d95776cb30d3 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include @@ -210,6 +211,8 @@ void __init init_real_mode(void) setup_real_mode(); set_real_mode_permissions(); + + slaunch_fixup_jump_vector(); } static int __init do_init_real_mode(void) diff --git a/arch/x86/realmode/rm/header.S b/arch/x86/realmode/rm/header.S index 2eb62be6d256..3b5cbcbbfc90 100644 --- a/arch/x86/realmode/rm/header.S +++ b/arch/x86/realmode/rm/header.S @@ -37,6 +37,9 @@ SYM_DATA_START(real_mode_header) #ifdef CONFIG_X86_64 .long __KERNEL32_CS #endif +#ifdef CONFIG_SECURE_LAUNCH + .long pa_sl_trampoline_start32 +#endif SYM_DATA_END(real_mode_header) /* End signature, used to verify integrity */ diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index c9f76fae902e..526d449d5383 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -120,6 +120,38 @@ SYM_CODE_END(sev_es_trampoline_start) .section ".text32","ax" .code32 +#ifdef CONFIG_SECURE_LAUNCH + .balign 4 +SYM_CODE_START(sl_trampoline_start32) + /* + * The early secure launch stub AP wakeup code has taken care of all + * the vagaries of launching out of TXT. This bit just mimics what the + * 16b entry code does and jumps off to the real startup_32. + */ + cli + wbinvd + + /* + * The %ebx provided is not terribly useful since it is the physical + * address of tb_trampoline_start and not the base of the image. + * Use pa_real_mode_base, which is fixed up, to get a run time + * base register to use for offsets to location that do not have + * pa_ symbols. + */ + movl $pa_real_mode_base, %ebx + + LOCK_AND_LOAD_REALMODE_ESP lock_pa=1 + + lgdt tr_gdt(%ebx) + lidt tr_idt(%ebx) + + movw $__KERNEL_DS, %dx # Data segment descriptor + + /* Jump to where the 16b code would have jumped */ + ljmpl $__KERNEL32_CS, $pa_startup_32 +SYM_CODE_END(sl_trampoline_start32) +#endif + .balign 4 SYM_CODE_START(startup_32) movl %edx, %ss -- 2.39.3