[PATCH] x86/sev: Fix position dependent variable references in startup code

Tom Lendacky thomas.lendacky at amd.com
Tue Feb 27 11:05:51 PST 2024 

On 2/3/24 06:53, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb at kernel.org>
> 
> The early startup code executes from a 1:1 mapping of memory, which
> differs from the mapping that the code was linked and/or relocated to
> run at. The latter mapping is not active yet at this point, and so
> symbol references that rely on it will fault. Given that the core kernel
> is built without -fPIC, symbol references are typically emitted as
> absolute, and so any such references occuring in the early startup code
> will therefore crash the kernel.
> 
> While an attempt was made to work around this for the early SEV/SME
> startup code, by forcing RIP-relative addressing for certain global
> SEV/SME variables via inline assembly (see snp_cpuid_get_table() for
> example), RIP-relative addressing must be pervasively enforced for
> SEV/SME global variables when accessed prior to page table fixups.
> 
> __startup_64() already handles this issue for select non-SEV/SME global
> variables using fixup_pointer(), which adjusts the pointer relative to a
> `physaddr` argument. To avoid having to pass around this `physaddr`
> argument across all functions needing to apply pointer fixups, this
> patch introduces the macro RIP_RELATIVE_REF(), which generates a
> RIP-relative reference to a given global variable. The macro is used
> where necessary to force RIP-relative accesses to global variables.
> 
> For backporting purposes, this patch makes no attempt at cleaning up
> other occurrences of this pattern, involving either inline asm or
> fixup_pointer(). Those will be addressed by subsequent patches.
> 
> Link: https://lore.kernel.org/all/20240130220845.1978329-1-kevinloughlin@google.com/
> Co-developed-by: Kevin Loughlin <kevinloughlin at google.com>
> Signed-off-by: Kevin Loughlin <kevinloughlin at google.com>
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>

>   
>   out:
> -	if (sme_me_mask) {
> -		physical_mask &= ~sme_me_mask;
> -		cc_vendor = CC_VENDOR_AMD;
> -		cc_set_mask(sme_me_mask);
> -	}
> +	RIP_RELATIVE_REF(sme_me_mask) = me_mask;
> +	physical_mask &= ~me_mask;
> +	cc_vendor = CC_VENDOR_AMD;

Sorry, just noticed this, but should physical_mask and cc_vendor also be 
RIP_RELATIVE_REF()?

Thanks,
Tom

> +	cc_set_mask(me_mask);
>   }
> 
> base-commit: f9e6f00d93d34f60f90b42c24e80194b11a72bb2

More information about the linux-arm-kernel mailing list