From patchwork Wed Jul 12 03:30:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hou Wenlong X-Patchwork-Id: 118800 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:a6b2:0:b0:3e4:2afc:c1 with SMTP id c18csp891726vqm; Tue, 11 Jul 2023 20:49:18 -0700 (PDT) X-Google-Smtp-Source: APBJJlGzi/PPeRNHri+Q88l4AaQjVvBQCW3ATiRn0Z99caUKIcyWGjVk2QQ/kR1Qu1U1dqo9d7jY X-Received: by 2002:aa7:d043:0:b0:51e:cc7:534d with SMTP id n3-20020aa7d043000000b0051e0cc7534dmr15762298edo.24.1689133758232; Tue, 11 Jul 2023 20:49:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689133758; cv=none; d=google.com; s=arc-20160816; b=du+QL+qsk1SZiu/+pqwovMLRZfM0ohbLgquMb01oXBwcLKYhtxwj4OMcyyaiG05MVL ExUJapTJkE0a2HREYrcoaIwLyL6cBJGXP4LeYbpGbHBRQiDnaAe+GRScwyPAtDBphJii mO9C0cD6A8uxaDtdiRASU2h4KLxpsPIr3UlQ+L7hogGqKYMUip7aiWps/GPd0aw1kBmb B53nsNkIdkLRRQ9PchV0cd+YOkp5+8Mqrahqq0fiapW1JVqcB3mVMocAclI+coJ4S2xP CfrY0A5p9nzZQm0Kci5LSsofFXH4IVD3rQ+za67/CP7Z7L/+ZZJQsApPQpR+DXQsx7QF oVUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=nJ+axOaYJuTpcodlc6yXfGW4h7eJ/AWARm1N1AHY72I=; fh=g3bs2vx/kX+Tyhj7Th90Ny2Gk3JcG9W//LiDCVLFzAY=; b=WhbgivhCGY5cJtPypZ2IMogXqmEJCGqqQzy2fvS29ksDVCZtdbZduY+UugOzed1T65 B9bZEqMUBmJKAISvslPnwPj7djBeISDhgRgW3myGGfLU+hytF69is/WCJXCBzorwFrHM Kp0KiZyO+h7JgWWKMBOqS5Qm0WCs4t8Iy7X5iksx9zaAHshPmi88BlGSOzzXp3ZVOtEt MVYt2DVx0yJx8JKDngyTBFGOAk8b71RAF8yM6kRbbziI86qzlfBMv69BKAsHSodVQJC1 KBdHn9j1IP8tht4aSGKVlz9pKaD9di5la1YSJ3NBTEiyokdAnP4gB/lmsIdAUy4xr6e5 Bm5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y8-20020aa7ccc8000000b0051ddbdeb0c7si3657918edt.350.2023.07.11.20.48.55; Tue, 11 Jul 2023 20:49:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231859AbjGLDcl (ORCPT + 99 others); Tue, 11 Jul 2023 23:32:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229537AbjGLDcQ (ORCPT ); Tue, 11 Jul 2023 23:32:16 -0400 Received: from out0-207.mail.aliyun.com (out0-207.mail.aliyun.com [140.205.0.207]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 053381BF5 for ; Tue, 11 Jul 2023 20:32:07 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R191e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018047207;MF=houwenlong.hwl@antgroup.com;NM=1;PH=DS;RN=11;SR=0;TI=SMTPD_---.TrdHx8q_1689132719; Received: from localhost(mailfrom:houwenlong.hwl@antgroup.com fp:SMTPD_---.TrdHx8q_1689132719) by smtp.aliyun-inc.com; Wed, 12 Jul 2023 11:32:00 +0800 From: "Hou Wenlong" To: linux-kernel@vger.kernel.org Cc: "Lai Jiangshan" , "Hou Wenlong" , "Dave Hansen" , "Andy Lutomirski" , "Peter Zijlstra" , "Thomas Gleixner" , "Ingo Molnar" , "Borislav Petkov" , " =?utf-8?q?maintainer=3AX86_ARCHITECTURE?= =?utf-8?q?_32-BIT_AND_64-BIT?= " , "H. Peter Anvin" Subject: [PATCH RFC 7/7] x86/sme: Build the code in mem_encrypt_identity.c as PIE Date: Wed, 12 Jul 2023 11:30:11 +0800 Message-Id: <80367ca39ed736b6fc839c5de99a006f54182c45.1689130310.git.houwenlong.hwl@antgroup.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771185119494268539 X-GMAIL-MSGID: 1771185119494268539 Similar to head64.c, all the code in mem_encrypt_identity.c runs in identity address. However, it uses inline assembly to use RIP-relative reference for some globals. Therefore, build the code as PIE to force the compiler to generate RIP-relative reference, allowing for all inline assembly to be removed. Suggested-by: Lai Jiangshan Signed-off-by: Hou Wenlong --- The changes have not been tested on AMD SME. arch/x86/mm/Makefile | 3 +++ arch/x86/mm/mem_encrypt_identity.c | 31 +++++------------------------- 2 files changed, 8 insertions(+), 26 deletions(-) -- 2.31.1 diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index c80febc44cd2..f5d7b22c5f1b 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -32,6 +32,9 @@ obj-y += pat/ # Make sure __phys_addr has no stackprotector CFLAGS_physaddr.o := -fno-stack-protector CFLAGS_mem_encrypt_identity.o := -fno-stack-protector +CFLAGS_mem_encrypt_identity.o += -fPIE -include $(srctree)/include/linux/hidden.h + +CFLAGS_REMOVE_mem_encrypt_identity.o += -mcmodel=kernel CFLAGS_fault.o := -I $(srctree)/$(src)/../include/asm/trace diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index 72aeb0f3dec6..2f292ab4e6a9 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -343,13 +343,7 @@ void __head sme_encrypt_kernel(struct boot_params *bp) } #endif - /* - * We're running identity mapped, so we must obtain the address to the - * SME encryption workarea using rip-relative addressing. - */ - asm ("lea sme_workarea(%%rip), %0" - : "=r" (workarea_start) - : "p" (sme_workarea)); + workarea_start = (unsigned long)(void *)sme_workarea; /* * Calculate required number of workarea bytes needed: @@ -505,7 +499,7 @@ void __head sme_encrypt_kernel(struct boot_params *bp) void __head sme_enable(struct boot_params *bp) { - const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off; + const char *cmdline_ptr; unsigned int eax, ebx, ecx, edx; unsigned long feature_mask; bool active_by_default; @@ -578,21 +572,6 @@ void __head sme_enable(struct boot_params *bp) goto out; } - /* - * Fixups have not been applied to phys_base yet and we're running - * identity mapped, so we must obtain the address to the SME command - * line argument data using rip-relative addressing. - */ - asm ("lea sme_cmdline_arg(%%rip), %0" - : "=r" (cmdline_arg) - : "p" (sme_cmdline_arg)); - asm ("lea sme_cmdline_on(%%rip), %0" - : "=r" (cmdline_on) - : "p" (sme_cmdline_on)); - asm ("lea sme_cmdline_off(%%rip), %0" - : "=r" (cmdline_off) - : "p" (sme_cmdline_off)); - if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT)) active_by_default = true; else @@ -601,12 +580,12 @@ void __head sme_enable(struct boot_params *bp) cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr | ((u64)bp->ext_cmd_line_ptr << 32)); - if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0) + if (cmdline_find_option(cmdline_ptr, sme_cmdline_arg, buffer, sizeof(buffer)) < 0) return; - if (!strncmp(buffer, cmdline_on, sizeof(buffer))) + if (!strncmp(buffer, sme_cmdline_on, sizeof(buffer))) sme_me_mask = me_mask; - else if (!strncmp(buffer, cmdline_off, sizeof(buffer))) + else if (!strncmp(buffer, sme_cmdline_off, sizeof(buffer))) sme_me_mask = 0; else sme_me_mask = active_by_default ? me_mask : 0;