From patchwork Wed Oct 9 16:04:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13828726 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7F100CEE326 for ; Wed, 9 Oct 2024 16:09:32 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.814887.1228583 (Exim 4.92) (envelope-from ) id 1syZFN-0004TJ-HW; Wed, 09 Oct 2024 16:09:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 814887.1228583; Wed, 09 Oct 2024 16:09:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFN-0004S3-E4; Wed, 09 Oct 2024 16:09:09 +0000 Received: by outflank-mailman (input) for mailman id 814887; Wed, 09 Oct 2024 16:09:08 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFM-0004OJ-I9 for xen-devel@lists.xenproject.org; Wed, 09 Oct 2024 16:09:08 +0000 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [2607:f8b0:4864:20::b4a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id cf804ea4-8658-11ef-a0bd-8be0dac302b0; Wed, 09 Oct 2024 18:09:07 +0200 (CEST) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-e290947f6f8so502951276.2 for ; Wed, 09 Oct 2024 09:09:07 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: cf804ea4-8658-11ef-a0bd-8be0dac302b0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728490146; x=1729094946; darn=lists.xenproject.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=N4os8DmpWomyhdXT3uIE5sI0/fikMzrPBJolJZzSSPQ=; b=NH2bw0GyiHo8F2u7zAqZPmm6MalNs89+wzFZwheEoiSheZiTmq1JZs1hIRpqoCgNXo hh2JTmKTsnS3sONIAm7qk/ge8oXwQtb5lbWu7jHdcdp+k13fqeqWf/j9of1lNp2Q1t2g HgqD/12w0R8cggrLgP5SBxXpk64ldH1J0Wcq2QTTUEBRa2n/tOF6NgfuBpcVXB3JssmO zB1o3f6P5MaVmztPf+Nl+V51ZNxWy4ullm7B6Z0JrtnO3vPfwYStp3TaXHmxnqSU0Gap F5G2FaYtKURu5jGQZ1DQ29BJi5x+gcJE/x4A3fZl19cc4gvSUnUot6NkGBxHZwUm3+uV CVXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728490146; x=1729094946; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=N4os8DmpWomyhdXT3uIE5sI0/fikMzrPBJolJZzSSPQ=; b=AG+9PNpH8LQwOp+kLulFdf2kxFm3ezlEUXZIc9D+59eVQO504etM1RzC5FpZITXdaq 0/FUAgwZwNzEXZ8VdHQ2qAYK3avlb61VKchczpx3cDldiuf3pmAWwBmkRJjiwz/G8GtH 77yph9QKN1nbXy0qZ7LwC94X2lB2GWwztIgfJ2ODdpvQZO9mql6mKG6Cpv8Ufea3awsv GoE6b/zN5RnRCIspAabIMvQ1X5E2KMED1C0wwtTBCaNhNvC0EzhsPlpmL09ollZH9bGb fgs9DpOglzSm+szixo9HbYfwUxfQsMOIjtN4UY5MDI7h2Ig7KKz6oUkdt+S7dgV3MIH9 FnvQ== X-Forwarded-Encrypted: i=1; AJvYcCXXQMjxv4HY3BsJv8AunHnx3hzjIVI2Eo8rMz7QexawKXchNoE3C3KjJB7dYUtWznonONuDCUb0xmk=@lists.xenproject.org X-Gm-Message-State: AOJu0Yw8/87DEw7vOJFwizcFZMWl3xkKWVlYkwA3EWDtgBlWSQPzm3Fd Xv2QaQNAD5/UxK/37FZLgOlIm5/sXoklihS2Eh06L6a6wCHU2qHO1c0fosPo5SYHzUmLNA== X-Google-Smtp-Source: AGHT+IFT6IBvqDFvd1nh9Nvp19An6mvh9GEkIy5aq6tG0DxKt0GfrpuME+IFqFwS7fy8QSz4NyDyDfDy X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a25:850d:0:b0:e25:5cb1:77d8 with SMTP id 3f1490d57ef6-e28fe4edeb1mr2566276.6.1728490146127; Wed, 09 Oct 2024 09:09:06 -0700 (PDT) Date: Wed, 9 Oct 2024 18:04:40 +0200 In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com> Mime-Version: 1.0 References: <20241009160438.3884381-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1584; i=ardb@kernel.org; h=from:subject; bh=iWMVWWds+djQXEXyMG9PXtB+asvAc5L9HBTrJQ9xUI0=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5Qzb+5vWNIRfeP0j+K0038QHKYoJW6Ocbk1xPSMu9 /ZLNUtyRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIlByGPzxHlDuFHVdUrt/r MSct7e16de7eyB6v8DvPj7HsC2gs3MrwT9XpV2I1e25o/5H0axwpbNmz58ruzF5mZerQszMwWMW EFwA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241009160438.3884381-8-ardb+git@google.com> Subject: [PATCH v3 1/5] x86/pvh: Call C code via the kernel virtual mapping From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Jason Andryuk , Juergen Gross , Boris Ostrovsky , x86@kernel.org, xen-devel@lists.xenproject.org From: Ard Biesheuvel Calling C code via a different mapping than it was linked at is problematic, because the compiler assumes that RIP-relative and absolute symbol references are interchangeable. GCC in particular may use RIP-relative per-CPU variable references even when not using -fpic. So call xen_prepare_pvh() via its kernel virtual mapping on x86_64, so that those RIP-relative references produce the correct values. This matches the pre-existing behavior for i386, which also invokes xen_prepare_pvh() via the kernel virtual mapping before invoking startup_32 with paging disabled again. Fixes: 7243b93345f7 ("xen/pvh: Bootstrap PVH guest") Tested-by: Jason Andryuk Reviewed-by: Jason Andryuk Signed-off-by: Ard Biesheuvel --- arch/x86/platform/pvh/head.S | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index 64fca49cd88f..ce4fd8d33da4 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -172,7 +172,14 @@ SYM_CODE_START_LOCAL(pvh_start_xen) movq %rbp, %rbx subq $_pa(pvh_start_xen), %rbx movq %rbx, phys_base(%rip) - call xen_prepare_pvh + + /* Call xen_prepare_pvh() via the kernel virtual mapping */ + leaq xen_prepare_pvh(%rip), %rax + subq phys_base(%rip), %rax + addq $__START_KERNEL_map, %rax + ANNOTATE_RETPOLINE_SAFE + call *%rax + /* * Clear phys_base. __startup_64 will *add* to its value, * so reset to 0. From patchwork Wed Oct 9 16:04:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13828725 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7DBEDCEE326 for ; Wed, 9 Oct 2024 16:09:29 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.814888.1228598 (Exim 4.92) (envelope-from ) id 1syZFP-0004sc-Nk; Wed, 09 Oct 2024 16:09:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 814888.1228598; Wed, 09 Oct 2024 16:09:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFP-0004sT-KV; Wed, 09 Oct 2024 16:09:11 +0000 Received: by outflank-mailman (input) for mailman id 814888; Wed, 09 Oct 2024 16:09:10 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFO-0004OJ-36 for xen-devel@lists.xenproject.org; Wed, 09 Oct 2024 16:09:10 +0000 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [2607:f8b0:4864:20::b4a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d0c1a763-8658-11ef-a0bd-8be0dac302b0; Wed, 09 Oct 2024 18:09:09 +0200 (CEST) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-e28690bc290so10523078276.1 for ; Wed, 09 Oct 2024 09:09:09 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d0c1a763-8658-11ef-a0bd-8be0dac302b0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728490148; x=1729094948; darn=lists.xenproject.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=NGJVSpQBdEJnufx8hCONnOeuil0ovqsMOkm2dztukRI=; b=cduC3QBSHUgaM6kX8XYcDNm5UlpCfR4JqoBRYlPOvXboAaGd/0hgHAPualA5BiL1bi wTAdO5v/Fgga0GiVwDwoTO1Z/rmPLgDyZK+IPhgydv6vnCYjyxDRLgsZfU0K+ePSJ88s mY3HyuKuKXE1ZbzrymApebtny3nBOVvDJoXFlKZ9pzHAUdM1QlvAa8yYbvBlthXIVQ05 h/+l/Az853NXdoPpimnghTtDf6Gi+RiaVLIfmZcYXC+t8H5SmvzVQXBFXUzqLFnQRNyb +7pDJfbVATnnixkBRV5gGR5qpknzc7bb0dBlXMsj427CJniD8LRmrPT+hxckQ9+ExD/C NDAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728490148; x=1729094948; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NGJVSpQBdEJnufx8hCONnOeuil0ovqsMOkm2dztukRI=; b=QCPbC3pkCYqvuvAP8DUXpbJC6mbWElg5QMsqtGOi7M87fGlnA6yBYg5Slge916O7ah s4PrX+8J/6DLwsJvsfWwiysenEhOd7+omTvyZUGq76B4JuUiSwtIeJC8zG6EeYkqqC/5 B0M8zOv6wl5uCI4q5oUvMIDte179Rh+2hhd98Xv7i6nL2z5QECXkr7kJevFUglBUcFuZ QgAIur73aNVS7l6ApoQ9uihrKPOZgntpnUVTEZX8dKOu4CF3d3t2akmkJkM7S7oNvtvi T44vy109Xr2O4auYiWZfBy/Yngij6wOjFy0BApAn2nTqsxTNgNHeY0EseJhU0iM6QBNc hJjw== X-Forwarded-Encrypted: i=1; AJvYcCVwaNPafjP269cR1xjdQgTzrN8SYf6wJNsQMr+CBkFDUpqMiRa/jnoF9vtt0/DSCbjbq5vPptZtyK8=@lists.xenproject.org X-Gm-Message-State: AOJu0YyvpjBQaVrfZtnOrC7Y6weaRlCIVfOk235kk9gZLWzfUq79+WzK Klf1k9QE3vspNQa0HwiSYu7XvpZOx8OBi2rjlPUA3fHSLzjNGa3wuTGFf0aFG05owz5nRQ== X-Google-Smtp-Source: AGHT+IGcrpMuY+JUdG2304e6zDFXCrIjHXd1oEUvOKqh9gm+2UjFx6EJkS5NZtUvSSlBsb3U+IRyhrgW X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a5b:b86:0:b0:e0e:8b26:484e with SMTP id 3f1490d57ef6-e28fe516b5amr2248276.8.1728490148421; Wed, 09 Oct 2024 09:09:08 -0700 (PDT) Date: Wed, 9 Oct 2024 18:04:41 +0200 In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com> Mime-Version: 1.0 References: <20241009160438.3884381-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=870; i=ardb@kernel.org; h=from:subject; bh=2aGbXNWak6ut+XUg0ikYbMbWC3UWCn0/S+aA/QUouf0=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5azmxVvPswZHXo+eZV99ILxaoHCZkO2ShWG1fzZfj dj+ce7DjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjARy+2MDA/ZrgbNPbtsYlDP rOq9G7Q6V597L3Jqq9sCbs3/wpEGh5MYGb78MV6wNolJSO21T0+OoIGEyFzrXQ6zdnhMFmFb/nZ dCgcA X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241009160438.3884381-9-ardb+git@google.com> Subject: [PATCH v3 2/5] x86/pvh: Use correct size value in GDT descriptor From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Jason Andryuk , Juergen Gross , Boris Ostrovsky , x86@kernel.org, xen-devel@lists.xenproject.org From: Ard Biesheuvel The limit field in a GDT descriptor is an inclusive bound, and therefore one less than the size of the covered range. Reviewed-by: Jason Andryuk Tested-by: Jason Andryuk Signed-off-by: Ard Biesheuvel --- arch/x86/platform/pvh/head.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index ce4fd8d33da4..5a196fb3ebd8 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -224,7 +224,7 @@ SYM_CODE_END(pvh_start_xen) .section ".init.data","aw" .balign 8 SYM_DATA_START_LOCAL(gdt) - .word gdt_end - gdt_start + .word gdt_end - gdt_start - 1 .long _pa(gdt_start) /* x86-64 will overwrite if relocated. */ .word 0 SYM_DATA_END(gdt) From patchwork Wed Oct 9 16:04:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13828723 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EFBC0CEE32A for ; Wed, 9 Oct 2024 16:09:23 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.814889.1228608 (Exim 4.92) (envelope-from ) id 1syZFR-000599-W4; Wed, 09 Oct 2024 16:09:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 814889.1228608; Wed, 09 Oct 2024 16:09:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFR-00058w-Ru; Wed, 09 Oct 2024 16:09:13 +0000 Received: by outflank-mailman (input) for mailman id 814889; Wed, 09 Oct 2024 16:09:12 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFQ-0004OJ-Cm for xen-devel@lists.xenproject.org; Wed, 09 Oct 2024 16:09:12 +0000 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [2607:f8b0:4864:20::114a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d2196a80-8658-11ef-a0bd-8be0dac302b0; Wed, 09 Oct 2024 18:09:11 +0200 (CEST) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-6e2acec0109so232117b3.3 for ; Wed, 09 Oct 2024 09:09:11 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d2196a80-8658-11ef-a0bd-8be0dac302b0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728490150; x=1729094950; darn=lists.xenproject.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=J4+JRDfPTu3i9TGQoGrO88TmpFKth6/64PHl7TNFJEg=; b=krK6VjALPBBPhvit/RNtUFSPAIbU+i2L4Q5mT6N5+18rs95hsRWvOsBFSuZYOFuVgy SgpV7Q/QxPbBWNKA3+j1WmUjRGZcrinxb5cteIXrSTUL30EeOBB9zr6O4hGfEBmUI6Qt urXxmrV3QMRxE1QxOPWY2y8ft/e1jMkLCs1F7tzbSeKZ7qnND7hrIcpNbnk1e183RIP3 wbyvV1KWCWQoURzxWVOuUdzLpxkOYcyp0Ix70rX+/gOYVStEB2lTBReh1luVi9akUspD 5fiB/dZ+/ayx76/AvIirO/N3R7/+ivf3aJxrs5l0cwviQrveohffgf3cyUUFYN/1uQ6/ 629Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728490150; x=1729094950; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=J4+JRDfPTu3i9TGQoGrO88TmpFKth6/64PHl7TNFJEg=; b=KxczNzekl/niyvUXnAYfHcWPfONi3h6rFM0XAbDQA/athSFgJBAY32CiLliR7ZBoL2 cRHpV5a3cnIR5kxVrqnlwuZBCGXDxbTtTrMcKCxs8fmOjkJmeKTlzo/pUCy5LHbd6YNU u12WT1V1KBUHBOrf40ZQVif6zPftfX0OVxL1XfunLfo3T5v3j9Q/Bp17hyotRUgIkqrx LpdK0RmH2i3i9ltVAI1F5/jZa8IPvDDzXMUg1f/EU8QrlJ0ZOBneRXentpXcqZ6FSYpH feYY7ckVnJBE/1H1miR6yQ/BdszZhJioxVbovxF5a1dqM0eauNWVnMIgzIw5rL3kGv4Y O6Jg== X-Forwarded-Encrypted: i=1; AJvYcCW16LYUShDNHOzqtlGFuxli45POor3gcYrgajVjehWcHmc7UiitPj796fC9pxBVDyubwzQdosSnCTY=@lists.xenproject.org X-Gm-Message-State: AOJu0Yx7lu0hNDKVawW69jNVCy8bnBPhGGAJuXgOGdb3tCusK8/jtXG6 MkRnuBPxB3X78FGD0mqRTUiMBXrFihMx6afIldjZyBN5GNFxODK42BIsenBbDzE7jW/ZEA== X-Google-Smtp-Source: AGHT+IHh/v1gqKUGM1BBNWYUx+HRB+/b48NbVa7MzzwrUC5bvv7YGG3nH+h3kZviumtVaikoqrrnQUYJ X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:690c:6206:b0:6dd:fda3:6568 with SMTP id 00721157ae682-6e322466d9cmr656517b3.3.1728490150649; Wed, 09 Oct 2024 09:09:10 -0700 (PDT) Date: Wed, 9 Oct 2024 18:04:42 +0200 In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com> Mime-Version: 1.0 References: <20241009160438.3884381-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1010; i=ardb@kernel.org; h=from:subject; bh=+Q7W1GiOJkPeWPDKOBo9uqagjD9LHIgeoC2Mxh5XnwY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5Wzjs1ffPY46eO1bpusehTCZdacXZnoeNXOLyWxmX DlH7szhjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRbdaMDEdb5ytZOn3ZKLTX pfp7dSXXttVy8e9+vy+Nfj5V1CyCNYrhv6uByoSdnzjS98bXX9fpSBD+LWc9+VSxb4XCOdMJ2zc 7cQAA X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241009160438.3884381-10-ardb+git@google.com> Subject: [PATCH v3 3/5] x86/pvh: Omit needless clearing of phys_base From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Jason Andryuk , Juergen Gross , Boris Ostrovsky , x86@kernel.org, xen-devel@lists.xenproject.org From: Ard Biesheuvel Since commit d9ec1158056b ("x86/boot/64: Use RIP_REL_REF() to assign 'phys_base'") phys_base is assigned directly rather than added to, so it is no longer necessary to clear it after use. Reviewed-by: Jason Andryuk Tested-by: Jason Andryuk Signed-off-by: Ard Biesheuvel --- arch/x86/platform/pvh/head.S | 7 ------- 1 file changed, 7 deletions(-) diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index 5a196fb3ebd8..7ca51a4da217 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -180,13 +180,6 @@ SYM_CODE_START_LOCAL(pvh_start_xen) ANNOTATE_RETPOLINE_SAFE call *%rax - /* - * Clear phys_base. __startup_64 will *add* to its value, - * so reset to 0. - */ - xor %rbx, %rbx - movq %rbx, phys_base(%rip) - /* startup_64 expects boot_params in %rsi. */ lea pvh_bootparams(%rip), %rsi jmp startup_64 From patchwork Wed Oct 9 16:04:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13828728 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2319BCEE326 for ; Wed, 9 Oct 2024 16:09:39 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.814890.1228618 (Exim 4.92) (envelope-from ) id 1syZFV-0005Tg-7r; Wed, 09 Oct 2024 16:09:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 814890.1228618; Wed, 09 Oct 2024 16:09:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFV-0005TW-4U; Wed, 09 Oct 2024 16:09:17 +0000 Received: by outflank-mailman (input) for mailman id 814890; Wed, 09 Oct 2024 16:09:15 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFT-0004OJ-1A for xen-devel@lists.xenproject.org; Wed, 09 Oct 2024 16:09:15 +0000 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [2607:f8b0:4864:20::114a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d39c20ff-8658-11ef-a0bd-8be0dac302b0; Wed, 09 Oct 2024 18:09:14 +0200 (CEST) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-6e3231725c9so491607b3.1 for ; Wed, 09 Oct 2024 09:09:14 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d39c20ff-8658-11ef-a0bd-8be0dac302b0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728490153; x=1729094953; darn=lists.xenproject.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=qfTuALibAeUjzZyHnaTNb0n9bb4hHeONDW14sDZ6lQE=; b=4drxnG1osMxRlkJ3Jat3MK1sAaqG4B6nRRBqKn2j6TDDTalBgCe8gqt3ckRz+p3x5j Qri+2B+oRYDsPCU15htNC4vX+z3DXzY7dhQIRIy8MHQ2nCpwbX2djXNQKcr2DUmDi2F9 b524GaW8kl6osHjeCLe5rdXwjKm1sTpg0AEV/Ne9rXazjgSLIZVNSgAwhzn2yMF6YeRx KtuZg57dV/4ur8Qf2PLBZb7VogMuqjbo9hFKhKR85QtZ/D5l6aabeKjX3qudVVKhDrWf vxsDG+AYyKLTlFAxN4Iz4YtL+aZ4ZSfCNhjgJp44e3ixm2SF5I0nk1YP+jlfjfJCCOAD p9CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728490153; x=1729094953; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qfTuALibAeUjzZyHnaTNb0n9bb4hHeONDW14sDZ6lQE=; b=Q9b78d5Nw1CuemH1Wb/LH2gnytKvp33gZQ2bXS7PfFqPlVzsA5eUlhy9ZMwbobXW3j iXVHykApnIzPrMONS7HjjmNibjlIewI+/ZFah/TuVX/FYOh/uKj4lB4Unc/yuFgm4jdF tWg9+C3/hbzPokTsMIqh7dMlVsC7EgrtI7eMMqo9t5wI9beKqYIq73MlT/MMWt4mWjJm 6h+qgz+ovgf4BujQz3L64Mjlqhvs+JefarNvXspXYTXUpbBpiyLgYox/8MsViGvMFWRw 2Y7T3aWva2qRWKzmo6ZkzgMHTSSk+Gicbn/XAB7sDY4C+pyyZvXCeTDduD/QgtV4ur76 0qZQ== X-Forwarded-Encrypted: i=1; AJvYcCWitfGKzJwtrYVsHOgo3lcbw50E+bM3viWgHlUEKfz3s1htx2E5RJC/YloSJxhH9+Bf7a8JzgLxDK8=@lists.xenproject.org X-Gm-Message-State: AOJu0Yz04OdEk8cO1EnvDE7MhLI2K/kF+RcuK+GNfcLHsAKiaNJSIPRA xHLZOAO2UmhynsYX+JqeInCoVAJdMnzq6Fjya3oZWqKxsWyA5O6OVqO/0cii2MPIxnBZqg== X-Google-Smtp-Source: AGHT+IGSwzDDwa9vfi8McEdFMoR0PLLZMRY7iqvUgt19TSvNHlS6capqTKRHK6X82aIm2RwCa+IhAMD6 X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a25:df09:0:b0:e28:fc1c:eb4d with SMTP id 3f1490d57ef6-e28fe32b721mr58962276.1.1728490153207; Wed, 09 Oct 2024 09:09:13 -0700 (PDT) Date: Wed, 9 Oct 2024 18:04:43 +0200 In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com> Mime-Version: 1.0 References: <20241009160438.3884381-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4449; i=ardb@kernel.org; h=from:subject; bh=AQt8zs3Emx4CUUaeR6x58jNDJibSKr6ifPlMsbVG+cQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5ZwCb7dpkU8nOf9OFdq2+mPT7Qerpm6yWpi6sTF9c YQ2O+P9jlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRHfMZ/vA9beh7s984n3lF nbt8C5vrhH0L+bUzNWZc2rptzvfbi9Yz/C/2LdZQ9yvoyEoxXnp71/ubzTvKvmpbXurczZbm/Dj kCAcA X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241009160438.3884381-11-ardb+git@google.com> Subject: [PATCH v3 4/5] x86/xen: Avoid relocatable quantities in Xen ELF notes From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Jason Andryuk , Juergen Gross , Boris Ostrovsky , x86@kernel.org, xen-devel@lists.xenproject.org From: Ard Biesheuvel Xen puts virtual and physical addresses into ELF notes that are treated by the linker as relocatable by default. Doing so is not only pointless, given that the ELF notes are only intended for consumption by Xen before the kernel boots. It is also a KASLR leak, given that the kernel's ELF notes are exposed via the world readable /sys/kernel/notes. So emit these constants in a way that prevents the linker from marking them as relocatable. This involves place-relative relocations (which subtract their own virtual address from the symbol value) and linker provided absolute symbols that add the address of the place to the desired value. Tested-by: Jason Andryuk Signed-off-by: Ard Biesheuvel Reviewed-by: Jason Andryuk --- arch/x86/kernel/vmlinux.lds.S | 19 +++++++++++++++++++ arch/x86/platform/pvh/head.S | 6 +++--- arch/x86/tools/relocs.c | 1 + arch/x86/xen/xen-head.S | 6 ++++-- 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 6726be89b7a6..495f88c9d9f8 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -527,3 +527,22 @@ INIT_PER_CPU(irq_stack_backing_store); #endif #endif /* CONFIG_X86_64 */ + +/* + * The symbols below are referenced using relative relocations in the + * respective ELF notes. This produces build time constants that the + * linker will never mark as relocatable. (Using just ABSOLUTE() is not + * sufficient for that). + */ +#ifdef CONFIG_XEN +#ifdef CONFIG_XEN_PV +xen_elfnote_entry_value = + ABSOLUTE(xen_elfnote_entry) + ABSOLUTE(startup_xen); +#endif +xen_elfnote_hypercall_page_value = + ABSOLUTE(xen_elfnote_hypercall_page) + ABSOLUTE(hypercall_page); +#endif +#ifdef CONFIG_PVH +xen_elfnote_phys32_entry_value = + ABSOLUTE(xen_elfnote_phys32_entry) + ABSOLUTE(pvh_start_xen - LOAD_OFFSET); +#endif diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index 7ca51a4da217..e6f39d77f0b4 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -52,7 +52,7 @@ #define PVH_CS_SEL (PVH_GDT_ENTRY_CS * 8) #define PVH_DS_SEL (PVH_GDT_ENTRY_DS * 8) -SYM_CODE_START_LOCAL(pvh_start_xen) +SYM_CODE_START(pvh_start_xen) UNWIND_HINT_END_OF_STACK cld @@ -300,5 +300,5 @@ SYM_DATA_END(pvh_level2_kernel_pgt) .long KERNEL_IMAGE_SIZE - 1) #endif - ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY, - _ASM_PTR (pvh_start_xen - __START_KERNEL_map)) + ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY, .global xen_elfnote_phys32_entry; + xen_elfnote_phys32_entry: _ASM_PTR xen_elfnote_phys32_entry_value - .) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index c101bed61940..3ede19ca8432 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -56,6 +56,7 @@ static const char * const sym_regex_kernel[S_NSYMTYPES] = { [S_ABS] = "^(xen_irq_disable_direct_reloc$|" "xen_save_fl_direct_reloc$|" + "xen_elfnote_.+_offset$|" "VDSO|" "__kcfi_typeid_|" "__crc_)", diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S index 758bcd47b72d..7f6c69dbb816 100644 --- a/arch/x86/xen/xen-head.S +++ b/arch/x86/xen/xen-head.S @@ -94,7 +94,8 @@ SYM_CODE_END(xen_cpu_bringup_again) ELFNOTE(Xen, XEN_ELFNOTE_VIRT_BASE, _ASM_PTR __START_KERNEL_map) /* Map the p2m table to a 512GB-aligned user address. */ ELFNOTE(Xen, XEN_ELFNOTE_INIT_P2M, .quad (PUD_SIZE * PTRS_PER_PUD)) - ELFNOTE(Xen, XEN_ELFNOTE_ENTRY, _ASM_PTR startup_xen) + ELFNOTE(Xen, XEN_ELFNOTE_ENTRY, .globl xen_elfnote_entry; + xen_elfnote_entry: _ASM_PTR xen_elfnote_entry_value - .) ELFNOTE(Xen, XEN_ELFNOTE_FEATURES, .ascii "!writable_page_tables") ELFNOTE(Xen, XEN_ELFNOTE_PAE_MODE, .asciz "yes") ELFNOTE(Xen, XEN_ELFNOTE_L1_MFN_VALID, @@ -115,7 +116,8 @@ SYM_CODE_END(xen_cpu_bringup_again) #else # define FEATURES_DOM0 0 #endif - ELFNOTE(Xen, XEN_ELFNOTE_HYPERCALL_PAGE, _ASM_PTR hypercall_page) + ELFNOTE(Xen, XEN_ELFNOTE_HYPERCALL_PAGE, .globl xen_elfnote_hypercall_page; + xen_elfnote_hypercall_page: _ASM_PTR xen_elfnote_hypercall_page_value - .) ELFNOTE(Xen, XEN_ELFNOTE_SUPPORTED_FEATURES, .long FEATURES_PV | FEATURES_PVH | FEATURES_DOM0) ELFNOTE(Xen, XEN_ELFNOTE_LOADER, .asciz "generic") From patchwork Wed Oct 9 16:04:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13828724 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 199D7CEE32A for ; Wed, 9 Oct 2024 16:09:29 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.814891.1228624 (Exim 4.92) (envelope-from ) id 1syZFV-0005Xn-Kx; Wed, 09 Oct 2024 16:09:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 814891.1228624; Wed, 09 Oct 2024 16:09:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFV-0005WI-EM; Wed, 09 Oct 2024 16:09:17 +0000 Received: by outflank-mailman (input) for mailman id 814891; Wed, 09 Oct 2024 16:09:17 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1syZFV-0004OJ-11 for xen-devel@lists.xenproject.org; Wed, 09 Oct 2024 16:09:17 +0000 Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com [2a00:1450:4864:20::34a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d50a3166-8658-11ef-a0bd-8be0dac302b0; Wed, 09 Oct 2024 18:09:16 +0200 (CEST) Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-4311412e042so3823525e9.2 for ; Wed, 09 Oct 2024 09:09:16 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d50a3166-8658-11ef-a0bd-8be0dac302b0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728490156; x=1729094956; darn=lists.xenproject.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HupRAXXBqO2c8knr9kCujOHZqjOYFZu7/+ot2dyBYgU=; b=04A3D0bNyaFC+Qrueo/Mhjc7Vo2/Pv9J6mrrYjX3/5SUd9wh2typobO32bibuoTogG t3T+396EWYiqUcopWL/4mwdUfSwt9bgWZtsR6baOJaHOVgPFO4xogIl8wJAn/lGtPhC1 Os52S9kubnvX3fYb41HdyOBP8EvBpP/lrQq6K0SIyE7IqcYhGMd7dSGPtJ+N4DhFu51B 93Ro/6l3jj3sH7zDZRTEpa9swMNzx0HbKBsfy/ZYJCbtmOtWk4l3vAyvuCa2nvRil8S5 MPN7EO3jfm56HD+IKzKlG2IQzv49ALYAQUqZv9Zil7RzYiSEO9VniPGsRUhUmFPHGR6c lAxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728490156; x=1729094956; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HupRAXXBqO2c8knr9kCujOHZqjOYFZu7/+ot2dyBYgU=; b=VjQQ9S8eLccSBAt8pFNOEs1kZHCkHV7FU86ncwBLDvym0XHOo5rriqTTI8Ef6o5BKb 4MAW0SwgWlvJTup99WWKeX3XqF+//p2kS2EJMrSsDsLS+JrjCRzGeDjUcIXhBG30uRNT C2t+tuo7BQIJa///it1aTp+nTYTLB7g4dNEtTCbvYa2Xzqty/CJCbBYAxyBndEdWHmJS 7RVinfWnk+n3c5Th9UIYXNSbzr1dAhmLHPxZexzZdnNzwVo4hJfKxv0rpxXosrH6ExoG sD+qeSKefZbM86LVzzdUBiXFGHGXhVTzb3D4W9sc4ChiG5OM/WouIUtFVH+V38VxmeSj q16A== X-Forwarded-Encrypted: i=1; AJvYcCVaYZz7dOF6WNw2OkTdwJxXsX12MMLU5RfbJdhi7BiMLaIDm/p/AdYL3icB8arTXFumOeGy4G74uno=@lists.xenproject.org X-Gm-Message-State: AOJu0YxHxoUBztzcjSuWf6k9uXHHGNtxHVJaXRwlRTFvD1Km4y/PPiII JPsmktcsl0Od51XpbGCd2Z3gavXZ9evQfc5LBwG5buBixcBdn1zwdXFescLyiZHeJoyybw== X-Google-Smtp-Source: AGHT+IF0eoXWAHq3au8yX0LdvnbgYQERBk447P9771B7f8cbOEk+/t/HPey2CQbVWfl9cygw+xLeM33/ X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:600c:331b:b0:426:67e0:3b2 with SMTP id 5b1f17b1804b1-430ccefabddmr20795e9.1.1728490155371; Wed, 09 Oct 2024 09:09:15 -0700 (PDT) Date: Wed, 9 Oct 2024 18:04:44 +0200 In-Reply-To: <20241009160438.3884381-7-ardb+git@google.com> Mime-Version: 1.0 References: <20241009160438.3884381-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3518; i=ardb@kernel.org; h=from:subject; bh=6GoieogoUAEj17Av6HLsT2CSmywAr8csNjqtL7xNpKA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ1t5TzXWXXdV5/qr9v97+vxsDkHP999MSFXzvk3C9cBl rO2X9o8O0pZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBEZl1iZHghPLHULP3cMp+6 cz9NT5ow3TPcfrzua0qmU4Dg27SDJ48z/E84sEs74ejfB2lTLTI6z0zttAue3telfDGjOslWYfl nez4A X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241009160438.3884381-12-ardb+git@google.com> Subject: [PATCH v3 5/5] x86/pvh: Avoid absolute symbol references in .head.text From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Jason Andryuk , Juergen Gross , Boris Ostrovsky , x86@kernel.org, xen-devel@lists.xenproject.org From: Ard Biesheuvel The .head.text section contains code that may execute from a different address than it was linked at. This is fragile, given that the x86 ABI can refer to global symbols via absolute or relative references, and the toolchain assumes that these are interchangeable, which they are not in this particular case. For this reason, all absolute symbol references are being removed from code that is emitted into .head.text. Subsequently, build time validation may be added that ensures that no absolute ELF relocations exist at all in that ELF section. In the case of the PVH code, the absolute references are in 32-bit code, which gets emitted with R_X86_64_32 relocations, and these are even more problematic going forward, as it prevents running the linker in PIE mode. So update the 64-bit code to avoid _pa(), and to only rely on relative symbol references: these are always 32-bits wide, even in 64-bit code, and are resolved by the linker at build time. Reviewed-by: Jason Andryuk Tested-by: Jason Andryuk Signed-off-by: Ard Biesheuvel --- arch/x86/platform/pvh/head.S | 30 ++++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index e6f39d77f0b4..4733a5f467b8 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -6,7 +6,9 @@ .code32 .text +#ifdef CONFIG_X86_32 #define _pa(x) ((x) - __START_KERNEL_map) +#endif #define rva(x) ((x) - pvh_start_xen) #include @@ -72,8 +74,7 @@ SYM_CODE_START(pvh_start_xen) movl $0, %esp leal rva(gdt)(%ebp), %eax - leal rva(gdt_start)(%ebp), %ecx - movl %ecx, 2(%eax) + addl %eax, 2(%eax) lgdt (%eax) mov $PVH_DS_SEL,%eax @@ -103,10 +104,23 @@ SYM_CODE_START(pvh_start_xen) btsl $_EFER_LME, %eax wrmsr + /* + * Reuse the non-relocatable symbol emitted for the ELF note to + * subtract the build time physical address of pvh_start_xen() from + * its actual runtime address, without relying on absolute 32-bit ELF + * relocations, as these are not supported by the linker when running + * in -pie mode, and should be avoided in .head.text in general. + */ mov %ebp, %ebx - subl $_pa(pvh_start_xen), %ebx /* offset */ + subl rva(xen_elfnote_phys32_entry)(%ebp), %ebx jz .Lpagetable_done + /* + * Store the resulting load offset in phys_base. __pa() needs + * phys_base set to calculate the hypercall page in xen_pvh_init(). + */ + movl %ebx, rva(phys_base)(%ebp) + /* Fixup page-tables for relocation. */ leal rva(pvh_init_top_pgt)(%ebp), %edi movl $PTRS_PER_PGD, %ecx @@ -165,14 +179,6 @@ SYM_CODE_START(pvh_start_xen) xor %edx, %edx wrmsr - /* - * Calculate load offset and store in phys_base. __pa() needs - * phys_base set to calculate the hypercall page in xen_pvh_init(). - */ - movq %rbp, %rbx - subq $_pa(pvh_start_xen), %rbx - movq %rbx, phys_base(%rip) - /* Call xen_prepare_pvh() via the kernel virtual mapping */ leaq xen_prepare_pvh(%rip), %rax subq phys_base(%rip), %rax @@ -218,7 +224,7 @@ SYM_CODE_END(pvh_start_xen) .balign 8 SYM_DATA_START_LOCAL(gdt) .word gdt_end - gdt_start - 1 - .long _pa(gdt_start) /* x86-64 will overwrite if relocated. */ + .long gdt_start - gdt .word 0 SYM_DATA_END(gdt) SYM_DATA_START_LOCAL(gdt_start)