Re: [PATCH v4 01/11] x86/startup_64: Simplify global variable accesses in GDT/IDT programming

From: Ard Biesheuvel <ardb@kernel.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Ard Biesheuvel <ardb+git@google.com>,
	linux-kernel@vger.kernel.org,
	 Kevin Loughlin <kevinloughlin@google.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	 Dionna Glaze <dionnaglaze@google.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	 Ingo Molnar <mingo@redhat.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	 Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
	Nathan Chancellor <nathan@kernel.org>,
	 Nick Desaulniers <ndesaulniers@google.com>,
	Justin Stitt <justinstitt@google.com>,
	 Kees Cook <keescook@chromium.org>,
	Brian Gerst <brgerst@gmail.com>,
	linux-arch@vger.kernel.org,  llvm@lists.linux.dev
Subject: Re: [PATCH v4 01/11] x86/startup_64: Simplify global variable accesses in GDT/IDT programming
Date: Wed, 14 Feb 2024 08:28:41 +0100	[thread overview]
Message-ID: <CAMj1kXFdUD_kCh0h1HcpOVoQJNcP11OHB+FJ-=HGfP3RRdy81w@mail.gmail.com> (raw)
In-Reply-To: <CAMj1kXG4rSGaB8Q2qFcgOH=dqS0yvR8Ofur=h5C-jq_TqiFzVg@mail.gmail.com>

On Tue, 13 Feb 2024 at 22:53, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Tue, 13 Feb 2024 at 21:06, Borislav Petkov <bp@alien8.de> wrote:
> >
> > On Tue, Feb 13, 2024 at 01:41:45PM +0100, Ard Biesheuvel wrote:
> > > @@ -632,5 +616,5 @@ void __head startup_64_setup_env(unsigned long physbase)
> > >                    "movl %%eax, %%ss\n"
> > >                    "movl %%eax, %%es\n" : : "a"(__KERNEL_DS) : "memory");
> > >
> > > -     startup_64_load_idt(physbase);
> > > +     startup_64_load_idt(&RIP_REL_REF(vc_no_ghcb));
> >
> > It took me a while to figure out that even if we pass in one of the two
> > GHCB handler pointers, we only set it if CONFIG_AMD_MEM_ENCRYPT.
> >
> > I think this ontop of yours is a bit more readable as it makes it
> > perfectly clear *when* the pointer is valid.
> >
>
> Looks fine to me.
>
> > Yeah, if handler is set, we set it for the X86_TRAP_VC vector
> > unconditionally but that can be changed later, if really needed.
> >
>
> We might call the parameter 'vc_handler' to make this clearer.

Actually, we can merge set_bringup_idt_handler() into its caller as well:

diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index aee99cfda4eb..804ba9a2214f 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -501,30 +501,22 @@ void __init __noreturn
x86_64_start_reservations(char *real_mode_data)
  */
 static gate_desc bringup_idt_table[NUM_EXCEPTION_VECTORS] __page_aligned_data;

-static void __head set_bringup_idt_handler(gate_desc *idt, int n,
void *handler)
-{
-#ifdef CONFIG_AMD_MEM_ENCRYPT
-       struct idt_data data;
-       gate_desc desc;
-
-       init_idt_data(&data, n, handler);
-       idt_init_desc(&desc, &data);
-       native_write_idt_entry(idt, n, &desc);
-#endif
-}
-
 /* This may run while still in the direct mapping */
-static void __head startup_64_load_idt(void *handler)
+static void __head startup_64_load_idt(void *vc_handler)
 {
        struct desc_ptr desc = {
                .address        = (unsigned
long)&RIP_REL_REF(bringup_idt_table),
                .size           = sizeof(bringup_idt_table) - 1,
        };
-       gate_desc *idt = (gate_desc *)desc.address;
+       struct idt_data data;
+       gate_desc idt_desc;

-       if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT))
-               /* VMM Communication Exception */
-               set_bringup_idt_handler(idt, X86_TRAP_VC, handler);
+       if (vc_handler) {
+               init_idt_data(&data, X86_TRAP_VC, vc_handler);
+               idt_init_desc(&idt_desc, &data);
+               native_write_idt_entry((gate_desc *)desc.address,
+                                      X86_TRAP_VC, &idt_desc);
+       }

        native_load_idt(&desc);
 }


(^^^ plus your changes boot tested on SEV-SNP)
