From: Borislav Petkov <bp@alien8.de>
To: Joerg Roedel <joro@8bytes.org>
Cc: x86@kernel.org, hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Hellstrom <thellstrom@vmware.com>,
Jiri Slaby <jslaby@suse.cz>,
Dan Williams <dan.j.williams@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Juergen Gross <jgross@suse.com>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
virtualization@lists.linux-foundation.org,
Joerg Roedel <jroedel@suse.de>
Subject: Re: [PATCH 14/70] x86/boot/compressed/64: Add page-fault handler
Date: Thu, 2 Apr 2020 13:49:41 +0200 [thread overview]
Message-ID: <20200402114941.GA9352@zn.tnic> (raw)
In-Reply-To: <20200319091407.1481-15-joro@8bytes.org>
On Thu, Mar 19, 2020 at 10:13:11AM +0100, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
>
> Install a page-fault handler to add an identity mapping to addresses
> not yet mapped. Also do some checking whether the error code is sane.
>
> This makes non SEV-ES machines use the exception handling
> infrastructure in the pre-decompressions boot code too, making it less
> likely to break in the future.
>
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
> arch/x86/boot/compressed/ident_map_64.c | 38 ++++++++++++++++++++++
> arch/x86/boot/compressed/idt_64.c | 2 ++
> arch/x86/boot/compressed/idt_handlers_64.S | 2 ++
> arch/x86/boot/compressed/misc.h | 6 ++++
> 4 files changed, 48 insertions(+)
>
> diff --git a/arch/x86/boot/compressed/ident_map_64.c b/arch/x86/boot/compressed/ident_map_64.c
> index 3a2115582920..0865d181b85d 100644
> --- a/arch/x86/boot/compressed/ident_map_64.c
> +++ b/arch/x86/boot/compressed/ident_map_64.c
> @@ -19,11 +19,13 @@
> /* No PAGE_TABLE_ISOLATION support needed either: */
> #undef CONFIG_PAGE_TABLE_ISOLATION
>
> +#include "error.h"
> #include "misc.h"
>
> /* These actually do the work of building the kernel identity maps. */
> #include <asm/init.h>
> #include <asm/pgtable.h>
> +#include <asm/trap_defs.h>
> /* Use the static base for this part of the boot process */
> #undef __PAGE_OFFSET
> #define __PAGE_OFFSET __PAGE_OFFSET_BASE
> @@ -163,3 +165,39 @@ void finalize_identity_maps(void)
> {
> write_cr3(top_level_pgt);
> }
> +
> +static void pf_error(unsigned long error_code, unsigned long address,
> + struct pt_regs *regs)
AFAICT, that function is called below only so just merge its body into
the call site instead...
> +{
> + error_putstr("Unexpected page-fault:");
> + error_putstr("\nError Code: ");
> + error_puthex(error_code);
> + error_putstr("\nCR2: 0x");
> + error_puthex(address);
> + error_putstr("\nRIP relative to _head: 0x");
> + error_puthex(regs->ip - (unsigned long)_head);
> + error_putstr("\n");
> +
> + error("Stopping.\n");
> +}
> +
> +void do_boot_page_fault(struct pt_regs *regs)
> +{
> + unsigned long address = native_read_cr2();
> + unsigned long error_code = regs->orig_ax;
> +
> + /*
> + * Check for unexpected error codes. Unexpected are:
> + * - Faults on present pages
> + * - User faults
> + * - Reserved bits set
> + */
> + if (error_code & (X86_PF_PROT | X86_PF_USER | X86_PF_RSVD))
> + pf_error(error_code, address, regs);
> +
> + /*
> + * Error code is sane - now identity map the 2M region around
> + * the faulting address.
> + */
> + add_identity_map(address & PMD_MASK, PMD_SIZE);
> +}
> diff --git a/arch/x86/boot/compressed/idt_64.c b/arch/x86/boot/compressed/idt_64.c
> index 46ecea671b90..84ba57d9d436 100644
> --- a/arch/x86/boot/compressed/idt_64.c
> +++ b/arch/x86/boot/compressed/idt_64.c
> @@ -39,5 +39,7 @@ void load_stage2_idt(void)
> {
> boot_idt_desc.address = (unsigned long)boot_idt;
>
> + set_idt_entry(X86_TRAP_PF, boot_pf_handler);
> +
> load_boot_idt(&boot_idt_desc);
> }
> diff --git a/arch/x86/boot/compressed/idt_handlers_64.S b/arch/x86/boot/compressed/idt_handlers_64.S
> index 3d86ab35ef52..bfb3fc5aa144 100644
> --- a/arch/x86/boot/compressed/idt_handlers_64.S
> +++ b/arch/x86/boot/compressed/idt_handlers_64.S
> @@ -73,3 +73,5 @@ SYM_FUNC_END(\name)
>
> .text
> .code64
> +
> +EXCEPTION_HANDLER boot_pf_handler do_boot_page_fault error_code=1
boot_page_fault do_boot_page_fault
equivalent to the PF handler proper naming pls. Grepping "page_fault"
would give you all then.
> diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
> index 3a030a878d53..eff4ed0b1cea 100644
> --- a/arch/x86/boot/compressed/misc.h
> +++ b/arch/x86/boot/compressed/misc.h
> @@ -37,6 +37,9 @@
> #define memptr unsigned
> #endif
>
> +/* boot/compressed/vmlinux start and end markers */
> +extern char _head[], _end[];
> +
> /* misc.c */
> extern memptr free_mem_ptr;
> extern memptr free_mem_end_ptr;
> @@ -146,4 +149,7 @@ extern pteval_t __default_kernel_pte_mask;
> extern gate_desc boot_idt[BOOT_IDT_ENTRIES];
> extern struct desc_ptr boot_idt_desc;
>
> +/* IDT Entry Points */
> +void boot_pf_handler(void);
> +
> #endif /* BOOT_COMPRESSED_MISC_H */
> --
> 2.17.1
>
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2020-04-02 11:49 UTC|newest]
Thread overview: 181+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-19 9:12 [RFC PATCH 00/70 v2] x86: SEV-ES Guest Support Joerg Roedel
2020-03-19 9:12 ` [PATCH 01/70] KVM: SVM: Add GHCB definitions Joerg Roedel
2020-03-23 13:23 ` [PATCH] KVM: SVM: Use __packed shorthard Borislav Petkov
2020-03-24 12:43 ` Joerg Roedel
2020-03-19 9:12 ` [PATCH 02/70] KVM: SVM: Add GHCB Accessor functions Joerg Roedel
2020-03-19 9:13 ` [PATCH 03/70] x86/cpufeatures: Add SEV-ES CPU feature Joerg Roedel
2020-03-19 9:13 ` [PATCH 04/70] x86/traps: Move some definitions to <asm/trap_defs.h> Joerg Roedel
2020-03-19 9:13 ` [PATCH 05/70] x86/insn: Make inat-tables.c suitable for pre-decompression code Joerg Roedel
2020-03-25 15:39 ` Borislav Petkov
2020-03-27 3:02 ` Masami Hiramatsu
2020-04-16 15:24 ` Joerg Roedel
2020-04-17 12:50 ` Masami Hiramatsu
2020-04-17 13:39 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 06/70] x86/umip: Factor out instruction fetch Joerg Roedel
2020-03-26 17:21 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 07/70] x86/umip: Factor out instruction decoding Joerg Roedel
2020-03-26 17:24 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 08/70] x86/insn: Add insn_get_modrm_reg_off() Joerg Roedel
2020-03-27 3:57 ` Masami Hiramatsu
2020-03-19 9:13 ` [PATCH 09/70] x86/insn: Add insn_rep_prefix() helper Joerg Roedel
2020-03-27 3:56 ` Masami Hiramatsu
2020-03-19 9:13 ` [PATCH 10/70] x86/boot/compressed: Fix debug_puthex() parameter type Joerg Roedel
2020-03-28 11:23 ` [tip: x86/boot] " tip-bot2 for Joerg Roedel
2020-03-19 9:13 ` [PATCH 11/70] x86/boot/compressed/64: Disable red-zone usage Joerg Roedel
2020-03-31 13:16 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 12/70] x86/boot/compressed/64: Add IDT Infrastructure Joerg Roedel
2020-04-07 2:21 ` Arvind Sankar
2020-04-16 13:30 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 13/70] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c Joerg Roedel
2020-03-19 9:13 ` [PATCH 14/70] x86/boot/compressed/64: Add page-fault handler Joerg Roedel
2020-04-02 11:49 ` Borislav Petkov [this message]
2020-03-19 9:13 ` [PATCH 15/70] x86/boot/compressed/64: Always switch to own page-table Joerg Roedel
2020-04-06 11:56 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 16/70] x86/boot/compressed/64: Don't pre-map memory in KASLR code Joerg Roedel
2020-03-19 9:13 ` [PATCH 17/70] x86/boot/compressed/64: Change add_identity_map() to take start and end Joerg Roedel
2020-03-19 9:13 ` [PATCH 18/70] x86/boot/compressed/64: Add stage1 #VC handler Joerg Roedel
2020-03-20 21:16 ` David Rientjes
2020-03-20 22:19 ` Joerg Roedel
2020-04-06 12:41 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 19/70] x86/boot/compressed/64: Call set_sev_encryption_mask earlier Joerg Roedel
2020-03-19 9:13 ` [PATCH 20/70] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() Joerg Roedel
2020-03-19 9:13 ` [PATCH 21/70] x86/boot/compressed/64: Add function to map a page unencrypted Joerg Roedel
2020-03-20 20:53 ` David Rientjes
2020-03-20 21:02 ` Dave Hansen
2020-03-20 22:12 ` Joerg Roedel
2020-03-20 22:26 ` Dave Hansen
2020-03-21 15:40 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 22/70] x86/boot/compressed/64: Setup GHCB Based VC Exception handler Joerg Roedel
2020-03-19 9:13 ` [PATCH 23/70] x86/sev-es: Add support for handling IOIO exceptions Joerg Roedel
2020-03-20 21:03 ` David Rientjes
2020-03-20 22:24 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 24/70] x86/fpu: Move xgetbv()/xsetbv() into separate header Joerg Roedel
2020-03-19 9:13 ` [PATCH 25/70] x86/sev-es: Add CPUID handling to #VC handler Joerg Roedel
2020-03-19 9:13 ` [PATCH 26/70] x86/idt: Move IDT to data segment Joerg Roedel
2020-03-19 9:13 ` [PATCH 27/70] x86/idt: Split idt_data setup out of set_intr_gate() Joerg Roedel
2020-03-19 9:13 ` [PATCH 28/70] x86/idt: Move two function from k/idt.c to i/a/desc.h Joerg Roedel
2020-03-19 9:13 ` [PATCH 29/70] x86/head/64: Install boot GDT Joerg Roedel
2020-03-19 9:13 ` [PATCH 30/70] x86/head/64: Reload GDT after switch to virtual addresses Joerg Roedel
2020-03-19 9:13 ` [PATCH 31/70] x86/head/64: Load segment registers earlier Joerg Roedel
2020-03-19 9:13 ` [PATCH 32/70] x86/head/64: Switch to initial stack earlier Joerg Roedel
2020-03-19 9:13 ` [PATCH 33/70] x86/head/64: Build k/head64.c with -fno-stack-protector Joerg Roedel
2020-03-19 9:13 ` [PATCH 34/70] x86/head/64: Load IDT earlier Joerg Roedel
2020-03-19 9:13 ` [PATCH 35/70] x86/head/64: Move early exception dispatch to C code Joerg Roedel
2020-03-19 9:13 ` [PATCH 36/70] x86/sev-es: Add SEV-ES Feature Detection Joerg Roedel
2020-03-19 9:13 ` [PATCH 37/70] x86/sev-es: Compile early handler code into kernel image Joerg Roedel
2020-03-19 9:13 ` [PATCH 38/70] x86/sev-es: Setup early #VC handler Joerg Roedel
2020-03-19 9:13 ` [PATCH 39/70] x86/sev-es: Setup GHCB based boot " Joerg Roedel
2020-03-19 9:13 ` [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler Joerg Roedel
2020-04-14 19:03 ` Mike Stunes
2020-04-14 20:04 ` Tom Lendacky
2020-04-14 20:12 ` Dave Hansen
2020-04-14 20:16 ` Tom Lendacky
2020-04-14 20:18 ` Tom Lendacky
2020-04-15 15:54 ` Joerg Roedel
2020-04-15 15:53 ` Joerg Roedel
2020-04-23 1:33 ` Bo Gan
2020-04-23 11:30 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 41/70] x86/sev-es: Add Runtime #VC Exception Handler Joerg Roedel
2020-03-19 15:44 ` Andy Lutomirski
2020-03-19 16:24 ` Joerg Roedel
2020-03-19 18:43 ` Andy Lutomirski
2020-03-19 19:38 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 42/70] x86/sev-es: Support nested #VC exceptions Joerg Roedel
2020-03-19 15:46 ` Andy Lutomirski
2020-03-19 16:12 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 43/70] x86/sev-es: Wire up existing #VC exit-code handlers Joerg Roedel
2020-03-19 9:13 ` [PATCH 44/70] x86/sev-es: Handle instruction fetches from user-space Joerg Roedel
2020-03-19 9:13 ` [PATCH 45/70] x86/sev-es: Harden runtime #VC handler for exceptions " Joerg Roedel
2020-03-19 9:13 ` [PATCH 46/70] x86/sev-es: Filter exceptions not supported " Joerg Roedel
2020-03-19 9:13 ` [PATCH 47/70] x86/sev-es: Handle MMIO events Joerg Roedel
2020-03-19 9:13 ` [PATCH 48/70] x86/sev-es: Handle MMIO String Instructions Joerg Roedel
2020-03-19 9:13 ` [PATCH 49/70] x86/sev-es: Handle MSR events Joerg Roedel
2020-03-19 9:13 ` [PATCH 50/70] x86/sev-es: Handle DR7 read/write events Joerg Roedel
2020-03-19 9:13 ` [PATCH 51/70] x86/sev-es: Handle WBINVD Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 52/70] x86/sev-es: Handle RDTSC Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 53/70] x86/sev-es: Handle RDPMC Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 54/70] x86/sev-es: Handle INVD Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 55/70] x86/sev-es: Handle RDTSCP Events Joerg Roedel
2020-04-24 21:03 ` [PATCH] Allow RDTSC and RDTSCP from userspace Mike Stunes
2020-04-24 21:24 ` Dave Hansen
2020-04-24 21:27 ` Tom Lendacky
2020-04-24 22:53 ` Dave Hansen
2020-04-25 12:49 ` Joerg Roedel
2020-04-25 18:15 ` Andy Lutomirski
2020-04-25 19:10 ` Joerg Roedel
2020-04-25 19:47 ` Andy Lutomirski
2020-04-25 20:23 ` Joerg Roedel
2020-04-25 22:10 ` Andy Lutomirski
2020-04-27 17:37 ` Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) Andy Lutomirski
2020-04-27 18:15 ` Andrew Cooper
2020-04-27 18:43 ` Tom Lendacky
2020-04-28 7:55 ` Joerg Roedel
2020-04-28 16:34 ` Andrew Cooper
2020-06-23 11:07 ` Peter Zijlstra
2020-06-23 11:30 ` Joerg Roedel
2020-06-23 11:48 ` Peter Zijlstra
2020-06-23 12:04 ` Joerg Roedel
2020-06-23 12:52 ` Peter Zijlstra
2020-06-23 13:40 ` Joerg Roedel
2020-06-23 13:59 ` Peter Zijlstra
2020-06-23 14:53 ` Peter Zijlstra
2020-06-23 14:59 ` Joerg Roedel
2020-06-23 15:23 ` Peter Zijlstra
2020-06-23 15:38 ` Peter Zijlstra
2020-06-23 15:38 ` Joerg Roedel
2020-06-23 16:02 ` Peter Zijlstra
2020-06-23 15:39 ` Andrew Cooper
2020-06-23 15:52 ` Peter Zijlstra
2020-06-23 16:03 ` Dave Hansen
2020-06-23 16:13 ` Peter Zijlstra
2020-06-23 16:13 ` Borislav Petkov
2020-06-23 11:51 ` Andrew Cooper
2020-06-23 12:47 ` Peter Zijlstra
2020-06-23 13:57 ` Andrew Cooper
2020-06-23 15:51 ` Borislav Petkov
2020-06-23 9:45 ` Joerg Roedel
2020-06-23 10:45 ` Peter Zijlstra
2020-06-23 11:11 ` Joerg Roedel
2020-06-23 11:14 ` Peter Zijlstra
2020-06-23 11:43 ` Joerg Roedel
2020-06-23 11:50 ` Peter Zijlstra
2020-06-23 12:12 ` Joerg Roedel
2020-06-23 13:03 ` Peter Zijlstra
2020-06-23 14:49 ` Joerg Roedel
2020-06-23 15:16 ` Peter Zijlstra
2020-06-23 15:32 ` Andrew Cooper
2020-06-23 16:10 ` Borislav Petkov
2020-06-23 15:22 ` Andrew Cooper
2020-06-23 18:26 ` Andy Lutomirski
2020-06-23 18:56 ` Andrew Cooper
2020-04-27 18:47 ` [PATCH] Allow RDTSC and RDTSCP from userspace Dave Hansen
2020-04-25 12:28 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 56/70] x86/sev-es: Handle MONITOR/MONITORX Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 57/70] x86/sev-es: Handle MWAIT/MWAITX Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 58/70] x86/sev-es: Handle VMMCALL Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 59/70] x86/sev-es: Handle #AC Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 60/70] x86/sev-es: Handle #DB Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 61/70] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES Joerg Roedel
2020-03-19 9:13 ` [PATCH 62/70] x86/kvm: Add KVM " Joerg Roedel
2020-03-20 21:23 ` David Rientjes
2020-03-20 22:21 ` Joerg Roedel
2020-03-19 9:14 ` [PATCH 63/70] x86/vmware: Add VMware specific handling for VMMCALL " Joerg Roedel
2020-03-19 10:18 ` Thomas Hellstrom
2020-03-19 9:14 ` [PATCH 64/70] x86/realmode: Add SEV-ES specific trampoline entry point Joerg Roedel
2020-03-19 9:14 ` [PATCH 65/70] x86/realmode: Setup AP jump table Joerg Roedel
2020-03-19 9:14 ` [PATCH 66/70] x86/head/64: Don't call verify_cpu() on starting APs Joerg Roedel
2020-03-19 9:14 ` [PATCH 67/70] x86/head/64: Rename start_cpu0 Joerg Roedel
2020-03-19 9:14 ` [PATCH 68/70] x86/sev-es: Support CPU offline/online Joerg Roedel
2020-03-19 9:14 ` [PATCH 69/70] x86/cpufeature: Add SEV_ES_GUEST CPU Feature Joerg Roedel
2020-03-19 9:14 ` [PATCH 70/70] x86/sev-es: Add NMI state tracking Joerg Roedel
2020-03-19 15:35 ` Andy Lutomirski
2020-03-19 16:07 ` Joerg Roedel
2020-03-19 18:40 ` Andy Lutomirski
2020-03-19 19:26 ` Joerg Roedel
2020-03-19 21:27 ` Andy Lutomirski
2020-03-20 19:48 ` Joerg Roedel
2020-03-20 13:17 ` [RFC PATCH v2.1] x86/sev-es: Handle NMI State Joerg Roedel
2020-03-20 14:42 ` Dave Hansen
2020-03-20 19:42 ` Joerg Roedel
2020-03-19 16:53 ` [PATCH 70/70] x86/sev-es: Add NMI state tracking Mika Penttilä
2020-03-19 19:41 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200402114941.GA9352@zn.tnic \
--to=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=jslaby@suse.cz \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=thellstrom@vmware.com \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).