From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F736C433E6 for ; Sat, 29 Aug 2020 15:55:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 24E5520707 for ; Sat, 29 Aug 2020 15:55:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=alien8.de header.i=@alien8.de header.b="S7HKF4Tp" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728432AbgH2Pzy (ORCPT ); Sat, 29 Aug 2020 11:55:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728350AbgH2Pza (ORCPT ); Sat, 29 Aug 2020 11:55:30 -0400 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B3FDC061239; Sat, 29 Aug 2020 08:55:29 -0700 (PDT) Received: from zn.tnic (p200300ec2f20450061bc46564a6ab4aa.dip0.t-ipconnect.de [IPv6:2003:ec:2f20:4500:61bc:4656:4a6a:b4aa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id EDDB41EC037C; Sat, 29 Aug 2020 17:55:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1598716528; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=/hKrT6Agxsa0U42BH+OXVujqtR6Nrnq1ZKABoxchmnQ=; b=S7HKF4Tptffv/o1WtKtqUzdKtdftwyIQBtMOCSEWGCYytv/FZEnVROCv9pXhDh6fn4saNE ExIP/iUquIhslj/obBhSNv7pw8mAkwV0T+DA+QEsGeLvuXZWkElDhiFiSyTCZ1F9bUVRmw l9HDLUPGTfCtTdr1HNIiZ5XGTFxKUmQ= Date: Sat, 29 Aug 2020 17:55:25 +0200 From: Borislav Petkov To: Joerg Roedel Cc: x86@kernel.org, Joerg Roedel , hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: Re: [PATCH v6 38/76] x86/head/64: Set CR4.FSGSBASE early Message-ID: <20200829155525.GB29091@zn.tnic> References: <20200824085511.7553-1-joro@8bytes.org> <20200824085511.7553-39-joro@8bytes.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200824085511.7553-39-joro@8bytes.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 24, 2020 at 10:54:33AM +0200, Joerg Roedel wrote: > From: Joerg Roedel > > Early exception handling will use rd/wrgsbase in paranoid_entry/exit. > Enable the feature to avoid #UD exceptions on boot APs. > > Signed-off-by: Joerg Roedel > Link: https://lore.kernel.org/r/20200724160336.5435-38-joro@8bytes.org > --- > arch/x86/kernel/head_64.S | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S > index 08412f308de3..4622940134a5 100644 > --- a/arch/x86/kernel/head_64.S > +++ b/arch/x86/kernel/head_64.S > @@ -153,6 +153,13 @@ SYM_CODE_START(secondary_startup_64) > orl $X86_CR4_LA57, %ecx > 1: > #endif > + > + ALTERNATIVE "jmp .Lstartup_write_cr4", "", X86_FEATURE_FSGSBASE > + > + /* Early exception handling uses FSGSBASE on APs */ > + orl $X86_CR4_FSGSBASE, %ecx How is this supposed to work? Alternatives haven't run that early yet and that piece of code looks like this: ffffffff81000067: eb 06 jmp ffffffff8100006f ffffffff81000069: 81 c9 00 00 01 00 or $0x10000,%ecx ffffffff8100006f: 0f 22 e1 mov %rcx,%cr4 so we'll never set X86_CR4_FSGSBASE during early boot. Stopping a guest with gdb just before that shows the same thing: Dump of assembler code from 0x1000069 to 0x100007b: => 0x0000000001000069: eb 06 jmp 0x1000071 0x000000000100006b: 81 c9 00 00 01 00 or $0x10000,%ecx 0x0000000001000071: 0f 22 e1 mov %rcx,%cr4 0x0000000001000074: 48 03 05 95 ff 20 01 add 0x120ff95(%rip),%rax # 0x2210010 the unconditional JMP is there and it hasn't been patched out yet. If you really need to test CPUID flags, you need to do something similar to what verify_cpu does that early. And looking at that thing: * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure you could return the FSGSBASE CPUID bit there too and act accordingly. Hmm. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette