[PATCH] x86/boot: Fix kexec booting failure after SEV early boot support

From: Kairui Song <kasong@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com,
	x86@kernel.org, thomas.lendacky@amd.com, brijesh.singh@amd.com,
	bp@suse.de, kasong@redhat.com, kexec@lists.infradead.org,
	dyoung@redhat.com
Subject: [PATCH] x86/boot: Fix kexec booting failure after SEV early boot support
Date: Tue, 25 Sep 2018 19:10:20 +0800	[thread overview]
Message-ID: <20180925111020.23834-1-kasong@redhat.com> (raw)

Commit 1958b5fc4010 ("x86/boot: Add early boot support when running
with SEV active") is causing kexec becomes sometimes unstable, kexec
reboot won't start a second kernel bypassing BIOS boot process, instead,
the system got reset.

That's because, in get_sev_encryption_bit function, we are using
32-bit RIP-relative addressing to read the value of enc_bit, but
kexec may alloc the early boot up code to a higher location, which
is beyond 32-bit addressing limit. Some garbage will be read and
get_sev_encryption_bit will return the wrong value, which lead to
wrong memory page flag.

This patch adds a get_sev_encryption_bit_64 function to avoid this
problem. 64-bit early boot code will use this function instead, it
uses native RIP addressing to read the enc_bit which have no problem
with any location.

Fixes: 1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active")
Signed-off-by: Kairui Song <kasong@redhat.com>
---
 arch/x86/boot/compressed/mem_encrypt.S | 64 ++++++++++++++++++--------
 1 file changed, 45 insertions(+), 19 deletions(-)

diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S
index eaa843a52907..41933550449a 100644
--- a/arch/x86/boot/compressed/mem_encrypt.S
+++ b/arch/x86/boot/compressed/mem_encrypt.S
@@ -18,27 +18,13 @@
 
 	.text
 	.code32
-ENTRY(get_sev_encryption_bit)
+do_get_sev_encryption_bit:
 	xor	%eax, %eax
 
 #ifdef CONFIG_AMD_MEM_ENCRYPT
 	push	%ebx
 	push	%ecx
 	push	%edx
-	push	%edi
-
-	/*
-	 * RIP-relative addressing is needed to access the encryption bit
-	 * variable. Since we are running in 32-bit mode we need this call/pop
-	 * sequence to get the proper relative addressing.
-	 */
-	call	1f
-1:	popl	%edi
-	subl	$1b, %edi
-
-	movl	enc_bit(%edi), %eax
-	cmpl	$0, %eax
-	jge	.Lsev_exit
 
 	/* Check if running under a hypervisor */
 	movl	$1, %eax
@@ -69,25 +55,65 @@ ENTRY(get_sev_encryption_bit)
 
 	movl	%ebx, %eax
 	andl	$0x3f, %eax		/* Return the encryption bit location */
-	movl	%eax, enc_bit(%edi)
 	jmp	.Lsev_exit
 
 .Lno_sev:
 	xor	%eax, %eax
-	movl	%eax, enc_bit(%edi)
 
 .Lsev_exit:
-	pop	%edi
 	pop	%edx
 	pop	%ecx
 	pop	%ebx
 
+#endif	/* CONFIG_AMD_MEM_ENCRYPT */
+
+	ret
+
+ENTRY(get_sev_encryption_bit)
+	xor	%eax, %eax
+
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+	push	%edi
+
+	/*
+	 * RIP-relative addressing is needed to access the encryption bit
+	 * variable. Since we are running in 32-bit mode we need this call/pop
+	 * sequence to get the proper relative addressing.
+	 */
+	call	1f
+1:	popl	%edi
+	subl	$1b, %edi
+
+	movl	enc_bit(%edi), %eax
+	cmpl	$0, %eax
+	jge 2f
+
+	call    do_get_sev_encryption_bit
+	movl	%eax, enc_bit(%edi)
+2:
+	pop	%edi
 #endif	/* CONFIG_AMD_MEM_ENCRYPT */
 
 	ret
 ENDPROC(get_sev_encryption_bit)
 
 	.code64
+ENTRY(get_sev_encryption_bit_64)
+	xor	%rax, %rax
+
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+	movl	enc_bit(%rip), %eax
+	cmpl	$0, %eax
+	jge 1f
+
+	call    do_get_sev_encryption_bit
+	movl	%eax, enc_bit(%rip)
+1:
+#endif	/* CONFIG_AMD_MEM_ENCRYPT */
+
+	ret
+ENDPROC(get_sev_encryption_bit_64)
+
 ENTRY(set_sev_encryption_mask)
 #ifdef CONFIG_AMD_MEM_ENCRYPT
 	push	%rbp
@@ -95,7 +121,7 @@ ENTRY(set_sev_encryption_mask)
 
 	movq	%rsp, %rbp		/* Save current stack pointer */
 
-	call	get_sev_encryption_bit	/* Get the encryption bit position */
+	call	get_sev_encryption_bit_64	/* Get the encryption bit position */
 	testl	%eax, %eax
 	jz	.Lno_sev_mask
 
-- 
2.17.1

