From: Adam Dunlap <acdunlap@google.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Sean Christopherson <seanjc@google.com>,
Kim Phillips <kim.phillips@amd.com>,
Juergen Gross <jgross@suse.com>, Ashok Raj <ashok.raj@intel.com>,
Adam Dunlap <acdunlap@google.com>, Joerg Roedel <jroedel@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
David Hildenbrand <david@redhat.com>,
Mike Rapoport <rppt@kernel.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Nikunj A Dadhania <nikunj@amd.com>,
Dionna Glaze <dionnaglaze@google.com>,
Peter Gonda <pgonda@google.com>,
David Rientjes <rientjes@google.com>,
Khalid ElMously <khalid.elmously@canonical.com>,
Jacob Xu <jacobhxu@google.com>
Subject: [PATCH v2 1/2] x86/sev-es: Allow copy_from_kernel_nofault in earlier boot
Date: Mon, 11 Sep 2023 17:27:02 -0700 [thread overview]
Message-ID: <20230912002703.3924521-2-acdunlap@google.com> (raw)
In-Reply-To: <20230912002703.3924521-1-acdunlap@google.com>
Previously, if copy_from_kernel_nofault was called before
boot_cpu_data.x86_virt_bits was set up, then it would trigger undefined
behavior due to a shift by 64. This ended up causing boot failures in
the latest version of ubuntu2204 in the gcp project when using SEV-SNP.
Specifically, this function is called during an early #VC handler which
is triggered by a cpuid to check if nx is implemented.
Fixes: 1aa9aa8ee517 ("x86/sev-es: Setup GHCB-based boot #VC handler")
Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Adam Dunlap <acdunlap@google.com>
---
arch/x86/mm/maccess.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/arch/x86/mm/maccess.c b/arch/x86/mm/maccess.c
index 5a53c2cc169c..6993f026adec 100644
--- a/arch/x86/mm/maccess.c
+++ b/arch/x86/mm/maccess.c
@@ -9,12 +9,21 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
unsigned long vaddr = (unsigned long)unsafe_src;
/*
- * Range covering the highest possible canonical userspace address
- * as well as non-canonical address range. For the canonical range
- * we also need to include the userspace guard page.
+ * Do not allow userspace addresses. This disallows
+ * normal userspace and the userspace guard page:
*/
- return vaddr >= TASK_SIZE_MAX + PAGE_SIZE &&
- __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits);
+ if (vaddr < TASK_SIZE_MAX + PAGE_SIZE)
+ return false;
+
+ /*
+ * Allow everything during early boot before 'x86_virt_bits'
+ * is initialized. Needed for instruction decoding in early
+ * exception handlers.
+ */
+ if (!boot_cpu_data.x86_virt_bits)
+ return true;
+
+ return __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits);
}
#else
bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
--
2.42.0.283.g2d96d420d3-goog
next prev parent reply other threads:[~2023-09-12 0:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-12 0:27 [PATCH v2 0/2] x86/sev-es: Resolve early #VC handler UB Adam Dunlap
2023-09-12 0:27 ` Adam Dunlap [this message]
2023-09-20 20:37 ` [PATCH v2 1/2] x86/sev-es: Allow copy_from_kernel_nofault in earlier boot Sean Christopherson
2023-09-20 22:54 ` Dave Hansen
2023-09-28 21:11 ` [tip: x86/mm] x86/sev-es: Allow copy_from_kernel_nofault() " tip-bot2 for Adam Dunlap
2023-09-12 0:27 ` [PATCH v2 2/2] x86/sev-es: Only set x86_virt_bits to correct value Adam Dunlap
2023-09-28 21:11 ` [tip: x86/mm] x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach tip-bot2 for Adam Dunlap
2023-10-02 20:04 ` [PATCH v2 2/2] x86/sev-es: Only set x86_virt_bits to correct value Nathan Chancellor
2023-10-02 21:41 ` Dave Hansen
2023-10-02 21:46 ` Adam Dunlap
2023-10-02 22:00 ` [PATCH] x86/boot: Move x86_cache_alignment initialization to correct spot Dave Hansen
2023-10-02 22:24 ` Nathan Chancellor
2023-10-03 7:28 ` Ingo Molnar
2023-10-03 7:38 ` [tip: x86/mm] " tip-bot2 for Dave Hansen
2023-09-28 20:51 ` [PATCH v2 0/2] x86/sev-es: Resolve early #VC handler UB Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230912002703.3924521-2-acdunlap@google.com \
--to=acdunlap@google.com \
--cc=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=dionnaglaze@google.com \
--cc=hpa@zytor.com \
--cc=jacobhxu@google.com \
--cc=jgross@suse.com \
--cc=jroedel@suse.de \
--cc=khalid.elmously@canonical.com \
--cc=kim.phillips@amd.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=rientjes@google.com \
--cc=rppt@kernel.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.