diff mbox series

[v5,33/75] x86/head/64: Switch to initial stack earlier

Message ID	20200724160336.5435-34-joro@8bytes.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=BqhU=BD=vger.kernel.org=kvm-owner@kernel.org> From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>, hpa@zytor.com, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Jiri Slaby <jslaby@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, Juergen Gross <jgross@suse.com>, Kees Cook <keescook@chromium.org>, David Rientjes <rientjes@google.com>, Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>, Masami Hiramatsu <mhiramat@kernel.org>, Mike Stunes <mstunes@vmware.com>, Sean Christopherson <sean.j.christopherson@intel.com>, Martin Radev <martin.b.radev@gmail.com>, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v5 33/75] x86/head/64: Switch to initial stack earlier Date: Fri, 24 Jul 2020 18:02:54 +0200 Message-Id: <20200724160336.5435-34-joro@8bytes.org> In-Reply-To: <20200724160336.5435-1-joro@8bytes.org> References: <20200724160336.5435-1-joro@8bytes.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	x86: SEV-ES Guest Support \| expand [v5,00/75] x86: SEV-ES Guest Support [v5,01/75] KVM: SVM: Add GHCB definitions [v5,02/75] KVM: SVM: Add GHCB Accessor functions [v5,03/75] KVM: SVM: Use __packed shorthand [v5,04/75] x86/cpufeatures: Add SEV-ES CPU feature [v5,05/75] x86/traps: Move pf error codes to <asm/trap_pf.h> [v5,06/75] x86/insn: Make inat-tables.c suitable for pre-decompression code [v5,07/75] x86/umip: Factor out instruction fetch [v5,08/75] x86/umip: Factor out instruction decoding [v5,09/75] x86/insn: Add insn_get_modrm_reg_off() [v5,10/75] x86/insn: Add insn_has_rep_prefix() helper [v5,11/75] x86/boot/compressed/64: Disable red-zone usage [v5,12/75] x86/boot/compressed/64: Add IDT Infrastructure [v5,13/75] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c [v5,14/75] x86/boot/compressed/64: Add page-fault handler [v5,15/75] x86/boot/compressed/64: Always switch to own page-table [v5,16/75] x86/boot/compressed/64: Don't pre-map memory in KASLR code [v5,17/75] x86/boot/compressed/64: Change add_identity_map() to take start and end [v5,18/75] x86/boot/compressed/64: Add stage1 #VC handler [v5,19/75] x86/boot/compressed/64: Call set_sev_encryption_mask earlier [v5,20/75] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() [v5,21/75] x86/boot/compressed/64: Add set_page_en/decrypted() helpers [v5,22/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler [v5,23/75] x86/boot/compressed/64: Unmap GHCB page before booting the kernel [v5,24/75] x86/sev-es: Add support for handling IOIO exceptions [v5,25/75] x86/fpu: Move xgetbv()/xsetbv() into separate header [v5,26/75] x86/sev-es: Add CPUID handling to #VC handler [v5,27/75] x86/idt: Move IDT to data segment [v5,28/75] x86/idt: Split idt_data setup out of set_intr_gate() [v5,29/75] x86/head/64: Install startup GDT [v5,30/75] x86/head/64: Setup MSR_GS_BASE before calling into C code [v5,31/75] x86/head/64: Load GDT after switch to virtual addresses [v5,32/75] x86/head/64: Load segment registers earlier [v5,33/75] x86/head/64: Switch to initial stack earlier [v5,34/75] x86/head/64: Make fixup_pointer() static inline [v5,35/75] x86/head/64: Load IDT earlier [v5,36/75] x86/head/64: Move early exception dispatch to C code [v5,37/75] x86/head/64: Set CR4.FSGSBASE early [v5,38/75] x86/sev-es: Add SEV-ES Feature Detection [v5,39/75] x86/sev-es: Print SEV-ES info into kernel log [v5,40/75] x86/sev-es: Compile early handler code into kernel image [v5,41/75] x86/sev-es: Setup early #VC handler [v5,42/75] x86/sev-es: Setup GHCB based boot #VC handler [v5,43/75] x86/sev-es: Setup per-cpu GHCBs for the runtime handler [v5,44/75] x86/sev-es: Allocate and Map IST stack for #VC handler [v5,45/75] x86/sev-es: Adjust #VC IST Stack on entering NMI handler [v5,46/75] x86/dumpstack/64: Add noinstr version of get_stack_info() [v5,47/75] x86/entry/64: Add entry code for #VC handler [v5,48/75] x86/sev-es: Add Runtime #VC Exception Handler [v5,49/75] x86/sev-es: Wire up existing #VC exit-code handlers [v5,50/75] x86/sev-es: Handle instruction fetches from user-space [v5,51/75] x86/sev-es: Handle MMIO events [v5,52/75] x86/sev-es: Handle MMIO String Instructions [v5,53/75] x86/sev-es: Handle MSR events [v5,54/75] x86/sev-es: Handle DR7 read/write events [v5,55/75] x86/sev-es: Handle WBINVD Events [v5,56/75] x86/sev-es: Handle RDTSC(P) Events [v5,57/75] x86/sev-es: Handle RDPMC Events [v5,58/75] x86/sev-es: Handle INVD Events [v5,59/75] x86/sev-es: Handle MONITOR/MONITORX Events [v5,60/75] x86/sev-es: Handle MWAIT/MWAITX Events [v5,61/75] x86/sev-es: Handle VMMCALL Events [v5,62/75] x86/sev-es: Handle #AC Events [v5,63/75] x86/sev-es: Handle #DB Events [v5,64/75] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES [v5,65/75] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES [v5,66/75] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES [v5,67/75] x86/realmode: Add SEV-ES specific trampoline entry point [v5,68/75] x86/realmode: Setup AP jump table [v5,69/75] x86/smpboot: Setup TSS for starting AP [v5,70/75] x86/head/64: Don't call verify_cpu() on starting APs [v5,71/75] x86/head/64: Rename start_cpu0 [v5,72/75] x86/sev-es: Support CPU offline/online [v5,73/75] x86/sev-es: Handle NMI State [v5,74/75] x86/efi: Add GHCB mappings when SEV-ES is active [v5,75/75] x86/sev-es: Check required CPU features for SEV-ES

Commit Message

Joerg Roedel July 24, 2020, 4:02 p.m. UTC

From: Joerg Roedel <jroedel@suse.de>

Make sure there is a stack once the kernel runs from virual addresses.
At this stage any secondary CPU which boots will have lost its stack
because the kernel switched to a new page-table which does not map the
real-mode stack anymore.

This is needed for handling early #VC exceptions caused by instructions
like CPUID.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/kernel/head_64.S | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Comments

Kees Cook July 24, 2020, 5:43 p.m. UTC | #1

On Fri, Jul 24, 2020 at 06:02:54PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
> 
> Make sure there is a stack once the kernel runs from virual addresses.
> At this stage any secondary CPU which boots will have lost its stack
> because the kernel switched to a new page-table which does not map the
> real-mode stack anymore.
> 
> This is needed for handling early #VC exceptions caused by instructions
> like CPUID.
> 
> Signed-off-by: Joerg Roedel <jroedel@suse.de>

Reviewed-by: Kees Cook <keescook@chromium.org>

diff mbox series

Patch

diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 057c7bd3eeb6..a5e1939d1dc9 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -200,6 +200,12 @@  SYM_CODE_START(secondary_startup_64)
 	movl	initial_gs+4(%rip),%edx
 	wrmsr
 
+	/*
+	 * Setup a boot time stack - Any secondary CPU will have lost its stack
+	 * by now because the cr3-switch above unmaps the real-mode stack
+	 */
+	movq initial_stack(%rip), %rsp
+
 	/* Check if nx is implemented */
 	movl	$0x80000001, %eax
 	cpuid
@@ -220,9 +226,6 @@  SYM_CODE_START(secondary_startup_64)
 	/* Make changes effective */
 	movq	%rax, %cr0
 
-	/* Setup a boot time stack */
-	movq initial_stack(%rip), %rsp
-
 	/* zero EFLAGS after setting rsp */
 	pushq $0
 	popfq