Displaying 20 results from an estimated 24 matches for "initial_gs".
2020 Aug 28
1
[PATCH v6 31/76] x86/head/64: Setup MSR_GS_BASE before calling into C code
....S
> @@ -78,6 +78,14 @@ SYM_CODE_START_NOALIGN(startup_64)
> call startup_64_setup_env
> popq %rsi
>
> + /*
> + * Setup %gs here already to make stack-protector work - it needs to be
> + * setup again after the switch to kernel addresses. The address read
> + * from initial_gs is a kernel address, so it needs to be adjusted first
> + * for the identity mapping.
> + */
> + movl $MSR_GS_BASE,%ecx
I'm confused: is this missing those three lines:
movl initial_gs(%rip),%eax
movl initial_gs+4(%rip),%edx
wrmsr
as it is done in sec...
2020 Jul 24
0
[PATCH v5 32/75] x86/head/64: Load segment registers earlier
...eax,%gs
+
+ /* Set up %gs.
+ *
+ * The base of %gs always points to fixed_percpu_data. If the
+ * stack protector canary is enabled, it is located at %gs:40.
+ * Note that, on SMP, the boot cpu uses init data section until
+ * the per cpu areas are set up.
+ */
+ movl $MSR_GS_BASE,%ecx
+ movl initial_gs(%rip),%eax
+ movl initial_gs+4(%rip),%edx
+ wrmsr
+
/* Check if nx is implemented */
movl $0x80000001, %eax
cpuid
@@ -201,32 +227,6 @@ SYM_CODE_START(secondary_startup_64)
pushq $0
popfq
- /* set up data segments */
- xorl %eax,%eax
- movl %eax,%ds
- movl %eax,%ss
- movl %eax,%es
-
- /*...
2020 Jul 24
0
[PATCH v5 30/75] x86/head/64: Setup MSR_GS_BASE before calling into C code
...igned long physbase)
asm volatile("movl %%eax, %%ds\n"
"movl %%eax, %%ss\n"
"movl %%eax, %%es\n" : : "a"(__KERNEL_DS) : "memory");
+
+ /* Setup GS_BASE - needed for stack protector */
+ gsbase = (unsigned long)fixup_pointer((void *)initial_gs, physbase);
+ __wrmsr(MSR_GS_BASE, (u32)gsbase, (u32)(gsbase >> 32));
}
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 2b2e91627221..800053219054 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -78,6 +78,14 @@ SYM_CODE_START_NOALIGN(startup...
2020 Aug 24
0
[PATCH v6 31/76] x86/head/64: Setup MSR_GS_BASE before calling into C code
...igned long physbase)
asm volatile("movl %%eax, %%ds\n"
"movl %%eax, %%ss\n"
"movl %%eax, %%es\n" : : "a"(__KERNEL_DS) : "memory");
+
+ /* Setup GS_BASE - needed for stack protector */
+ gsbase = (unsigned long)fixup_pointer((void *)initial_gs, physbase);
+ __wrmsr(MSR_GS_BASE, (u32)gsbase, (u32)(gsbase >> 32));
}
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 2b2e91627221..800053219054 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -78,6 +78,14 @@ SYM_CODE_START_NOALIGN(startup...
2020 Sep 07
0
[PATCH v7 40/72] x86/sev-es: Setup GHCB based boot #VC handler
...rch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index b35030eeec36..96118fb041b8 100644
--- a/arch/x86/include/asm/realmode.h
+++ b/arch/x86/include/asm/realmode.h
@@ -57,6 +57,9 @@ extern unsigned char real_mode_blob_end[];
extern unsigned long initial_code;
extern unsigned long initial_gs;
extern unsigned long initial_stack;
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+extern unsigned long initial_vc_handler;
+#endif
extern unsigned char real_mode_blob[];
extern unsigned char real_mode_relocs[];
diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
index 517920928989....
2020 Jul 24
0
[PATCH v5 33/75] x86/head/64: Switch to initial stack earlier
...| 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 057c7bd3eeb6..a5e1939d1dc9 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -200,6 +200,12 @@ SYM_CODE_START(secondary_startup_64)
movl initial_gs+4(%rip),%edx
wrmsr
+ /*
+ * Setup a boot time stack - Any secondary CPU will have lost its stack
+ * by now because the cr3-switch above unmaps the real-mode stack
+ */
+ movq initial_stack(%rip), %rsp
+
/* Check if nx is implemented */
movl $0x80000001, %eax
cpuid
@@ -220,9 +226,6 @@...
2020 Aug 24
0
[PATCH v6 70/76] x86/smpboot: Setup TSS for starting AP
...;
/*
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index ce2d8284edb9..b26a7f1bd6fe 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -545,3 +545,14 @@ void __head startup_64_setup_env(unsigned long physbase)
gsbase = (unsigned long)fixup_pointer((void *)initial_gs, physbase);
__wrmsr(MSR_GS_BASE, (u32)gsbase, (u32)(gsbase >> 32));
}
+
+void __head early_load_tss(void)
+{
+ struct desc_struct *gdt = (struct desc_struct *)early_gdt_descr.address;
+ tss_desc tss;
+
+ /* Load TSS only if entry in GDT is marked present */
+ memcpy(&tss, &gdt[GDT_...
2020 Aug 24
96
[PATCH v6 00/76] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is the new version of the SEV-ES client enabling patch-set. It is
based on the latest tip/master branch and contains the necessary
changes. In particular those ar:
- Enabling CR4.FSGSBASE early on supported processors so that
early #VC exceptions on APs can be handled.
- Add another patch (patch 1) to fix a KVM frame-size build
2020 Sep 07
84
[PATCH v7 00/72] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is a new version of the SEV-ES Guest Support patches for x86. The
previous versions can be found as a linked list starting here:
https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/
I updated the patch-set based on ther review comments I got and the
discussions around it.
Another important change is that the early IDT
2020 Sep 07
84
[PATCH v7 00/72] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is a new version of the SEV-ES Guest Support patches for x86. The
previous versions can be found as a linked list starting here:
https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/
I updated the patch-set based on ther review comments I got and the
discussions around it.
Another important change is that the early IDT
2020 Jul 24
86
[PATCH v5 00/75] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is a rebased version of the latest SEV-ES patches. They are now
based on latest tip/master instead of upstream Linux and include the
necessary changes.
Changes to v4 are in particular:
- Moved early IDT setup code to idt.c, because the idt_descr
and the idt_table are now static
- This required to make stack protector work early (or
2020 Feb 11
83
[RFC PATCH 00/62] Linux as SEV-ES Guest Support
Hi,
here is the first public post of the patch-set to enable Linux to run
under SEV-ES enabled hypervisors. The code is mostly feature-complete,
but there are still a couple of bugs to fix. Nevertheless, given the
size of the patch-set, I think it is about time to ask for initial
feedback of the changes that come with it. To better understand the code
here is a quick explanation of SEV-ES first.
2020 Feb 11
83
[RFC PATCH 00/62] Linux as SEV-ES Guest Support
Hi,
here is the first public post of the patch-set to enable Linux to run
under SEV-ES enabled hypervisors. The code is mostly feature-complete,
but there are still a couple of bugs to fix. Nevertheless, given the
size of the patch-set, I think it is about time to ask for initial
feedback of the changes that come with it. To better understand the code
here is a quick explanation of SEV-ES first.
2020 Jul 14
92
[PATCH v4 00/75] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is the fourth version of the SEV-ES Guest Support patches. I
addressed the review comments sent to me for the previous version and
rebased the code v5.8-rc5.
The biggest change in this version is the IST handling code for the
#VC handler. I adapted the entry code for the #VC handler to the big
pile of entry code changes merged into
2020 Jul 14
92
[PATCH v4 00/75] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is the fourth version of the SEV-ES Guest Support patches. I
addressed the review comments sent to me for the previous version and
rebased the code v5.8-rc5.
The biggest change in this version is the IST handling code for the
#VC handler. I adapted the entry code for the #VC handler to the big
pile of entry code changes merged into
2020 Apr 28
116
[PATCH v3 00/75] x86: SEV-ES Guest Support
Hi,
here is the next version of changes to enable Linux to run as an SEV-ES
guest. The code was rebased to v5.7-rc3 and got a fair number of changes
since the last version.
What is SEV-ES
==============
SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted
State' and means a hardware feature of AMD processors which hides the
register state of VCPUs to the hypervisor by
2020 Apr 28
116
[PATCH v3 00/75] x86: SEV-ES Guest Support
Hi,
here is the next version of changes to enable Linux to run as an SEV-ES
guest. The code was rebased to v5.7-rc3 and got a fair number of changes
since the last version.
What is SEV-ES
==============
SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted
State' and means a hardware feature of AMD processors which hides the
register state of VCPUs to the hypervisor by
2018 Mar 13
32
[PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization
Changes:
- patch v2:
- Adapt patch to work post KPTI and compiler changes
- Redo all performance testing with latest configs and compilers
- Simplify mov macro on PIE (MOVABS now)
- Reduce GOT footprint
- patch v1:
- Simplify ftrace implementation.
- Use gcc mstack-protector-guard-reg=%gs with PIE when possible.
- rfc v3:
- Use --emit-relocs instead of -pie to reduce
2018 Mar 13
32
[PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization
Changes:
- patch v2:
- Adapt patch to work post KPTI and compiler changes
- Redo all performance testing with latest configs and compilers
- Simplify mov macro on PIE (MOVABS now)
- Reduce GOT footprint
- patch v1:
- Simplify ftrace implementation.
- Use gcc mstack-protector-guard-reg=%gs with PIE when possible.
- rfc v3:
- Use --emit-relocs instead of -pie to reduce
2017 Oct 04
28
x86: PIE support and option to extend KASLR randomization
These patches make the changes necessary to build the kernel as Position
Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below
the top 2G of the virtual address space. It allows to optionally extend the
KASLR randomization range from 1G to 3G.
Thanks a lot to Ard Biesheuvel & Kees Cook on their feedback on compiler
changes, PIE support and KASLR in general. Thanks to