lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z5ARucnUgqjwBnrp@gmail.com>
Date: Tue, 21 Jan 2025 22:29:29 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, the arch/x86 maintainers <x86@...nel.org>,
	David Woodhouse <dwmw2@...radead.org>,
	Ard Biesheuvel <ardb@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: [GIT PULL] x86/boot enhancements for v6.14

Linus,

Please pull the latest x86/boot Git tree from:

   git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86-boot-2025-01-21

   # HEAD: cf4ca80650908628bf1c0c29e3fd236b1915d789 x86/sev: Disable ftrace branch profiling in SEV startup code

   MERGE NOTE: there will be a new conflict when pulling this tree, due to
   overlapping additions to arch/x86/include/asm/sev-common.h. My resolution
   was to advance the Linux-internal enumeration of reason codes, in merge order:

     #define GHCB_TERM_SECURE_TSC		10	/* Secure TSC initialization failed */
     #define GHCB_TERM_SVSM_CA_REMAP_FAIL	11	/* SVSM is present but CA could not be remapped */

x86/boot changes for v6.14:

 - A large and involved preparatory series to pave the way to add 
   exception handling for relocate_kernel - which will be a debugging 
   facility that has aided in the field to debug an exceptionally hard 
   to debug early boot bug. Plus assorted cleanups and fixes that were 
   discovered along the way, by David Woodhouse:

      - Clean up and document register use in relocate_kernel_64.S
      - Use named labels in swap_pages in relocate_kernel_64.S
      - Only swap pages for ::preserve_context mode
      - Allocate PGD for x86_64 transition page tables separately
      - Copy control page into place in machine_kexec_prepare()
      - Invoke copy of relocate_kernel() instead of the original
      - Move relocate_kernel to kernel .data section
      - Add data section to relocate_kernel
      - Drop page_list argument from relocate_kernel()
      - Eliminate writes through kernel mapping of relocate_kernel page
      - Clean up register usage in relocate_kernel()
      - Mark relocate_kernel page as ROX instead of RWX
      - Disable global pages before writing to control page
      - Ensure preserve_context flag is set on return to kernel
      - Use correct swap page in swap_pages function
      - Fix stack and handling of re-entry point for ::preserve_context
      - Mark machine_kexec() with __nocfi
      - Cope with relocate_kernel() not being at the start of the page
      - Use typedef for relocate_kernel_fn function prototype
      - Fix location of relocate_kernel with -ffunction-sections (fix by Nathan Chancellor)

 - A series to remove the last remaining absolute symbol references from
   .head.text, and enforce this at build time, by Ard Biesheuvel:

      - Avoid WARN()s and panic()s in early boot code
      - Don't hang but terminate on failure to remap SVSM CA
      - Determine VA/PA offset before entering C code
      - Avoid intentional absolute symbol references in .head.text
      - Disable UBSAN in early boot code
      - Move ENTRY_TEXT to the start of the image
      - Move .head.text into its own output section
      - Reject absolute references in .head.text

 - Which build-time enforcement uncovered a handful of bugs of essentially
   non-working code, and a wrokaround for a toolchain bug, fixed by
   Ard Biesheuvel as well:

      - Fix spurious undefined reference when CONFIG_X86_5LEVEL=n, on GCC-12
      - Disable UBSAN on SEV code that may execute very early
      - Disable ftrace branch profiling in SEV startup code

 - And miscellaneous cleanups:

       - kexec_core: Add and update comments regarding the KEXEC_JUMP flow (Rafael J. Wysocki)
       - x86/sysfs: Constify 'struct bin_attribute' (Thomas Weißschuh)

Signed-off-by: Ingo Molnar <mingo@...nel.org>

Ard Biesheuvel (11):
      x86/sev: Avoid WARN()s and panic()s in early boot code
      x86/boot/64: Determine VA/PA offset before entering C code
      x86/boot/64: Avoid intentional absolute symbol references in .head.text
      x86/boot: Disable UBSAN in early boot code
      x86/kernel: Move ENTRY_TEXT to the start of the image
      x86/boot: Move .head.text into its own output section
      x86/boot: Reject absolute references in .head.text
      x86/boot/64: Fix spurious undefined reference when CONFIG_X86_5LEVEL=n, on GCC-12
      x86/sev: Disable UBSAN on SEV code that may execute very early
      x86/sev: Don't hang but terminate on failure to remap SVSM CA
      x86/sev: Disable ftrace branch profiling in SEV startup code

David Woodhouse (19):
      x86/kexec: Clean up and document register use in relocate_kernel_64.S
      x86/kexec: Use named labels in swap_pages in relocate_kernel_64.S
      x86/kexec: Only swap pages for ::preserve_context mode
      x86/kexec: Allocate PGD for x86_64 transition page tables separately
      x86/kexec: Copy control page into place in machine_kexec_prepare()
      x86/kexec: Invoke copy of relocate_kernel() instead of the original
      x86/kexec: Move relocate_kernel to kernel .data section
      x86/kexec: Add data section to relocate_kernel
      x86/kexec: Drop page_list argument from relocate_kernel()
      x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page
      x86/kexec: Clean up register usage in relocate_kernel()
      x86/kexec: Mark relocate_kernel page as ROX instead of RWX
      x86/kexec: Disable global pages before writing to control page
      x86/kexec: Ensure preserve_context flag is set on return to kernel
      x86/kexec: Use correct swap page in swap_pages function
      x86/kexec: Fix stack and handling of re-entry point for ::preserve_context
      x86/kexec: Mark machine_kexec() with __nocfi
      x86/kexec: Cope with relocate_kernel() not being at the start of the page
      x86/kexec: Use typedef for relocate_kernel_fn function prototype

Ingo Molnar (1):
      Merge branch 'x86/urgent' into x86/boot, to pick up dependent fixes

Nathan Chancellor (1):
      x86/kexec: Fix location of relocate_kernel with -ffunction-sections

Rafael J. Wysocki (1):
      kexec_core: Add and update comments regarding the KEXEC_JUMP flow

Thomas Weißschuh (1):
      x86/sysfs: Constify 'struct bin_attribute'

 arch/x86/coco/sev/Makefile           |   3 +
 arch/x86/coco/sev/core.c             |  15 ++-
 arch/x86/coco/sev/shared.c           |  16 +--
 arch/x86/include/asm/init.h          |   2 +-
 arch/x86/include/asm/kexec.h         |  54 +++++-----
 arch/x86/include/asm/sections.h      |   1 +
 arch/x86/include/asm/setup.h         |   2 +-
 arch/x86/include/asm/sev-common.h    |   1 +
 arch/x86/kernel/callthunks.c         |   6 ++
 arch/x86/kernel/head64.c             |  40 +++++---
 arch/x86/kernel/head_64.S            |  12 ++-
 arch/x86/kernel/ksysfs.c             |  18 ++--
 arch/x86/kernel/machine_kexec_32.c   |   7 +-
 arch/x86/kernel/machine_kexec_64.c   |  95 ++++++++++-------
 arch/x86/kernel/relocate_kernel_64.S | 193 +++++++++++++++++++----------------
 arch/x86/kernel/vmlinux.lds.S        |  45 +++++---
 arch/x86/tools/relocs.c              |   8 +-
 kernel/kexec_core.c                  |  23 +++--
 18 files changed, 317 insertions(+), 224 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ