From: Greg Kroah-Hartman Date: Mon, 8 Apr 2024 11:56:31 +0000 (+0200) Subject: 6.6-stable patches X-Git-Tag: v5.15.154~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1ad7e9ef802eba27fb472a98ca8952fedca8e600;p=thirdparty%2Fkernel%2Fstable-queue.git 6.6-stable patches added patches: efi-libstub-add-generic-support-for-parsing-mem_encrypt.patch x86-boot-move-mem_encrypt-parsing-to-the-decompressor.patch x86-head-64-move-the-__head-definition-to-asm-init.h.patch --- diff --git a/queue-6.6/efi-libstub-add-generic-support-for-parsing-mem_encrypt.patch b/queue-6.6/efi-libstub-add-generic-support-for-parsing-mem_encrypt.patch new file mode 100644 index 00000000000..2900ab98006 --- /dev/null +++ b/queue-6.6/efi-libstub-add-generic-support-for-parsing-mem_encrypt.patch @@ -0,0 +1,63 @@ +From 7205f06e847422b66c1506eee01b9998ffc75d76 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 27 Feb 2024 16:19:13 +0100 +Subject: efi/libstub: Add generic support for parsing mem_encrypt= + +From: Ard Biesheuvel + +commit 7205f06e847422b66c1506eee01b9998ffc75d76 upstream. + +Parse the mem_encrypt= command line parameter from the EFI stub if +CONFIG_ARCH_HAS_MEM_ENCRYPT=y, so that it can be passed to the early +boot code by the arch code in the stub. + +This avoids the need for the core kernel to do any string parsing very +early in the boot. + +Signed-off-by: Ard Biesheuvel +Signed-off-by: Borislav Petkov (AMD) +Tested-by: Tom Lendacky +Link: https://lore.kernel.org/r/20240227151907.387873-16-ardb+git@google.com +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/libstub/efi-stub-helper.c | 8 ++++++++ + drivers/firmware/efi/libstub/efistub.h | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/firmware/efi/libstub/efi-stub-helper.c ++++ b/drivers/firmware/efi/libstub/efi-stub-helper.c +@@ -24,6 +24,8 @@ static bool efi_noinitrd; + static bool efi_nosoftreserve; + static bool efi_disable_pci_dma = IS_ENABLED(CONFIG_EFI_DISABLE_PCI_DMA); + ++int efi_mem_encrypt; ++ + bool __pure __efi_soft_reserve_enabled(void) + { + return !efi_nosoftreserve; +@@ -75,6 +77,12 @@ efi_status_t efi_parse_options(char cons + efi_noinitrd = true; + } else if (IS_ENABLED(CONFIG_X86_64) && !strcmp(param, "no5lvl")) { + efi_no5lvl = true; ++ } else if (IS_ENABLED(CONFIG_ARCH_HAS_MEM_ENCRYPT) && ++ !strcmp(param, "mem_encrypt") && val) { ++ if (parse_option_str(val, "on")) ++ efi_mem_encrypt = 1; ++ else if (parse_option_str(val, "off")) ++ efi_mem_encrypt = -1; + } else if (!strcmp(param, "efi") && val) { + efi_nochunk = parse_option_str(val, "nochunk"); + efi_novamap |= parse_option_str(val, "novamap"); +--- a/drivers/firmware/efi/libstub/efistub.h ++++ b/drivers/firmware/efi/libstub/efistub.h +@@ -37,8 +37,8 @@ extern bool efi_no5lvl; + extern bool efi_nochunk; + extern bool efi_nokaslr; + extern int efi_loglevel; ++extern int efi_mem_encrypt; + extern bool efi_novamap; +- + extern const efi_system_table_t *efi_system_table; + + typedef union efi_dxe_services_table efi_dxe_services_table_t; diff --git a/queue-6.6/series b/queue-6.6/series index 75be9db3006..3074034295c 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -245,3 +245,6 @@ mptcp-don-t-overwrite-sock_ops-in-mptcp_is_tcpsk.patch mptcp-don-t-account-accept-of-non-mpc-client-as-fallback-to-tcp.patch bpf-put-uprobe-link-s-path-and-task-in-release-callback.patch bpf-support-deferring-bpf_link-dealloc-to-after-rcu-grace-period.patch +x86-head-64-move-the-__head-definition-to-asm-init.h.patch +efi-libstub-add-generic-support-for-parsing-mem_encrypt.patch +x86-boot-move-mem_encrypt-parsing-to-the-decompressor.patch diff --git a/queue-6.6/x86-boot-move-mem_encrypt-parsing-to-the-decompressor.patch b/queue-6.6/x86-boot-move-mem_encrypt-parsing-to-the-decompressor.patch new file mode 100644 index 00000000000..1e4bca312c7 --- /dev/null +++ b/queue-6.6/x86-boot-move-mem_encrypt-parsing-to-the-decompressor.patch @@ -0,0 +1,195 @@ +From cd0d9d92c8bb46e77de62efd7df13069ddd61e7d Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 27 Feb 2024 16:19:14 +0100 +Subject: x86/boot: Move mem_encrypt= parsing to the decompressor + +From: Ard Biesheuvel + +commit cd0d9d92c8bb46e77de62efd7df13069ddd61e7d upstream. + +The early SME/SEV code parses the command line very early, in order to +decide whether or not memory encryption should be enabled, which needs +to occur even before the initial page tables are created. + +This is problematic for a number of reasons: +- this early code runs from the 1:1 mapping provided by the decompressor + or firmware, which uses a different translation than the one assumed by + the linker, and so the code needs to be built in a special way; +- parsing external input while the entire kernel image is still mapped + writable is a bad idea in general, and really does not belong in + security minded code; +- the current code ignores the built-in command line entirely (although + this appears to be the case for the entire decompressor) + +Given that the decompressor/EFI stub is an intrinsic part of the x86 +bootable kernel image, move the command line parsing there and out of +the core kernel. This removes the need to build lib/cmdline.o in a +special way, or to use RIP-relative LEA instructions in inline asm +blocks. + +This involves a new xloadflag in the setup header to indicate +that mem_encrypt=on appeared on the kernel command line. + +Signed-off-by: Ard Biesheuvel +Signed-off-by: Borislav Petkov (AMD) +Tested-by: Tom Lendacky +Link: https://lore.kernel.org/r/20240227151907.387873-17-ardb+git@google.com +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/boot/compressed/misc.c | 15 +++++++++++++++ + arch/x86/include/uapi/asm/bootparam.h | 1 + + arch/x86/lib/Makefile | 13 ------------- + arch/x86/mm/mem_encrypt_identity.c | 32 +++----------------------------- + drivers/firmware/efi/libstub/x86-stub.c | 3 +++ + 5 files changed, 22 insertions(+), 42 deletions(-) + +--- a/arch/x86/boot/compressed/misc.c ++++ b/arch/x86/boot/compressed/misc.c +@@ -358,6 +358,19 @@ unsigned long decompress_kernel(unsigned + } + + /* ++ * Set the memory encryption xloadflag based on the mem_encrypt= command line ++ * parameter, if provided. ++ */ ++static void parse_mem_encrypt(struct setup_header *hdr) ++{ ++ int on = cmdline_find_option_bool("mem_encrypt=on"); ++ int off = cmdline_find_option_bool("mem_encrypt=off"); ++ ++ if (on > off) ++ hdr->xloadflags |= XLF_MEM_ENCRYPTION; ++} ++ ++/* + * The compressed kernel image (ZO), has been moved so that its position + * is against the end of the buffer used to hold the uncompressed kernel + * image (VO) and the execution environment (.bss, .brk), which makes sure +@@ -387,6 +400,8 @@ asmlinkage __visible void *extract_kerne + /* Clear flags intended for solely in-kernel use. */ + boot_params->hdr.loadflags &= ~KASLR_FLAG; + ++ parse_mem_encrypt(&boot_params_ptr->hdr); ++ + sanitize_boot_params(boot_params); + + if (boot_params->screen_info.orig_video_mode == 7) { +--- a/arch/x86/include/uapi/asm/bootparam.h ++++ b/arch/x86/include/uapi/asm/bootparam.h +@@ -38,6 +38,7 @@ + #define XLF_EFI_KEXEC (1<<4) + #define XLF_5LEVEL (1<<5) + #define XLF_5LEVEL_ENABLED (1<<6) ++#define XLF_MEM_ENCRYPTION (1<<7) + + #ifndef __ASSEMBLY__ + +--- a/arch/x86/lib/Makefile ++++ b/arch/x86/lib/Makefile +@@ -14,19 +14,6 @@ ifdef CONFIG_KCSAN + CFLAGS_REMOVE_delay.o = $(CC_FLAGS_FTRACE) + endif + +-# Early boot use of cmdline; don't instrument it +-ifdef CONFIG_AMD_MEM_ENCRYPT +-KCOV_INSTRUMENT_cmdline.o := n +-KASAN_SANITIZE_cmdline.o := n +-KCSAN_SANITIZE_cmdline.o := n +- +-ifdef CONFIG_FUNCTION_TRACER +-CFLAGS_REMOVE_cmdline.o = -pg +-endif +- +-CFLAGS_cmdline.o := -fno-stack-protector -fno-jump-tables +-endif +- + inat_tables_script = $(srctree)/arch/x86/tools/gen-insn-attr-x86.awk + inat_tables_maps = $(srctree)/arch/x86/lib/x86-opcode-map.txt + quiet_cmd_inat_tables = GEN $@ +--- a/arch/x86/mm/mem_encrypt_identity.c ++++ b/arch/x86/mm/mem_encrypt_identity.c +@@ -43,7 +43,6 @@ + + #include + #include +-#include + #include + #include + +@@ -95,9 +94,6 @@ struct sme_populate_pgd_data { + */ + static char sme_workarea[2 * PMD_SIZE] __section(".init.scratch"); + +-static char sme_cmdline_arg[] __initdata = "mem_encrypt"; +-static char sme_cmdline_on[] __initdata = "on"; +- + static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) + { + unsigned long pgd_start, pgd_end, pgd_size; +@@ -504,11 +500,9 @@ void __init sme_encrypt_kernel(struct bo + + void __init sme_enable(struct boot_params *bp) + { +- const char *cmdline_ptr, *cmdline_arg, *cmdline_on; + unsigned int eax, ebx, ecx, edx; + unsigned long feature_mask; + unsigned long me_mask; +- char buffer[16]; + bool snp; + u64 msr; + +@@ -551,6 +545,9 @@ void __init sme_enable(struct boot_param + + /* Check if memory encryption is enabled */ + if (feature_mask == AMD_SME_BIT) { ++ if (!(bp->hdr.xloadflags & XLF_MEM_ENCRYPTION)) ++ return; ++ + /* + * No SME if Hypervisor bit is set. This check is here to + * prevent a guest from trying to enable SME. For running as a +@@ -570,31 +567,8 @@ void __init sme_enable(struct boot_param + msr = __rdmsr(MSR_AMD64_SYSCFG); + if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT)) + return; +- } else { +- /* SEV state cannot be controlled by a command line option */ +- goto out; + } + +- /* +- * Fixups have not been applied to phys_base yet and we're running +- * identity mapped, so we must obtain the address to the SME command +- * line argument data using rip-relative addressing. +- */ +- asm ("lea sme_cmdline_arg(%%rip), %0" +- : "=r" (cmdline_arg) +- : "p" (sme_cmdline_arg)); +- asm ("lea sme_cmdline_on(%%rip), %0" +- : "=r" (cmdline_on) +- : "p" (sme_cmdline_on)); +- +- cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr | +- ((u64)bp->ext_cmd_line_ptr << 32)); +- +- if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0 || +- strncmp(buffer, cmdline_on, sizeof(buffer))) +- return; +- +-out: + RIP_REL_REF(sme_me_mask) = me_mask; + physical_mask &= ~me_mask; + cc_vendor = CC_VENDOR_AMD; +--- a/drivers/firmware/efi/libstub/x86-stub.c ++++ b/drivers/firmware/efi/libstub/x86-stub.c +@@ -888,6 +888,9 @@ void __noreturn efi_stub_entry(efi_handl + } + } + ++ if (efi_mem_encrypt > 0) ++ hdr->xloadflags |= XLF_MEM_ENCRYPTION; ++ + status = efi_decompress_kernel(&kernel_entry); + if (status != EFI_SUCCESS) { + efi_err("Failed to decompress kernel\n"); diff --git a/queue-6.6/x86-head-64-move-the-__head-definition-to-asm-init.h.patch b/queue-6.6/x86-head-64-move-the-__head-definition-to-asm-init.h.patch new file mode 100644 index 00000000000..bffb2d245fd --- /dev/null +++ b/queue-6.6/x86-head-64-move-the-__head-definition-to-asm-init.h.patch @@ -0,0 +1,53 @@ +From d2a285d65bfde3218fd0c3b88794d0135ced680b Mon Sep 17 00:00:00 2001 +From: Hou Wenlong +Date: Tue, 17 Oct 2023 15:08:06 +0800 +Subject: x86/head/64: Move the __head definition to + +From: Hou Wenlong + +commit d2a285d65bfde3218fd0c3b88794d0135ced680b upstream. + +Move the __head section definition to a header to widen its use. + +An upcoming patch will mark the code as __head in mem_encrypt_identity.c too. + +Signed-off-by: Hou Wenlong +Signed-off-by: Ingo Molnar +Link: https://lore.kernel.org/r/0583f57977be184689c373fe540cbd7d85ca2047.1697525407.git.houwenlong.hwl@antgroup.com +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/init.h | 2 ++ + arch/x86/kernel/head64.c | 3 +-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/arch/x86/include/asm/init.h ++++ b/arch/x86/include/asm/init.h +@@ -2,6 +2,8 @@ + #ifndef _ASM_X86_INIT_H + #define _ASM_X86_INIT_H + ++#define __head __section(".head.text") ++ + struct x86_mapping_info { + void *(*alloc_pgt_page)(void *); /* allocate buf for page table */ + void *context; /* context for alloc_pgt_page */ +--- a/arch/x86/kernel/head64.c ++++ b/arch/x86/kernel/head64.c +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + + /* + * Manage page tables very early on. +@@ -84,8 +85,6 @@ static struct desc_ptr startup_gdt_descr + .address = 0, + }; + +-#define __head __section(".head.text") +- + static void __head *fixup_pointer(void *ptr, unsigned long physaddr) + { + return ptr - (void *)_text + (void *)physaddr;