git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Ard Biesheuvel <ardb@kernel.org>
	Thu, 28 Aug 2025 10:22:22 +0000 (12:22 +0200)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Wed, 3 Sep 2025 16:00:01 +0000 (18:00 +0200)
commit	7b38dec3c5af54665a4b29483aa02bd1c1e71cf1
tree	a20980b779d5b840910a0baeeed65601acf2c334	tree \| snapshot
parent	749627c3980e4421b709857e979e8aa16a4c7147	commit \| diff

x86/boot: Create a confined code area for startup code

In order to be able to have tight control over which code may execute
from the early 1:1 mapping of memory, but still link vmlinux as a single
executable, prefix all symbol references in startup code with __pi_, and
invoke it from outside using the __pi_ prefix.

Use objtool to check that no absolute symbol references are present in
the startup code, as these cannot be used from code running from the 1:1
mapping.

Note that this also requires disabling the latent-entropy GCC plugin, as
the global symbol references that it injects would require explicit
exports, and given that the startup code rarely executes more than once,
it is not a useful source of entropy anyway.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250828102202.1849035-43-ardb+git@google.com

arch/x86/boot/startup/Makefile		diff \| blob \| blame \| history
arch/x86/boot/startup/sev-shared.c		diff \| blob \| blame \| history
arch/x86/boot/startup/sme.c		diff \| blob \| blame \| history
arch/x86/coco/sev/core.c		diff \| blob \| blame \| history
arch/x86/include/asm/setup.h		diff \| blob \| blame \| history
arch/x86/include/asm/sev.h		diff \| blob \| blame \| history
arch/x86/kernel/head64.c		diff \| blob \| blame \| history
arch/x86/kernel/head_64.S		diff \| blob \| blame \| history
arch/x86/mm/mem_encrypt_boot.S		diff \| blob \| blame \| history
tools/objtool/check.c		diff \| blob \| blame \| history