Re: [PATCH v4 15/75] x86/boot/compressed/64: Always switch to own page-table

[PATCH v4 00/75] x86: SEV-ES Guest Support · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 09/75] x86/insn: Add insn_get_modrm_reg_off() · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 21/75] x86/boot/compressed/64: Add set_page_en/decrypted() helpers · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 22/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 24/75] x86/sev-es: Add support for handling IOIO exceptions · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 31/75] x86/head/64: Reload GDT after switch to virtual addresses · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 41/75] x86/sev-es: Setup GHCB based boot #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 49/75] x86/sev-es: Wire up existing #VC exit-code handlers · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 50/75] x86/sev-es: Handle instruction fetches from user-space · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 51/75] x86/sev-es: Handle MMIO events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 51/75] x86/sev-es: Handle MMIO events · Mike Stunes <hidden> · 2020-07-21
Re: [PATCH v4 51/75] x86/sev-es: Handle MMIO events · Joerg Roedel <hidden> · 2020-07-22
Re: [PATCH v4 51/75] x86/sev-es: Handle MMIO events · Joerg Roedel <hidden> · 2020-07-22
Re: [PATCH v4 51/75] x86/sev-es: Handle MMIO events · Mike Stunes <hidden> · 2020-07-22
Re: [PATCH v4 51/75] x86/sev-es: Handle MMIO events · Joerg Roedel <joro@8bytes.org> · 2020-07-23
[PATCH v4 56/75] x86/sev-es: Handle RDTSC(P) Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 55/75] x86/sev-es: Handle WBINVD Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 61/75] x86/sev-es: Handle VMMCALL Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 63/75] x86/sev-es: Handle #DB Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 63/75] x86/sev-es: Handle #DB Events · Peter Zijlstra <peterz@infradead.org> · 2020-07-15
Re: [PATCH v4 63/75] x86/sev-es: Handle #DB Events · Joerg Roedel <hidden> · 2020-07-15
Re: [PATCH v4 63/75] x86/sev-es: Handle #DB Events · Peter Zijlstra <peterz@infradead.org> · 2020-07-15
Re: [PATCH v4 63/75] x86/sev-es: Handle #DB Events · Joerg Roedel <hidden> · 2020-07-15
Re: [PATCH v4 63/75] x86/sev-es: Handle #DB Events · Peter Zijlstra <peterz@infradead.org> · 2020-07-15
Re: [PATCH v4 63/75] x86/sev-es: Handle #DB Events · Joerg Roedel <hidden> · 2020-07-15
[PATCH v4 67/75] x86/realmode: Add SEV-ES specific trampoline entry point · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 75/75] x86/sev-es: Check required CPU features for SEV-ES · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 72/75] x86/sev-es: Support CPU offline/online · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 73/75] x86/sev-es: Handle NMI State · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 74/75] x86/efi: Add GHCB mappings when SEV-ES is active · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 71/75] x86/head/64: Rename start_cpu0 · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 69/75] x86/head/64: Setup TSS early for secondary CPUs · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on starting APs · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on starting APs · Kees Cook <hidden> · 2020-07-15
Re: [PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on starting APs · Joerg Roedel <hidden> · 2020-07-15
Re: [PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on starting APs · Kees Cook <hidden> · 2020-07-15
Re: [PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on starting APs · Joerg Roedel <hidden> · 2020-07-15
Re: [PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on starting APs · Kees Cook <hidden> · 2020-07-15
Re: [PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on starting APs · Joerg Roedel <joro@8bytes.org> · 2020-07-20
[PATCH v4 66/75] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 68/75] x86/realmode: Setup AP jump table · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 64/75] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 65/75] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 62/75] x86/sev-es: Handle #AC Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 60/75] x86/sev-es: Handle MWAIT/MWAITX Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 58/75] x86/sev-es: Handle INVD Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 59/75] x86/sev-es: Handle MONITOR/MONITORX Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 57/75] x86/sev-es: Handle RDPMC Events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 54/75] x86/sev-es: Handle DR7 read/write events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 53/75] x86/sev-es: Handle MSR events · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 52/75] x86/sev-es: Handle MMIO String Instructions · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 48/75] x86/sev-es: Add Runtime #VC Exception Handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 46/75] x86/dumpstack/64: Add noinstr version of get_stack_info() · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 47/75] x86/entry/64: Add entry code for #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 26/75] x86/sev-es: Add CPUID handling to #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 45/75] x86/sev-es: Adjust #VC IST Stack on entering NMI handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 45/75] x86/sev-es: Adjust #VC IST Stack on entering NMI handler · Peter Zijlstra <peterz@infradead.org> · 2020-07-15
Re: [PATCH v4 45/75] x86/sev-es: Adjust #VC IST Stack on entering NMI handler · Joerg Roedel <hidden> · 2020-07-15
Re: [PATCH v4 45/75] x86/sev-es: Adjust #VC IST Stack on entering NMI handler · Peter Zijlstra <peterz@infradead.org> · 2020-07-15
[PATCH v4 43/75] x86/sev-es: Allocate and Map stacks for #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 44/75] x86/sev-es: Allocate and setup IST entry for #VC · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 39/75] x86/sev-es: Compile early handler code into kernel image · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 42/75] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 23/75] x86/boot/compressed/64: Unmap GHCB page before booting the kernel · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 38/75] x86/sev-es: Print SEV-ES info into kernel log · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 40/75] x86/sev-es: Setup early #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 37/75] x86/sev-es: Add SEV-ES Feature Detection · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 36/75] x86/head/64: Move early exception dispatch to C code · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 35/75] x86/head/64: Load IDT earlier · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 34/75] x86/head/64: Build k/head64.c with -fno-stack-protector · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 34/75] x86/head/64: Build k/head64.c with -fno-stack-protector · Kees Cook <hidden> · 2020-07-15
Re: [PATCH v4 34/75] x86/head/64: Build k/head64.c with -fno-stack-protector · Joerg Roedel <hidden> · 2020-07-15
[PATCH v4 33/75] x86/head/64: Switch to initial stack earlier · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 32/75] x86/head/64: Load segment registers earlier · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 30/75] x86/head/64: Install boot GDT · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 29/75] x86/idt: Move two function from k/idt.c to i/a/desc.h · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 29/75] x86/idt: Move two function from k/idt.c to i/a/desc.h · Kees Cook <hidden> · 2020-07-15
[PATCH v4 28/75] x86/idt: Split idt_data setup out of set_intr_gate() · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 28/75] x86/idt: Split idt_data setup out of set_intr_gate() · Kees Cook <hidden> · 2020-07-15
[PATCH v4 27/75] x86/idt: Move IDT to data segment · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 27/75] x86/idt: Move IDT to data segment · Kees Cook <hidden> · 2020-07-15
[PATCH v4 25/75] x86/fpu: Move xgetbv()/xsetbv() into separate header · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 08/75] x86/umip: Factor out instruction decoding · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 20/75] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 16/75] x86/boot/compressed/64: Don't pre-map memory in KASLR code · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 16/75] x86/boot/compressed/64: Don't pre-map memory in KASLR code · Kees Cook <hidden> · 2020-07-15
[PATCH v4 18/75] x86/boot/compressed/64: Add stage1 #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 19/75] x86/boot/compressed/64: Call set_sev_encryption_mask earlier · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 17/75] x86/boot/compressed/64: Change add_identity_map() to take start and end · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 17/75] x86/boot/compressed/64: Change add_identity_map() to take start and end · Kees Cook <hidden> · 2020-07-15
[PATCH v4 13/75] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 13/75] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c · Kees Cook <hidden> · 2020-07-15
[PATCH v4 14/75] x86/boot/compressed/64: Add page-fault handler · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 14/75] x86/boot/compressed/64: Add page-fault handler · Kees Cook <hidden> · 2020-07-15
[PATCH v4 12/75] x86/boot/compressed/64: Add IDT Infrastructure · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 15/75] x86/boot/compressed/64: Always switch to own page-table · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 15/75] x86/boot/compressed/64: Always switch to own page-table · Kees Cook <hidden> · 2020-07-15
[PATCH v4 10/75] x86/insn: Add insn_has_rep_prefix() helper · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 10/75] x86/insn: Add insn_has_rep_prefix() helper · Masami Hiramatsu <mhiramat@kernel.org> · 2020-07-17
[PATCH v4 11/75] x86/boot/compressed/64: Disable red-zone usage · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 07/75] x86/umip: Factor out instruction fetch · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 06/75] x86/insn: Make inat-tables.c suitable for pre-decompression code · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 06/75] x86/insn: Make inat-tables.c suitable for pre-decompression code · Masami Hiramatsu <mhiramat@kernel.org> · 2020-07-17
[PATCH v4 02/75] KVM: SVM: Add GHCB Accessor functions · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 04/75] x86/cpufeatures: Add SEV-ES CPU feature · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 05/75] x86/traps: Move pf error codes to <asm/trap_pf.h> · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 01/75] KVM: SVM: Add GHCB definitions · Joerg Roedel <joro@8bytes.org> · 2020-07-14
[PATCH v4 03/75] KVM: SVM: Use __packed shorthand · Joerg Roedel <joro@8bytes.org> · 2020-07-14
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Peter Zijlstra <peterz@infradead.org> · 2020-07-15
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Joerg Roedel <hidden> · 2020-07-15
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Peter Zijlstra <peterz@infradead.org> · 2020-07-15
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Joerg Roedel <hidden> · 2020-07-15
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Erdem Aktas <hidden> · 2020-07-21
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Joerg Roedel <hidden> · 2020-07-21
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Erdem Aktas <hidden> · 2020-07-21
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Joerg Roedel <hidden> · 2020-07-22
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Erdem Aktas <hidden> · 2020-07-22
Re: [PATCH v4 00/75] x86: SEV-ES Guest Support · Joerg Roedel <hidden> · 2020-07-22

From: Kees Cook <hidden>
Date: 2020-07-15 01:23:51
Also in: kvm, lkml

On Tue, Jul 14, 2020 at 02:08:17PM +0200, Joerg Roedel wrote:

From: Joerg Roedel <redacted>

When booted through startup_64 the kernel keeps running on the EFI
page-table until the KASLR code sets up its own page-table. Without
KASLR the pre-decompression boot code never switches off the EFI
page-table. Change that by unconditionally switching to a kernel
controlled page-table after relocation.

This makes sure we can make changes to the mapping when necessary, for
example map pages unencrypted in SEV and SEV-ES guests.

Also remove the debug_putstr() calls in initialize_identity_maps()
because the function now runs before console_init() is called.

Signed-off-by: Joerg Roedel <redacted>

Reviewed-by: Kees Cook <redacted>

-- 
Kees Cook

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help