Thread (105 messages) 105 messages, 2 authors, 2020-09-01

Re: [PATCH v6 38/76] x86/head/64: Set CR4.FSGSBASE early

From: Borislav Petkov <bp@alien8.de>
Date: 2020-08-29 15:55:58
Also in: kvm, lkml 

On Mon, Aug 24, 2020 at 10:54:33AM +0200, Joerg Roedel wrote:
quoted hunk ↗ jump to hunk
From: Joerg Roedel <redacted>

Early exception handling will use rd/wrgsbase in paranoid_entry/exit.
Enable the feature to avoid #UD exceptions on boot APs.

Signed-off-by: Joerg Roedel <redacted>
Link: https://lore.kernel.org/r/20200724160336.5435-38-joro@8bytes.org (local)
---
 arch/x86/kernel/head_64.S | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 08412f308de3..4622940134a5 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -153,6 +153,13 @@ SYM_CODE_START(secondary_startup_64)
 	orl	$X86_CR4_LA57, %ecx
 1:
 #endif
+
+	ALTERNATIVE "jmp .Lstartup_write_cr4", "", X86_FEATURE_FSGSBASE
+
+	/* Early exception handling uses FSGSBASE on APs */
+	orl	$X86_CR4_FSGSBASE, %ecx
How is this supposed to work?

Alternatives haven't run that early yet and that piece of code looks
like this:

ffffffff81000067:       eb 06                   jmp    ffffffff8100006f <secondary_startup_64+0x1f>
ffffffff81000069:       81 c9 00 00 01 00       or     $0x10000,%ecx
ffffffff8100006f:       0f 22 e1                mov    %rcx,%cr4

so we'll never set X86_CR4_FSGSBASE during early boot.

Stopping a guest with gdb just before that shows the same thing:

Dump of assembler code from 0x1000069 to 0x100007b:
=> 0x0000000001000069:  eb 06   jmp    0x1000071
   0x000000000100006b:  81 c9 00 00 01 00       or     $0x10000,%ecx
   0x0000000001000071:  0f 22 e1        mov    %rcx,%cr4
   0x0000000001000074:  48 03 05 95 ff 20 01    add    0x120ff95(%rip),%rax        # 0x2210010

the unconditional JMP is there and it hasn't been patched out yet.

If you really need to test CPUID flags, you need to do something similar
to what verify_cpu does that early. And looking at that thing:

 *      verify_cpu, returns the status of longmode and SSE in register %eax.
 *              0: Success    1: Failure

you could return the FSGSBASE CPUID bit there too and act accordingly.

Hmm.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help