On Wed, 26 Jul 2023 at 17:01, Richard Henderson <richard.hender...@linaro.org> wrote: > > On 7/26/23 01:17, Ard Biesheuvel wrote: > > While working on some EFI boot changes for Linux/x86, I noticed that TCG > > deviates from > > bare metal when it comes to how it handles the value of the stack pointer > > register RSP > > when dropping out of long mode. > > > > On bare metal, RSP is truncated to 32 bits, even if the code that runs in > > 32-bit > > protected mode never uses the stack at all (and uses a long jump rather > > than long > > return to switch back to long mode). This means 64-bit code cannot rely on > > RSP > > surviving any excursions into 32-bit protected mode (with paging disabled). > > > > Let's align TCG with this behavior, so that code that relies on RSP > > retaining its value > > does not inadvertently work while bare metal does not. > > > > Observed on Intel Ice Lake cores. > > > > Cc: Paolo Bonzini<pbonz...@redhat.com> Cc: Richard > > Henderson<richard.hender...@linaro.org> Cc: Eduardo > > Habkost<edua...@habkost.net> > > Link:https://lore.kernel.org/all/20230711091453.2543622-11-a...@kernel.org/ > > Signed-off-by: Ard Biesheuvel<a...@kernel.org> --- I used this patch > > locally to > > reproduce an issue that was reported on Ice Lake but didn't trigger in my > > QEMU > > testing. > > > > Hints welcome on where the architectural behavior is specified, and in > > particular, > > whether or not other 64-bit GPRs can be relied upon to preserve their full > > 64-bit > > length values. > > No idea about chapter and verse, but it has the feel of being part and parcel > with the > truncation of eip. While esp is always special, I suspect that none of the > GPRs can be > relied on carrying all bits. > > I'm happy with the change though, since similar behaviour can be observed on > hw. > > Acked-by: Richard Henderson <richard.hender...@linaro.org> >
I experimented with truncating all GPRs that exist in 32-bit mode, and this actually breaks kexec on Linux if it happens to load the kernel above 4G (which it appears to do reproducibly when sufficient memory is available) This is due to the 4/5 level paging switch trampoline, which is called while RBX, RBP and RSI are live and refer to assets in memory that may reside above 4G. I am fixing that code, but it does mean we should probably limit this change to ESP (as apparently, current hw only happens to truncate ESP but no other GPRs)
