/* SPDX-License-Identifier: GPL-2.0 */1/*2*3* Trampoline.S Derived from Setup.S by Linus Torvalds4*5* 4 Jan 1997 Michael Chastain: changed to gnu as.6* 15 Sept 2005 Eric Biederman: 64bit PIC support7*8* Entry: CS:IP point to the start of our code, we are9* in real mode with no stack, but the rest of the10* trampoline page to make our stack and everything else11* is a mystery.12*13* On entry to trampoline_start, the processor is in real mode14* with 16-bit addressing and 16-bit data. CS has some value15* and IP is zero. Thus, data addresses need to be absolute16* (no relocation) and are taken with regard to r_base.17*18* With the addition of trampoline_level4_pgt this code can19* now enter a 64bit kernel that lives at arbitrary 64bit20* physical addresses.21*22* If you work on this file, check the object module with objdump23* --full-contents --reloc to make sure there are no relocation24* entries.25*/2627#include <linux/linkage.h>28#include <asm/pgtable_types.h>29#include <asm/page_types.h>30#include <asm/msr.h>31#include <asm/segment.h>32#include <asm/processor-flags.h>33#include <asm/realmode.h>34#include "realmode.h"3536.text37.code163839.macro LOCK_AND_LOAD_REALMODE_ESP lock_pa=0 lock_rip=040/*41* Make sure only one CPU fiddles with the realmode stack42*/43.Llock_rm\@:44.if \lock_pa45lock btsl $0, pa_tr_lock46.elseif \lock_rip47lock btsl $0, tr_lock(%rip)48.else49lock btsl $0, tr_lock50.endif51jnc 2f52pause53jmp .Llock_rm\@542:55# Setup stack56movl $rm_stack_end, %esp57.endm5859.balign PAGE_SIZE60SYM_CODE_START(trampoline_start)61cli # We should be safe anyway62wbinvd6364LJMPW_RM(1f)651:66mov %cs, %ax # Code and data in the same place67mov %ax, %ds68mov %ax, %es69mov %ax, %ss7071LOCK_AND_LOAD_REALMODE_ESP7273call verify_cpu # Verify the cpu supports long mode74testl %eax, %eax # Check for return code75jnz no_longmode7677.Lswitch_to_protected:78/*79* GDT tables in non default location kernel can be beyond 16MB and80* lgdt will not be able to load the address as in real mode default81* operand size is 16bit. Use lgdtl instead to force operand size82* to 32 bit.83*/8485lidtl tr_idt # load idt with 0, 086lgdtl tr_gdt # load gdt with whatever is appropriate8788movw $__KERNEL_DS, %dx # Data segment descriptor8990# Enable protected mode91movl $(CR0_STATE & ~X86_CR0_PG), %eax92movl %eax, %cr0 # into protected mode9394# flush prefetch and jump to startup_3295ljmpl $__KERNEL32_CS, $pa_startup_329697no_longmode:98hlt99jmp no_longmode100SYM_CODE_END(trampoline_start)101102#ifdef CONFIG_AMD_MEM_ENCRYPT103/* SEV-ES supports non-zero IP for entry points - no alignment needed */104SYM_CODE_START(sev_es_trampoline_start)105cli # We should be safe anyway106107LJMPW_RM(1f)1081:109mov %cs, %ax # Code and data in the same place110mov %ax, %ds111mov %ax, %es112mov %ax, %ss113114LOCK_AND_LOAD_REALMODE_ESP115116jmp .Lswitch_to_protected117SYM_CODE_END(sev_es_trampoline_start)118#endif /* CONFIG_AMD_MEM_ENCRYPT */119120#include "../kernel/verify_cpu.S"121122.section ".text32","ax"123.code32124.balign 4125SYM_CODE_START(startup_32)126movl %edx, %ss127addl $pa_real_mode_base, %esp128movl %edx, %ds129movl %edx, %es130movl %edx, %fs131movl %edx, %gs132133/*134* Check for memory encryption support. This is a safety net in135* case BIOS hasn't done the necessary step of setting the bit in136* the MSR for this AP. If SME is active and we've gotten this far137* then it is safe for us to set the MSR bit and continue. If we138* don't we'll eventually crash trying to execute encrypted139* instructions.140*/141btl $TH_FLAGS_SME_ACTIVE_BIT, pa_tr_flags142jnc .Ldone143movl $MSR_AMD64_SYSCFG, %ecx144rdmsr145bts $MSR_AMD64_SYSCFG_MEM_ENCRYPT_BIT, %eax146jc .Ldone147148/*149* Memory encryption is enabled but the SME enable bit for this150* CPU has has not been set. It is safe to set it, so do so.151*/152wrmsr153.Ldone:154155movl pa_tr_cr4, %eax156movl %eax, %cr4 # Enable PAE mode157158# Setup trampoline 4 level pagetables159movl $pa_trampoline_pgd, %eax160movl %eax, %cr3161162# Set up EFER163movl $MSR_EFER, %ecx164rdmsr165/*166* Skip writing to EFER if the register already has desired167* value (to avoid #VE for the TDX guest).168*/169cmp pa_tr_efer, %eax170jne .Lwrite_efer171cmp pa_tr_efer + 4, %edx172je .Ldone_efer173.Lwrite_efer:174movl pa_tr_efer, %eax175movl pa_tr_efer + 4, %edx176wrmsr177178.Ldone_efer:179# Enable paging and in turn activate Long Mode.180movl $CR0_STATE, %eax181movl %eax, %cr0182183/*184* At this point we're in long mode but in 32bit compatibility mode185* with EFER.LME = 1, CS.L = 0, CS.D = 1 (and in turn186* EFER.LMA = 1). Now we want to jump in 64bit mode, to do that we use187* the new gdt/idt that has __KERNEL_CS with CS.L = 1.188*/189ljmpl $__KERNEL_CS, $pa_startup_64190SYM_CODE_END(startup_32)191192SYM_CODE_START(pa_trampoline_compat)193/*194* In compatibility mode. Prep ESP and DX for startup_32, then disable195* paging and complete the switch to legacy 32-bit mode.196*/197LOCK_AND_LOAD_REALMODE_ESP lock_pa=1198movw $__KERNEL_DS, %dx199200movl $(CR0_STATE & ~X86_CR0_PG), %eax201movl %eax, %cr0202ljmpl $__KERNEL32_CS, $pa_startup_32203SYM_CODE_END(pa_trampoline_compat)204205.section ".text64","ax"206.code64207.balign 4208SYM_CODE_START(startup_64)209# Now jump into the kernel using virtual addresses210jmpq *tr_start(%rip)211SYM_CODE_END(startup_64)212213SYM_CODE_START(trampoline_start64)214/*215* APs start here on a direct transfer from 64-bit BIOS with identity216* mapped page tables. Load the kernel's GDT in order to gear down to217* 32-bit mode (to handle 4-level vs. 5-level paging), and to (re)load218* segment registers. Load the zero IDT so any fault triggers a219* shutdown instead of jumping back into BIOS.220*/221lidt tr_idt(%rip)222lgdt tr_gdt64(%rip)223224/* Check if paging mode has to be changed */225movq %cr4, %rax226xorl tr_cr4(%rip), %eax227testl $X86_CR4_LA57, %eax228jnz .L_switch_paging229230/* Paging mode is correct proceed in 64-bit mode */231232LOCK_AND_LOAD_REALMODE_ESP lock_rip=1233234movw $__KERNEL_DS, %dx235movl %edx, %ss236addl $pa_real_mode_base, %esp237movl %edx, %ds238movl %edx, %es239movl %edx, %fs240movl %edx, %gs241242movl $pa_trampoline_pgd, %eax243movq %rax, %cr3244245pushq $__KERNEL_CS246pushq tr_start(%rip)247lretq248.L_switch_paging:249/*250* To switch between 4- and 5-level paging modes, it is necessary251* to disable paging. This must be done in the compatibility mode.252*/253ljmpl *tr_compat(%rip)254SYM_CODE_END(trampoline_start64)255256.section ".rodata","a"257# Duplicate the global descriptor table258# so the kernel can live anywhere259.balign 16260SYM_DATA_START(tr_gdt)261.short tr_gdt_end - tr_gdt - 1 # gdt limit262.long pa_tr_gdt263.short 0264.quad 0x00cf9b000000ffff # __KERNEL32_CS265.quad 0x00af9b000000ffff # __KERNEL_CS266.quad 0x00cf93000000ffff # __KERNEL_DS267SYM_DATA_END_LABEL(tr_gdt, SYM_L_LOCAL, tr_gdt_end)268269SYM_DATA_START(tr_gdt64)270.short tr_gdt_end - tr_gdt - 1 # gdt limit271.long pa_tr_gdt272.long 0273SYM_DATA_END(tr_gdt64)274275SYM_DATA_START(tr_compat)276.long pa_trampoline_compat277.short __KERNEL32_CS278SYM_DATA_END(tr_compat)279280.bss281.balign PAGE_SIZE282SYM_DATA(trampoline_pgd, .space PAGE_SIZE)283284.balign 8285SYM_DATA_START(trampoline_header)286SYM_DATA_LOCAL(tr_start, .space 8)287SYM_DATA(tr_efer, .space 8)288SYM_DATA(tr_cr4, .space 4)289SYM_DATA(tr_flags, .space 4)290SYM_DATA(tr_lock, .space 4)291SYM_DATA_END(trampoline_header)292293#include "trampoline_common.S"294295296