From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.6 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14009C433DF for ; Tue, 19 May 2020 13:58:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DC79420825 for ; Tue, 19 May 2020 13:58:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="fIB4BbVz" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728965AbgESN6b (ORCPT ); Tue, 19 May 2020 09:58:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727057AbgESN6a (ORCPT ); Tue, 19 May 2020 09:58:30 -0400 Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84CC5C08C5C0; Tue, 19 May 2020 06:58:30 -0700 (PDT) Received: by mail-il1-x142.google.com with SMTP id j3so13430458ilk.11; Tue, 19 May 2020 06:58:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=n/gSlFWBQ3WxUydL0AG8RE+72oWOYudYm1JYvsV0Jus=; b=fIB4BbVzW7vbkqKGKgmfgtVqfdtPo/YxHVrbHEHcSalctsC8Z1P/ZiMcrHG884CH/T afZBfItuIrHPolRnpDDBn4+sdZVpYdBP5S8xbLo8cNmXYVc3M3DKaokQsaNWUl5Eee1q ohpVvVCyMv3GJPSnXR2UI5aTBr1vw6bJFKDym5a0inaHP2eR4oVmhV2+MmFLuWT7+8oA D6utLisJgmRj2Sw/p3vERjIrCk/Z+7QU6dsaBHzi6SVKJ0Ka+J/P8e2p3L9mlquNKTpN fOzkHLkJefEIFpPUiQ8deUjtHUVX0E6KZqO2L9VevMlZVippSZ+9Y+HHF0Wrewa+mmPP Qp9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=n/gSlFWBQ3WxUydL0AG8RE+72oWOYudYm1JYvsV0Jus=; b=NAdPHPbRDwIlRe/KEE3/LzXWResaB/btLIcnYduWg7Om0Aozn48qZD2UqY10fkW6Qc +eiLtM0XRA+kqyj2hKSxTLsF2GuwiHLogP+EA2SWt6tDFQROkwuYirLFQUriHdXqI2rl 2nyJHMiDptTkb2sRa45ANLIVBaO9shUwd+YMEYLcx8WqNp2mwP6LpGJZ3ZoW8EBTzkmT PqDAWJnISnVg2p+b8xtECB1366En336JtkBNGw4p9PdpXHFb2a/hdhF9t6yMf6kuJF6R RKu0UuGaRJOMIbyQBO7JUWRQl7LSIcG7xZ9FvRqx+RgJls8FaSATnlrCSdagZJEfTrjT x5ug== X-Gm-Message-State: AOAM530OZJwlosqh/rQvG9fx/zBmi0z1yhbqpQneRO6xGUUSNdfqPZUT T4vtl7qSx5GLo7xDzfjrLzazpbZCAwAU6m1clg== X-Google-Smtp-Source: ABdhPJyzDk5ro9RaDhHf25IEza5E1ffJM8beDQGW8MgdSO58MbiCno3wYKG45cNLis7uZ+kYFAz0+QOPkms+WREOc3I= X-Received: by 2002:a92:8c4c:: with SMTP id o73mr21114094ild.172.1589896709896; Tue, 19 May 2020 06:58:29 -0700 (PDT) MIME-Version: 1.0 References: <20200428151725.31091-1-joro@8bytes.org> <20200428151725.31091-36-joro@8bytes.org> In-Reply-To: <20200428151725.31091-36-joro@8bytes.org> From: Brian Gerst Date: Tue, 19 May 2020 09:58:18 -0400 Message-ID: Subject: Re: [PATCH v3 35/75] x86/head/64: Build k/head64.c with -fno-stack-protector To: Joerg Roedel Cc: "the arch/x86 maintainers" , "H. Peter Anvin" , Andy Lutomirski , Dave Hansen , Peter Zijlstra , Thomas Hellstrom , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Joerg Roedel , Linux Kernel Mailing List , kvm list , Linux Virtualization Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 28, 2020 at 11:28 AM Joerg Roedel wrote: > > From: Joerg Roedel > > The code inserted by the stack protector does not work in the early > boot environment because it uses the GS segment, at least with memory > encryption enabled. Make sure the early code is compiled without this > feature enabled. > > Signed-off-by: Joerg Roedel > --- > arch/x86/kernel/Makefile | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index ba89cabe5fcf..1192de38fa56 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -35,6 +35,10 @@ ifdef CONFIG_FRAME_POINTER > OBJECT_FILES_NON_STANDARD_ftrace_$(BITS).o := y > endif > > +# make sure head64.c is built without stack protector > +nostackp := $(call cc-option, -fno-stack-protector) > +CFLAGS_head64.o := $(nostackp) > + > # If instrumentation of this dir is enabled, boot hangs during first second. > # Probably could be more selective here, but note that files related to irqs, > # boot, dumpstack/stacktrace, etc are either non-interesting or can lead to The proper fix would be to initialize MSR_GS_BASE earlier. -- Brian Gerst From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brian Gerst Subject: Re: [PATCH v3 35/75] x86/head/64: Build k/head64.c with -fno-stack-protector Date: Tue, 19 May 2020 09:58:18 -0400 Message-ID: References: <20200428151725.31091-1-joro@8bytes.org> <20200428151725.31091-36-joro@8bytes.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Return-path: In-Reply-To: <20200428151725.31091-36-joro@8bytes.org> Sender: kvm-owner@vger.kernel.org To: Joerg Roedel Cc: the arch/x86 maintainers , "H. Peter Anvin" , Andy Lutomirski , Dave Hansen , Peter Zijlstra , Thomas Hellstrom , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Joerg Roedel , Linux Kernel Mailing List , kvm list , Linux Virtualization List-Id: virtualization@lists.linuxfoundation.org On Tue, Apr 28, 2020 at 11:28 AM Joerg Roedel wrote: > > From: Joerg Roedel > > The code inserted by the stack protector does not work in the early > boot environment because it uses the GS segment, at least with memory > encryption enabled. Make sure the early code is compiled without this > feature enabled. > > Signed-off-by: Joerg Roedel > --- > arch/x86/kernel/Makefile | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index ba89cabe5fcf..1192de38fa56 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -35,6 +35,10 @@ ifdef CONFIG_FRAME_POINTER > OBJECT_FILES_NON_STANDARD_ftrace_$(BITS).o := y > endif > > +# make sure head64.c is built without stack protector > +nostackp := $(call cc-option, -fno-stack-protector) > +CFLAGS_head64.o := $(nostackp) > + > # If instrumentation of this dir is enabled, boot hangs during first second. > # Probably could be more selective here, but note that files related to irqs, > # boot, dumpstack/stacktrace, etc are either non-interesting or can lead to The proper fix would be to initialize MSR_GS_BASE earlier. -- Brian Gerst