archive mirror
 help / color / mirror / Atom feed
From: Tom Lendacky <>
Cc: Borislav Petkov <>, "H. Peter Anvin" <>,
	Thomas Gleixner <>,
	Linus Torvalds <>,
	Ingo Molnar <>,
	"Kirill A. Shutemov" <>
Subject: [PATCH] x86/mm/sme: Disable stack protection for mem_encrypt_identity.c
Date: Mon, 26 Feb 2018 17:25:54 -0600	[thread overview]
Message-ID: <> (raw)

Stack protection is not compatible with early boot code.  All of the early
SME boot code is now isolated in a separate file, mem_encrypt_identity.c,
so arch/x86/mm/Makefile can be updated to turn off stack protection for
the entire file.  This eliminates the need to worry about other functions
within the file being instrumented with stack protection (as was seen
when a newer version of GCC instrumented sme_encrypt_kernel() where an
older version hadn't).  It also allows removal of the __nostackprotector
attribute from individual functions.

Signed-off-by: Tom Lendacky <>
 arch/x86/mm/Makefile               |    1 +
 arch/x86/mm/mem_encrypt_identity.c |    4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index 03c6c85..4b101dd 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -19,6 +19,7 @@ obj-y	:=  init.o init_$(BITS).o fault.o ioremap.o extable.o pageattr.o mmap.o \
 nostackp := $(call cc-option, -fno-stack-protector)
 CFLAGS_physaddr.o		:= $(nostackp)
 CFLAGS_setup_nx.o		:= $(nostackp)
+CFLAGS_mem_encrypt_identity.o	:= $(nostackp)
 CFLAGS_fault.o := -I$(src)/../include/asm/trace
diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index b4139c5..1b2197d 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -266,7 +266,7 @@ static unsigned long __init sme_pgtable_calc(unsigned long len)
 	return entries + tables;
-void __init __nostackprotector sme_encrypt_kernel(struct boot_params *bp)
+void __init sme_encrypt_kernel(struct boot_params *bp)
 	unsigned long workarea_start, workarea_end, workarea_len;
 	unsigned long execute_start, execute_end, execute_len;
@@ -468,7 +468,7 @@ void __init __nostackprotector sme_encrypt_kernel(struct boot_params *bp)
-void __init __nostackprotector sme_enable(struct boot_params *bp)
+void __init sme_enable(struct boot_params *bp)
 	const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off;
 	unsigned int eax, ebx, ecx, edx;

             reply	other threads:[~2018-02-26 23:26 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-26 23:25 Tom Lendacky [this message]
2018-02-27  9:28 ` [PATCH] x86/mm/sme: Disable stack protection for mem_encrypt_identity.c Borislav Petkov
2018-02-27 15:43 ` Kirill A. Shutemov
2018-02-28 14:06 ` [tip:x86/apic] x86/apic: Move pending intr check code into it's own function tip-bot for Dou Liyang
2018-02-28 14:07 ` [tip:x86/apic] x86/apic: Replace common tools with new ones tip-bot for Dou Liyang
2018-02-28 14:27 ` [tip:x86/mm] x86/mm/sme: Disable stack protection for mem_encrypt_identity.c tip-bot for Tom Lendacky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).