lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <097e89ec-45a4-3a54-d005-9e7dc436436e@amd.com>
Date:   Tue, 30 May 2017 10:46:22 -0500
From:   Tom Lendacky <thomas.lendacky@....com>
To:     Borislav Petkov <bp@...en8.de>,
        Josh Poimboeuf <jpoimboe@...hat.com>
CC:     <linux-arch@...r.kernel.org>, <linux-efi@...r.kernel.org>,
        <kvm@...r.kernel.org>, <linux-doc@...r.kernel.org>,
        <x86@...nel.org>, <kexec@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>, <kasan-dev@...glegroups.com>,
        <linux-mm@...ck.org>, <iommu@...ts.linux-foundation.org>,
        Rik van Riel <riel@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Toshimitsu Kani <toshi.kani@....com>,
        Arnd Bergmann <arnd@...db.de>,
        Jonathan Corbet <corbet@....net>,
        Matt Fleming <matt@...eblueprint.co.uk>,
        "Michael S. Tsirkin" <mst@...hat.com>,
        Joerg Roedel <joro@...tes.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Larry Woodman <lwoodman@...hat.com>,
        Brijesh Singh <brijesh.singh@....com>,
        Ingo Molnar <mingo@...hat.com>,
        Andy Lutomirski <luto@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Alexander Potapenko <glider@...gle.com>,
        Dave Young <dyoung@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Dmitry Vyukov <dvyukov@...gle.com>
Subject: Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory
 Encryption

On 5/19/2017 6:30 AM, Borislav Petkov wrote:
> On Fri, Apr 21, 2017 at 01:56:13PM -0500, Tom Lendacky wrote:
>> On 4/18/2017 4:22 PM, Tom Lendacky wrote:
>>> Add support to check if SME has been enabled and if memory encryption
>>> should be activated (checking of command line option based on the
>>> configuration of the default state).  If memory encryption is to be
>>> activated, then the encryption mask is set and the kernel is encrypted
>>> "in place."
>>>
>>> Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
>>> ---
>>>   arch/x86/kernel/head_64.S |    1 +
>>>   arch/x86/mm/mem_encrypt.c |   83 +++++++++++++++++++++++++++++++++++++++++++--
>>>   2 files changed, 80 insertions(+), 4 deletions(-)
>>>
>>
>> ...
>>
>>>
>>> -unsigned long __init sme_enable(void)
>>> +unsigned long __init sme_enable(struct boot_params *bp)
>>>   {
>>> +	const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off;
>>> +	unsigned int eax, ebx, ecx, edx;
>>> +	unsigned long me_mask;
>>> +	bool active_by_default;
>>> +	char buffer[16];
>>
>> So it turns out that when KASLR is enabled (CONFIG_RAMDOMIZE_BASE=y)
>> the stack-protector support causes issues with this function because
> 
> What issues?

The stack protection support makes use of the gs segment register and
at this point not everything is setup properly to allow it to work,
so it segfaults.

Thanks,
Tom

> 
>> it is called so early. I can get past it by adding:
>>
>> CFLAGS_mem_encrypt.o := $(nostackp)
>>
>> in the arch/x86/mm/Makefile, but that obviously eliminates the support
>> for the whole file.  Would it be better to split out the sme_enable()
>> and other boot routines into a separate file or just apply the
>> $(nostackp) to the whole file?
> 
> Josh might have a better idea here... CCed.
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ