| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 May 2017 08:12:56 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Borislav Petkov <bp@...en8.de>
CC: <linux-arch@...r.kernel.org>, <linux-efi@...r.kernel.org>,
<kvm@...r.kernel.org>, <linux-doc@...r.kernel.org>,
<x86@...nel.org>, <kexec@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>, <kasan-dev@...glegroups.com>,
<linux-mm@...ck.org>, <iommu@...ts.linux-foundation.org>,
Rik van Riel <riel@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Toshimitsu Kani <toshi.kani@....com>,
Arnd Bergmann <arnd@...db.de>,
Jonathan Corbet <corbet@....net>,
Matt Fleming <matt@...eblueprint.co.uk>,
"Michael S. Tsirkin" <mst@...hat.com>,
Joerg Roedel <joro@...tes.org>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Larry Woodman <lwoodman@...hat.com>,
Brijesh Singh <brijesh.singh@....com>,
Ingo Molnar <mingo@...hat.com>,
Andy Lutomirski <luto@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>,
Dave Young <dyoung@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Dmitry Vyukov <dvyukov@...gle.com>
Subject: Re: [PATCH v5 29/32] x86/mm: Add support to encrypt the kernel
in-place
On 5/31/2017 4:51 AM, Borislav Petkov wrote:
> On Tue, May 30, 2017 at 11:39:07AM -0500, Tom Lendacky wrote:
>> Yes, it's from objtool:
>>
>> arch/x86/mm/mem_encrypt_boot.o: warning: objtool: .text+0xd2: return
>> instruction outside of a callable function
>
> Oh, well, let's make it a global symbol then. Who knows, we might have
> to live-patch it someday :-)
Can do.
Thanks,
Tom
>
> ---
> diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S
> index fb58f9f953e3..7720b0050840 100644
> --- a/arch/x86/mm/mem_encrypt_boot.S
> +++ b/arch/x86/mm/mem_encrypt_boot.S
> @@ -47,9 +47,9 @@ ENTRY(sme_encrypt_execute)
> movq %rdx, %r12 /* Kernel length */
>
> /* Copy encryption routine into the workarea */
> - movq %rax, %rdi /* Workarea encryption routine */
> - leaq .Lenc_start(%rip), %rsi /* Encryption routine */
> - movq $(.Lenc_stop - .Lenc_start), %rcx /* Encryption routine length */
> + movq %rax, %rdi /* Workarea encryption routine */
> + leaq __enc_copy(%rip), %rsi /* Encryption routine */
> + movq $(.L__enc_copy_end - __enc_copy), %rcx /* Encryption routine length */
> rep movsb
>
> /* Setup registers for call */
> @@ -70,8 +70,7 @@ ENTRY(sme_encrypt_execute)
> ret
> ENDPROC(sme_encrypt_execute)
>
> -.Lenc_start:
> -ENTRY(sme_enc_routine)
> +ENTRY(__enc_copy)
> /*
> * Routine used to encrypt kernel.
> * This routine must be run outside of the kernel proper since
> @@ -147,5 +146,5 @@ ENTRY(sme_enc_routine)
> wrmsr
>
> ret
> -ENDPROC(sme_enc_routine)
> -.Lenc_stop:
> +.L__enc_copy_end:
> +ENDPROC(__enc_copy)
>
Powered by blists - more mailing lists