| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b9b7d092-cb15-bc2e-6675-a36a78a5db6f@amd.com>
Date: Tue, 18 Jul 2017 08:56:56 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Ingo Molnar <mingo@...nel.org>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
linux-arch@...r.kernel.org, linux-efi@...r.kernel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org, kvm@...r.kernel.org,
kasan-dev@...glegroups.com,
Radim Krčmář <rkrcmar@...hat.com>,
Arnd Bergmann <arnd@...db.de>,
Jonathan Corbet <corbet@....net>,
Matt Fleming <matt@...eblueprint.co.uk>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Andy Lutomirski <luto@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Alexander Potapenko <glider@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Dmitry Vyukov <dvyukov@...gle.com>,
Rik van Riel <riel@...hat.com>,
Larry Woodman <lwoodman@...hat.com>,
Dave Young <dyoung@...hat.com>,
Toshimitsu Kani <toshi.kani@....com>,
"Michael S. Tsirkin" <mst@...hat.com>,
Brijesh Singh <brijesh.singh@....com>
Subject: Re: [PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function
attribute
On 7/18/2017 4:36 AM, Ingo Molnar wrote:
>
> * Tom Lendacky <thomas.lendacky@....com> wrote:
>
>> Create a new function attribute, __nostackp, that can used to turn off
>> stack protection on a per function basis.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
>> ---
>> include/linux/compiler-gcc.h | 2 ++
>> include/linux/compiler.h | 4 ++++
>> 2 files changed, 6 insertions(+)
>>
>> diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
>> index cd4bbe8..682063b 100644
>> --- a/include/linux/compiler-gcc.h
>> +++ b/include/linux/compiler-gcc.h
>> @@ -166,6 +166,8 @@
>>
>> #if GCC_VERSION >= 40100
>> # define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
>> +
>> +#define __nostackp __attribute__((__optimize__("no-stack-protector")))
>> #endif
>>
>> #if GCC_VERSION >= 40300
>> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
>> index 219f82f..63cbca1 100644
>> --- a/include/linux/compiler.h
>> +++ b/include/linux/compiler.h
>> @@ -470,6 +470,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>> #define __visible
>> #endif
>>
>> +#ifndef __nostackp
>> +#define __nostackp
>> +#endif
>
> So I changed this from the hard to read and ambiguous "__nostackp" abbreviation
> (does it mean 'no stack pointer?') to "__nostackprotector", plus added this detail
> to the changelog:
>
> | ( This is needed by the SME in-place kernel memory encryption feature,
> | which activates encryption in its sme_enable() function and thus changes the
> | visible value of the stack protection cookie on function return. )
>
> Agreed?
Hi Ingo,
I debugged this to needing "__nostackprotector" because sme_enable()
is called very early in the boot process before everything is properly
setup to fully support stack protection when KASLR is enabled. Without
this attribute the call to sme_enable() would fail even if encryption
was disabled with the "mem_encrypt=off" command line option.
If KASLR wasn't enabled, then everything worked fine without the
"__nostackprotector" attribute, encryption enabled or not.
The stack protection support is activated because of the 16-byte
character buffer in the sme_enable() routine. I think we'll find that
if a character buffer greater than 8 bytes is added to, for example,
__startup_64, then this attribute will need to be added to that routine.
Thanks,
Tom
>
> Thanks,
>
> Ingo
>
Powered by blists - more mailing lists