[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <tip-6e0b52d406f64d2bd65731968a072387b91b44d2@git.kernel.org>
Date: Tue, 29 Aug 2017 02:01:40 -0700
From: tip-bot for Borislav Petkov <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: mingo@...nel.org, brijesh.singh@....com, hpa@...or.com,
thomas.lendacky@....com, bp@...e.de, tglx@...utronix.de,
linux-kernel@...r.kernel.org
Subject: [tip:x86/mm] x86/mm: Fix SME encryption stack ptr handling
Commit-ID: 6e0b52d406f64d2bd65731968a072387b91b44d2
Gitweb: http://git.kernel.org/tip/6e0b52d406f64d2bd65731968a072387b91b44d2
Author: Borislav Petkov <bp@...e.de>
AuthorDate: Sun, 27 Aug 2017 18:39:24 +0200
Committer: Thomas Gleixner <tglx@...utronix.de>
CommitDate: Tue, 29 Aug 2017 10:57:16 +0200
x86/mm: Fix SME encryption stack ptr handling
sme_encrypt_execute() stashes the stack pointer on entry into %rbp
because it allocates a one-page stack in the non-encrypted area for the
encryption routine to use. When the latter is done, it restores it from
%rbp again, before returning.
However, it uses the FRAME_* macros partially but restores %rsp from
%rbp explicitly with a MOV. And this is fine as long as the macros
*actually* do something.
Unless, you do a !CONFIG_FRAME_POINTER build where those macros
are empty. Then, we still restore %rsp from %rbp but %rbp contains
*something* and this leads to a stack corruption. The manifestation
being a triple-fault during early boot when testing SME. Good luck to me
debugging this with the clumsy endless-loop-in-asm method and narrowing
it down gradually. :-(
So, long story short, open-code the frame macros so that there's no
monkey business and we avoid subtly breaking SME depending on the
.config.
Fixes: 6ebcb060713f ("x86/mm: Add support to encrypt the kernel in-place")
Signed-off-by: Borislav Petkov <bp@...e.de>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Acked-by: Tom Lendacky <thomas.lendacky@....com>
Cc: Brijesh Singh <brijesh.singh@....com>
Link: http://lkml.kernel.org/r/20170827163924.25552-1-bp@alien8.de
---
arch/x86/mm/mem_encrypt_boot.S | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S
index b327e04..730e6d5 100644
--- a/arch/x86/mm/mem_encrypt_boot.S
+++ b/arch/x86/mm/mem_encrypt_boot.S
@@ -15,7 +15,6 @@
#include <asm/page.h>
#include <asm/processor-flags.h>
#include <asm/msr-index.h>
-#include <asm/frame.h>
.text
.code64
@@ -33,7 +32,8 @@ ENTRY(sme_encrypt_execute)
* R8 - physcial address of the pagetables to use for encryption
*/
- FRAME_BEGIN /* RBP now has original stack pointer */
+ push %rbp
+ movq %rsp, %rbp /* RBP now has original stack pointer */
/* Set up a one page stack in the non-encrypted memory area */
movq %rcx, %rax /* Workarea stack page */
@@ -64,7 +64,7 @@ ENTRY(sme_encrypt_execute)
pop %r12
movq %rbp, %rsp /* Restore original stack pointer */
- FRAME_END
+ pop %rbp
ret
ENDPROC(sme_encrypt_execute)
Powered by blists - more mailing lists