lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Oct 2020 08:43:01 -0400 From: Arvind Sankar <nivedita@...m.mit.edu> To: Borislav Petkov <bp@...en8.de> Cc: Arvind Sankar <nivedita@...m.mit.edu>, x86@...nel.org, Joerg Roedel <jroedel@...e.de>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2 5/5] x86/head/64: Disable stack protection for head$(BITS).o On Fri, Oct 16, 2020 at 01:17:03PM +0200, Borislav Petkov wrote: > On Thu, Oct 08, 2020 at 03:16:23PM -0400, Arvind Sankar wrote: > > On 64-bit, the startup_64_setup_env() function added in > > 866b556efa12 ("x86/head/64: Install startup GDT") > > has stack protection enabled because of set_bringup_idt_handler(). > > Where? I don't see it. > > I have > > CONFIG_STACKPROTECTOR=y > # CONFIG_STACKPROTECTOR_STRONG is not set You need STACKPROTECTOR_STRONG -- I was testing with defconfig and the option is enabled by default. You also need AMD_MEM_ENCRYPT enabled, which it looks like you do. > > and a __stack_chk_fail call is nowhere to be found in the resulting > head64.s file. > > startup_64_setup_env: > # arch/x86/kernel/head64.c:91: return ptr - (void *)_text + (void *)physaddr; > leaq startup_gdt(%rdi), %rax #, tmp99 > # arch/x86/kernel/head64.c:91: return ptr - (void *)_text + (void *)physaddr; > subq $_text, %rax #, tmp101 > movq %rax, startup_gdt_descr+2(%rip) # tmp101, startup_gdt_descr.address > # ./arch/x86/include/asm/desc.h:209: asm volatile("lgdt %0"::"m" (*dtr)); > #APP > # 209 "./arch/x86/include/asm/desc.h" 1 > lgdt startup_gdt_descr(%rip) # startup_gdt_descr > # 0 "" 2 > # arch/x86/kernel/head64.c:600: asm volatile("movl %%eax, %%ds\n" > #NO_APP > movl $24, %eax #, tmp102 > #APP > # 600 "arch/x86/kernel/head64.c" 1 > movl %eax, %ds > movl %eax, %ss > movl %eax, %es > > # 0 "" 2 > # arch/x86/kernel/head64.c:91: return ptr - (void *)_text + (void *)physaddr; > #NO_APP > leaq bringup_idt_table(%rdi), %r9 #, tmp105 > leaq bringup_idt_descr(%rdi), %r8 #, tmp103 > leaq vc_no_ghcb(%rdi), %rsi #, tmp107 > # arch/x86/kernel/head64.c:91: return ptr - (void *)_text + (void *)physaddr; > subq $_text, %r9 #, _11 > subq $_text, %r8 #, _8 > subq $_text, %rsi #, tmp109 > # arch/x86/kernel/head64.c:572: set_bringup_idt_handler(idt, X86_TRAP_VC, handler); > movq %r9, %rdi # _11, > call set_bringup_idt_handler.constprop.0 # > # arch/x86/kernel/head64.c:575: desc->address = (unsigned long)idt; > movq %r9, 2(%r8) # _11, MEM[(struct desc_ptr *)_8].address > # ./arch/x86/include/asm/desc.h:214: asm volatile("lidt %0"::"m" (*dtr)); > #APP > # 214 "./arch/x86/include/asm/desc.h" 1 > lidt (%r8) # MEM[(const struct desc_ptr *)_8] > # 0 "" 2 > # arch/x86/kernel/head64.c:605: } > #NO_APP > ret > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists