lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240121182040.GBZa1geI5NxWSslvt0@fat_crate.local>
Date: Sun, 21 Jan 2024 19:20:40 +0100
From: Borislav Petkov <bp@...en8.de>
To: Ard Biesheuvel <ardb@...nel.org>, Peter Gonda <pgonda@...gle.com>
Cc: Kevin Loughlin <kevinloughlin@...gle.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
	"H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nick Desaulniers <ndesaulniers@...gle.com>,
	Bill Wendling <morbo@...gle.com>,
	Justin Stitt <justinstitt@...gle.com>,
	Tom Lendacky <thomas.lendacky@....com>,
	Michael Kelley <mikelley@...rosoft.com>,
	Pankaj Gupta <pankaj.gupta@....com>,
	Stephen Rothwell <sfr@...b.auug.org.au>,
	Arnd Bergmann <arnd@...db.de>,
	Steve Rutherford <srutherford@...gle.com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Hou Wenlong <houwenlong.hwl@...group.com>,
	Vegard Nossum <vegard.nossum@...cle.com>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Yuntao Wang <ytcoode@...il.com>,
	Wang Jinchao <wangjinchao@...sion.com>,
	David Woodhouse <dwmw@...zon.co.uk>,
	Brian Gerst <brgerst@...il.com>, Hugh Dickins <hughd@...gle.com>,
	Joerg Roedel <jroedel@...e.de>,
	Randy Dunlap <rdunlap@...radead.org>,
	Bjorn Helgaas <bhelgaas@...gle.com>,
	Dionna Glaze <dionnaglaze@...gle.com>,
	Brijesh Singh <brijesh.singh@....com>,
	Michael Roth <michael.roth@....com>,
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	linux-kernel@...r.kernel.org, llvm@...ts.linux.dev,
	linux-coco@...ts.linux.dev, Ashish Kalra <ashish.kalra@....com>,
	Andi Kleen <ak@...ux.intel.com>, Adam Dunlap <acdunlap@...gle.com>,
	Jacob Xu <jacobhxu@...gle.com>,
	Sidharth Telang <sidtelang@...gle.com>
Subject: Re: [RFC PATCH v2] x86/sev: enforce RIP-relative accesses in early
 SEV/SME code

On Sun, Jan 21, 2024 at 05:49:44PM +0100, Ard Biesheuvel wrote:
> Yeah. I have been trying to find people internally at Google that can
> help me set up some CI that I can throw kernel builds at and they will
> be test booted in a SEV guest, but so far progress has been slow.

Dunno, if you have some internal access to GCE, it does support SEV
guests so you could test that side at least. Peter Gonda is on Cc, he
should have an idea what to do, lemme move him to To.

> -fPIE -mcmodel=small should work fine afaik. The only problem i
> encountered is that it changes the default per-CPU base register to FS
> but that can be overridden on the command line.

Yeah, there's a gcc switch - I hope clang supports it too.

> The problem with building the entire kernel -fPIE is that it increases
> code size: RIP-relative LEA instructions are 1 byte longer than
> absolute 32-bit MOVs.

Right, but the folks who started this thread are already doing that
anyway so...

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ