| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240130220845.1978329-1-kevinloughlin@google.com> Date: Tue, 30 Jan 2024 22:08:43 +0000 From: Kevin Loughlin <kevinloughlin@...gle.com> To: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, Nick Desaulniers <ndesaulniers@...gle.com>, Justin Stitt <justinstitt@...gle.com>, Tom Lendacky <thomas.lendacky@....com>, Kevin Loughlin <kevinloughlin@...gle.com>, Pankaj Gupta <pankaj.gupta@....com>, Hou Wenlong <houwenlong.hwl@...group.com>, Ard Biesheuvel <ardb@...nel.org>, Dionna Glaze <dionnaglaze@...gle.com>, Brijesh Singh <brijesh.singh@....com>, Michael Roth <michael.roth@....com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev, linux-coco@...ts.linux.dev, Ashish Kalra <ashish.kalra@....com>, Andi Kleen <ak@...ux.intel.com> Cc: Adam Dunlap <acdunlap@...gle.com>, Peter Gonda <pgonda@...gle.com>, Jacob Xu <jacobhxu@...gle.com>, Sidharth Telang <sidtelang@...gle.com> Subject: [PATCH v3 0/2] x86: enforce and cleanup RIP-relative accesses in early boot code SEV/SME code can execute prior to page table fixups for kernel relocation. However, as with global variables accessed in __startup_64(), the compiler is not required to generate RIP-relative accesses for SEV/SME global variables, causing certain flavors of SEV hosts and guests built with clang to crash during boot. These crashes highlight a broader problem wherein the toolchain does not guarantee that early x86-64 code executes correctly at any offset. While Ard has been looking into overhauling the early x86-64 code going forward [0], the signficant proposed changes are unfortunately not backport-friendly. Instead, this patchset continues the approach of fixing the immediate problem of SEV-SNP boots crashing when built by clang, providing a backport-friendly set of changes needed to successfully boot SEV-SNP hosts and guests. In particular, this patchset is a cleanup of V2 [1], which introduces a macro to force RIP-relative addressing in early SEV/SME global variable accesses and existing head64 global accesses. V2 -> V3: Rename RIP_RELATIVE_ADDR(), remove fixup_*(), cleanup style V1 -> V2: Use GET_RIP_RELATIVE_PTR() macro to avoid -fPIE compilation [0] https://lore.kernel.org/lkml/20240129180502.4069817-23-ardb+git@google.com/T/ [1] https://lore.kernel.org/lkml/20240111223650.3502633-1-kevinloughlin@google.com/ Kevin Loughlin (2): x86/sev: enforce RIP-relative accesses in early SEV/SME code x86/head64: Replace pointer fixups with RIP_RELATIVE_ADDR() arch/x86/coco/core.c | 22 +++++--- arch/x86/include/asm/mem_encrypt.h | 32 +++++++++-- arch/x86/kernel/head64.c | 88 +++++++++++++----------------- arch/x86/kernel/head_64.S | 4 +- arch/x86/kernel/sev-shared.c | 52 +++++++++--------- arch/x86/kernel/sev.c | 13 +++-- arch/x86/mm/mem_encrypt_identity.c | 50 +++++++++-------- 7 files changed, 143 insertions(+), 118 deletions(-) -- 2.43.0.429.g432eaa2c6b-goog
Powered by blists - more mailing lists