| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240131134431.GJZbpOvz3Ibhg4VhCl@fat_crate.local>
Date: Wed, 31 Jan 2024 14:44:31 +0100
From: Borislav Petkov <bp@...en8.de>
To: Ard Biesheuvel <ardb+git@...gle.com>
Cc: linux-kernel@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>,
Kevin Loughlin <kevinloughlin@...gle.com>,
Tom Lendacky <thomas.lendacky@....com>,
Dionna Glaze <dionnaglaze@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>, Arnd Bergmann <arnd@...db.de>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Justin Stitt <justinstitt@...gle.com>,
Kees Cook <keescook@...omium.org>, Brian Gerst <brgerst@...il.com>,
linux-arch@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v3 03/19] x86/startup_64: Drop long return to
initial_code pointer
On Mon, Jan 29, 2024 at 07:05:06PM +0100, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@...nel.org>
>
> Since commit 866b556efa12 ("x86/head/64: Install startup GDT"), the
> primary startup sequence sets the code segment register (CS) to __KERNEL_CS
> before calling into the startup code shared between primary and
> secondary boot.
>
> This means a simple indirect call is sufficient here.
>
> Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> ---
> arch/x86/kernel/head_64.S | 35 ++------------------
> 1 file changed, 3 insertions(+), 32 deletions(-)
>
> diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
> index d4918d03efb4..4017a49d7b76 100644
> --- a/arch/x86/kernel/head_64.S
> +++ b/arch/x86/kernel/head_64.S
> @@ -428,39 +428,10 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
> movq %r15, %rdi
>
> .Ljump_to_C_code:
> - /*
> - * Jump to run C code and to be on a real kernel address.
> - * Since we are running on identity-mapped space we have to jump
> - * to the full 64bit address, this is only possible as indirect
> - * jump. In addition we need to ensure %cs is set so we make this
> - * a far return.
> - *
> - * Note: do not change to far jump indirect with 64bit offset.
> - *
> - * AMD does not support far jump indirect with 64bit offset.
> - * AMD64 Architecture Programmer's Manual, Volume 3: states only
> - * JMP FAR mem16:16 FF /5 Far jump indirect,
> - * with the target specified by a far pointer in memory.
> - * JMP FAR mem16:32 FF /5 Far jump indirect,
> - * with the target specified by a far pointer in memory.
> - *
> - * Intel64 does support 64bit offset.
> - * Software Developer Manual Vol 2: states:
> - * FF /5 JMP m16:16 Jump far, absolute indirect,
> - * address given in m16:16
> - * FF /5 JMP m16:32 Jump far, absolute indirect,
> - * address given in m16:32.
> - * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
> - * address given in m16:64.
> - */
> - pushq $.Lafter_lret # put return address on stack for unwinder
> xorl %ebp, %ebp # clear frame pointer
> - movq initial_code(%rip), %rax
> - pushq $__KERNEL_CS # set correct cs
> - pushq %rax # target address in negative space
> - lretq
> -.Lafter_lret:
> - ANNOTATE_NOENDBR
> + ANNOTATE_RETPOLINE_SAFE
> + callq *initial_code(%rip)
> + int3
> SYM_CODE_END(secondary_startup_64)
>
> #include "verify_cpu.S"
objtool doesn't like it yet:
vmlinux.o: warning: objtool: verify_cpu+0x0: stack state mismatch: cfa1=4+8 cfa2=-1+0
Once we've solved this, I'll take this one even now - very nice cleanup!
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists