| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 May 2024 14:14:50 +0200 From: Juergen Gross <jgross@...e.com> To: linux-kernel@...r.kernel.org, x86@...nel.org, linux-coco@...ts.linux.dev Cc: Juergen Gross <jgross@...e.com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com> Subject: [PATCH] x86/kvm/tdx: Save %rbp in TDX_MODULE_CALL While testing TDX host support patches, a crash of the host has been observed a few instructions after doing a seamcall. Reason was a clobbered %rbp (set to 0), which occurred in spite of the TDX module offering the feature NOT to modify %rbp across TDX module calls. In order not having to build the host kernel with CONFIG_FRAME_POINTER, save %rbp across a seamcall/tdcall. Signed-off-by: Juergen Gross <jgross@...e.com> --- arch/x86/virt/vmx/tdx/tdxcall.S | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/tdxcall.S b/arch/x86/virt/vmx/tdx/tdxcall.S index 016a2a1ec1d6..68728acf0d3a 100644 --- a/arch/x86/virt/vmx/tdx/tdxcall.S +++ b/arch/x86/virt/vmx/tdx/tdxcall.S @@ -44,6 +44,10 @@ */ .macro TDX_MODULE_CALL host:req ret=0 saved=0 FRAME_BEGIN +#ifndef CONFIG_FRAME_POINTER + /* Buggy firmware sometimes clobbers %rbp, so save it. */ + pushq %rbp +#endif /* Move Leaf ID to RAX */ mov %rdi, %rax @@ -187,6 +191,9 @@ popq %rbx .endif /* \saved */ +#ifndef CONFIG_FRAME_POINTER + popq %rbp +#endif FRAME_END RET -- 2.35.3
Powered by blists - more mailing lists