Thread (123 messages) 123 messages, 8 authors, 2021-09-15

Re: [PATCH Part1 v5 23/38] x86/head/64: set up a startup %gs for stack protector

From: Michael Roth <hidden>
Date: 2021-08-25 15:19:09
Also in: kvm, linux-coco, linux-mm, lkml, platform-driver-x86 

On Wed, Aug 25, 2021 at 04:29:13PM +0200, Borislav Petkov wrote:
On Fri, Aug 20, 2021 at 10:19:18AM -0500, Brijesh Singh wrote:
quoted
From: Michael Roth <redacted>

As of commit 103a4908ad4d ("x86/head/64: Disable stack protection for
head$(BITS).o") kernel/head64.c is compiled with -fno-stack-protector
to allow a call to set_bringup_idt_handler(), which would otherwise
have stack protection enabled with CONFIG_STACKPROTECTOR_STRONG. While
sufficient for that case, this will still cause issues if we attempt to
call out to any external functions that were compiled with stack
protection enabled that in-turn make stack-protected calls, or if the
exception handlers set up by set_bringup_idt_handler() make calls to
stack-protected functions.

Subsequent patches for SEV-SNP CPUID validation support will introduce
both such cases. Attempting to disable stack protection for everything
in scope to address that is prohibitive since much of the code, like
SEV-ES #VC handler, is shared code that remains in use after boot and
could benefit from having stack protection enabled. Attempting to inline
calls is brittle and can quickly balloon out to library/helper code
where that's not really an option.

Instead, set up %gs to point a buffer that stack protector can use for
canary values when needed.

In doing so, it's likely we can stop using -no-stack-protector for
head64.c, but that hasn't been tested yet, and head32.c would need a
similar solution to be safe, so that is left as a potential follow-up.
That...
Argh! I had this fixed up but I think it got clobbered in the patch
shuffle. I'll make sure to fix this, and remember to actually test
without CONFIG_STACKPTROTECTOR this time. Sorry for the screw-up.

quoted
Signed-off-by: Michael Roth <redacted>
Signed-off-by: Brijesh Singh <redacted>
---
 arch/x86/kernel/Makefile |  2 +-
 arch/x86/kernel/head64.c | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 3e625c61f008..5abdfd0dbbc3 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -46,7 +46,7 @@ endif
 # non-deterministic coverage.
 KCOV_INSTRUMENT		:= n
 
-CFLAGS_head$(BITS).o	+= -fno-stack-protector
+CFLAGS_head32.o		+= -fno-stack-protector
... and that needs to be taken care of too.
I didn't realize the the 32-bit path was something you were suggesting
to have added in this patch, but I'll take a look at that as well.
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help