[tip: x86/seves] x86/boot/compressed/64: Disable red-zone usage

From: tip-bot2 for Joerg Roedel
Date: Thu Sep 10 2020 - 05:34:33 EST

Next message: tip-bot2 for Joerg Roedel: "[tip: x86/seves] x86/insn: Add insn_get_modrm_reg_off()"
Previous message: tip-bot2 for Joerg Roedel: "[tip: x86/seves] x86/insn: Add insn_has_rep_prefix() helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following commit has been merged into the x86/seves branch of tip:

Commit-ID: 6ba0efa46047936afa81460489cfd24bc95dd863
Gitweb: https://git.kernel.org/tip/6ba0efa46047936afa81460489cfd24bc95dd863
Author: Joerg Roedel <jroedel@xxxxxxx>
AuthorDate: Mon, 07 Sep 2020 15:15:13 +02:00
Committer: Borislav Petkov <bp@xxxxxxx>
CommitterDate: Mon, 07 Sep 2020 19:45:25 +02:00

x86/boot/compressed/64: Disable red-zone usage

The x86-64 ABI defines a red-zone on the stack:

The 128-byte area beyond the location pointed to by %rsp is considered
to be reserved and shall not be modified by signal or interrupt
handlers. Therefore, functions may use this area for temporary data
that is not needed across function calls. In particular, leaf
functions may use this area for their entire stack frame, rather than
adjusting the stack pointer in the prologue and epilogue. This area is
known as the red zone.

This is not compatible with exception handling, because the IRET frame
written by the hardware at the stack pointer and the functions to handle
the exception will overwrite the temporary variables of the interrupted
function, causing undefined behavior. So disable red-zones for the
pre-decompression boot code.

Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
Signed-off-by: Borislav Petkov <bp@xxxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Link: https://lkml.kernel.org/r/20200907131613.12703-13-joro@xxxxxxxxxx
---
arch/x86/boot/compressed/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 3962f59..5343079 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -32,7 +32,7 @@ KBUILD_CFLAGS := -m$(BITS) -O2
KBUILD_CFLAGS += -fno-strict-aliasing $(call cc-option, -fPIE, -fPIC)
KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING
cflags-$(CONFIG_X86_32) := -march=i386
-cflags-$(CONFIG_X86_64) := -mcmodel=small
+cflags-$(CONFIG_X86_64) := -mcmodel=small -mno-red-zone
KBUILD_CFLAGS += $(cflags-y)
KBUILD_CFLAGS += -mno-mmx -mno-sse
KBUILD_CFLAGS += -ffreestanding

Next message: tip-bot2 for Joerg Roedel: "[tip: x86/seves] x86/insn: Add insn_get_modrm_reg_off()"
Previous message: tip-bot2 for Joerg Roedel: "[tip: x86/seves] x86/insn: Add insn_has_rep_prefix() helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]