Re: [RFC PATCH] x86: Make sure verify_cpu has a good stack

From: H. Peter Anvin
Date: Wed Mar 02 2016 - 13:39:39 EST


On 03/02/16 10:15, Borislav Petkov wrote:
> On Wed, Mar 02, 2016 at 09:53:28AM -0800, H. Peter Anvin wrote:
>> Please explain why we can't use rip-relative addressing in some form...
>
> We *can* do almost what Brian suggested:
>
> movq stack_start(%rip), %rsp
> subq $__START_KERNEL_map, %rsp
>
> But we still have to subtract __START_KERNEL_map.
>

Well, we definitely should use %rip-relative addressing if we can.

However, even so I believe this breaks if the kernel is loaded anywhere
but its default load address. I think we need to do something like:

movq stack_start(%rip), %rax
leaq __START_KERNEL_map(%rip), %rdx
subq %rdx, %rax
movq %rax, %rsp

The use of temporary registers avoids clobbering a valid stack pointer
for even a single instruction if we are given one.

-hpa