Re: [PATCH v3 35/75] x86/head/64: Build k/head64.c with -fno-stack-protector

From: Borislav Petkov
Date: Tue May 19 2020 - 05:15:37 EST

Next message: Wei Yongjun: "[PATCH -next] iommu/sun50i: Fix return value check in sun50i_iommu_probe()"
Previous message: Heiko Stuebner: "Re: [PATCH v2 1/2] arm64: dts: rockchip: fix defines in pd_vio node for rk3399"
Next in thread: Brian Gerst: "Re: [PATCH v3 35/75] x86/head/64: Build k/head64.c with -fno-stack-protector"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 28, 2020 at 05:16:45PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@xxxxxxx>
>
> The code inserted by the stack protector does not work in the early
> boot environment because it uses the GS segment, at least with memory
> encryption enabled.

Can you elaborate on why is that a problem?

The stack cookie is not generated that early yet so it should be
comparing %gs:40 to 0.

Also, it generates the checking code here only with

CONFIG_STACKPROTECTOR_STRONG=y

> Make sure the early code is compiled without this feature enabled.

If so, then this should be with CONFIG_AMD_MEM_ENCRYPT ifdeffery around
it.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Wei Yongjun: "[PATCH -next] iommu/sun50i: Fix return value check in sun50i_iommu_probe()"
Previous message: Heiko Stuebner: "Re: [PATCH v2 1/2] arm64: dts: rockchip: fix defines in pd_vio node for rk3399"
Next in thread: Brian Gerst: "Re: [PATCH v3 35/75] x86/head/64: Build k/head64.c with -fno-stack-protector"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]