From: Brian Gerst <brgerst@gmail.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>, "H . Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Uros Bizjak <ubizjak@gmail.com>, Brian Gerst <brgerst@gmail.com>
Subject: [PATCH 2/9] x86/boot: Disable stack protector for early boot code
Date: Mon, 23 Oct 2023 17:17:23 -0400 [thread overview]
Message-ID: <20231023211730.40566-3-brgerst@gmail.com> (raw)
In-Reply-To: <20231023211730.40566-1-brgerst@gmail.com>
On 64-bit, this will prevent crashes when the canary access is changed
from %gs:40 to %gs:__stack_chk_guard(%rip). RIP-relative addresses from
the identity-mapped early boot code will target the wrong address with
zero-based percpu. KASLR could then shift that address to an unmapped
page causing a crash on boot.
This early boot code runs well before userspace is active and does not
need stack protector enabled.
Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
arch/x86/kernel/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 0000325ab98f..aff619054e17 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -39,6 +39,8 @@ KMSAN_SANITIZE_nmi.o := n
KCOV_INSTRUMENT_head$(BITS).o := n
KCOV_INSTRUMENT_sev.o := n
+CFLAGS_head32.o := -fno-stack-protector
+CFLAGS_head64.o := -fno-stack-protector
CFLAGS_irq.o := -I $(srctree)/$(src)/../include/asm/trace
obj-y += head_$(BITS).o
--
2.41.0
next prev parent reply other threads:[~2023-10-23 21:17 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-23 21:17 [PATCH 0/9] x86-64: Stack protector and percpu improvements Brian Gerst
2023-10-23 21:17 ` [PATCH 1/9] x86/stackprotector/32: Remove stack protector test script Brian Gerst
2023-10-23 21:17 ` Brian Gerst [this message]
2023-10-23 21:17 ` [PATCH 3/9] x86/stackprotector/64: Convert stack protector to normal percpu variable Brian Gerst
2023-10-24 12:39 ` Uros Bizjak
2023-10-23 21:17 ` [PATCH 4/9] x86/percpu/64: Remove fixed_percpu_data Brian Gerst
2023-10-24 12:33 ` Uros Bizjak
2023-10-24 14:11 ` Brian Gerst
2023-10-23 21:17 ` [PATCH 5/9] x86/percpu/64: Use relative percpu offsets Brian Gerst
2023-10-24 12:43 ` Uros Bizjak
2023-10-23 21:17 ` [PATCH 6/9] x86/boot/64: Remove inverse relocations Brian Gerst
2023-10-23 21:17 ` [PATCH 7/9] x86/percpu/64: Remove INIT_PER_CPU macros Brian Gerst
2023-10-23 21:17 ` [PATCH 8/9] percpu: Remove PER_CPU_FIRST_SECTION Brian Gerst
2023-10-23 21:17 ` [PATCH 9/9] kallsyms: Remove KALLSYMS_ABSOLUTE_PERCPU Brian Gerst
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231023211730.40566-3-brgerst@gmail.com \
--to=brgerst@gmail.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=ubizjak@gmail.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.