From: Brian Gerst <brgerst@gmail.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>, "H . Peter Anvin" <hpa@zytor.com>,
Uros Bizjak <ubizjak@gmail.com>,
David.Laight@aculab.com, Brian Gerst <brgerst@gmail.com>
Subject: [PATCH v4 03/16] x86/boot: Disable stack protector for early boot code
Date: Fri, 22 Mar 2024 12:52:20 -0400 [thread overview]
Message-ID: <20240322165233.71698-4-brgerst@gmail.com> (raw)
In-Reply-To: <20240322165233.71698-1-brgerst@gmail.com>
On 64-bit, this will prevent crashes when the canary access is changed
from %gs:40 to %gs:__stack_chk_guard(%rip). RIP-relative addresses from
the identity-mapped early boot code will target the wrong address with
zero-based percpu. KASLR could then shift that address to an unmapped
page causing a crash on boot.
This early boot code runs well before userspace is active and does not
need stack protector enabled.
Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
arch/x86/kernel/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 5d128167e2e2..9884d2c9de15 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -40,6 +40,8 @@ KMSAN_SANITIZE_sev.o := n
KCOV_INSTRUMENT_head$(BITS).o := n
KCOV_INSTRUMENT_sev.o := n
+CFLAGS_head32.o := -fno-stack-protector
+CFLAGS_head64.o := -fno-stack-protector
CFLAGS_irq.o := -I $(srctree)/$(src)/../include/asm/trace
obj-y += head_$(BITS).o
--
2.44.0
next prev parent reply other threads:[~2024-03-22 16:52 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-22 16:52 [PATCH v4 00/16] x86-64: Stack protector and percpu improvements Brian Gerst
2024-03-22 16:52 ` [PATCH v4 01/16] x86/stackprotector/32: Remove stack protector test script Brian Gerst
2024-03-23 17:00 ` Uros Bizjak
2024-03-22 16:52 ` [PATCH v4 02/16] x86/stackprotector/64: " Brian Gerst
2024-03-23 17:01 ` Uros Bizjak
2024-03-22 16:52 ` Brian Gerst [this message]
2024-03-22 16:52 ` [PATCH v4 04/16] x86/pvh: Use fixed_percpu_data for early boot GSBASE Brian Gerst
2024-03-22 16:52 ` [PATCH v4 05/16] x86/relocs: Handle R_X86_64_REX_GOTPCRELX relocations Brian Gerst
2024-03-22 16:52 ` [PATCH v4 06/16] objtool: Allow adding relocations to an existing section Brian Gerst
2024-03-22 16:52 ` [PATCH v4 07/16] objtool: Convert fixed location stack protector accesses Brian Gerst
2024-03-22 16:52 ` [PATCH v4 08/16] x86/stackprotector/64: Convert to normal percpu variable Brian Gerst
2024-03-23 17:11 ` Uros Bizjak
2024-03-22 16:52 ` [PATCH v4 09/16] x86/percpu/64: Use relative percpu offsets Brian Gerst
2024-03-23 17:14 ` Uros Bizjak
2024-03-22 16:52 ` [PATCH v4 10/16] x86/percpu/64: Remove fixed_percpu_data Brian Gerst
2024-03-23 17:14 ` Uros Bizjak
2024-03-22 16:52 ` [PATCH v4 11/16] x86/boot/64: Remove inverse relocations Brian Gerst
2024-03-22 16:52 ` [PATCH v4 12/16] x86/percpu/64: Remove INIT_PER_CPU macros Brian Gerst
2024-03-23 17:15 ` Uros Bizjak
2024-03-22 16:52 ` [PATCH v4 13/16] percpu: Remove PER_CPU_FIRST_SECTION Brian Gerst
2024-03-23 17:17 ` Uros Bizjak
2024-03-22 16:52 ` [PATCH v4 14/16] percpu: Remove PERCPU_VADDR() Brian Gerst
2024-03-22 16:52 ` [PATCH v4 15/16] percpu: Remove __per_cpu_load Brian Gerst
2024-03-22 16:52 ` [PATCH v4 16/16] kallsyms: Remove KALLSYMS_ABSOLUTE_PERCPU Brian Gerst
2024-03-23 11:39 ` [PATCH v4 00/16] x86-64: Stack protector and percpu improvements Uros Bizjak
2024-03-23 13:22 ` Brian Gerst
2024-03-23 16:16 ` Linus Torvalds
2024-03-23 17:06 ` Linus Torvalds
2024-03-24 19:09 ` David Laight
2024-03-25 14:51 ` Arnd Bergmann
2024-03-25 15:26 ` Takashi Iwai
2024-03-25 18:08 ` Arnd Bergmann
2024-03-26 7:02 ` Uros Bizjak
2024-03-23 22:55 ` Arnd Bergmann
2024-03-25 15:14 ` Ard Biesheuvel
2024-03-24 2:25 ` Ingo Molnar
2024-03-24 3:51 ` Brian Gerst
2024-03-24 4:05 ` Ingo Molnar
2024-03-24 5:43 ` Brian Gerst
2024-03-24 10:53 ` Ingo Molnar
2024-03-24 12:34 ` Brian Gerst
2024-03-24 18:14 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240322165233.71698-4-brgerst@gmail.com \
--to=brgerst@gmail.com \
--cc=David.Laight@aculab.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
--cc=ubizjak@gmail.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.