From: Tom Lendacky <thomas.lendacky@amd.com>
To: Ingo Molnar <mingo@kernel.org>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
linux-doc@vger.kernel.org, linux-mm@kvack.org,
kvm@vger.kernel.org, kasan-dev@googlegroups.com,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Alexander Potapenko" <glider@google.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Rik van Riel" <riel@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Dave Young" <dyoung@redhat.com>,
"Toshimitsu Kani" <toshi.kani@hpe.com>
Subject: Re: [PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function attribute
Date: Tue, 18 Jul 2017 08:56:56 -0500 [thread overview]
Message-ID: <b9b7d092-cb15-bc2e-6675-a36a78a5db6f@amd.com> (raw)
In-Reply-To: <20170718093631.pnamvdrkmzcjz64j@gmail.com>
On 7/18/2017 4:36 AM, Ingo Molnar wrote:
>
> * Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
>> Create a new function attribute, __nostackp, that can used to turn off
>> stack protection on a per function basis.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>> include/linux/compiler-gcc.h | 2 ++
>> include/linux/compiler.h | 4 ++++
>> 2 files changed, 6 insertions(+)
>>
>> diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
>> index cd4bbe8..682063b 100644
>> --- a/include/linux/compiler-gcc.h
>> +++ b/include/linux/compiler-gcc.h
>> @@ -166,6 +166,8 @@
>>
>> #if GCC_VERSION >= 40100
>> # define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
>> +
>> +#define __nostackp __attribute__((__optimize__("no-stack-protector")))
>> #endif
>>
>> #if GCC_VERSION >= 40300
>> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
>> index 219f82f..63cbca1 100644
>> --- a/include/linux/compiler.h
>> +++ b/include/linux/compiler.h
>> @@ -470,6 +470,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>> #define __visible
>> #endif
>>
>> +#ifndef __nostackp
>> +#define __nostackp
>> +#endif
>
> So I changed this from the hard to read and ambiguous "__nostackp" abbreviation
> (does it mean 'no stack pointer?') to "__nostackprotector", plus added this detail
> to the changelog:
>
> | ( This is needed by the SME in-place kernel memory encryption feature,
> | which activates encryption in its sme_enable() function and thus changes the
> | visible value of the stack protection cookie on function return. )
>
> Agreed?
Hi Ingo,
I debugged this to needing "__nostackprotector" because sme_enable()
is called very early in the boot process before everything is properly
setup to fully support stack protection when KASLR is enabled. Without
this attribute the call to sme_enable() would fail even if encryption
was disabled with the "mem_encrypt=off" command line option.
If KASLR wasn't enabled, then everything worked fine without the
"__nostackprotector" attribute, encryption enabled or not.
The stack protection support is activated because of the 16-byte
character buffer in the sme_enable() routine. I think we'll find that
if a character buffer greater than 8 bytes is added to, for example,
__startup_64, then this attribute will need to be added to that routine.
Thanks,
Tom
>
> Thanks,
>
> Ingo
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Tom Lendacky <thomas.lendacky@amd.com>
To: Ingo Molnar <mingo@kernel.org>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
linux-doc@vger.kernel.org, linux-mm@kvack.org,
kvm@vger.kernel.org, kasan-dev@googlegroups.com,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Alexander Potapenko" <glider@google.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Rik van Riel" <riel@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Dave Young" <dyoung@redhat.com>,
"Toshimitsu Kani" <toshi.kani@hpe.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Brijesh Singh" <brijesh.singh@amd.com>
Subject: Re: [PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function attribute
Date: Tue, 18 Jul 2017 08:56:56 -0500 [thread overview]
Message-ID: <b9b7d092-cb15-bc2e-6675-a36a78a5db6f@amd.com> (raw)
Message-ID: <20170718135656.Ii6oMXB8Rp8bsqslEK_jTWIeYvoauEEzmzXAV9dJ8G0@z> (raw)
In-Reply-To: <20170718093631.pnamvdrkmzcjz64j@gmail.com>
On 7/18/2017 4:36 AM, Ingo Molnar wrote:
>
> * Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
>> Create a new function attribute, __nostackp, that can used to turn off
>> stack protection on a per function basis.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>> include/linux/compiler-gcc.h | 2 ++
>> include/linux/compiler.h | 4 ++++
>> 2 files changed, 6 insertions(+)
>>
>> diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
>> index cd4bbe8..682063b 100644
>> --- a/include/linux/compiler-gcc.h
>> +++ b/include/linux/compiler-gcc.h
>> @@ -166,6 +166,8 @@
>>
>> #if GCC_VERSION >= 40100
>> # define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
>> +
>> +#define __nostackp __attribute__((__optimize__("no-stack-protector")))
>> #endif
>>
>> #if GCC_VERSION >= 40300
>> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
>> index 219f82f..63cbca1 100644
>> --- a/include/linux/compiler.h
>> +++ b/include/linux/compiler.h
>> @@ -470,6 +470,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>> #define __visible
>> #endif
>>
>> +#ifndef __nostackp
>> +#define __nostackp
>> +#endif
>
> So I changed this from the hard to read and ambiguous "__nostackp" abbreviation
> (does it mean 'no stack pointer?') to "__nostackprotector", plus added this detail
> to the changelog:
>
> | ( This is needed by the SME in-place kernel memory encryption feature,
> | which activates encryption in its sme_enable() function and thus changes the
> | visible value of the stack protection cookie on function return. )
>
> Agreed?
Hi Ingo,
I debugged this to needing "__nostackprotector" because sme_enable()
is called very early in the boot process before everything is properly
setup to fully support stack protection when KASLR is enabled. Without
this attribute the call to sme_enable() would fail even if encryption
was disabled with the "mem_encrypt=off" command line option.
If KASLR wasn't enabled, then everything worked fine without the
"__nostackprotector" attribute, encryption enabled or not.
The stack protection support is activated because of the 16-byte
character buffer in the sme_enable() routine. I think we'll find that
if a character buffer greater than 8 bytes is added to, for example,
__startup_64, then this attribute will need to be added to that routine.
Thanks,
Tom
>
> Thanks,
>
> Ingo
>
next prev parent reply other threads:[~2017-07-18 13:56 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 21:09 [PATCH v10 00/38] x86: Secure Memory Encryption (AMD) Tom Lendacky
2017-07-17 21:09 ` Tom Lendacky
2017-07-17 21:09 ` [PATCH v10 01/38] x86: Document AMD Secure Memory Encryption (SME) Tom Lendacky
2017-07-17 21:09 ` Tom Lendacky
2017-07-17 21:09 ` [PATCH v10 02/38] x86/mm/pat: Set write-protect cache mode for full PAT support Tom Lendacky
2017-07-17 21:09 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 03/38] x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap for RAM mappings Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 05/38] x86/CPU/AMD: Handle SME reduction in physical address size Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 06/38] x86/mm: Add Secure Memory Encryption (SME) support Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 07/38] x86/mm: Remove phys_to_virt() usage in ioremap() Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 08/38] x86/mm: Add support to enable SME in early boot processing Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 09/38] x86/mm: Simplify p[g4um]d_page() macros Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 10/38] x86/mm: Provide general kernel support for memory encryption Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 11/38] x86/mm: Add SME support for read_cr3_pa() Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 12/38] x86/mm: Extend early_memremap() support with additional attrs Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 13/38] x86/mm: Add support for early encrypt/decrypt of memory Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 14/38] x86/mm: Insure that boot memory areas are mapped properly Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 15/38] x86/boot/e820: Add support to determine the E820 type of an address Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 16/38] efi: Add an EFI table address match function Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 17/38] efi: Update efi_mem_type() to return an error rather than 0 Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 18/38] x86/efi: Update EFI pagetable creation to work with SME Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 19/38] x86/mm: Add support to access boot related data in the clear Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 20/38] x86, mpparse: Use memremap to map the mpf and mpc data Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-11-03 15:12 ` Tomeu Vizoso
2017-11-03 15:12 ` Tomeu Vizoso
2017-11-03 15:31 ` Tom Lendacky
2017-11-03 15:31 ` Tom Lendacky
2017-11-06 7:13 ` Tomeu Vizoso
2017-11-06 7:13 ` Tomeu Vizoso
2017-07-17 21:10 ` [PATCH v10 21/38] x86/mm: Add support to access persistent memory in the clear Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 22/38] x86/mm: Add support for changing the memory encryption attribute Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 23/38] x86/realmode: Decrypt trampoline area if memory encryption is active Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 24/38] x86, swiotlb: Add memory encryption support Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 25/38] swiotlb: Add warnings for use of bounce buffers with SME Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 26/38] x86/CPU/AMD: Make the microcode level available earlier in the boot Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
[not found] ` <cover.1500319216.git.thomas.lendacky-5C7GfCeVMHo@public.gmane.org>
2017-07-17 21:10 ` [PATCH v10 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 28/38] x86, realmode: Check for memory encryption on the APs Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 31/38] x86/mm, kexec: Allow kexec to be used with SME Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 32/38] xen/x86: Remove SME feature in PV guests Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 33/38] x86/mm: Use proper encryption attributes with /dev/mem Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4 Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 35/38] x86/mm: Add support to encrypt the kernel in-place Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 36/38] x86/boot: Add early cmdline parsing for options with arguments Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function attribute Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-18 9:36 ` Ingo Molnar
2017-07-18 9:36 ` Ingo Molnar
2017-07-18 13:56 ` Tom Lendacky [this message]
2017-07-18 13:56 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 38/38] x86/mm: Add support to make use of Secure Memory Encryption Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-18 12:03 ` [PATCH v10 00/38] x86: Secure Memory Encryption (AMD) Thomas Gleixner
2017-07-18 12:03 ` Thomas Gleixner
2017-07-18 14:02 ` Tom Lendacky
2017-07-18 14:02 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b9b7d092-cb15-bc2e-6675-a36a78a5db6f@amd.com \
--to=thomas.lendacky@amd.com \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=dyoung@redhat.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=kasan-dev@googlegroups.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=toshi.kani@hpe.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).