From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756127AbcCBQKj (ORCPT ); Wed, 2 Mar 2016 11:10:39 -0500 Received: from mail-db3on0068.outbound.protection.outlook.com ([157.55.234.68]:24192 "EHLO emea01-db3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755991AbcCBQKg (ORCPT ); Wed, 2 Mar 2016 11:10:36 -0500 Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=nextfour.com; Subject: Re: [RFC PATCH] x86: Make sure verify_cpu has a good stack To: Borislav Petkov , "H. Peter Anvin" References: <1456917606-4979-1-git-send-email-bp@alien8.de> CC: X86 ML , LKML , Tom Lendacky From: =?UTF-8?Q?Mika_Penttil=c3=a4?= Message-ID: <56D70CE2.1050500@nextfour.com> Date: Wed, 2 Mar 2016 17:55:14 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <1456917606-4979-1-git-send-email-bp@alien8.de> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [84.250.21.106] X-ClientProxiedBy: VI1PR02CA0029.eurprd02.prod.outlook.com (25.162.7.167) To AM2PR07MB0897.eurprd07.prod.outlook.com (25.161.71.18) X-Microsoft-Exchange-Diagnostics: 1;AM2PR07MB0897;2:vHDC0Qn8YUopnle3eiry5pzscXBTKB17Ghg9huZZkQjIldOAmLteg+IaPhVzMF2OejsDS0ertUEqnRz/7B67qlv0d2mznqEo/JZL2sFl8sVB/fUQW5XSxvZRavSkTQ7QQfjjKVjvOfouoIX69cJ0Cw==;3:QZYQp0K1zoHMQitJ90Zwf0PPIa2GsQM3OrI9zBJ2czNClJ5vVNctBEwuBjKbVrwSM9olVS/cZlOBCm7busDdsL4dmdFVDx9Pwi7yZ2chUhWtnDkzRwY6Tn84R1iVJJkS;25:jU6s24elpymQFpILHLeFbMHP9L7VO+D6Xfw28K2yrz5hgoDKK6CZqu7rZCb/Yf3YXlhd2NTbLnw0pIPYksOsSJBYywja0ueA6HkWaZd+4vo4lUegN7ymghc2PMW25KnkehLfnyGEN69IThJmnOYqb5qqMI+x2VawCNSv+UrrdppxgGTaB4nCW4UOGvNLxmuSuQ0WbxiZTjdlzBFGSLMRfNWHQm9txQ2bPGkjGnU3TefIVsogzeSIkb4vBrcmLCBGlx4I+hhYjunN4a+6TnWeYNTOyE0Rtxab0OhKSzAFI+az9zMWL3mLhNHGFhJ8VukpqZmEIDGJLmcR6h6914S75A== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM2PR07MB0897; X-MS-Office365-Filtering-Correlation-Id: b0af5f08-a888-4378-9c71-08d342b30dee X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046);SRVR:AM2PR07MB0897;BCL:0;PCL:0;RULEID:;SRVR:AM2PR07MB0897; X-Microsoft-Exchange-Diagnostics: 1;AM2PR07MB0897;4:lGfkwVecbodpsqYDyPdso1O5TDD7Hd2kYbWNZdoFnjwPXOt2K4W35VpB/sfnNzUqDRONZ4UzHPZyah/YkP4DU3S0SwIpqCOSyP252fpV+Ob6jwnByKF5RNVaFKGzm3si+y9xWvqrrxnaELZ21FS9OaFwdItwoRTJ96ns7gm4zuPjreJcD/1sAv9LUK8DlMKntNhkyLUVtBW4N7TpOOEQPQ3lvU36KVQX3kT7aLPz05VAaYZz5CY+v9rd+Ny/NiKT8pvm7VRh8iLWXvaaWFlM/+FTLHIWgvu3YlxRR+maNMDhZoWXarUYxw2j++1/BjyNm8RcefqWQNwJLB2TQhNNDNc5VqzUSqqR7VZXMVTizIAffb8MABunDQziPyEivJEr X-Forefront-PRVS: 086943A159 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6049001)(6009001)(15650500001)(92566002)(36756003)(64126003)(86362001)(575784001)(87976001)(81156010)(77096005)(189998001)(2950100001)(50986999)(80316001)(3846002)(54356999)(87266999)(65816999)(76176999)(19580405001)(59896002)(42186005)(47776003)(66066001)(23746002)(117156001)(6116002)(19580395003)(40100003)(230700001)(4326007)(5004730100002)(5001770100001)(586003)(50466002)(122386002)(5001960100004)(5008740100001)(4001350100001)(33656002)(1096002)(83506001)(2906002)(7059030);DIR:OUT;SFP:1101;SCL:1;SRVR:AM2PR07MB0897;H:[192.168.1.71];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;AM2PR07MB0897;23:Wv7qX2Nm7yHvjGfLiJXJBHjLYHomkxFxKYlOl?= =?Windows-1252?Q?a2pOOMH+RvX4zSEeqkD23jycT9I6PR0IK1nQ+3MejZ138OngWLTTPSYk?= =?Windows-1252?Q?l7vyIsuFFFhdB1HNihMFGbW1HC6/RSbsOKBGxW75MxjWckddVyUZ3ye9?= =?Windows-1252?Q?gZsBb2WVFn+qZV1/ZPQv38rtVnFPkV9kaVDk6gwlbTTmJomChOm79PZb?= =?Windows-1252?Q?SJQ1WG8zYh21Zi0SDFy4aw3XRT27pVoE0LC7900RDPeB9W4ppmXoxzyv?= =?Windows-1252?Q?uV9oiPooqWqb4oETIy/1N5X9NqVMYH5LkC7FIdG2KlNidjLoDGvSxRCi?= =?Windows-1252?Q?uLtBMhDOAYTbl+lTnjYGnBJ9nS3o81ctwnu+4xaprLSw61TZsrWV+m1/?= =?Windows-1252?Q?prhqhanroDdKRdOmaOOfmeUjfFhnsLxvG4E7P6gLCf2dUoqadOFtnlVM?= =?Windows-1252?Q?06N1gTdOo0Ex7hBUgEFdB80FFza7ihvsCdYK7EP2nutGpgwea28JVDAw?= =?Windows-1252?Q?RbhpS6LT5DcPBITjrq5mXt6VyvYNFZBW6XUDk+aHtoAkye5cE2HxX30k?= =?Windows-1252?Q?44TY++N7zue13hglnJnR0OA33VsivVe4Hx6F/BE2/4gKiN7+4IFvNNbI?= =?Windows-1252?Q?zLCh7nI6CKxHUR3AW9wlYtPeLNjtGnBzJmNYBFVK3o2FQ6W/xYmajw5P?= =?Windows-1252?Q?SuDFy+KV98r9pbs0QiYL+2PFj1oeA+qAT2JNy1iuhFprkXDGw0Oj3q7O?= =?Windows-1252?Q?KhRuyaICihpUOWiMlgAC6JjfGhL7Ch7i0n4+UiasfU0vEfZI6iEowVaK?= =?Windows-1252?Q?5Tw5l9NmWS16tiBMDehhBDEySc+gZjIwURvWnUqnfj27r506nEMwQxoj?= =?Windows-1252?Q?4WyRez2jR3+ZBbVOzKAPqyZ6dm5o/jxcXTZv1e45kxVS1IFPjOLVO8lV?= =?Windows-1252?Q?mLur6fBwwifArpMMluUEN6wGyt1ybp7Uf7FRCavUQLKEIaGwotxh48Yh?= =?Windows-1252?Q?9/Yu8y0kquW96AHkZHnY0RUpgvl383CtItalCeE7CXelX6lQJEKhCUDo?= =?Windows-1252?Q?o4t56F5TqxcbJTBLKhF/8Ksfb2+huFcvFK63bLmftGyUaTDsAxJSxOcE?= =?Windows-1252?Q?e/jHYN6vyouxTpWfkUY+RsZHh6PrMhMGB/pWGM5Ha9xmFp8qUvo57NZd?= =?Windows-1252?Q?1+yjROpD7nMciDcANwdDDKWsSan6c72It6kwgnm6Gu0E/LJp37GbA7rR?= =?Windows-1252?Q?Gv5UWrRz2+aieDZRZ8D+DHzQdxV3Leth2f8XWxpZaoCo62YpkyFxrP0V?= =?Windows-1252?Q?UVNp8VjiZDMUMH5NLCuK5UTeQ=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1;AM2PR07MB0897;5:8vmxQdrXpqHyjpZktGJqxZucDYCbG6c3WjmUjBnKn0YKoxlkw6DCEoOvnjZxo4WIzmaj+LtssSV5QhdRtLbixocOEDnv4JM31UWL9lGRYbPN8AaNk1B2uOOcE/yabbnlNqZCE5rGxZiswqFaF9N9cA==;24:UbzB/yp7SjlE5JvFvKcQswEF06QXKrT2fM+tZ50c/1rMMF+zUtqkfT1/ZZLbN4mqA8HBAYc8RisGdUX4FNkDnf3vLeRAs16+30V04lRGWDQ= SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: nextfour.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2016 15:55:18.4223 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR07MB0897 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02.03.2016 13:20, Borislav Petkov wrote: > From: Borislav Petkov > > 04633df0c43d ("x86/cpu: Call verify_cpu() after having entered long mode too") > added the call to verify_cpu() for sanitizing CPU configuration. > > The latter uses the stack minimally and it can happen that we land in > startup_64() directly from a 64-bit bootloader. Then we want to use our > own, known good stack. > > Do that. > > APs don't need this as the trampoline sets up a stack for them. > > Reported-by: Tom Lendacky > Signed-off-by: Borislav Petkov > --- > arch/x86/kernel/head_64.S | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S > index 22fbf9df61bb..d60a044c2fdc 100644 > --- a/arch/x86/kernel/head_64.S > +++ b/arch/x86/kernel/head_64.S > @@ -64,6 +64,10 @@ startup_64: > * tables and then reload them. > */ > > + /* Setup a stack for verify_cpu */ > + movq stack_start - __START_KERNEL_map, %rsp > + subq $__START_KERNEL_map, %rsp > + You subtract __START_KERNEL_map twice ? --Mika