bcbea52292
commit 469693d8f62299709e8ba56d8fb3da9ea990213c upstream.
Due to
103a4908ad4d ("x86/head/64: Disable stack protection for head$(BITS).o")
kernel/head{32,64}.c are compiled with -fno-stack-protector to allow
a call to set_bringup_idt_handler(), which would otherwise have stack
protection enabled with CONFIG_STACKPROTECTOR_STRONG.
While sufficient for that case, there may still be issues with calls to
any external functions that were compiled with stack protection enabled
that in-turn make stack-protected calls, or if the exception handlers
set up by set_bringup_idt_handler() make calls to stack-protected
functions.
Subsequent patches for SEV-SNP CPUID validation support will introduce
both such cases. Attempting to disable stack protection for everything
in scope to address that is prohibitive since much of the code, like the
SEV-ES #VC handler, is shared code that remains in use after boot and
could benefit from having stack protection enabled. Attempting to inline
calls is brittle and can quickly balloon out to library/helper code
where that's not really an option.
Instead, re-enable stack protection for head32.c/head64.c, and make the
appropriate changes to ensure the segment used for the stack canary is
initialized in advance of any stack-protected C calls.
For head64.c:
- The BSP will enter from startup_64() and call into C code
(startup_64_setup_env()) shortly after setting up the stack, which
may result in calls to stack-protected code. Set up %gs early to allow
for this safely.
- APs will enter from secondary_startup_64*(), and %gs will be set up
soon after. There is one call to C code prior to %gs being setup
(__startup_secondary_64()), but it is only to fetch 'sme_me_mask'
global, so just load 'sme_me_mask' directly instead, and remove the
now-unused __startup_secondary_64() function.
For head32.c:
- BSPs/APs will set %fs to __BOOT_DS prior to any C calls. In recent
kernels, the compiler is configured to access the stack canary at
%fs:__stack_chk_guard [1], which overlaps with the initial per-cpu
'__stack_chk_guard' variable in the initial/"master" .data..percpu
area. This is sufficient to allow access to the canary for use
during initial startup, so no changes are needed there.
[1] 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable")
[ bp: Massage commit message. ]
Suggested-by: Joerg Roedel <jroedel@suse.de> #for 64-bit %gs set up
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220307213356.2797205-24-brijesh.singh@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
152 lines
3.7 KiB
C
Executable file
152 lines
3.7 KiB
C
Executable file
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _ASM_X86_SETUP_H
|
|
#define _ASM_X86_SETUP_H
|
|
|
|
#include <uapi/asm/setup.h>
|
|
|
|
#define COMMAND_LINE_SIZE 2048
|
|
|
|
#include <linux/linkage.h>
|
|
#include <asm/page_types.h>
|
|
|
|
#ifdef __i386__
|
|
|
|
#include <linux/pfn.h>
|
|
/*
|
|
* Reserved space for vmalloc and iomap - defined in asm/page.h
|
|
*/
|
|
#define MAXMEM_PFN PFN_DOWN(MAXMEM)
|
|
#define MAX_NONPAE_PFN (1 << 20)
|
|
|
|
#endif /* __i386__ */
|
|
|
|
#define PARAM_SIZE 4096 /* sizeof(struct boot_params) */
|
|
|
|
#define OLD_CL_MAGIC 0xA33F
|
|
#define OLD_CL_ADDRESS 0x020 /* Relative to real mode data */
|
|
#define NEW_CL_POINTER 0x228 /* Relative to real mode data */
|
|
|
|
#ifndef __ASSEMBLY__
|
|
#include <asm/bootparam.h>
|
|
#include <asm/x86_init.h>
|
|
|
|
extern u64 relocated_ramdisk;
|
|
|
|
/* Interrupt control for vSMPowered x86_64 systems */
|
|
#ifdef CONFIG_X86_64
|
|
void vsmp_init(void);
|
|
#else
|
|
static inline void vsmp_init(void) { }
|
|
#endif
|
|
|
|
struct pt_regs;
|
|
|
|
void setup_bios_corruption_check(void);
|
|
void early_platform_quirks(void);
|
|
|
|
extern unsigned long saved_video_mode;
|
|
|
|
extern void reserve_standard_io_resources(void);
|
|
extern void i386_reserve_resources(void);
|
|
extern unsigned long __startup_64(unsigned long physaddr, struct boot_params *bp);
|
|
extern void startup_64_setup_env(unsigned long physbase);
|
|
extern void early_setup_idt(void);
|
|
extern void __init do_early_exception(struct pt_regs *regs, int trapnr);
|
|
|
|
#ifdef CONFIG_X86_INTEL_MID
|
|
extern void x86_intel_mid_early_setup(void);
|
|
#else
|
|
static inline void x86_intel_mid_early_setup(void) { }
|
|
#endif
|
|
|
|
#ifdef CONFIG_X86_INTEL_CE
|
|
extern void x86_ce4100_early_setup(void);
|
|
#else
|
|
static inline void x86_ce4100_early_setup(void) { }
|
|
#endif
|
|
|
|
#ifndef _SETUP
|
|
|
|
#include <asm/espfix.h>
|
|
#include <linux/kernel.h>
|
|
|
|
/*
|
|
* This is set up by the setup-routine at boot-time
|
|
*/
|
|
extern struct boot_params boot_params;
|
|
extern char _text[];
|
|
|
|
static inline bool kaslr_enabled(void)
|
|
{
|
|
return IS_ENABLED(CONFIG_RANDOMIZE_MEMORY) &&
|
|
!!(boot_params.hdr.loadflags & KASLR_FLAG);
|
|
}
|
|
|
|
/*
|
|
* Apply no randomization if KASLR was disabled at boot or if KASAN
|
|
* is enabled. KASAN shadow mappings rely on regions being PGD aligned.
|
|
*/
|
|
static inline bool kaslr_memory_enabled(void)
|
|
{
|
|
return kaslr_enabled() && !IS_ENABLED(CONFIG_KASAN);
|
|
}
|
|
|
|
static inline unsigned long kaslr_offset(void)
|
|
{
|
|
return (unsigned long)&_text - __START_KERNEL;
|
|
}
|
|
|
|
/*
|
|
* Do NOT EVER look at the BIOS memory size location.
|
|
* It does not work on many machines.
|
|
*/
|
|
#define LOWMEMSIZE() (0x9f000)
|
|
|
|
/* exceedingly early brk-like allocator */
|
|
extern unsigned long _brk_end;
|
|
void *extend_brk(size_t size, size_t align);
|
|
|
|
/*
|
|
* Reserve space in the .brk section, which is a block of memory from which the
|
|
* caller is allowed to allocate very early (before even memblock is available)
|
|
* by calling extend_brk(). All allocated memory will be eventually converted
|
|
* to memblock. Any leftover unallocated memory will be freed.
|
|
*
|
|
* The size is in bytes.
|
|
*/
|
|
#define RESERVE_BRK(name, size) \
|
|
__section(".bss..brk") __aligned(1) __used \
|
|
static char __brk_##name[size]
|
|
|
|
/* Helper for reserving space for arrays of things */
|
|
#define RESERVE_BRK_ARRAY(type, name, entries) \
|
|
type *name; \
|
|
RESERVE_BRK(name, sizeof(type) * entries)
|
|
|
|
extern void probe_roms(void);
|
|
#ifdef __i386__
|
|
|
|
asmlinkage void __init i386_start_kernel(void);
|
|
|
|
#else
|
|
asmlinkage void __init x86_64_start_kernel(char *real_mode);
|
|
asmlinkage void __init x86_64_start_reservations(char *real_mode_data);
|
|
|
|
#endif /* __i386__ */
|
|
#endif /* _SETUP */
|
|
|
|
#else /* __ASSEMBLY */
|
|
|
|
.macro __RESERVE_BRK name, size
|
|
.pushsection .bss..brk, "aw"
|
|
SYM_DATA_START(__brk_\name)
|
|
.skip \size
|
|
SYM_DATA_END(__brk_\name)
|
|
.popsection
|
|
.endm
|
|
|
|
#define RESERVE_BRK(name, size) __RESERVE_BRK name, size
|
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
#endif /* _ASM_X86_SETUP_H */
|