x86/mm: Fix SME encryption stack ptr handling

sme_encrypt_execute() stashes the stack pointer on entry into %rbp because it allocates a one-page stack in the non-encrypted area for the encryption routine to use. When the latter is done, it restores it from %rbp again, before returning. However, it uses the FRAME_* macros partially but restores %rsp from %rbp explicitly with a MOV. And this is fine as long as the macros *actually* do something. Unless, you do a !CONFIG_FRAME_POINTER build where those macros are empty. Then, we still restore %rsp from %rbp but %rbp contains *something* and this leads to a stack corruption. The manifestation being a triple-fault during early boot when testing SME. Good luck to me debugging this with the clumsy endless-loop-in-asm method and narrowing it down gradually. :-( So, long story short, open-code the frame macros so that there's no monkey business and we avoid subtly breaking SME depending on the .config. Fixes: 6ebcb060 ("x86/mm: Add support to encrypt the kernel in-place") Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Link: http://lkml.kernel.org/r/20170827163924.25552-1-bp@alien8.de

x86/mm: Fix SME encryption stack ptr handling
sme_encrypt_execute() stashes the stack pointer on entry into %rbp because it allocates a one-page stack in the non-encrypted area for the encryption routine to use. When the latter is done, it restores it from %rbp again, before returning. However, it uses the FRAME_* macros partially but restores %rsp from %rbp explicitly with a MOV. And this is fine as long as the macros *actually* do something. Unless, you do a !CONFIG_FRAME_POINTER build where those macros are empty. Then, we still restore %rsp from %rbp but %rbp contains *something* and this leads to a stack corruption. The manifestation being a triple-fault during early boot when testing SME. Good luck to me debugging this with the clumsy endless-loop-in-asm method and narrowing it down gradually. :-( So, long story short, open-code the frame macros so that there's no monkey business and we avoid subtly breaking SME depending on the .config. Fixes: 6ebcb060 ("x86/mm: Add support to encrypt the kernel in-place") Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Link: http://lkml.kernel.org/r/20170827163924.25552-1-bp@alien8.de
6e0b52d4 · Borislav Petkov · Thomas Gleixner · ea2800dd · 6e0b52d4
Commit 6e0b52d4 authored Aug 27, 2017 by Borislav Petkov Committed by Thomas Gleixner Aug 29, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

arch/x86/mm/mem_encrypt_boot.S arch/x86/mm/mem_encrypt_boot.S +3 -3

No files found.
--- a/arch/x86/mm/mem_encrypt_boot.S
+++ b/arch/x86/mm/mem_encrypt_boot.S
@@ -15,7 +15,6 @@
 #include <asm/page.h>
 #include <asm/processor-flags.h>
 #include <asm/msr-index.h>
-#include <asm/frame.h>

 	.text
 	.code64
@@ -33,7 +32,8 @@ ENTRY(sme_encrypt_execute)
 	 *    R8 - physcial address of the pagetables to use for encryption
 	 */

-	FRAME_BEGIN			/* RBP now has original stack pointer */
+	push	%rbp
+	movq	%rsp, %rbp		/* RBP now has original stack pointer */

 	/* Set up a one page stack in the non-encrypted memory area */
 	movq	%rcx, %rax		/* Workarea stack page */
@@ -64,7 +64,7 @@ ENTRY(sme_encrypt_execute)
 	pop	%r12

 	movq	%rbp, %rsp		/* Restore original stack pointer */
-	FRAME_END
+	pop	%rbp

 	ret
 ENDPROC(sme_encrypt_execute)