Subject: Re: [RFC PATCH] x86: Make sure verify_cpu has a good stack
To: Borislav Petkov <bp@alien8.de>
References: <1456917606-4979-1-git-send-email-bp@alien8.de>
 <CAMzpN2jsSaQDtnMSbPq7W5GY_1WUmjts9-9kq45E29=nXAV7rw@mail.gmail.com>
 <20160302162530.GA8362@pd.tnic>
 <086BE61B-DCCC-4105-90A2-295A487C7F6F@zytor.com>
 <20160302181556.GD8362@pd.tnic> <56D73349.3020609@zytor.com>
 <20160302195053.GG8362@pd.tnic>
Cc: Brian Gerst <brgerst@gmail.com>, X86 ML <x86@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Tom Lendacky <thomas.lendacky@amd.com>
From: "H. Peter Anvin" <hpa@zytor.com>
Message-ID: <56D75C8D.90800@zytor.com>
Date: Wed, 2 Mar 2016 13:35:09 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160302195053.GG8362@pd.tnic>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1016
Lines: 31

On 03/02/16 11:50, Borislav Petkov wrote:
> On Wed, Mar 02, 2016 at 10:39:05AM -0800, H. Peter Anvin wrote:
>> Well, we definitely should use %rip-relative addressing if we can.
> 
> Right you are.
> 
>> However, even so I believe this breaks if the kernel is loaded anywhere
>> but its default load address.  I think we need to do something like:
>>
>> 	movq	stack_start(%rip), %rax
>> 	leaq	__START_KERNEL_map(%rip), %rdx
>> 	subq	%rdx, %rax
>> 	movq	%rax, %rsp
>>
>> The use of temporary registers avoids clobbering a valid stack pointer
>> for even a single instruction if we are given one.
> 
> Yeah, we should be prudent and make this as sturdy as possible. I did this:
> 
> CONFIG_PHYSICAL_START=0x100beef
> 
> and it aligned startup_64 up to ffffffff82000000. It seems to boot fine
> in kvm. But better safe than sorry.
> 

You're not actually testing anything as the real issue is what happens
with a relocating bootloader.  That's okay; I think we can be pretty
sure the above works by inspection.

	-hpa