From: Borislav Petkov <[email protected]> sme_encrypt_execute() stashes the stack pointer on entry into %rbp because it allocates a one-page stack in the non-encrypted area for the encryption routine to use. When the latter is done, it restores it from %rbp again, before returning.
However, it uses the FRAME_* macros partially but restores %rsp from %rbp explicitly with a MOV. And this is fine as long as the macros *actually* do something. Unless, you do a !CONFIG_FRAME_POINTER build where those macros are empty. Then, we still restore %rsp from %rbp but %rbp contains *something* and this leads to a stack corruption. The manifestation being a triple-fault during early boot when testing SME. Good luck to me debugging this with the clumsy endless-loop-in-asm method and narrowing it down gradually. :-( So, long story short, open-code the frame macros so that there's no monkey business and we avoid subtly breaking SME depending on the .config. Signed-off-by: Borislav Petkov <[email protected]> Acked-by: Tom Lendacky <[email protected]> Cc: Brijesh Singh <[email protected]> --- arch/x86/mm/mem_encrypt_boot.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index b327e0472448..730e6d541df1 100644 --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -15,7 +15,6 @@ #include <asm/page.h> #include <asm/processor-flags.h> #include <asm/msr-index.h> -#include <asm/frame.h> .text .code64 @@ -33,7 +32,8 @@ ENTRY(sme_encrypt_execute) * R8 - physcial address of the pagetables to use for encryption */ - FRAME_BEGIN /* RBP now has original stack pointer */ + push %rbp + movq %rsp, %rbp /* RBP now has original stack pointer */ /* Set up a one page stack in the non-encrypted memory area */ movq %rcx, %rax /* Workarea stack page */ @@ -64,7 +64,7 @@ ENTRY(sme_encrypt_execute) pop %r12 movq %rbp, %rsp /* Restore original stack pointer */ - FRAME_END + pop %rbp ret ENDPROC(sme_encrypt_execute) -- 2.13.0
