On Tue, May 19, 2020 at 11:15:26AM +0200, Borislav Petkov wrote: > On Tue, Apr 28, 2020 at 05:16:45PM +0200, Joerg Roedel wrote: > > From: Joerg Roedel <jroedel@xxxxxxx> > > > > The code inserted by the stack protector does not work in the early > > boot environment because it uses the GS segment, at least with memory > > encryption enabled. > > Can you elaborate on why is that a problem? > > The stack cookie is not generated that early yet so it should be > comparing %gs:40 to 0. Yes, and when GS_BASE is 0 it will dereference NULL pointer, which generates a page-fault before the kernel is able to handle it. Joerg
