On Thu, Mar 23, 2023 at 10:23:02AM -0400, Brian Gerst wrote: > Making sure that the stack protector is either disabled or properly > set up, and disabling any instrumentation/profiling/debug crap that > isn't initialized yet. Lemme dump brain of what Tom and I were talking about today so that it is documented somewhere. * re: stack protector: I was thinking to mark this function __attribute__((no_stack_protector)) but gcc added the function attribute way later: ~/src/gcc/gcc.git> git tag --contains 346b302d09c1e6db56d9fe69048acb32fbb97845 basepoints/gcc-12 basepoints/gcc-13 releases/gcc-11.1.0 releases/gcc-11.2.0 releases/gcc-11.3.0 releases/gcc-12.1.0 releases/gcc-12.2.0 which means, that function would have to live somewhere in a file which has stack protector disabled. One possible place would be arch/x86/mm/mem_encrypt_identity.c which is kinda related. * re: stack: in order to be able to call a C function that early, we'd have to put the VA of the initial stack back into %rsp as we switch pagetables a bit earlier in there (thx Tom). So by then, doing all that cargo-cult just in order to not have a bunch of lines in asm doesn't sound all that great anymore. * The __head per-function attribute is easily solved by lifting the __head define into a common header. So meh, dunno. I guess we can do the asm thing for now, until a cleaner solution without too many warts presents itself. As to exporting cc_vendor: https://lore.kernel.org/r/20230318115634.9392-1-bp@xxxxxxxxx I'll redo those and the SEV-ES patch won't have to add cc_get_vendor(). Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette
