From patchwork Mon Jan 22 09:08:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 19240 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2bc4:b0:101:a8e8:374 with SMTP id hx4csp2452733dyb; Mon, 22 Jan 2024 01:13:06 -0800 (PST) X-Google-Smtp-Source: AGHT+IF3gcJyTM/3kzCmZxm2hkt2nk56oUVxUj5fv4Mr/ishl8e7dFc61dwqbtNDhjO9A1BmEFnt X-Received: by 2002:a05:622a:1647:b0:42a:168d:d3b0 with SMTP id y7-20020a05622a164700b0042a168dd3b0mr6200600qtj.32.1705914786682; Mon, 22 Jan 2024 01:13:06 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705914786; cv=pass; d=google.com; s=arc-20160816; b=IEv2awlgEYxaU9T58NkjTf9GJ1QPbGFevPSwU8H1/gUJAgpKm1MfEqmBX4KIQYO5nY uZV30vKipT9imST88wj+hTa6/KflOfnPze5gbi0G04SCBNertLFELi0uuphH4n0cMQo6 xvhpa7/E3vBmxE0QMUtVi3JIC4s5AnzpxImJby/XOMAq0chTuoXmQyEHT2dTuLWdM/FU X3C8gcIgZEaKNBYS4qOqIhv+Qtx/XuMV5DqEdSr6jaT6Z8iNrr31KQBlcjM6cJOt9swV Yi226soTHJInlmjqfdHkX1wbJtBTPQ+TE9HKZYn2wsmjhe+SzfU0TJHDwvAYRJD7fQyF ouug== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:dkim-signature; bh=Ea19sCEL6xgQZE8T1J3CxwQSa9lih2SSx5JLzIENUFI=; fh=48HUvOMbKpeHraf1klkRburnyvYvg0IkDo40jTOEaFs=; b=Lmd6SAkS2c/y8CpuwSWguR2GqbZ5sVvsfmpcvSQY5OFAC/2baVKOUp+00TNwGSxyei 1QibCmkbDSdRd3Rwh/dlqW/dMkAxcUDL3FwFZvLyEQGXSSAWk7Wip2+2cyAMh24nsAc6 EBpnmRULaMbSCh2bx887KaJITox6EKxTuaaOlWh9HXSPbYyYcFSYV9/BClxBWb24a9il UumWkOeHjbVIBfb7xs5R/Hc5bl8NpQwDOwTULSbt6GA2sEsqdRjC1HLkDntq6dBXocX0 4i4n2tXgY76ieDLw1RYtH0BKdsBrL5b0FGkSbuy5J0/IrSMspxEpxIdiogGCvKX3Tcy6 dPDw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=jFVeag6W; arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-32598-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-32598-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id f4-20020ac859c4000000b0042a3a07e295si2757462qtf.15.2024.01.22.01.13.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 01:13:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-32598-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=jFVeag6W; arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-32598-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-32598-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 6CBC01C24211 for ; Mon, 22 Jan 2024 09:13:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0916F39AE1; Mon, 22 Jan 2024 09:12:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jFVeag6W" Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F4BF39AC8 for ; Mon, 22 Jan 2024 09:12:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705914765; cv=none; b=Y30RVxGRjwMe+gESlbGEisHUHUbZwu+FzG9/qYqfvpBNvqMfpQYew/C3ibEjpUfi4kScJ0SOiyNWJ98q1qLWKH906pB7HAiH+gSrDlZ9dTbGmajUX0RuxS7VYfCmEYMkJISz+Pk7bnlqazhMWo+2hx1V7pys/OF07iEF5sYz/jA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705914765; c=relaxed/simple; bh=+8NZkVAjHC96vpvuz759JVvziLYGwLvw1KXbIUU1Ifw=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=nk7/DP5xIxuw5jD5214cBmcUvVmqAUICYGKYHEcE98tiomCVYq57J7j576jlw1guqLBFPukwVqBcdklh4+3OloMjgXJEvScA+lZLR1kc2m8imfRxP/IkvhR8ZA5xd2f4sXkbU+u0KVQs1PnoqVZVusjdOu/7Eq95CDbgTf85slA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jFVeag6W; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5f38d676cecso44070957b3.0 for ; Mon, 22 Jan 2024 01:12:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1705914763; x=1706519563; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=Ea19sCEL6xgQZE8T1J3CxwQSa9lih2SSx5JLzIENUFI=; b=jFVeag6WsJchA4MzP1DBhVJiwzgomHr0Hp9HDFrkbCxBIVxhj3NAASBsuFZRLcaVAV F+mKiPtW2SeY1BQQqPIHzpJ0NpLW4tRnvXxbTj9s9d9yElL3BBY46tPeWNQz/RSK5+60 GVbgfRTDKcLuZwAMbumtzXBnAw2p/ht2/nye2oxnh/uACLViOOXK/lviQzQSNaA23s7p CsfPnFB6f1ETLtBE7keIjrQFnEuAZd5BB24Kjit1tWGuXHqfhH/ecUYKUp7hRgqF0unn Klzi7qmizCFSIdWEIhAxza2OTLf5hItkuRrB/A7TY7/eSI7skbSR4FSZOujq0idjZikW YCeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705914763; x=1706519563; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Ea19sCEL6xgQZE8T1J3CxwQSa9lih2SSx5JLzIENUFI=; b=R0i55A0iUDnM9IqcdseecG8lf8b2N2K9BeKv/fNJnC9YfbEWubuo+umGY62QKfzrJZ D8PUXTUUJt7IpfW8EwKBA/wFe1Jgt+ArHdy1A+EU5uRnsfK9F4jESHwt5WPzL/23R0rq UVAs737BFB+QiE/2MW5MKNFLLjdGVrUUUXoMuFylg2k9BxWzkh3J5HrZSt3laZnr51RC PEzYJ6z8+n/AwtelgUaTPcdgynWp7YVjQzqkG7pXfEgxQkJfQ/5WFIXEj5zGcGTtSTyR ISN8ZJnsc7oB/qh78TLPtSIF/yUYYa5eCVwUaFxxU4OJ6YDyHqhMQYaCYiOBfCUxuERi ZC1w== X-Gm-Message-State: AOJu0YyocSnZvXSNJBZv+P8owvvJ7bNOXYQ6yjOtWxcXijgXvHQW1avs YFZ3ZipD34UIMvuox4U9nkZkBTQwPSnliZxDzsA3LTQYQcUcE7LpDcA04rBZD8iv5tn4QZU18AC 0QyZVL5AfZz7367BtVkY4/ec4H5EgUzIjzTwsLwh+gP5B43q9BLAPboYq9+FmVVZowTQ840e1py PqicQhLcdVxQfSPs2C7eorRe71RXhLdA== X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a0d:d44d:0:b0:5f0:92a1:18b2 with SMTP id w74-20020a0dd44d000000b005f092a118b2mr2271140ywd.2.1705914763174; Mon, 22 Jan 2024 01:12:43 -0800 (PST) Date: Mon, 22 Jan 2024 10:08:52 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3870; i=ardb@kernel.org; h=from:subject; bh=dFHNAEG19z4Lmd37LarwGh98lLslGrVHWSybun0HPdA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIXWdwZKzFvHyjLMzXTcxOf9ZUPMychWTzv+M+KSPnP131 7yxvaXXUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZyvYSR4eYL0zz7x87vfNaw f+w+cXLfliPyEWk/vFnt36oxnVW0N2VkeN4zN+K+/KQCFjtJ6zuLLede4GXmkap2UuxbIjO79n8 SGwA= X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog Message-ID: <20240122090851.851120-7-ardb+git@google.com> Subject: [RFC PATCH 0/5] x86: Build the core kernel using PIC codegen From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Kevin Loughlin , Tom Lendacky , Dionna Glaze , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Andy Lutomirski , Arnd Bergmann , Martin KaFai Lau , Nathan Chancellor , Nick Desaulniers , Justin Stitt , linux-arch@vger.kernel.org, bpf@vger.kernel.org, llvm@lists.linux.dev X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788781303241987705 X-GMAIL-MSGID: 1788781303241987705 From: Ard Biesheuvel Originally, only arch/x86/kernel/head64.c had some code that required special care because it executes very early from the 1:1 mapping of the kernel rather than the ordinary kernel virtual mapping. This is no longer the case, and there is a lot of SEV related code that is reachable from the primary startup path, with no guarantees that the toolchain will produce code that runs correctly. This is especially problematic when it comes to things like string literals, which are emitted by the compiler as data objects, and subsequently referenced via an absolute address that is not mapped yet this early in the boot [0]. Kevin has been looking into failures resulting from the fact that Clang behaves slightly differently from GCC in this regard, by selectively applying PIC codegen to the objects in question. However, while this fixes the observed issues, it does not offer any guarantees, given that the set of reachable code from startup_64() does not appear to be bounded when running on SEV hardware. Instead of applying this change piecemeal to objects that happen to have caused issues in the past, this series convert the core kernel to PIC codegen entirely. Note that this does not entirely solve the problem of the unbounded set of reachable code from the early SEV entrypoint: there might be code that attempts to access global objects via their kernel virtual address (which is not mapped yet). But at least all implicit accesses will be made via the same translation that the code is running from. This does result in a slight increase in code size (see below) but it also reduces the size of the KASLR relocation table (applied by the decompressor) by roughly half. Before $ size -x vmlinux text data bss dec hex filename 0x1b78ec1 0xdde145 0x381000 47022086 2cd8006 vmlinux After $ size -x vmlinux text data bss dec hex filename 0x1b8371b 0xde0d1d 0x370000 47006776 2cd4438 vmlinux [0] arch/x86/mm/mem_encrypt_identity.c has some nice examples of this, where RIP-relative references are emitted using inline asm. [1] https://lkml.kernel.org/r/20240111223650.3502633-1-kevinloughlin%40google.com Cc: Kevin Loughlin Cc: Tom Lendacky Cc: Dionna Glaze Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Martin KaFai Lau Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: Justin Stitt Cc: linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: bpf@vger.kernel.org Cc: llvm@lists.linux.dev Ard Biesheuvel (5): kallsyms: Avoid weak references for kallsyms symbols vmlinux: Avoid weak reference to notes section btf: Avoid weak external references x86/head64: Replace pointer fixups with PIE codegen x86: Build the core kernel with position independent codegen arch/x86/Makefile | 18 ++- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/entry/vdso/Makefile | 2 +- arch/x86/include/asm/init.h | 2 - arch/x86/include/asm/setup.h | 2 +- arch/x86/kernel/head64.c | 117 +++++++------------- arch/x86/realmode/rm/Makefile | 1 + include/asm-generic/vmlinux.lds.h | 23 ++++ kernel/bpf/btf.c | 4 +- kernel/kallsyms.c | 6 - kernel/kallsyms_internal.h | 30 ++--- kernel/ksysfs.c | 4 +- lib/buildid.c | 4 +- 13 files changed, 104 insertions(+), 111 deletions(-)