| Message ID | 20240125112818.2016733-19-ardb+git@google.com |
|---|---|
| Headers |
Return-Path: <linux-kernel+bounces-38504-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:2553:b0:103:945f:af90 with SMTP id
p19csp1572661dyi;
Thu, 25 Jan 2024 03:33:05 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IGYwk9pU/KGdT+E5hkLSPtb1+IOxeIhp/c7KKliVq+TpghM1Y9FF8AieI+51hG1JRerHjRK
X-Received: by 2002:a17:907:d411:b0:a31:2fe9:e8e2 with SMTP id
vi17-20020a170907d41100b00a312fe9e8e2mr500393ejc.22.1706182385587;
Thu, 25 Jan 2024 03:33:05 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706182385; cv=pass;
d=google.com; s=arc-20160816;
b=XFqnAg4U6x0ptH8NxkTNisjlBSKPyaqEcewe05Hx9qYHxX9zNvrBFYMuh84rstznoZ
t2FLpzwbwZNrC7gvZWFnq9o1k67NdaGSnDSEWkAX59WHZXaBsV/sv8uX4sRDUUY2JWYu
QslXwF6LKR5wpN9SJ2AiJtfqaxZY1jtfg0yK1BG36IyNa3tQ59rmRrDbvzDLg+jMrmFx
e0TLHw6Ni9TgT4d5uMU0RJxTMnkggSH8ObbD5NVahvR6FWK6k+QdcjTkKx1GMRmc4kao
1uHAbJ6Hpw5qWYTMiLklIII8K33drcOwRMXzcmTrYD5Ll/B+F//zzQ4CFA+Tp+b06cY9
V9Pw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=cc:to:from:subject:message-id:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:date:dkim-signature;
bh=zCvimkwa+N98VxwOiO1HtexFLHWLAuY9mMqDTRppF28=;
fh=Mjd69IxHltS/Jba8SYEPy4aDMrScq2KBDxG2XjETtWk=;
b=LIud+SR9gYP9mSvZmh1wOV2qHZbP48jXQRp1O6qYZ1NRfvs6VRsYP2YeZ//pE37cLl
oCZ08VEkRh0wZtoBrXNWO3Ql1gjqWa0fdzmE6q8xTlA3HcTEYy4N3sAqeNSuTuPUbt2s
pgsKOSoAmaHK5KqUGWyz9V5sxan2/AWfoqc8QsOp48AxszwpZkJ1s2rf9D6wRfQBIBnF
WP09HzAFVuq030QNRVcDXX3uFwm9r29y2zfmVmHGYEvIYL9vWglfIsV+kl0/RjCo8oGF
Ok7M/+Gk2yWsx0Xc1X7P6DYHPeoJ6APTDNNfH0jVjmoUSXvFI7u1/fMSjug5mc4sfu62
vccg==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@google.com header.s=20230601 header.b=YOIjiMl+;
arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com
dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
spf=pass (google.com: domain of
linux-kernel+bounces-38504-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:4601:e00::3 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-38504-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org.
[2604:1380:4601:e00::3])
by mx.google.com with ESMTPS id
o22-20020a17090637d600b00a31878369d3si358257ejc.687.2024.01.25.03.33.05
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 25 Jan 2024 03:33:05 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-38504-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20230601 header.b=YOIjiMl+;
arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com
dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
spf=pass (google.com: domain of
linux-kernel+bounces-38504-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:4601:e00::3 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-38504-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by am.mirrors.kernel.org (Postfix) with ESMTPS id 8B3201F2352D
for <ouuuleilei@gmail.com>; Thu, 25 Jan 2024 11:33:01 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id B6F9532C92;
Thu, 25 Jan 2024 11:32:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
header.b="YOIjiMl+"
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
[209.85.128.201])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5FF92C68D
for <linux-kernel@vger.kernel.org>; Thu, 25 Jan 2024 11:32:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1706182360; cv=none;
b=G7Q/V8wwMkVU+xAlQc/kHMV1E1tMwY8kYwp2LpBqPNU3GnpTejJ/fpiTlVvv5ZJFoR1eYi4FewV54Ne7AXV3PgdCJBSr2AoNB8q2Zs+J6tuCzpXncNS0zkeFH4SpeB/d73AXoAQJHL05b2/4VpHOY7CWto2UVfWgR1Iag2aZbls=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1706182360; c=relaxed/simple;
bh=M/dY1K/cDSitauuanlOcuux8g/eo1beeiaI7jh6JUqU=;
h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type;
b=IF1XdsrtI+ElYGObEDEmBvT132/LZhnteSAnJLAK88+krmKC3gM1/1New3kCsvBWyYyMfX1WCizCjpvr9ZhkbDZNZAD+klbstw9AMAPRmRCw1azIcqapZ35uElzrC8V+G/fxYEgoxbRtgJTw/uQhyJMx2wF0qu/d0SOwo9HR3G0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=reject dis=none) header.from=google.com;
spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
header.b=YOIjiMl+; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Received: by mail-yw1-f201.google.com with SMTP id
00721157ae682-5fffb2798bfso72118237b3.2
for <linux-kernel@vger.kernel.org>;
Thu, 25 Jan 2024 03:32:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20230601; t=1706182357; x=1706787157;
darn=vger.kernel.org;
h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
:date:message-id:reply-to;
bh=zCvimkwa+N98VxwOiO1HtexFLHWLAuY9mMqDTRppF28=;
b=YOIjiMl+/gZ0habOflpsWv2zT4rjubtcMsmpILXFTpLUlJCWal51mM/7hXwRQzrfIE
gHzXxqIeP2jPPDEFPSy7xmoPmauFpKAwFrNN4xMxkKbVYUeDU1eO/LK/4zmQtVUX7XIh
VPusmUN0LpE1oz9rYB3OqetM6kC3316sA1uT4dgO3JbNB/pqwXRhBWVjFkdP1k+WgqV4
inHjXWkOmIyElOAXhExTrFptL8tEzwNaJPGvwa/mjQM37WPenKOVoL9KMTWsIJaP9n2y
wh55FS8ADHKAGiyZlMHNmk4I1L/LmX3pzETa4rmd6nUS+Oh3IEAISXi05HMH3CL40guB
nKgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1706182357; x=1706787157;
h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=zCvimkwa+N98VxwOiO1HtexFLHWLAuY9mMqDTRppF28=;
b=WBoUBCkHl1vdQYydy7SzJ7rbMAWhYM90Hxge9b/SlErFImSSLTIl3Vfxf+wO33a8of
o3t/aDT0jgPkADBTld3WcrAL4yJ6L/mCA7KDpjfSIVi+QO8HpDfhXPhEpqFdWD4D4HOV
O6vFNAANR/Bhm9D8GfKi8Q5QtewfAlceQ+LR1JFIcMfXVb+ZgiSneuAARRI0YXeafcx0
aVPljiaoCowObMQ49UzknkqPAB93WUyRs1JQAeuQMgLksQBtwOU7+Pn9Sc1BWkw84lY+
OFqyuZ1Vx3cCvLBZWgZn3xei8QJH0U4xLJyIBzV1fiM2+7hNtnqSyGXBds4gLxzrG066
3ftg==
X-Gm-Message-State: AOJu0YzAyKJOKp3Nmi758+QLNnPhKv21eh0kmtB8z1lCOS5TZAcWW2D0
zfyaNsg2vdNL9bCDEOCdKA7qCYTvA4mSCvdpFvqgVe04D4/8gyl73LjiGDuk3cHovFPwbHbcw/E
m5NUzlyBXOodjueY0kI59ot4qLtSgNUb8rcNeEgZZoK7eeArdkqpYiyYZQknylabQF8G6a9Ri+O
gVnrugmDFOulGkLShciySipbrRmrEbVQ==
X-Received: from palermo.c.googlers.com
([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
(user=ardb job=sendgmr) by 2002:a05:6902:108f:b0:dc2:23d8:722d with SMTP id
v15-20020a056902108f00b00dc223d8722dmr436354ybu.13.1706182357559; Thu, 25 Jan
2024 03:32:37 -0800 (PST)
Date: Thu, 25 Jan 2024 12:28:19 +0100
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=5573; i=ardb@kernel.org;
h=from:subject; bh=P2nWyKkk+bKmbsXSPUU8MaF5wQOLstUuyAYPvPpo/kA=;
b=owGbwMvMwCFmkMcZplerG8N4Wi2JIXWT62U+gwfimY9VPvwxuG679HpkXe/G1pzuJCbnifbPH
mhPir/QUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACaito7hn7bhinxOHv/dXTuY
90/6WZGSMuno+9z66QWPF4ussTz8oo/hf2Kr2/vuH4KOUw8y7u819/Wv2+bFtpBnxZyL3Txa/Vw
eDAA=
X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog
Message-ID: <20240125112818.2016733-19-ardb+git@google.com>
Subject: [PATCH v2 00/17] x86: Confine early 1:1 mapped startup code
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
Kevin Loughlin <kevinloughlin@google.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Dionna Glaze <dionnaglaze@google.com>,
Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>, Andy Lutomirski <luto@kernel.org>,
Arnd Bergmann <arnd@arndb.de>, Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Justin Stitt <justinstitt@google.com>,
Brian Gerst <brgerst@gmail.com>, linux-arch@vger.kernel.org,
llvm@lists.linux.dev
Content-Type: text/plain; charset="UTF-8"
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1789061901060367614
X-GMAIL-MSGID: 1789061901060367614
|
| Series |
x86: Confine early 1:1 mapped startup code
|
|
Message
Ard Biesheuvel
Jan. 25, 2024, 11:28 a.m. UTC
From: Ard Biesheuvel <ardb@kernel.org>
This is a follow-up to my RFC [0] that proposed to build the entire core
kernel with -fPIC, to reduce the likelihood that code that runs
extremely early from the 1:1 mapping of memory will misbehave.
This is needed to address reports that SEV boot on Clang built kernels
is broken, due to the fact that this early code attempts to access
virtual kernel address that are not mapped yet. Kevin has suggested some
workarounds to this [1] but this is really something that requires a
more rigorous approach, rather than addressing a couple of symptoms of
the underlying defect.
As it turns out, the use of fPIE for the entire kernel is neither
necessary nor sufficient, and has its own set of problems, including the
fact that the PIE small C code model uses FS rather than GS for the
per-CPU register, and only recent GCC and Clang versions permit this to
be overridden on the command line.
But the real problem is that even position independent code is not
guaranteed to execute correctly at any offset unless all statically
initialized pointer variables use the same translation as the code.
So instead, this v2 proposes another solution, taking the following
approach:
- clean up and refactor the startup code so that the primary startup
code executes from the 1:1 mapping but nothing else;
- define a new text section type .pi.text and enforce that it can only
call into other .pi.text sections;
- (tbd) require that objects containing .pi.text sections are built with
-fPIC, and disallow any absolute references from such objects.
The latter point is not implemented yet in this v2, but this could be
done rather straight-forwardly. (The EFI stub already does something
similar across all architectures)
Patch #13 in particular gives an overview of all the code that gets
pulled into the early 1:1 startup code path due to the fact that memory
encryption needs to be configured before we can even map the kernel.
[0] https://lkml.kernel.org/r/20240122090851.851120-7-ardb%2Bgit%40google.com
[1] https://lore.kernel.org/all/20240111223650.3502633-1-kevinloughlin@google.com/T/#u
Cc: Kevin Loughlin <kevinloughlin@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Dionna Glaze <dionnaglaze@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Justin Stitt <justinstitt@google.com>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: llvm@lists.linux.dev
Ard Biesheuvel (17):
x86/startup_64: Drop long return to initial_code pointer
x86/startup_64: Simplify calculation of initial page table address
x86/startup_64: Simplify CR4 handling in startup code
x86/startup_64: Drop global variables to keep track of LA57 state
x86/startup_64: Simplify virtual switch on primary boot
x86/head64: Replace pointer fixups with PIE codegen
x86/head64: Simplify GDT/IDT initialization code
asm-generic: Add special .pi.text section for position independent
code
x86: Move return_thunk to __pitext section
x86/head64: Move early startup code into __pitext
modpost: Warn about calls from __pitext into other text sections
x86/coco: Make cc_set_mask() static inline
x86/sev: Make all code reachable from 1:1 mapping __pitext
x86/sev: Avoid WARN() in early code
x86/sev: Use PIC codegen for early SEV startup code
x86/sev: Drop inline asm LEA instructions for RIP-relative references
x86/startup_64: Don't bother setting up GS before the kernel is mapped
arch/x86/Makefile | 5 +
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/boot/compressed/pgtable_64.c | 2 -
arch/x86/boot/compressed/sev.c | 3 +
arch/x86/coco/core.c | 7 +-
arch/x86/include/asm/coco.h | 8 +-
arch/x86/include/asm/mem_encrypt.h | 8 +-
arch/x86/include/asm/pgtable.h | 6 +-
arch/x86/include/asm/pgtable_64_types.h | 15 +-
arch/x86/include/asm/setup.h | 4 +-
arch/x86/include/asm/sev.h | 6 +-
arch/x86/kernel/Makefile | 5 +
arch/x86/kernel/cpu/common.c | 2 -
arch/x86/kernel/head64.c | 188 ++++++--------------
arch/x86/kernel/head_64.S | 156 ++++++----------
arch/x86/kernel/sev-shared.c | 26 +--
arch/x86/kernel/sev.c | 27 ++-
arch/x86/kernel/vmlinux.lds.S | 3 +-
arch/x86/lib/Makefile | 2 +-
arch/x86/lib/cmdline.c | 6 +-
arch/x86/lib/memcpy_64.S | 3 +-
arch/x86/lib/memset_64.S | 3 +-
arch/x86/lib/retpoline.S | 2 +-
arch/x86/mm/Makefile | 3 +-
arch/x86/mm/kasan_init_64.c | 3 -
arch/x86/mm/mem_encrypt_boot.S | 3 +-
arch/x86/mm/mem_encrypt_identity.c | 94 +++++-----
arch/x86/mm/pti.c | 2 +-
include/asm-generic/vmlinux.lds.h | 3 +
include/linux/init.h | 12 ++
scripts/mod/modpost.c | 11 +-
tools/objtool/check.c | 26 ++-
32 files changed, 262 insertions(+), 384 deletions(-)
Comments
Hi Ard, On Thu, Jan 25, 2024 at 12:28:19PM +0100, Ard Biesheuvel wrote: > From: Ard Biesheuvel <ardb@kernel.org> > > This is a follow-up to my RFC [0] that proposed to build the entire core > kernel with -fPIC, to reduce the likelihood that code that runs > extremely early from the 1:1 mapping of memory will misbehave. > > This is needed to address reports that SEV boot on Clang built kernels > is broken, due to the fact that this early code attempts to access > virtual kernel address that are not mapped yet. Kevin has suggested some > workarounds to this [1] but this is really something that requires a > more rigorous approach, rather than addressing a couple of symptoms of > the underlying defect. > > As it turns out, the use of fPIE for the entire kernel is neither > necessary nor sufficient, and has its own set of problems, including the > fact that the PIE small C code model uses FS rather than GS for the > per-CPU register, and only recent GCC and Clang versions permit this to > be overridden on the command line. > > But the real problem is that even position independent code is not > guaranteed to execute correctly at any offset unless all statically > initialized pointer variables use the same translation as the code. > > So instead, this v2 proposes another solution, taking the following > approach: > - clean up and refactor the startup code so that the primary startup > code executes from the 1:1 mapping but nothing else; > - define a new text section type .pi.text and enforce that it can only > call into other .pi.text sections; > - (tbd) require that objects containing .pi.text sections are built with > -fPIC, and disallow any absolute references from such objects. > > The latter point is not implemented yet in this v2, but this could be > done rather straight-forwardly. (The EFI stub already does something > similar across all architectures) > > Patch #13 in particular gives an overview of all the code that gets > pulled into the early 1:1 startup code path due to the fact that memory > encryption needs to be configured before we can even map the kernel. > > > [0] https://lkml.kernel.org/r/20240122090851.851120-7-ardb%2Bgit%40google.com > [1] https://lore.kernel.org/all/20240111223650.3502633-1-kevinloughlin@google.com/T/#u I tested both this series as well as the pending updates on x86-pie-for-sev-v3 at commit 0574677aacf7 ("x86/efi: Remap kernel code read-only before dropping NX attribute") with my LLVM build matrix and I noticed two problems. The first issue is a series of errors when building with LTO around mismatched code model attributes between functions. Unhelpfully, the error message does not actually say what function is conflicting... ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(numa.o at 1191378)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(buffer.o at 1211538)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(nfs4xdr.o at 1222698)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(namei.o at 1209498)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(vmalloc.o at 1207458)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(iommu.o at 1267098)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(ring_buffer.o at 1202478)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(sky2.o at 1299798)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(page_alloc.o at 1207578)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(percpu.o at 1206018)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(slub.o at 1207758)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(xhci.o at 1302858)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(blk-mq.o at 1233858)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(nfs4proc.o at 1222638)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(inode.o at 1218078)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(journal.o at 1219638)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(memory.o at 1206738)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(mballoc.o at 1218198)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(iov_iter.o at 1238058)' ld.lld: error: Function Import: link error: linking module flags 'Code Model': IDs have conflicting values in 'vmlinux.a(head64.o at 1181178)' and 'vmlinux.a(filemap.o at 1204938)' Turning off LTO for the translation units that use PIE_CFLAGS avoids that, not sure if that is reasonable or not. diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 65677b25d803..e4fa57ae3d09 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -24,7 +24,9 @@ endif # head64.c contains C code that may execute from a different virtual address # than it was linked at, so we always build it using PIE codegen CFLAGS_head64.o += $(PIE_CFLAGS) +CFLAGS_REMOVE_head64.o += $(CC_FLAGS_LTO) CFLAGS_sev.o += $(PIE_CFLAGS) +CFLAGS_REMOVE_sev.o += $(CC_FLAGS_LTO) KASAN_SANITIZE_head$(BITS).o := n KASAN_SANITIZE_dumpstack.o := n diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile index 87c79bb8d386..6bb4bc271441 100644 --- a/arch/x86/lib/Makefile +++ b/arch/x86/lib/Makefile @@ -25,6 +25,7 @@ CFLAGS_REMOVE_cmdline.o = -pg endif CFLAGS_cmdline.o := $(PIE_CFLAGS) +CFLAGS_REMOVE_cmdline.o := $(CC_FLAGS_LTO) endif inat_tables_script = $(srctree)/arch/x86/tools/gen-insn-attr-x86.awk diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index b412009ae588..bf8d9d4bc97f 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -31,8 +31,10 @@ obj-y += pat/ # Make sure __phys_addr has no stackprotector CFLAGS_physaddr.o := -fno-stack-protector -CFLAGS_mem_encrypt_identity.o := $(PIE_CFLAGS) +CFLAGS_mem_encrypt_identity.o := $(PIE_CFLAGS) +CFLAGS_REMOVE_mem_encrypt_identity.o := $(CC_FLAGS_LTO) CFLAGS_pti.o := $(PIE_CFLAGS) +CFLAGS_REMOVE_pti.o := $(CC_FLAGS_LTO) CFLAGS_fault.o := -I $(srctree)/$(src)/../include/asm/trace The second issue is a bunch of modpost warnings I see with various configurations around some UBSAN and tracing functions. Clang allmodconfig: WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x353 (section: .pi.text) -> __phys_addr (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x35e (section: .pi.text) -> __phys_addr (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x3f8 (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x41f (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x44a (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: snp_cpuid+0xa6 (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: snp_cpuid+0x316 (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: snp_init+0x12d (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: snp_cpuid_hv+0x10d (section: .pi.text) -> __phys_addr (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x5 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x15 (section: .pi.text) -> __sanitizer_cov_trace_pc (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x26 (section: .pi.text) -> __sanitizer_cov_trace_const_cmp8 (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x36 (section: .pi.text) -> __sanitizer_cov_trace_pc (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x54 (section: .pi.text) -> __sanitizer_cov_trace_const_cmp8 (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x6a (section: .pi.text) -> __sanitizer_cov_trace_const_cmp8 (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x8d (section: .pi.text) -> __sanitizer_cov_trace_pc (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_encrypt_kernel+0x5 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_encrypt_kernel+0x42 (section: .pi.text) -> __phys_addr_symbol (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_encrypt_kernel+0x51 (section: .pi.text) -> __phys_addr_symbol (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_pgtable_calc+0x1 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_enable+0x5 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __strncmp+0x1 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __sme_map_range+0x1 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __sme_map_range_pte+0x1 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_prepare_pgd+0x1 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: cmdline_find_option_bool+0x5 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: cmdline_find_option+0x5 (section: .pi.text) -> __fentry__ (section: .text) GCC allmodconfig WARNING: modpost: vmlinux: section mismatch in reference: early_load_idt+0x53 (section: .pi.text) -> native_write_idt_entry.constprop.0 (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x348 (section: .pi.text) -> __phys_addr (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x353 (section: .pi.text) -> __phys_addr (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x436 (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text.unlikely) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x47b (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text.unlikely) WARNING: modpost: vmlinux: section mismatch in reference: __startup_64+0x4c0 (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text.unlikely) WARNING: modpost: vmlinux: section mismatch in reference: sev_es_ghcb_hv_call+0x58 (section: .pi.text) -> __phys_addr (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: setup_cpuid_table+0xf6 (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text.unlikely) WARNING: modpost: vmlinux: section mismatch in reference: snp_cpuid_hv+0x6 (section: .pi.text) -> __sev_cpuid_hv_ghcb (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: snp_cpuid+0xde (section: .pi.text) -> snp_cpuid_postprocess (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: snp_cpuid+0x16c (section: .pi.text) -> __ubsan_handle_out_of_bounds (section: .text.unlikely) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x6 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x15 (section: .pi.text) -> __sanitizer_cov_trace_pc (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x29 (section: .pi.text) -> __sanitizer_cov_trace_const_cmp8 (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x33 (section: .pi.text) -> __sanitizer_cov_trace_pc (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x51 (section: .pi.text) -> __sanitizer_cov_trace_const_cmp8 (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x5c (section: .pi.text) -> __sanitizer_cov_trace_pc (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x71 (section: .pi.text) -> __sanitizer_cov_trace_pc (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x82 (section: .pi.text) -> __sanitizer_cov_trace_const_cmp8 (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __pti_set_user_pgtbl+0x8c (section: .pi.text) -> __sanitizer_cov_trace_pc (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_pgtable_calc+0x2 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_clear_pgd+0x2 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_prepare_pgd+0x2 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_populate_pgd+0x2 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: __sme_map_range+0x2 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_encrypt_kernel+0x6 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_encrypt_kernel+0x19 (section: .pi.text) -> stackleak_track_stack (section: .noinstr.text) WARNING: modpost: vmlinux: section mismatch in reference: sme_encrypt_kernel+0x8f (section: .pi.text) -> __phys_addr_symbol (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_encrypt_kernel+0xa5 (section: .pi.text) -> __phys_addr_symbol (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: sme_enable+0x6 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: cmdline_find_option_bool+0x6 (section: .pi.text) -> __fentry__ (section: .text) WARNING: modpost: vmlinux: section mismatch in reference: cmdline_find_option+0x6 (section: .pi.text) -> __fentry__ (section: .text) Should functions marked with __pitext have these sanitizers disabled? Cheers, Nathan