From patchwork Tue Oct 17 17:52:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 154405 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4303777vqb; Tue, 17 Oct 2023 10:52:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG28Orx5+uG8enjbflr3cMSuoIpQ786QvsqZnQplHED+YK6rIheiMYN9qMEXeoV66TUh2GA X-Received: by 2002:a05:6a21:8cc5:b0:15c:b7ba:e9ba with SMTP id ta5-20020a056a218cc500b0015cb7bae9bamr2591018pzb.0.1697565159524; Tue, 17 Oct 2023 10:52:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697565159; cv=none; d=google.com; s=arc-20160816; b=HvCp5eoXn0hu2+48BwF2BMaAML7Yq+xWK/KtGens+MujPewkSOlsp1HglzY0p65xRi JPQqGH1xGZfIZ8viWt34gq6HbJoDCjr/oGU6o+oXmUigR8gGt8nRRuLqGCpXcSN5SwaB krWQKg2FaleHKxTUMdLPfkDDBE2RJRAMFeYOaT1yzfgrRVKPuVblg+3mFnqw0hFZP9w4 SwkOUNcnqHUm7kzAnzkzyheXCTzB15rAy+1b6pCO22e8wxuq3+gDS5Z2bF0nLmjJFiHB uesHVcMRmJi6J1KF2/3fCs1LkkHzxuiz1SusNbZZftsy5UlYoPt3OBY6YusZe3JTiBtn 14+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=6QO7THutm9DbzDFqvBo8CeUszTWk5DcsXoee7Ok6T8A=; fh=pt0k4uCyojabaO/abXkeDeTWofuEzJ+wukq1sHzP004=; b=KUe0aCL/52SXdGOxaZRfaCwxT0F4cB583QdFxHxU11KFeUuPNHFmiROcE8Yzg1Agu1 rcdJiqEhH3xNV2npdHXNGBFDBSr8lj3u0GWzfVTFpYdJlQD2+7hMhAexTngyue6xPOB9 ZhUo5PLSIuHTc1Uy3BuBfnfNnELlY8liSojQF+jX+TyXuvNaZw0WBS9fnshtmHkbdfbA pz0z2PTuzhjQSnje70NYqlWRncPQJd/yJyB6ihJQ+26b8qd65GsWJQbaU9Z0Z/xzJzpc Ts6Wfor0O/wu/HJrt7A3DaiD2niNg8vKYIfgh3yd1dz/rQzsp9/LzXhp5nNzOa6EPql3 uQCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=oPfwVabj; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id w15-20020a63934f000000b00578db71451fsi245770pgm.501.2023.10.17.10.52.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 10:52:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=oPfwVabj; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 8ADE98045977; Tue, 17 Oct 2023 10:52:38 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343928AbjJQRwd (ORCPT + 20 others); Tue, 17 Oct 2023 13:52:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43602 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232025AbjJQRwc (ORCPT ); Tue, 17 Oct 2023 13:52:32 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDD7190; Tue, 17 Oct 2023 10:52:30 -0700 (PDT) Date: Tue, 17 Oct 2023 17:52:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1697565148; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6QO7THutm9DbzDFqvBo8CeUszTWk5DcsXoee7Ok6T8A=; b=oPfwVabj4mW8EPgc5AFNhLZFbW0ejqgqBMimVX7IJc56hO1syU0gQrIgpGGhhHHqBCeDUp 3cTNVxAzWyXbnuWF7RWuEYf9wj38rVTLio4mVKuPyF5Iog+ddyYbplcrrsVeBxqUYfDgnQ b+dMu7jnaH4E408vOwF2zD+TjvZrJ9borL2b6xcM7SB0W2uPlMPJFjW0Lhu/5mT2p6QihK Tbukq3QF/+AgphxyQZX8gWEI8/LqCtg2RLIM6QqnA281cgUAu9SCiP+zmGgObochO/dlpx yCXTaJ8yacQMaz9ANA2kUwYwY4cY7zzwccXkyqFiIj6Vxa+J3lk6D1AKlvZh8w== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1697565148; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6QO7THutm9DbzDFqvBo8CeUszTWk5DcsXoee7Ok6T8A=; b=Y/BqD6PeQzzmg4hdzlsMQ+V3wbWrXeoNcMwBQsMYiTInE/hpKu49yAZLIeXe3qLo13q+Hk HUgd6aA42rG7UJCA== From: "tip-bot2 for Josh Poimboeuf" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/bugs] x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN Cc: Nathan Chancellor , Josh Poimboeuf , "Borislav Petkov (AMD)" , Nick Desaulniers , Marco Elver , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20231017165946.v4i2d4exyqwqq3bx@treble> References: <20231017165946.v4i2d4exyqwqq3bx@treble> MIME-Version: 1.0 Message-ID: <169756514789.3135.9006141912388432463.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 17 Oct 2023 10:52:38 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780026084721726565 X-GMAIL-MSGID: 1780026084721726565 The following commit has been merged into the x86/bugs branch of tip: Commit-ID: 28860182b7d88e5be76f332c34377288ad08e87a Gitweb: https://git.kernel.org/tip/28860182b7d88e5be76f332c34377288ad08e87a Author: Josh Poimboeuf AuthorDate: Tue, 17 Oct 2023 09:59:46 -07:00 Committer: Borislav Petkov (AMD) CommitterDate: Tue, 17 Oct 2023 19:46:04 +02:00 x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN Enabling CONFIG_KCSAN causes the undefined opcode exception diagnostic added by 91174087dcc7 ("x86/retpoline: Ensure default return thunk isn't used at runtime") which is supposed to catch unconverted, default return thunks, to fire. The resulting panic is triggered by the UD2 instruction which gets patched into __x86_return_thunk() when alternatives are applied. After that point, the default return thunk should no longer be used. As David Kaplan describes in his debugging of the issue, it is caused by a couple of KCSAN-generated constructors which aren't processed by objtool: "When KCSAN is enabled, GCC generates lots of constructor functions named _sub_I_00099_0 which call __tsan_init and then return. The returns in these are generally annotated normally by objtool and fixed up at runtime. But objtool runs on vmlinux.o and vmlinux.o does not include a couple of object files that are in vmlinux, like init/version-timestamp.o and .vmlinux.export.o, both of which contain _sub_I_00099_0 functions. As a result, the returns in these functions are not annotated, and the panic occurs when we call one of them in do_ctors and it uses the default return thunk. This difference can be seen by counting the number of these functions in the object files: $ objdump -d vmlinux.o|grep -c "<_sub_I_00099_0>:" 2601 $ objdump -d vmlinux|grep -c "<_sub_I_00099_0>:" 2603 If these functions are only run during kernel boot, there is no speculation concern." Fix it by disabling KCSAN on version-timestamp.o and .vmlinux.export.o so the extra functions don't get generated. KASAN and GCOV are already disabled for those files. [ bp: Massage commit message. ] Fixes: 91174087dcc7 ("x86/retpoline: Ensure default return thunk isn't used at runtime") Closes: https://lore.kernel.org/lkml/20231016214810.GA3942238@dev-arch.thelio-3990X/ Reported-by: Nathan Chancellor Signed-off-by: Josh Poimboeuf Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Nick Desaulniers Acked-by: Marco Elver Tested-by: Nathan Chancellor Link: https://lore.kernel.org/r/20231017165946.v4i2d4exyqwqq3bx@treble --- init/Makefile | 1 + scripts/Makefile.vmlinux | 1 + 2 files changed, 2 insertions(+) diff --git a/init/Makefile b/init/Makefile index ec557ad..cbac576 100644 --- a/init/Makefile +++ b/init/Makefile @@ -60,4 +60,5 @@ include/generated/utsversion.h: FORCE $(obj)/version-timestamp.o: include/generated/utsversion.h CFLAGS_version-timestamp.o := -include include/generated/utsversion.h KASAN_SANITIZE_version-timestamp.o := n +KCSAN_SANITIZE_version-timestamp.o := n GCOV_PROFILE_version-timestamp.o := n diff --git a/scripts/Makefile.vmlinux b/scripts/Makefile.vmlinux index 3cd6ca1..c9f3e03 100644 --- a/scripts/Makefile.vmlinux +++ b/scripts/Makefile.vmlinux @@ -19,6 +19,7 @@ quiet_cmd_cc_o_c = CC $@ ifdef CONFIG_MODULES KASAN_SANITIZE_.vmlinux.export.o := n +KCSAN_SANITIZE_.vmlinux.export.o := n GCOV_PROFILE_.vmlinux.export.o := n targets += .vmlinux.export.o vmlinux: .vmlinux.export.o