Skip to content

Commit

Permalink
add patches for srso
Browse files Browse the repository at this point in the history 
These issues seem dependent on LLD version.

The fixes are in v5.10.191 and v5.10.192. ACK just upgraded to
v5.10.189, and isn't planning another uprev soon.  Let's just carry
these build break fixes because I worry about backporting them without
the rest of the series.

Link: #635
  • Loading branch information
@nickdesaulniers
nickdesaulniers committed Sep 29, 2023
1 parent 263f3b0 commit f2367a6
Show file tree
Hide file tree
Showing 6 changed files with 428 additions and 0 deletions.
65 changes: 65 additions & 0 deletions patches/android12-5.10/0001-x86-srso-Fix-build-breakage-with-the-LLVM-linker.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
From cb1eefc0463491ee09ce79acc44dc764e5269224 Mon Sep 17 00:00:00 2001
From: Nick Desaulniers <ndesaulniers@google.com>
Date: Wed, 9 Aug 2023 09:40:26 -0700
Subject: [PATCH] x86/srso: Fix build breakage with the LLVM linker

commit cbe8ded48b939b9d55d2c5589ab56caa7b530709 upstream.

The assertion added to verify the difference in bits set of the
addresses of srso_untrain_ret_alias() and srso_safe_ret_alias() would fail
to link in LLVM's ld.lld linker with the following error:

ld.lld: error: ./arch/x86/kernel/vmlinux.lds:210: at least one side of
the expression must be absolute
ld.lld: error: ./arch/x86/kernel/vmlinux.lds:211: at least one side of
the expression must be absolute

Use ABSOLUTE to evaluate the expression referring to at least one of the
symbols so that LLD can evaluate the linker script.

Also, add linker version info to the comment about XOR being unsupported
in either ld.bfd or ld.lld until somewhat recently.

Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
Closes: https://lore.kernel.org/llvm/CA+G9fYsdUeNu-gwbs0+T6XHi4hYYk=Y9725-wFhZ7gJMspLDRA@mail.gmail.com/
Reported-by: Nathan Chancellor <nathan@kernel.org>
Reported-by: Daniel Kolesa <daniel@octaforge.org>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Suggested-by: Sven Volkinsfeld <thyrc@gmx.net>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://github.com/ClangBuiltLinux/linux/issues/1907
Link: https://lore.kernel.org/r/20230809-gds-v1-1-eaac90b0cbcc@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/vmlinux.lds.S | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4955cb5cc001..72ba175cb9d4 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -524,11 +524,17 @@ INIT_PER_CPU(irq_stack_backing_store);

#ifdef CONFIG_CPU_SRSO
/*
- * GNU ld cannot do XOR so do: (A | B) - (A & B) in order to compute the XOR
+ * GNU ld cannot do XOR until 2.41.
+ * https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f6f78318fca803c4907fb8d7f6ded8295f1947b1
+ *
+ * LLVM lld cannot do XOR until lld-17.
+ * https://github.com/llvm/llvm-project/commit/fae96104d4378166cbe5c875ef8ed808a356f3fb
+ *
+ * Instead do: (A | B) - (A & B) in order to compute the XOR
* of the two function addresses:
*/
-. = ASSERT(((srso_untrain_ret_alias | srso_safe_ret_alias) -
- (srso_untrain_ret_alias & srso_safe_ret_alias)) == ((1 << 2) | (1 << 8) | (1 << 14) | (1 << 20)),
+. = ASSERT(((ABSOLUTE(srso_untrain_ret_alias) | srso_safe_ret_alias) -
+ (ABSOLUTE(srso_untrain_ret_alias) & srso_safe_ret_alias)) == ((1 << 2) | (1 << 8) | (1 << 14) | (1 << 20)),
"SRSO function pair won't alias");
#endif

--
2.42.0.582.g8ccd20d70d-goog

147 changes: 147 additions & 0 deletions patches/android12-5.10/0002-BACKPORT-x86-retpoline-kprobes-Fix-position-of-thunk.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@
From 4389f56ec83663a49d9231713e3b6c0a3377a944 Mon Sep 17 00:00:00 2001
From: Petr Pavlu <petr.pavlu@suse.com>
Date: Thu, 28 Sep 2023 10:12:00 -0700
Subject: [PATCH] BACKPORT: x86/retpoline,kprobes: Fix position of thunk
sections with CONFIG_LTO_CLANG

commit 79cd2a11224eab86d6673fe8a11d2046ae9d2757 upstream.

The linker script arch/x86/kernel/vmlinux.lds.S matches the thunk
sections ".text.__x86.*" from arch/x86/lib/retpoline.S as follows:

.text {
[...]
TEXT_TEXT
[...]
__indirect_thunk_start = .;
*(.text.__x86.*)
__indirect_thunk_end = .;
[...]
}

Macro TEXT_TEXT references TEXT_MAIN which normally expands to only
".text". However, with CONFIG_LTO_CLANG, TEXT_MAIN becomes
".text .text.[0-9a-zA-Z_]*" which wrongly matches also the thunk
sections. The output layout is then different than expected. For
instance, the currently defined range [__indirect_thunk_start,
__indirect_thunk_end] becomes empty.

Prevent the problem by using ".." as the first separator, for example,
".text..__x86.indirect_thunk". This pattern is utilized by other
explicit section names which start with one of the standard prefixes,
such as ".text" or ".data", and that need to be individually selected in
the linker script.

[ nathan: Fix conflicts with SRSO and fold in fix issue brought up by
Andrew Cooper in post-review:
https://lore.kernel.org/20230803230323.1478869-1-andrew.cooper3@citrix.com ]
[ nd: Android is not planning another LTS uprev in a while, backport
this, avoiding conflicts due to numerous other SRSO related cleanups
that landed in v5.10.192]

Fixes: dc5723b02e52 ("kbuild: add support for Clang LTO")
Change-Id: I9e4d152118cbbdc1e7692f427b038109b068167d
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230711091952.27944-2-petr.pavlu@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 26e3f7690cda4e241835ca80c3fbaf1b615a05a8)
Bug: 302535553
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
---
arch/x86/kernel/vmlinux.lds.S | 8 ++++----
arch/x86/lib/retpoline.S | 8 ++++----
tools/objtool/check.c | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index e3a211dc1bae..ccbcff62f3d0 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -134,7 +134,7 @@ SECTIONS
KPROBES_TEXT
ALIGN_ENTRY_TEXT_BEGIN
#ifdef CONFIG_CPU_SRSO
- *(.text.__x86.rethunk_untrain)
+ *(.text..__x86.rethunk_untrain)
#endif

ENTRY_TEXT
@@ -145,7 +145,7 @@ SECTIONS
* definition.
*/
. = srso_untrain_ret_alias | (1 << 2) | (1 << 8) | (1 << 14) | (1 << 20);
- *(.text.__x86.rethunk_safe)
+ *(.text..__x86.rethunk_safe)
#endif
ALIGN_ENTRY_TEXT_END
SOFTIRQENTRY_TEXT
@@ -155,8 +155,8 @@ SECTIONS

#ifdef CONFIG_RETPOLINE
__indirect_thunk_start = .;
- *(.text.__x86.indirect_thunk)
- *(.text.__x86.return_thunk)
+ *(.text..__x86.indirect_thunk)
+ *(.text..__x86.return_thunk)
__indirect_thunk_end = .;
#endif
} :text =0xcccc
diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S
index 5f7eed97487e..4305cacbacd5 100644
--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -11,7 +11,7 @@
#include <asm/frame.h>
#include <asm/nops.h>

- .section .text.__x86.indirect_thunk
+ .section .text..__x86.indirect_thunk

.macro RETPOLINE reg
ANNOTATE_INTRA_FUNCTION_CALL
@@ -90,7 +90,7 @@ SYM_CODE_END(__x86_indirect_thunk_array)
* As a result, srso_safe_ret_alias() becomes a safe return.
*/
#ifdef CONFIG_CPU_SRSO
- .section .text.__x86.rethunk_untrain
+ .section .text..__x86.rethunk_untrain

SYM_START(srso_untrain_ret_alias, SYM_L_GLOBAL, SYM_A_NONE)
ASM_NOP2
@@ -99,7 +99,7 @@ SYM_START(srso_untrain_ret_alias, SYM_L_GLOBAL, SYM_A_NONE)
SYM_FUNC_END(srso_untrain_ret_alias)
__EXPORT_THUNK(srso_untrain_ret_alias)

- .section .text.__x86.rethunk_safe
+ .section .text..__x86.rethunk_safe
#endif

/* Needs a definition for the __x86_return_thunk alternative below. */
@@ -113,7 +113,7 @@ SYM_START(srso_safe_ret_alias, SYM_L_GLOBAL, SYM_A_NONE)
int3
SYM_FUNC_END(srso_safe_ret_alias)

- .section .text.__x86.return_thunk
+ .section .text..__x86.return_thunk

/*
* Safety details here pertain to the AMD Zen{1,2} microarchitecture:
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 4282ea75093c..8dfb9b8f11dd 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -369,7 +369,7 @@ static int decode_instructions(struct objtool_file *file)

if (!strcmp(sec->name, ".noinstr.text") ||
!strcmp(sec->name, ".entry.text") ||
- !strncmp(sec->name, ".text.__x86.", 12))
+ !strncmp(sec->name, ".text..__x86.", 13))
sec->noinstr = true;

for (offset = 0; offset < sec->len; offset += insn->len) {
--
2.42.0.582.g8ccd20d70d-goog

2 changes: 2 additions & 0 deletions patches/android12-5.10/series
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
0001-x86-srso-Fix-build-breakage-with-the-LLVM-linker.patch
0002-BACKPORT-x86-retpoline-kprobes-Fix-position-of-thunk.patch
65 changes: 65 additions & 0 deletions patches/android13-5.10/0001-x86-srso-Fix-build-breakage-with-the-LLVM-linker.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
From cb1eefc0463491ee09ce79acc44dc764e5269224 Mon Sep 17 00:00:00 2001
From: Nick Desaulniers <ndesaulniers@google.com>
Date: Wed, 9 Aug 2023 09:40:26 -0700
Subject: [PATCH] x86/srso: Fix build breakage with the LLVM linker

commit cbe8ded48b939b9d55d2c5589ab56caa7b530709 upstream.

The assertion added to verify the difference in bits set of the
addresses of srso_untrain_ret_alias() and srso_safe_ret_alias() would fail
to link in LLVM's ld.lld linker with the following error:

ld.lld: error: ./arch/x86/kernel/vmlinux.lds:210: at least one side of
the expression must be absolute
ld.lld: error: ./arch/x86/kernel/vmlinux.lds:211: at least one side of
the expression must be absolute

Use ABSOLUTE to evaluate the expression referring to at least one of the
symbols so that LLD can evaluate the linker script.

Also, add linker version info to the comment about XOR being unsupported
in either ld.bfd or ld.lld until somewhat recently.

Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
Closes: https://lore.kernel.org/llvm/CA+G9fYsdUeNu-gwbs0+T6XHi4hYYk=Y9725-wFhZ7gJMspLDRA@mail.gmail.com/
Reported-by: Nathan Chancellor <nathan@kernel.org>
Reported-by: Daniel Kolesa <daniel@octaforge.org>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Suggested-by: Sven Volkinsfeld <thyrc@gmx.net>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://github.com/ClangBuiltLinux/linux/issues/1907
Link: https://lore.kernel.org/r/20230809-gds-v1-1-eaac90b0cbcc@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/vmlinux.lds.S | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4955cb5cc001..72ba175cb9d4 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -524,11 +524,17 @@ INIT_PER_CPU(irq_stack_backing_store);

#ifdef CONFIG_CPU_SRSO
/*
- * GNU ld cannot do XOR so do: (A | B) - (A & B) in order to compute the XOR
+ * GNU ld cannot do XOR until 2.41.
+ * https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f6f78318fca803c4907fb8d7f6ded8295f1947b1
+ *
+ * LLVM lld cannot do XOR until lld-17.
+ * https://github.com/llvm/llvm-project/commit/fae96104d4378166cbe5c875ef8ed808a356f3fb
+ *
+ * Instead do: (A | B) - (A & B) in order to compute the XOR
* of the two function addresses:
*/
-. = ASSERT(((srso_untrain_ret_alias | srso_safe_ret_alias) -
- (srso_untrain_ret_alias & srso_safe_ret_alias)) == ((1 << 2) | (1 << 8) | (1 << 14) | (1 << 20)),
+. = ASSERT(((ABSOLUTE(srso_untrain_ret_alias) | srso_safe_ret_alias) -
+ (ABSOLUTE(srso_untrain_ret_alias) & srso_safe_ret_alias)) == ((1 << 2) | (1 << 8) | (1 << 14) | (1 << 20)),
"SRSO function pair won't alias");
#endif

--
2.42.0.582.g8ccd20d70d-goog

0 comments on commit f2367a6

Please sign in to comment.