On Sun, Aug 15, 2021 at 9:41 PM kernel test robot <[email protected]> wrote:
>
> CC: Linux Memory Management List <[email protected]>
> TO: Tianjia Zhang <[email protected]>
> CC: Herbert Xu <[email protected]>
>
> Hi Tianjia,
>
> First bad commit (maybe != root cause):
>
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head: 4b358aabb93a2c654cd1dcab1a25a589f6e2b153
> commit: a7ee22ee1445c7fdb00ab80116bb9710ca86a860 [3857/7963] crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation
> config: x86_64-randconfig-r024-20210816 (attached as .config)
> compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 7776b19eed44906e9973bfb240b6279d6feaab41)
> reproduce (this is a W=1 build):
> wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> chmod +x ~/bin/make.cross
> # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a7ee22ee1445c7fdb00ab80116bb9710ca86a860
> git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> git fetch --no-tags linux-next master
> git checkout a7ee22ee1445c7fdb00ab80116bb9710ca86a860
> # save the attached .config to linux build tree
> mkdir build_dir
> COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <[email protected]>
>
> All warnings (new ones prefixed by >>):
>
> >> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
I see the same thing in my randconfig builds using gcc. This is an
assembler file,
my interpretation is that objtool has found an actual code bug:
.macro FRAME_BEGIN
push %_ASM_BP
_ASM_MOV %_ASM_SP, %_ASM_BP
.endm
.macro FRAME_END
pop %_ASM_BP
.endm
SYM_FUNC_START(sm4_aesni_avx_crypt8)
/* input:
* %rdi: round key array, CTX
* %rsi: dst (1..8 blocks)
* %rdx: src (1..8 blocks)
* %rcx: num blocks (1..8)
*/
FRAME_BEGIN
cmpq $5, %rcx;
jb sm4_aesni_avx_crypt4;
....
SYM_FUNC_START(sm4_aesni_avx_crypt4)
/* input:
* %rdi: round key array, CTX
* %rsi: dst (1..4 blocks)
* %rdx: src (1..4 blocks)
* %rcx: num blocks (1..4)
*/
FRAME_BEGIN
...
FRAME_END
ret;
SYM_FUNC_END(sm4_aesni_avx_crypt4)
sm4_aesni_avx_crypt8() starts a frame and conditionally branches to
sm4_aesni_avx_crypt4(), which starts another frame and returns from
that without cleaning up the parent frame.
Arnd
On Mon, Sep 20, 2021 at 01:02:07PM +0200, Arnd Bergmann wrote:
> On Sun, Aug 15, 2021 at 9:41 PM kernel test robot <[email protected]> wrote:
> >
> > CC: Linux Memory Management List <[email protected]>
> > TO: Tianjia Zhang <[email protected]>
> > CC: Herbert Xu <[email protected]>
> >
> > Hi Tianjia,
> >
> > First bad commit (maybe != root cause):
> >
> > tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> > head: 4b358aabb93a2c654cd1dcab1a25a589f6e2b153
> > commit: a7ee22ee1445c7fdb00ab80116bb9710ca86a860 [3857/7963] crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation
> > config: x86_64-randconfig-r024-20210816 (attached as .config)
> > compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 7776b19eed44906e9973bfb240b6279d6feaab41)
> > reproduce (this is a W=1 build):
> > wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> > chmod +x ~/bin/make.cross
> > # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a7ee22ee1445c7fdb00ab80116bb9710ca86a860
> > git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> > git fetch --no-tags linux-next master
> > git checkout a7ee22ee1445c7fdb00ab80116bb9710ca86a860
> > # save the attached .config to linux build tree
> > mkdir build_dir
> > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <[email protected]>
> >
> > All warnings (new ones prefixed by >>):
> >
> > >> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
>
> I see the same thing in my randconfig builds using gcc. This is an
> assembler file,
> my interpretation is that objtool has found an actual code bug:
>
> .macro FRAME_BEGIN
> push %_ASM_BP
> _ASM_MOV %_ASM_SP, %_ASM_BP
> .endm
> .macro FRAME_END
> pop %_ASM_BP
> .endm
>
> SYM_FUNC_START(sm4_aesni_avx_crypt8)
> /* input:
> * %rdi: round key array, CTX
> * %rsi: dst (1..8 blocks)
> * %rdx: src (1..8 blocks)
> * %rcx: num blocks (1..8)
> */
> FRAME_BEGIN
>
> cmpq $5, %rcx;
> jb sm4_aesni_avx_crypt4;
> ....
>
> SYM_FUNC_START(sm4_aesni_avx_crypt4)
> /* input:
> * %rdi: round key array, CTX
> * %rsi: dst (1..4 blocks)
> * %rdx: src (1..4 blocks)
> * %rcx: num blocks (1..4)
> */
> FRAME_BEGIN
> ...
> FRAME_END
> ret;
> SYM_FUNC_END(sm4_aesni_avx_crypt4)
>
>
> sm4_aesni_avx_crypt8() starts a frame and conditionally branches to
> sm4_aesni_avx_crypt4(), which starts another frame and returns from
> that without cleaning up the parent frame.
Indeed! This looks completely broken with CONFIG_FRAME_POINTER.
Needs something like:
---8<---
From: Josh Poimboeuf <[email protected]>
Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption
sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
which sets up an additional frame pointer. Things will not go well when
sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
then tries to return to the outermost frame pointer.
Sibling calls need to occur with an empty stack frame. Do the
conditional sibling call *before* setting up the stack pointer.
This fixes the following warning:
arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
Reported-by: kernel test robot <[email protected]>
Reported-by: Arnd Bergmann <[email protected]>
Signed-off-by: Josh Poimboeuf <[email protected]>
---
arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
index fa2c3f50aecb..a50df13de222 100644
--- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
+++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
@@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
* %rdx: src (1..8 blocks)
* %rcx: num blocks (1..8)
*/
- FRAME_BEGIN
cmpq $5, %rcx;
jb sm4_aesni_avx_crypt4;
+
+ FRAME_BEGIN
+
vmovdqu (0 * 16)(%rdx), RA0;
vmovdqu (1 * 16)(%rdx), RA1;
vmovdqu (2 * 16)(%rdx), RA2;
--
2.31.1
On Mon, Sep 20, 2021 at 10:56:56AM -0700, Josh Poimboeuf wrote:
> From: Josh Poimboeuf <[email protected]>
> Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption
>
> sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
> RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
> which sets up an additional frame pointer. Things will not go well when
> sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
> then tries to return to the outermost frame pointer.
>
> Sibling calls need to occur with an empty stack frame. Do the
> conditional sibling call *before* setting up the stack pointer.
>
> This fixes the following warning:
>
> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
>
> Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
> Reported-by: kernel test robot <[email protected]>
> Reported-by: Arnd Bergmann <[email protected]>
> Signed-off-by: Josh Poimboeuf <[email protected]>
Acked-by: Peter Zijlstra (Intel) <[email protected]>
> ---
> arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> index fa2c3f50aecb..a50df13de222 100644
> --- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> +++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> @@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
> * %rdx: src (1..8 blocks)
> * %rcx: num blocks (1..8)
> */
> - FRAME_BEGIN
>
> cmpq $5, %rcx;
> jb sm4_aesni_avx_crypt4;
> +
> + FRAME_BEGIN
> +
> vmovdqu (0 * 16)(%rdx), RA0;
> vmovdqu (1 * 16)(%rdx), RA1;
> vmovdqu (2 * 16)(%rdx), RA2;
> --
> 2.31.1
>
On 9/21/21 1:56 AM, Josh Poimboeuf wrote:
> From: Josh Poimboeuf <[email protected]>
> Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption
>
> sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
> RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
> which sets up an additional frame pointer. Things will not go well when
> sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
> then tries to return to the outermost frame pointer.
>
> Sibling calls need to occur with an empty stack frame. Do the
> conditional sibling call *before* setting up the stack pointer.
>
> This fixes the following warning:
>
> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
>
> Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
> Reported-by: kernel test robot <[email protected]>
> Reported-by: Arnd Bergmann <[email protected]>
> Signed-off-by: Josh Poimboeuf <[email protected]>
Thanks for your fix.
Reviewed-by: Tianjia Zhang <[email protected]>
Thanks.
> ---
> arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> index fa2c3f50aecb..a50df13de222 100644
> --- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> +++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> @@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
> * %rdx: src (1..8 blocks)
> * %rcx: num blocks (1..8)
> */
> - FRAME_BEGIN
>
> cmpq $5, %rcx;
> jb sm4_aesni_avx_crypt4;
> +
> + FRAME_BEGIN
> +
> vmovdqu (0 * 16)(%rdx), RA0;
> vmovdqu (1 * 16)(%rdx), RA1;
> vmovdqu (2 * 16)(%rdx), RA2;
>