When CONFIG_RETPOLINE is disabled, Clang uses a jump table for the
switch statement in cmdline_find_option (jump tables are disabled when
CONFIG_RETPOLINE is enabled). This function is called very early in boot
from sme_enable() if CONFIG_AMD_MEM_ENCRYPT is enabled. At this time,
the kernel is still executing out of the identity mapping, but the jump
table will contain virtual addresses.
Fix this by disabling jump tables for cmdline.c when AMD_MEM_ENCRYPT is
enabled.
Signed-off-by: Arvind Sankar <[email protected]>
---
arch/x86/lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index d46fff11f06f..aa067859a70b 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -24,7 +24,7 @@ ifdef CONFIG_FUNCTION_TRACER
CFLAGS_REMOVE_cmdline.o = -pg
endif
-CFLAGS_cmdline.o := -fno-stack-protector
+CFLAGS_cmdline.o := -fno-stack-protector -fno-jump-tables
endif
inat_tables_script = $(srctree)/arch/x86/tools/gen-insn-attr-x86.awk
--
2.26.2
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: aef0148f3606117352053c015cb33734e9ee7397
Gitweb: https://git.kernel.org/tip/aef0148f3606117352053c015cb33734e9ee7397
Author: Arvind Sankar <[email protected]>
AuthorDate: Wed, 02 Sep 2020 22:30:56 -04:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Thu, 03 Sep 2020 10:59:16 +02:00
x86/cmdline: Disable jump tables for cmdline.c
When CONFIG_RETPOLINE is disabled, Clang uses a jump table for the
switch statement in cmdline_find_option (jump tables are disabled when
CONFIG_RETPOLINE is enabled). This function is called very early in boot
from sme_enable() if CONFIG_AMD_MEM_ENCRYPT is enabled. At this time,
the kernel is still executing out of the identity mapping, but the jump
table will contain virtual addresses.
Fix this by disabling jump tables for cmdline.c when AMD_MEM_ENCRYPT is
enabled.
Signed-off-by: Arvind Sankar <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index d46fff1..aa06785 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -24,7 +24,7 @@ ifdef CONFIG_FUNCTION_TRACER
CFLAGS_REMOVE_cmdline.o = -pg
endif
-CFLAGS_cmdline.o := -fno-stack-protector
+CFLAGS_cmdline.o := -fno-stack-protector -fno-jump-tables
endif
inat_tables_script = $(srctree)/arch/x86/tools/gen-insn-attr-x86.awk
On Wed, Sep 2, 2020 at 7:31 PM Arvind Sankar <[email protected]> wrote:
>
> When CONFIG_RETPOLINE is disabled, Clang uses a jump table for the
> switch statement in cmdline_find_option (jump tables are disabled when
> CONFIG_RETPOLINE is enabled). This function is called very early in boot
> from sme_enable() if CONFIG_AMD_MEM_ENCRYPT is enabled. At this time,
Hi Arvind, sorry I missed this when you first sent it. I'm going
through and mass deleting my inbox (email bankruptcy) but noticed
this. I couldn't reproduce jump tables in cmdline_find_option with
CONFIG_RETPOLINE disabled but CONFIG_AMD_MEM_ENCRYPT on today's
linux-next. Can you please confirm that this is still an issue? I will
reread the disassembly, but it looks like a bunch of cmp/test+jumps.
> the kernel is still executing out of the identity mapping, but the jump
> table will contain virtual addresses.
>
> Fix this by disabling jump tables for cmdline.c when AMD_MEM_ENCRYPT is
> enabled.
>
> Signed-off-by: Arvind Sankar <[email protected]>
> ---
> arch/x86/lib/Makefile | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
> index d46fff11f06f..aa067859a70b 100644
> --- a/arch/x86/lib/Makefile
> +++ b/arch/x86/lib/Makefile
> @@ -24,7 +24,7 @@ ifdef CONFIG_FUNCTION_TRACER
> CFLAGS_REMOVE_cmdline.o = -pg
> endif
>
> -CFLAGS_cmdline.o := -fno-stack-protector
> +CFLAGS_cmdline.o := -fno-stack-protector -fno-jump-tables
> endif
>
> inat_tables_script = $(srctree)/arch/x86/tools/gen-insn-attr-x86.awk
> --
> 2.26.2
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20200903023056.3914690-1-nivedita%40alum.mit.edu.
--
Thanks,
~Nick Desaulniers
On Mon, Dec 21, 2020 at 11:14:39AM -0800, Nick Desaulniers wrote:
> On Wed, Sep 2, 2020 at 7:31 PM Arvind Sankar <[email protected]> wrote:
> >
> > When CONFIG_RETPOLINE is disabled, Clang uses a jump table for the
> > switch statement in cmdline_find_option (jump tables are disabled when
> > CONFIG_RETPOLINE is enabled). This function is called very early in boot
> > from sme_enable() if CONFIG_AMD_MEM_ENCRYPT is enabled. At this time,
>
> Hi Arvind, sorry I missed this when you first sent it. I'm going
> through and mass deleting my inbox (email bankruptcy) but noticed
> this. I couldn't reproduce jump tables in cmdline_find_option with
> CONFIG_RETPOLINE disabled but CONFIG_AMD_MEM_ENCRYPT on today's
> linux-next. Can you please confirm that this is still an issue? I will
> reread the disassembly, but it looks like a bunch of cmp/test+jumps.
>
The patch got merged and is in v5.10 -- are you testing with it reverted
or just plain linux-next?
On Mon, Dec 21, 2020 at 1:23 PM Arvind Sankar <[email protected]> wrote:
>
> On Mon, Dec 21, 2020 at 11:14:39AM -0800, Nick Desaulniers wrote:
> > On Wed, Sep 2, 2020 at 7:31 PM Arvind Sankar <[email protected]> wrote:
> > >
> > > When CONFIG_RETPOLINE is disabled, Clang uses a jump table for the
> > > switch statement in cmdline_find_option (jump tables are disabled when
> > > CONFIG_RETPOLINE is enabled). This function is called very early in boot
> > > from sme_enable() if CONFIG_AMD_MEM_ENCRYPT is enabled. At this time,
> >
> > Hi Arvind, sorry I missed this when you first sent it. I'm going
> > through and mass deleting my inbox (email bankruptcy) but noticed
> > this. I couldn't reproduce jump tables in cmdline_find_option with
> > CONFIG_RETPOLINE disabled but CONFIG_AMD_MEM_ENCRYPT on today's
> > linux-next. Can you please confirm that this is still an issue? I will
> > reread the disassembly, but it looks like a bunch of cmp/test+jumps.
> >
>
> The patch got merged and is in v5.10 -- are you testing with it reverted
> or just plain linux-next?
Oh, sorry, I missed any email that it was merged (and didn't look in
git log). Just linux-next, so no wonder I didn't see any jump tables.
:^P
--
Thanks,
~Nick Desaulniers