Received: by 10.223.176.46 with SMTP id f43csp807048wra; Sat, 20 Jan 2018 05:16:13 -0800 (PST) X-Google-Smtp-Source: AH8x225cAGOjS0bes3arWUiURaqXLG4LzMBr+88NTePgpXXHiYTxmgNqd0Y8S68NCRniMNO408fp X-Received: by 10.101.86.201 with SMTP id w9mr1948951pgs.434.1516454173883; Sat, 20 Jan 2018 05:16:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516454173; cv=none; d=google.com; s=arc-20160816; b=o+Fx2n2iJ3pDEyVQwGLqkBslOP9vmoP7xhltWhbeuhawm5817O9oifckdff4Spzdiy H+80i7Cs0cWHeDnsKxFVef0tIiMsgVv/OM6THvZfEeuQkWbBdTrQVO1E/ZzMGHC7BsbL tSwzape46qjsVpiPqVUN/ut3h3Qwtlmo6xJGJ3BXgrXf08M4P3CI48AoSI5owccswbIl ucAT6ZJmkwgqnmN3rtXZS5rClmBjIVWBiEKV9tgNXX76B9bSppvZ9N2euBNJ3gFdVjNq njqXfGpQWjCZsNveToEfISdrMPFm/DfNOP9cWklo+1jTD31RUXxBKOnZxJ6+fft4Z6sQ W+Zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=XrGwW/gSFSjPbXNrUcyKjfbCMJYC8zklesxb/J02kXc=; b=w3YVi9u7n2KR/aigQ3iCUMNQnmvmlpThCCQHv9/jVHQn6inaGvFgq+XM29deHcoysZ Rj5USW/4S1KCvlZt7PBgKeaP04J5XuAX72+BRuMKcBjQjVRJNYsgzt1usY6lFM7E9fCy cmv2sR5Osx527zMiUlMo5yQKn74fdJ+Eo+NOuDNFM7jCraxN3QIXsEtYFem0Aw7RlaQc q5DGS7xXEI7cMepPN+yn9iaPbgMvcsrdabXV1kbXbqxTQnADuaT5zUw2/nRSHdGTrBxK sjsh+H9l+SGijW40z6QFR9n8HfgGf95+VI4CO8WMz4P/pwhgasodYFsak5P4BoOXrRVd Olxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=VZU1DXLS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r13si10460281pgs.814.2018.01.20.05.15.58; Sat, 20 Jan 2018 05:16:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=VZU1DXLS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754008AbeATNNT (ORCPT + 99 others); Sat, 20 Jan 2018 08:13:19 -0500 Received: from mail-wm0-f65.google.com ([74.125.82.65]:36247 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751095AbeATNNM (ORCPT ); Sat, 20 Jan 2018 08:13:12 -0500 Received: by mail-wm0-f65.google.com with SMTP id f3so8516260wmc.1 for ; Sat, 20 Jan 2018 05:13:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=XrGwW/gSFSjPbXNrUcyKjfbCMJYC8zklesxb/J02kXc=; b=VZU1DXLSmyYu3U9YHrYqnL7MjcduXmyTXsPHIcAtpf51ukdwCcJsqgX2UbLAZexFKl aVXHzESSXjEmh/Gc4cZimNgfSXtVcAb6I4ctYO35n8is1N2AxNlp+NUvgSLe/XhvahxK Rv4QBvz13J/sTnG8v9xYh7pfSAdXGQEOmrSIcNM1pBLU/1r/mhYUJAeDxALTG1p/LUX5 kMFutQfRwe2vrD4IOLT8ZhAEjB7AdNntzWPjPFnuY6huZKTh354inG6oRizI5ddQVzky nXQVJM7zdKs3gviuf/RXdUWpIed78k/sO9TzwrIi/x3G+rUP7GN2wrrNv8hhOqwQqSFr ibhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=XrGwW/gSFSjPbXNrUcyKjfbCMJYC8zklesxb/J02kXc=; b=okzEIoOpW1p0+PtKrCTdzH4UHsQqPKA9scYrth2qf8wTfB62ZOINeFIn69lEDsiGKk 0Rn4XUKufNwNzrEhL/ckNlLxYCh3NWutw1weSULUnA5sgyxN1YEvmnBXhcu3Orm3+R6U Ljz/VYdCQTEd6DGU9sdbQrTaBtpBJUXas4GiRjP9MfoNEz8gtUESOwOyLk5ME0B1W1B3 ri5GB1vYI6mPejqJpTV9eyIRQHPElR21tmSeRGYHqok3v93M313UoPyQgSYiYcYnTF20 oL66BTbFz6KxJHUAoBf3HSZKvMjDrW6a1tAPymN45jgIYsttxC82aYVvMCXdmqpDQ+Yz b2Yw== X-Gm-Message-State: AKwxytc0+zX4lAmnwkb30aZlms6BRnRaFPDtYBK+JVfJbK9dXTI93V4o 7yU+8ah32jesC7zx1uDcssI= X-Received: by 10.28.120.19 with SMTP id t19mr1108902wmc.53.1516453991459; Sat, 20 Jan 2018 05:13:11 -0800 (PST) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id x203sm12665298wmd.11.2018.01.20.05.13.10 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 20 Jan 2018 05:13:10 -0800 (PST) Date: Sat, 20 Jan 2018 14:13:08 +0100 From: Ingo Molnar To: Laura Abbott Cc: Tom Lendacky , Gabriel C , Borislav Petkov , Linus Torvalds , Peter Zijlstra , Thomas Gleixner , Brijesh Singh , X86 ML , Linux Kernel Mailing List Subject: Re: Boot regression with bacf6b499e11 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping") on top of -rc8 Message-ID: <20180120131308.bfm5cxxigw2xzgw2@gmail.com> References: <9fdddcb1-d122-7d52-9204-7066ada5ccba@redhat.com> <44505ab1-237b-88ea-1fb1-f80de9b3025a@redhat.com> <6277b77a-d4a0-5669-e5aa-7a850436227c@amd.com> <6b616ebc-1a8f-0bd7-68be-3674ff99500b@redhat.com> <20180120123338.buixvrhlxqo3ev5p@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180120123338.buixvrhlxqo3ev5p@gmail.com> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Ingo Molnar wrote: > 2) > > using global variables, which is unsafe in early code if the kernel is > relocatable. > > The bisected to commit uses a new sme_populate_pgd_data to collect variables that > were already on the stack, which should be position independent and safe. > > But the other commits use sme_active(), which does: > > bool sme_active(void) > { > return sme_me_mask && !sev_enabled; > } > EXPORT_SYMBOL(sme_active); > > And that looks PIC-unsafe to me, as both are globals: > > u64 sme_me_mask __section(.data) = 0; > EXPORT_SYMBOL(sme_me_mask); > > Does the code start working if you force sme_active() to 0 while keeping the > function call, i.e. something like the hack below? BTW., this aspect of the boot code is really fragile, and depending on compiler there could be unsafe relocations generated without it being 'obvious' from the patch itself. It's also pretty compiler and code layout dependent ... A good way to check this I think would be to turn off CONFIG_RELOCATABLE=y in the .config - does that make the kernel boot again? If that makes a difference then we need to take a look at the relocations in the two key files, with CONFIG_RELOCATABLE=y turned back on: objdump -r arch/x86/kernel/head64.o objdump -r arch/x86/mm/mem_encrypt.o There's three types of relocations that should be there normally: #define R_X86_64_64 1 /* Direct 64 bit */ #define R_X86_64_PC32 2 /* PC relative 32 bit signed */ #define R_X86_64_32S 11 /* Direct 32 bit sign extended */ Only R_X86_64_PC32 is safe as-is, R_X86_64_32S needs to be used via fixup_pointer(). What makes this difficult in the SME context is that the early boot portion of arch/x86/mm/mem_encrypt.c is not separated out, but mixed in with later code. I missed this aspect when reviewing and merging this code :-( Maybe a diff of the list of relocations of the before/after commit points would be nice. I.e. does something like: git checkout objdump -r arch/x86/mm/mem_encrypt.o | grep R_X86 | cut -d' ' -f2- > working.relocs git checkout objdump -r arch/x86/mm/mem_encrypt.o | grep R_X86 | cut -d' ' -f2- > broken.relocs diff -up working.relocs broken.relocs show any changes to the relocations? Side note: Regardless of whether it's the root cause for this regression we definitely need to improve the relocations robustness of early boot code: at minimum we should isolate all critical functionality into a separate section, and then add tooling checks to make sure all relocations are safe. Thanks, Ingo