Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp2256090rwb; Thu, 29 Sep 2022 08:03:18 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6v/8DMtevmWB/13lSA8a2EuU0BgPug8G019dep2CrCaAZsqLzErEGU6FNTR9LOWaRzlfkv X-Received: by 2002:aa7:cb83:0:b0:443:3f15:84fe with SMTP id r3-20020aa7cb83000000b004433f1584femr3833591edt.17.1664463797918; Thu, 29 Sep 2022 08:03:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664463797; cv=none; d=google.com; s=arc-20160816; b=xRvKVX94oTC6BXsOy7aDHb451Fg3obEiqmcoCG5rvgLdA1RORIHJd1kRIbBJUf4X2z 60QuP4BQIPW0X7FqgnZqWATyefwzWw654Vh4PJDRPltzjiqZ/cHjl1D34sQMW/ZzZikz qbkPYsHloSgu/LCfjlKXjtpFZIvV7fwP/4WEJ2si0XjkNUx/sRwTa4qj8UD37QH7UuZw lk5jhW3l6CpMykGcE1dc75imTMqr3uc7yCnMdhnQwHHuFyobTaFl9iJsrrTU1Dpu5sW7 j1sWG+PjAoaTA/ro1J7dT2EtLy6/shx6SqfMX2LpwPA0g2NVliB+l0C+TKPZdsobwrPs SuMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:organization:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=LaCAMkzhEbjhBcwRuElXN1eVGbIqTpPxYImCjpm1K70=; b=0dJF42EZGVEa9oF8qBl2jidtTWsvMZpGbBsvUK8LTEMoYbFSrpBPCAKeOpHk2Jk2D3 HGEae9W1NHKASz8h+CbmG5LI/5yLgYwL3RPQJm3XHvHi5B6iftlE9U8Zpoqv4Fa99H16 YvGuC9mxcCxl5Wu5WyPDP3eb98q7qIUcxg8nD5fTu6w229FsbcuxV877mOUY+lppGljl FRY9VoNq5zzdcEFHQm3L2Y5gMk9BTyPZDdGpX85FGwHSY8S90I/XiR9F/1gX0Db43Zpr EDSVmA6vswGiYznw5OBjoIq2hf3j6CCoIXtm7kCuImiXD8+oYF/lza2nEM3VZfcrWYpQ j6nA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Nl8vlGt3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h12-20020a05640250cc00b004548c49ef4csi8037356edb.504.2022.09.29.08.02.50; Thu, 29 Sep 2022 08:03:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Nl8vlGt3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235091AbiI2OUZ (ORCPT + 99 others); Thu, 29 Sep 2022 10:20:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234708AbiI2OUX (ORCPT ); Thu, 29 Sep 2022 10:20:23 -0400 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D6D9739127 for ; Thu, 29 Sep 2022 07:20:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664461221; x=1695997221; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=dwVnlaUDqM4s3xZfOLfuk/eDmUhfdgVjnMrKt81F2UI=; b=Nl8vlGt3zyH0/XgyBszL2UyFCBTpXtaFKHNUBgG/3G0oB5jaZQdK9lVb ZAyE/t2lWMkAn5voHuM6Fo8jsisF6V2/uOZ/G4CEoMaFR5Xcf429dsJ7F 4pxTfadnWWnxiQsabgrwucvQR1LtHZKTL14JnrQUah3g80tMYIiPYCvvN FQwzg9L3KQHZI3HjU+0oVtMEWKuQ3u3QZ+ToJnwj79ZaHzEajMnzNAPUU VABmKvKn7rvaXttHgqGyc/hWSPjIR2tjGN6sqEsnysdMXie+Dn3z0fAWB 71k7CfxtLIF3atdEuQJlXf/FpaPQfFVz7/Lpo0YE38EJONhtCq7BQBQqE w==; X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="388187920" X-IronPort-AV: E=Sophos;i="5.93,355,1654585200"; d="scan'208";a="388187920" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2022 07:20:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="655569084" X-IronPort-AV: E=Sophos;i="5.93,355,1654585200"; d="scan'208";a="655569084" Received: from smile.fi.intel.com ([10.237.72.54]) by orsmga001.jf.intel.com with ESMTP; 29 Sep 2022 07:20:19 -0700 Received: from andy by smile.fi.intel.com with local (Exim 4.96) (envelope-from ) id 1oduOf-009Qcr-1r; Thu, 29 Sep 2022 17:20:17 +0300 Date: Thu, 29 Sep 2022 17:20:17 +0300 From: Andy Shevchenko To: Andy Lutomirski , Ferry Toth Cc: x86@kernel.org, LKML , Sedat Dilek , Nick Desaulniers , Sean Christopherson , Brian Gerst , Joerg Roedel Subject: Re: [PATCH v2 1/2] x86/stackprotector/32: Make the canary into a regular percpu variable Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 29, 2022 at 04:56:07PM +0300, Andy Shevchenko wrote: > +Cc: Ferry > > On Sat, Feb 13, 2021 at 11:19:44AM -0800, Andy Lutomirski wrote: > > On 32-bit kernels, the stackprotector canary is quite nasty -- it is > > stored at %gs:(20), which is nasty because 32-bit kernels use %fs for > > percpu storage. It's even nastier because it means that whether %gs > > contains userspace state or kernel state while running kernel code > > depends on whether stackprotector is enabled (this is > > CONFIG_X86_32_LAZY_GS), and this setting radically changes the way > > that segment selectors work. Supporting both variants is a > > maintenance and testing mess. > > > > Merely rearranging so that percpu and the stack canary > > share the same segment would be messy as the 32-bit percpu address > > layout isn't currently compatible with putting a variable at a fixed > > offset. > > > > Fortunately, GCC 8.1 added options that allow the stack canary to be > > accessed as %fs:__stack_chk_guard, effectively turning it into an ordinary > > percpu variable. This lets us get rid of all of the code to manage the > > stack canary GDT descriptor and the CONFIG_X86_32_LAZY_GS mess. > > > > (That name is special. We could use any symbol we want for the > > %fs-relative mode, but for CONFIG_SMP=n, gcc refuses to let us use any > > name other than __stack_chk_guard.) > > > > This patch forcibly disables stackprotector on older compilers that > > don't support the new options and makes the stack canary into a > > percpu variable. The "lazy GS" approach is now used for all 32-bit > > configurations. > > > > This patch also makes load_gs_index() work on 32-bit kernels. On > > 64-bit kernels, it loads the GS selector and updates the user > > GSBASE accordingly. (This is unchanged.) On 32-bit kernels, > > it loads the GS selector and updates GSBASE, which is now > > always the user base. This means that the overall effect is > > the same on 32-bit and 64-bit, which avoids some ifdeffery. > > This patch broke 32-bit boot on Intel Merrifield > > git bisect start > # good: [9f4ad9e425a1d3b6a34617b8ea226d56a119a717] Linux 5.12 > git bisect good 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 > # bad: [62fb9874f5da54fdb243003b386128037319b219] Linux 5.13 > git bisect bad 62fb9874f5da54fdb243003b386128037319b219 > # bad: [85f3f17b5db2dd9f8a094a0ddc665555135afd22] Merge branch 'md-fixes' of https://git.kernel.org/pub/scm/linux/kernel/git/song/md into block-5.13 > git bisect bad 85f3f17b5db2dd9f8a094a0ddc665555135afd22 > # good: [ca62e9090d229926f43f20291bb44d67897baab7] Merge tag 'regulator-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator > git bisect good ca62e9090d229926f43f20291bb44d67897baab7 > # bad: [68a32ba14177d4a21c4a9a941cf1d7aea86d436f] Merge tag 'drm-next-2021-04-28' of git://anongit.freedesktop.org/drm/drm > git bisect bad 68a32ba14177d4a21c4a9a941cf1d7aea86d436f > # good: [49c70ece54b0d1c51bc31b2b0c1070777c992c26] drm/amd/display: Change input parameter for set_drr > git bisect good 49c70ece54b0d1c51bc31b2b0c1070777c992c26 > # good: [0b276e470a4d43e1365d3eb53c608a3d208cabd4] media: coda: fix macroblocks count control usage > git bisect good 0b276e470a4d43e1365d3eb53c608a3d208cabd4 > # bad: [c6536676c7fe3f572ba55842e59c3c71c01e7fb3] Merge tag 'x86_core_for_v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip > git bisect bad c6536676c7fe3f572ba55842e59c3c71c01e7fb3 > # good: [d1466bc583a81830cef2399a4b8a514398351b40] Merge branch 'work.inode-type-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs > git bisect good d1466bc583a81830cef2399a4b8a514398351b40 > # good: [fafe1e39ed213221c0bce6b0b31669334368dc97] Merge tag 'afs-netfs-lib-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs > git bisect good fafe1e39ed213221c0bce6b0b31669334368dc97 > # bad: [b1f480bc0686e65d5413c035bd13af2ea4888784] Merge branch 'x86/cpu' into WIP.x86/core, to merge the NOP changes & resolve a semantic conflict > git bisect bad b1f480bc0686e65d5413c035bd13af2ea4888784 > # bad: [0c925c61dae18ee3cb93a61cc9dd9562a066034d] x86/tools/insn_decoder_test: Convert to insn_decode() > git bisect bad 0c925c61dae18ee3cb93a61cc9dd9562a066034d > # bad: [514ef77607b9ff184c11b88e8f100bc27f07460d] x86/boot/compressed/sev-es: Convert to insn_decode() > git bisect bad 514ef77607b9ff184c11b88e8f100bc27f07460d > # bad: [9e761296c52dcdb1aaa151b65bd39accb05740d9] x86/insn: Rename insn_decode() to insn_decode_from_regs() > git bisect bad 9e761296c52dcdb1aaa151b65bd39accb05740d9 > # bad: [d0962f2b24c99889a386f0658c71535f56358f77] x86/entry/32: Remove leftover macros after stackprotector cleanups > git bisect bad d0962f2b24c99889a386f0658c71535f56358f77 > # bad: [3fb0fdb3bbe7aed495109b3296b06c2409734023] x86/stackprotector/32: Make the canary into a regular percpu variable > git bisect bad 3fb0fdb3bbe7aed495109b3296b06c2409734023 > # first bad commit: [3fb0fdb3bbe7aed495109b3296b06c2409734023] x86/stackprotector/32: Make the canary into a regular percpu variable > > Any suggestions how to fix are welcome! > > Configuration is based on in-tree i386_defconfig with some drivers enabled > on top (no core stuff was altered, but if you wish to check, it's here: > https://github.com/andy-shev/linux/blob/eds-acpi/arch/x86/configs/i386_defconfig). For the record (and preventing some questions) the v6.0-rc7 still has this issue. I can't test reverts, because it's huge pile of changes in that area happened for the last year or so. -- With Best Regards, Andy Shevchenko