Received: by 2002:a05:7412:8d1c:b0:fa:4c10:6cad with SMTP id bj28csp85445rdb; Tue, 16 Jan 2024 16:08:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IGlDkC+USG2DB66eb3k2+5JWG4SflwF/H6PzIn8WDYEhtkodunVmu7qCy05ofiMjIMzQDIH X-Received: by 2002:a05:6a20:2312:b0:19a:53d2:17ea with SMTP id n18-20020a056a20231200b0019a53d217eamr8696749pzc.54.1705450095878; Tue, 16 Jan 2024 16:08:15 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705450095; cv=pass; d=google.com; s=arc-20160816; b=zE568CegfLOEkFHnzJuqz/i3pVBw9Jy66Pf5ezqHYuOKS1btCNSC2JCqhKdUlqM+ZA M3Fk8B/AFnTfTDbhRP8O6UAGMJ+s/hUAqOmlQBvZtjinaAH9t0/gWJEN54CwfFTu+gDj D97Ryy++W/AJVVxmsdr5wvMmbe/xAlMjGwPaiiLYZKpPGt+lVlgF/wa/8JyVPEVP7l1j K0FJMbg6d6U8NOYzJ7X5ztQumatk6/ncEy24k7FJsc3i0dzkLGPam5rlsgvvgTNpDuMx co+f1zVKwSOXu4gEaIdW3fNxSTo9zr8C5sh9IBQgWtGaZ6Ycn9rAbzd7WipXnauxp8K6 mTtg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=6upvCtqLjlcvlesxR9kBuGN9SjzKudfUSX/ZwwWZTf0=; fh=vFZvIE/3y+uVHeNgHXgbzKP7IOG2cY00WkvqV2G+4iM=; b=FdnmJfvKJDweRgLrpQBFQ5e2nLbeqhGlaUNM0o7eWGbGAo2iEHcaMFcGvGYkN6YtAL frWcR0dPnOhnjZ3+7/dNX6f/PK6fV/CYR1Ii6JmadbPwLlv+jlz3uIuCIsULc+hqhedB W2bDY95cLsIywqIjXAQSehtzz37mtQNRFidbyhFP6CJ+aXQCM9/xbeFVv+bY3/nKqx9/ zRgaUeAuEfv5nHhkaGnL56P3jLl4joRmjNc/ZLivG/bsGv9wsRboaes+nv+O+MAhCzuV x3aYlcSWwv8TT+8sN/GqmRryES4J3XAVp8D7ug3YHpP5plYrTQeDKfk74W7rhWnLv0R2 YWcg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qBZkGqSS; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-28389-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-28389-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id j4-20020a63e744000000b005cee03c6e23si12102412pgk.731.2024.01.16.16.08.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Jan 2024 16:08:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-28389-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qBZkGqSS; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-28389-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-28389-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 6837CB23E75 for ; Wed, 17 Jan 2024 00:08:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CD7BB80C; Wed, 17 Jan 2024 00:08:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qBZkGqSS" Received: from mail-vs1-f52.google.com (mail-vs1-f52.google.com [209.85.217.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77CDF17E for ; Wed, 17 Jan 2024 00:08:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.217.52 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705450082; cv=none; b=qxlJdy+kxgy3zzY1YP1XHOLymrPOMT2hqX8chSSVQSFZ9BDoPKhlTrv52QoDPKA9NXG9iLjE1iUhxCA7MP8h6c9fWek1IEfNpFU8xF6fNKwgFWRKh8qBytgsl09FbG7W4//256H6s4/lquN6gAYIhmju14iNsCImZ0RrJ9quEEs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705450082; c=relaxed/simple; bh=6upvCtqLjlcvlesxR9kBuGN9SjzKudfUSX/ZwwWZTf0=; h=Received:DKIM-Signature:X-Google-DKIM-Signature: X-Gm-Message-State:X-Google-Smtp-Source:X-Received:MIME-Version: References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc: Content-Type:Content-Transfer-Encoding; b=hhAKo7MZw7lEhLqAXvpEBcebou+8v8Ge4CwnGBqLwBA+mL4Xp2WzDYSfw/gzYSXdqNuLt0M3sdVVxb61A0trlRB4ImKLFNa5bo0UVRdqw5WwZ8Xv2g9dqA1K7qXpBUKuzafcSjw65kft+prKAyX0MxXodK0LXZKLHBZ+gHadeBA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qBZkGqSS; arc=none smtp.client-ip=209.85.217.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-vs1-f52.google.com with SMTP id ada2fe7eead31-467010c1c72so5861637137.0 for ; Tue, 16 Jan 2024 16:08:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1705450080; x=1706054880; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6upvCtqLjlcvlesxR9kBuGN9SjzKudfUSX/ZwwWZTf0=; b=qBZkGqSSgA5xfqPP23J0VeQW2JN0fWt/vzctULFPL7pFqSuMhLM9hqgxOW5lmXjQ61 yj+l7lCc0RMAlnD+5VmhUgOGNsA7YFEFH3DJGPMOSRdv10JTWcb8As/4wD/XvDei3DF+ QaEvSVy1JvKSmhmsU7JYTBopIA4uG4YpEZWigw22LpVQtXzce+9kEymtPX7cKa7M9Jrs oi8V4KQdHIB6R/tIWlyR8OGlCcl2KHry9b/rXKb/eUxMdS9oSk6HaZ9RrHPFewlyWg2d insM2+WvNqSS99e2cGUV/oWeBjN1uCPbUzino/AQPYbdHPEFodet/Ir71fZlg+QJQGQA byuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705450080; x=1706054880; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6upvCtqLjlcvlesxR9kBuGN9SjzKudfUSX/ZwwWZTf0=; b=P+tMIk9nsvKyyqiZjxAzO9BFIndOxUiHxi3ruPwK5wScJhIu/M+fII8d6zkrysSSpI ilBST82SRWubo7bghiH+0Vo7ZP0HpqjOkCP25I0gKt6eAh6t46/eNtxtaSDkKnkzmvSY gNO8oto78PCLv+WZ4pLjf0TPchhxKEyDyvK1YEbEMf7NbmyO9DyHR0OASfp7XVlEld8x E54tGhyUc6s9a6ZQus/qmuyaiemT2h5mNxGc0f2YCPZ2YbbDjYCISLlpoUEozuX2FKMj pQ1K17xzFcrsqOkrYDAjU4TP5gvlk+VsMD9kk3GZBmTVr3tMJpN0E09Iyd/iRMngZ0Ir TABg== X-Gm-Message-State: AOJu0YztCEWL+pxBmpE0DNRqWkTp2CkUh330Wkt/CVy31Lobme42qHO/ 79cGPLEgANPeMLZwNVqCKkwa2sCIf8BSpuGkLpi8w/gMIXBc X-Received: by 2002:a05:6102:3134:b0:467:dfa1:3186 with SMTP id f20-20020a056102313400b00467dfa13186mr4450748vsh.4.1705450080348; Tue, 16 Jan 2024 16:08:00 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240111223650.3502633-1-kevinloughlin@google.com> <20240115204634.GHZaWZqsVyU_fvn_RW@fat_crate.local> In-Reply-To: <20240115204634.GHZaWZqsVyU_fvn_RW@fat_crate.local> From: Kevin Loughlin Date: Tue, 16 Jan 2024 16:07:49 -0800 Message-ID: Subject: Re: [RFC PATCH v2] x86/sev: enforce RIP-relative accesses in early SEV/SME code To: Borislav Petkov Cc: Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Tom Lendacky , Michael Kelley , Pankaj Gupta , Stephen Rothwell , Arnd Bergmann , Steve Rutherford , Alexander Shishkin , Hou Wenlong , Vegard Nossum , Josh Poimboeuf , Yuntao Wang , Wang Jinchao , David Woodhouse , Brian Gerst , Hugh Dickins , Ard Biesheuvel , Joerg Roedel , Randy Dunlap , Bjorn Helgaas , Dionna Glaze , Brijesh Singh , Michael Roth , "Kirill A. Shutemov" , linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-coco@lists.linux.dev, Ashish Kalra , Andi Kleen , Adam Dunlap , Peter Gonda , Jacob Xu , Sidharth Telang Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Jan 15, 2024 at 12:47=E2=80=AFPM Borislav Petkov wro= te: > > On Thu, Jan 11, 2024 at 10:36:50PM +0000, Kevin Loughlin wrote: > > SEV/SME code can execute prior to page table fixups for kernel > > relocation. However, as with global variables accessed in > > __startup_64(), the compiler is not required to generate RIP-relative > > accesses for SEV/SME global variables, causing certain flavors of SEV > > hosts and guests built with clang to crash during boot. > > So, about that. If I understand my gcc toolchain folks correctly: > > mcmodel=3Dkernel - everything fits into the high 31 bit of the address > space > > -fPIE/PIC - position independent > > And supplied both don't make a whole lotta of sense: if you're building > position-independent, then mcmodel=3Dkernel would be overridden by the > first. > > I have no clue why clang enabled it... > > So, *actually* the proper fix here should be not to add this "fixed_up" > gunk everywhere but remove mcmodel=3Dkernel from the build and simply do > -fPIE/PIC. I believe that the key distinction is that using mcmodel=3Dkernel (upper 2 GB of address space) or the similar mcmodel=3Dsmall (lower 2 GB) means the compiler *can* use RIP-relative addressing for globals (because everything is within +/- 2GB of RIP) but is not *required* to do so. In contrast, fPIE/fPIC *requires* relative addressing but does not necessarily require a specific 2 GB placement range. Altogether, I do think there are use cases for both options individually. I can't think of a reason why gcc wouldn't be able to support mcmodel=3Dkernel in conjunction with fPIE off the top of my head, but I admittedly haven't looked into it; I simply observed that the combination is not currently supported. RE: compiling the whole x86-64 kernel with fPIE/fPIC, I believe the required changes would be very extensive (see "[PATCH RFC 00/43] x86/pie: Make kernel image's virtual address flexible" at https://lore.kernel.org/lkml/cover.1682673542.git.houwenlong.hwl@antgroup.c= om/).