Received: by 2002:ab2:788f:0:b0:1ee:8f2e:70ae with SMTP id b15csp311664lqi; Wed, 6 Mar 2024 19:20:17 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWjwpa8oH7FGRjZIvAXSgr016WPlp8iRM5saSIQAnV4JH1fXIwm24VWzEi+5kAwpTmhTavaeiNbLlPb9PA1M4MrFWPBTccslk2k6cwfyg== X-Google-Smtp-Source: AGHT+IHBV6BC8AkUk2nt+a1C7vxsT5eJSNDlU6PvGXwsJ6CPVFgRydezM/iIGS4vK+hX1wDK7Xft X-Received: by 2002:a05:620a:2112:b0:788:3635:63e8 with SMTP id l18-20020a05620a211200b00788363563e8mr6874059qkl.36.1709781617417; Wed, 06 Mar 2024 19:20:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709781617; cv=pass; d=google.com; s=arc-20160816; b=xIRPPJpa2RKvLxwiwqjGdopaoZ7VpgOkTQRYK2x+POlVK80QCc1AbGperGW7rDqNGt 0XDPNMNoFJYsW2tRFeG4Ob7RQuoAODe2lrYXbHtix1dZ49Q97msAiLuKalU0R2INfnVJ iMHt8rDg0jYkrTWVEP/qiKn6D/fJnKj3ro2f2yckpfaUm5npVbbDNKuoNERMm74Nuajq yx9lU6H+3QlTgU2dcMtEt6VKBF4N8QQwx/pdxbmqWmFNYCCiYPtJXieHzhrK9p72zFPi JJWcyMfUdH8ZpvVYdrM6PP8c+/amrI9ppksDcAmczBROb/voXVKIi3/F2h8O3kb6KZOP Ox2Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=XJGvA1f7vKRh3tCkcbglNtzIq8rFLROAN/5bMKhQkTg=; fh=3n4AVXQesGPR8EAbkkEN+p6/f90FDfjntbg6dvYRaQk=; b=ySzG73yoSVM2qp0zYfLjaUMa5BAA16lWc6EfbofJYBrRdjzM3E4UmYDSzhgZe+GWxR GZAOYEMfAD2MjR54216u2x7/rlxvTgCB4wjSNry5axEAfdTP4iCnRXpOULz7OFIVhzt9 nNayWlyzYx2xKFHfRAy/ZXJc1645kha3/kQBQzLzne6B71RB8YTadSTZRLav+1/4B0Oq RY7L4ojK5m4zVPXxuJokS/bP7wnevu05SmiFoRpBLPpgdfykLSLNEPRa1x0HNEjVeWgn AqMnZMSYx0q12v+gtTYW/jH5vWIFvsq4/Q/aVE7oab4WVKyEACNsfCoj06ZTk/nF8Lmv ZqYg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@bytedance.com header.s=google header.b=NM3a8GuP; arc=pass (i=1 spf=pass spfdomain=bytedance.com dkim=pass dkdomain=bytedance.com dmarc=pass fromdomain=bytedance.com); spf=pass (google.com: domain of linux-kernel+bounces-94915-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-94915-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=bytedance.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id f30-20020a05620a20de00b007882fae5a30si7028465qka.6.2024.03.06.19.20.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 19:20:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-94915-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance.com header.s=google header.b=NM3a8GuP; arc=pass (i=1 spf=pass spfdomain=bytedance.com dkim=pass dkdomain=bytedance.com dmarc=pass fromdomain=bytedance.com); spf=pass (google.com: domain of linux-kernel+bounces-94915-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-94915-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=bytedance.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 1AA3B1C2229A for ; Thu, 7 Mar 2024 03:20:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 562B9E574; Thu, 7 Mar 2024 03:19:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b="NM3a8GuP" Received: from mail-oa1-f42.google.com (mail-oa1-f42.google.com [209.85.160.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 607861B7E4 for ; Thu, 7 Mar 2024 03:19:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.42 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709781580; cv=none; b=fMG1YVZkw985vQo/cDgt00s7sRXQdQdhn+gmTG1T6ouUxE2ofLfB/HeVaOQwTnSh82X7XqYUcHPAwH+oWuqDE1XGUReBGfYZj3YEYacUj5JHR5+9EbjcTAwKj/4LLbXvFcAz/aMm5bfcO+hZV4vbZU7BA4qg3n9NgrgLmv770c4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709781580; c=relaxed/simple; bh=2C88qV+fxIBbpmK+jFwOWYwyMdx0WzXNpACjvByuKIM=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=a89zURXOi+FTI27UK7Djvd8O2RlepdWHt9UYVBgyjgf4D4vRC6Pp3jZS0/4bdxvJtdxS7YxleUOJDYlbkiH+Q3tkYieeT7SXHDMk/jZjm3RaR2JlU3E9QPIqXTDoOq1pMh6N3CTnawdLM6rP4K8uk7zemHawZ4MaD5SMQY9EyIY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=bytedance.com; spf=pass smtp.mailfrom=bytedance.com; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b=NM3a8GuP; arc=none smtp.client-ip=209.85.160.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=bytedance.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=bytedance.com Received: by mail-oa1-f42.google.com with SMTP id 586e51a60fabf-21ffac15528so150811fac.0 for ; Wed, 06 Mar 2024 19:19:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1709781577; x=1710386377; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=XJGvA1f7vKRh3tCkcbglNtzIq8rFLROAN/5bMKhQkTg=; b=NM3a8GuPQexXnH1MDHNTmkR95OocXfh7kWDccrmC6v6ozCc5/8B/uvOYDnl06J++gg GbJwgpY7jQ7ePmv/sHbZDugLhX4cZyuaf5KLNGriGytoSs4rAt/ogrt8pj2ab6/W6IsH GEQyNJbpovEkF28rA9vSOshBE2ptTNnJnOlg9qyD6GPNl1SH3G4MhFFIHbtBVzc7Bk5D 6vmNQHgkJGstMhn+lM3pMek342D3L8D6PSiyuqZzfqpGWnegGAZQlMtdv4Gwd/H16Jg6 sHDwSBbntV0r42kUzrnqFF0ipTxXSPIqTLKjktvt+gR5SNep/gYDMx3Aqh45Zfy/6qKs /7/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709781577; x=1710386377; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XJGvA1f7vKRh3tCkcbglNtzIq8rFLROAN/5bMKhQkTg=; b=SPni+wcJGsIvuSn2JcPmiWDqEiBpO8nNw5eUJB4rGaHysmUU6I2+50NeNxcRLYh7H8 eIGjiVKQ3ZmY/KUHE5cux7pDB4+SBpTqsHeq9GVLdL/CX2Ww5pZMHAecO7yrDPftj8VX +wauEhQlR+zteEUhSioiiZ/zEypd11A2cLLLPwGvh+jrJFVbnWO9la11jtV6QpgtIoQW MlLHuDTVxfMrc1r/mR/WSquw7833KpcvZa4adXbrB5xONJOllsHUaeeTARQXlg0lErcZ 4gaeAuHlwYj/7Mn1ido1NGc7/5r/2yP2JnefwFgyBQBGaushTt4S5/patZIJN1V3f24Q vnQw== X-Forwarded-Encrypted: i=1; AJvYcCWwNm1dDvD0Hoiq62VwqAZlQCpJjmDaLGlaW6hlELwVh4Mo5OTXdFXXlHLwWaj3MidFoaSOOK5cG1ObQNx/eFIipd7lDQLtY7AwoHNv X-Gm-Message-State: AOJu0YzEIOqwsDsS71JW7wRFwtTSp8UwXTeamZQwPG2GYtIWPvOJ1Zr2 RO4VbSloJHWHvkAFDtElJpWpeglRfbEDLyTe5z5lcBiPoYuvyMkOs6hLBJWNm9aM8ALy9kFd1cT 9NGtiHAupaRFN9E3zjwSJFfPoTgfPvXiZqeuovA== X-Received: by 2002:a05:6870:4181:b0:220:8c16:fe1b with SMTP id y1-20020a056870418100b002208c16fe1bmr7006609oac.40.1709781577510; Wed, 06 Mar 2024 19:19:37 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: In-Reply-To: From: yunhui cui Date: Thu, 7 Mar 2024 11:19:26 +0800 Message-ID: Subject: Re: [External] Re: [PATCH 3/3] efistub: fix missed the initialization of gp To: Ard Biesheuvel Cc: Palmer Dabbelt , Paul Walmsley , aou@eecs.berkeley.edu, xuzhipeng.1973@bytedance.com, alexghiti@rivosinc.com, samitolvanen@google.com, bp@alien8.de, xiao.w.wang@intel.com, jan.kiszka@siemens.com, kirill.shutemov@linux.intel.com, nathan@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Conor Dooley , Heinrich Schuchardt Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Ard, On Thu, Mar 7, 2024 at 12:15=E2=80=AFAM Ard Biesheuvel wr= ote: > > On Wed, 6 Mar 2024 at 16:44, Ard Biesheuvel wrote: > > > > On Wed, 6 Mar 2024 at 16:21, Palmer Dabbelt wrote: > > > > > > On Wed, 06 Mar 2024 05:09:07 PST (-0800), Ard Biesheuvel wrote: > > > > On Wed, 6 Mar 2024 at 14:02, Ard Biesheuvel wrote= : > > > >> > > > >> On Wed, 6 Mar 2024 at 13:34, yunhui cui = wrote: > > > >> > > > > >> > Hi Ard, > > > >> > > > > >> > On Wed, Mar 6, 2024 at 5:36=E2=80=AFPM Ard Biesheuvel wrote: > > > >> > > > > > >> > > On Wed, 6 Mar 2024 at 09:56, Yunhui Cui wrote: > > > >> > > > > > > >> > > > Compared with gcc version 12, gcc version 13 uses the gp > > > >> > > > register for compilation optimization, but the efistub modul= e > > > >> > > > does not initialize gp. > > > >> > > > > > > >> > > > Signed-off-by: Yunhui Cui > > > >> > > > Co-Developed-by: Zhipeng Xu > > > >> > > > > > >> > > This needs a sign-off, and your signoff needs to come after. > > > >> > > > > > >> > > > --- > > > >> > > > arch/riscv/kernel/efi-header.S | 11 ++++++++++- > > > >> > > > 1 file changed, 10 insertions(+), 1 deletion(-) > > > >> > > > > > > >> > > > diff --git a/arch/riscv/kernel/efi-header.S b/arch/riscv/ker= nel/efi-header.S > > > >> > > > index 515b2dfbca75..fa17c08c092a 100644 > > > >> > > > --- a/arch/riscv/kernel/efi-header.S > > > >> > > > +++ b/arch/riscv/kernel/efi-header.S > > > >> > > > @@ -40,7 +40,7 @@ optional_header: > > > >> > > > .long __pecoff_data_virt_end - __pecoff_text_end = // SizeOfInitializedData > > > >> > > > #endif > > > >> > > > .long 0 // S= izeOfUninitializedData > > > >> > > > - .long __efistub_efi_pe_entry - _start // A= ddressOfEntryPoint > > > >> > > > + .long _efistub_entry - _start // AddressOf= EntryPoint > > > >> > > > .long efi_header_end - _start // B= aseOfCode > > > >> > > > #ifdef CONFIG_32BIT > > > >> > > > .long __pecoff_text_end - _start // B= aseOfData > > > >> > > > @@ -121,4 +121,13 @@ section_table: > > > >> > > > > > > >> > > > .balign 0x1000 > > > >> > > > efi_header_end: > > > >> > > > + > > > >> > > > + .global _efistub_entry > > > >> > > > +_efistub_entry: > > > >> > > > > > >> > > This should go into .text or .init.text, not the header. > > > >> > > > > > >> > > > + /* Reload the global pointer */ > > > >> > > > + load_global_pointer > > > >> > > > + > > > >> > > > > > >> > > What is supposed to happen here if CONFIG_SHADOW_CALL_STACK=3D= y? The EFI > > > >> > > stub Makefile removes the SCS CFLAGS, so the stub will be buil= t > > > >> > > without shadow call stack support, which I guess means that it= might > > > >> > > use GP as a global pointer as usual? > > > >> > > > > > >> > > > + call __efistub_efi_pe_entry > > > >> > > > + ret > > > >> > > > + > > > >> > > > > > >> > > You are returning to the firmware here, but after modifying th= e GP > > > >> > > register. Shouldn't you restore it to its old value? > > > >> > There is no need to restore the value of the gp register. Where = gp is > > > >> > needed, the gp register must first be initialized. And here is t= he > > > >> > entry. > > > >> > > > > >> > > > >> But how should the firmware know that GP was corrupted after calli= ng > > > >> the kernel's EFI entrypoint? The EFI stub can return to the firmwa= re > > > >> if it encounters any errors while still running in the EFI boot > > > >> services. > > > >> > > > > > > > > Actually, I wonder if GP can be modified at all before > > > > ExitBootServices(). The EFI timer interrupt is still live at this > > > > point, and so the firmware is being called behind your back, and mi= ght > > > > rely on GP retaining its original value. > > > > > > [A few of us are talking on IRC as I'm writing this...] > > > > > > The UEFI spec says "UEFI firmware must neither trust the > > > values of tp and gp nor make an assumption of owning the write access= to > > > these register in any circumstances". It's kind of vague what "UEFI > > > firmware" means here, but I think it's reasonable to assume that the > > > kernel (and thus the EFI stub) is not included there. > > > > > > So under that interpretation, the kernel (including the EFI stub) wou= ld > > > be allowed to overwrite GP with whatever it wants. > > > > > > > OK, so even if the UEFI spec seems to suggest that using GP in EFI > > applications such as the Linux EFI stub should be safe, I'd still like > > to understand why this change is necessary. The patches you are > > reverting are supposed to ensure that a) the compiler does not > > generate references that can be relaxed to GP based ones, and b) no > > R_RISCV_RELAX relocations are present in any of the code that runs in > > the context of the EFI firmware. > > > > Are you still seeing GP based symbol references? Is there C code that > > gets pulled into the EFI stub that uses GP based relocations perhaps? > > (see list below). If any of those are implemented in C, they should > > not be used by the EFI stub directly unless they are guaranteed to be > > uninstrumented and callable at arbitrary offsets other than the one > > they were linked to run at. > > > > > > __efistub_memcmp =3D memcmp; > > __efistub_memchr =3D memchr; > > __efistub_memcpy =3D memcpy; > > __efistub_memmove =3D memmove; > > __efistub_memset =3D memset; > > __efistub_strlen =3D strlen; > > __efistub_strnlen =3D strnlen; > > __efistub_strcmp =3D strcmp; > > __efistub_strncmp =3D strncmp; > > __efistub_strrchr =3D strrchr; > > __efistub___memcpy =3D memcpy; > > __efistub___memmove =3D memmove; > > __efistub___memset =3D memset; > > __efistub__start =3D _start; > > __efistub__start_kernel =3D _start_kernel; > > > > (from arch/riscv/kernel/image-vars.h) > > Uhm never mind - these are all gone now, I was looking at a v6.1 > kernel source tree. > > So that means that, as far as I can tell, the only kernel C code that > executes in the context of the EFI firmware is built with -mno-relax > and is checked for the absence of R_RISCV_RELAX relocations. So I fail > to see why these changes are needed. > > Yunhui, could you please explain the reason for this series? From the logic of binutils, if "__global_pointer$" exists, it is possible to use GP for optimization. For RISC-V, "__global_pointer$" was introduced in commit "fbe934d69eb7e". Therefore, for the system as a whole, we should keep using GP uniformly. The root cause of this problem is that GP is not loaded, rather than "On RISC-V, we also avoid GP based relocations..." as commit "d2baf8cc82c17" said. We need to address problems head-on, rather than avoid them. Thanks, Yunhui