Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1723386lqp; Sat, 23 Mar 2024 06:23:11 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWMyo2yPUfkoWMBwHjvJL/PG1nd2Sn+ZYPuMkfN0DzzyR9d5rbYDQzAbR8TtLyfS5uIhLpaTTBaaOf19phlYGSy3L+KSIc3hUOuwjnN5A== X-Google-Smtp-Source: AGHT+IEoRmYORH7PYkZUWvcNDdlOLkNYVAIhm1QrChEzJF7sf6wJU9D18xJtKTnrIASMgvLQ9m0s X-Received: by 2002:a05:620a:1485:b0:78a:b4b:5abc with SMTP id w5-20020a05620a148500b0078a0b4b5abcmr2498571qkj.30.1711200191455; Sat, 23 Mar 2024 06:23:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711200191; cv=pass; d=google.com; s=arc-20160816; b=klY/GR79l1vA67YNTMVvY62mdGETg7473Ikw4sZBY7wJR7exKaYFws7ZhD8pKUyfwy NwV2uNQmj1GT4dZDxxUf3DIsNUoorGTH8VghFYgtVYBT1e7oWI1fU76arCRqBwP4kxZv XFP/tJrqkXrQghItwVRuSAVR6iygBGYrGml55M1f4NtWA/wqPXRBLrZH4N+ZxmwBx7lc 2aMWtlTxofORQSGaOASh6hTf/lGaIfrcbuHN0jM6uBExyFdDgdNfNZuBLx4d4syTlOnD ScvAqVwa7uQaKFXAdKxAXfCMq8ch52R+gyogbHRgU+q0T+E9/BXuZUDNqnjC2FU1E9uF avXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=BSlYLLTmQQfNsjaD7iQbZNTZyxfD58j2PrdsW9gF/8k=; fh=LNZHEGC1GYdL7ufih0qUvv3Xyv4B646d17P7vO72WEs=; b=LTXUcz+Cn7JudCt9nRs+70BIvexsdombs+/GfEMKHLC9VaVnFCv2c+Vz6Kcu1uXHVw wJxRw+XS0epzC7Lg4I5NYCGxDSyFEuAUc5hdZZUVGjzLA7sPFd0oiSxJrGdYFaPA2QXR cVGcaLoUTck0ZObnlkaw/SKIhuycqV+gHNj5oXkMcWCF/vdsRn00LKM148nLjXJjQyL4 +7zlsGfF98CrTmS5hmB5saPQZM485V34UQRJGeLPPtHTAJghuR34YKM1l/ECvXSFy+7k BJcbaR2TRcj3rRUAyx+aYAsM9rapUFadmyoHUN3BOH/HgTVj+uxFgRl00sOnxBciFx6R 8n0Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Eslu8vKt; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-112350-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112350-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id xy19-20020a05620a5dd300b0078859f2a342si1676779qkn.305.2024.03.23.06.23.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 23 Mar 2024 06:23:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-112350-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Eslu8vKt; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-112350-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112350-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 31D961C21FEB for ; Sat, 23 Mar 2024 13:23:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3DD493C46B; Sat, 23 Mar 2024 13:23:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Eslu8vKt" Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 863C41A38F4 for ; Sat, 23 Mar 2024 13:23:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.169 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711200184; cv=none; b=Aov4opOf+Oy/kaI5+/QlI2hgI3XvS80M9ALgIbWmVYNjucct/2rkzCq1EMgxh+5eUcXArKAsZvbEXvNs1nUc0uBk6+vB94Jx8MtNx3jL8DBP7ha53Xb5fG0oW1grdm1F4L3ZHg+1kJ5lb+2VEJuArgW519zKwDEOtZPLcZODcDk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711200184; c=relaxed/simple; bh=N/3E68ODjcpXCYPH4Zk+1d7kReAgKFQBwYI/5UN4rQE=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=VHeHBCmktXNFr12KmhotmnBkfSydg/cFco3no1I/K9O9nY3f1+Pi0YIU+di2FRaTckT9kIB4P8d6wJEKm+EcBgvXt3upxwRInBtCyLAKmyJ8lzkU/qLgLqsZWU0bFcnnCw7mWRmlN4rWTYKPQkCtG+3Rr/z26APJ1n50wBtCSAQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Eslu8vKt; arc=none smtp.client-ip=209.85.208.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2d29aad15a5so39227751fa.3 for ; Sat, 23 Mar 2024 06:23:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711200180; x=1711804980; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=BSlYLLTmQQfNsjaD7iQbZNTZyxfD58j2PrdsW9gF/8k=; b=Eslu8vKtL7R9GZPAppVR9XzduiuqwY/kA4aHluXQHtbNom7slCLbigNh2CfPxuFTtM mDGNld/kYOtYIWhwsGTWgrcbO+uHk94oihhcDztEVbLPoJ8Njm5+Odw5bs1aJmJ9ORYM zEOkviIaUQmFAekGG05dM3d2JmNutkMM8hWSJOunnaoOISpIj96MXdvQcHdtxGHyfeZy WcqzN91ZUQCE4rlaxtMnkOslow730WpaeIf21VOg/NpiYqvJpqd1jjryCWYqLlvY03py He40o0d70czUCnxjKebX10X55LLldTlmyfhGC1IBmBLbJN+osoWcPTu+9nFYDJIS1QC1 BIdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711200181; x=1711804981; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BSlYLLTmQQfNsjaD7iQbZNTZyxfD58j2PrdsW9gF/8k=; b=WzNREpwSaUEewoAkoHfETFfdSzeUtfneT92kfC1IPr/eJyoZM+R20hWVyDzOMrdsnh CEsesMCNxkCT6w/IUAWs4GPwlzyjEX4DUhormmiD6U50qMj7vp8MeokzgdTqKHvZzKoG ZAzlNkbo5i26KJ72DcSBbuysZvCj7ZP1W+qGNaVVGhvQag/2aARW6TebeH5CCPqlJ4ZI PXTR67rTNZsWwehDDfmDRerqPEQjN1iesYHnv55PnItxzOQNmM2F6WjPmlobOQznkpQh ZEsQdmMz+bSOmRPHkcH1nWgNbrsxYKC5+jAHWX3StAesOp+LvXuRqBiEDoE1mOW7dSBG RP4A== X-Gm-Message-State: AOJu0YzDegb4tm1YW2XToX1SO4mBg1vxHFo/EI8H5j9YTk8LAyRMivW+ b2nnS2w6ePrs+pklFq262e6sUFQFe/AL0aNQtqFNd7KnrZemYXpboXeL2v52pnZA7a2sIoCqJwf QaDTcb7y/dzOUophF+d6UhcAjXA== X-Received: by 2002:ac2:4649:0:b0:515:a3de:5d70 with SMTP id s9-20020ac24649000000b00515a3de5d70mr798881lfo.2.1711200180325; Sat, 23 Mar 2024 06:23:00 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240322165233.71698-1-brgerst@gmail.com> In-Reply-To: From: Brian Gerst Date: Sat, 23 Mar 2024 09:22:47 -0400 Message-ID: Subject: Re: [PATCH v4 00/16] x86-64: Stack protector and percpu improvements To: Uros Bizjak Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ingo Molnar , Thomas Gleixner , Borislav Petkov , "H . Peter Anvin" , David.Laight@aculab.com, Linus Torvalds Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Mar 23, 2024 at 7:39=E2=80=AFAM Uros Bizjak wro= te: > > On Fri, Mar 22, 2024 at 5:52=E2=80=AFPM Brian Gerst w= rote: > > > > Currently, x86-64 uses an unusual percpu layout, where the percpu secti= on > > is linked at absolute address 0. The reason behind this is that older = GCC > > versions placed the stack protector (if enabled) at a fixed offset from= the > > GS segment base. Since the GS segement is also used for percpu variabl= es, > > this forced the current layout. > > > > GCC since version 8.1 supports a configurable location for the stack > > protector value, which allows removal of the restriction on how the per= cpu > > section is linked. This allows the percpu section to be linked normall= y, > > like other architectures. In turn, this allows removal of code that wa= s > > needed to support the zero-based percpu section. > > The number of simplifications throughout the code, enabled by this > patch set, is really impressive, and it reflects the number of > workarounds to enable the feature that was originally not designed for > the kernel usage. As noted above, this issue was recognized in the GCC > compiler and the stack protector support was generalized by adding > configurable location for the stack protector value [1,2]. > > The improved stack protector support was implemented in gcc-8.1, > released on May 2, 2018, when linux 4.17 was in development. In light > of this fact, and 5 (soon 6) GCC major releases later, I'd like to ask > if the objtool support to fixup earlier compilers is really necessary. > Please note that years ago x86_32 simply dropped stack protector > support with earlier compilers and IMO, we should follow this example > also with x86_64, because: > > a) There are currently 5 (soon 6) GCC major releases that support > configurable location for stack protector value. GCC 10 is already out > of active maintenance, and GCC 7 is considered an ancient release at > this time. For x86_32, it was advised to drop the support for stack > protector entirely with too old compilers to somehow force users to > upgrade the compiler. At least one developer claimed to be using an older compiler. I asked for more details on why, but got no response. > b) Stack protector is not a core feature - the kernel will still boot > without stack protector. So, if someone really has the urge to use > ancient compilers with the bleeding edge kernel, it is still possible > to create a bootable image. I do not think using ancient compilers to > compile bleeding edge kernels makes any sense at all. One small issue is that Kconfig would silently disable istackprotector if the compiler doesn't support the new options. That said, the number of people that this would affect is very small, as just about any modern distribution ships a compiler newer than 8.1. I'm all in favor of only supporting compilers that are supported upstream. > c) Maintenance burden - an objtool feature will have to be maintained > until gcc-8.1 is the minimum required compiler version. This feature > will IMO be seldom used and thus prone to bitrot. That's the reason I added a config option to allow testing objtool even if the compiler has support. > d) Discrepancy between x86_32 and x86_64 - either both targets should > use objtool fixups for stack protector, or none at all. As shown by > x86_32 approach in the past, removing stack protector support with > ancient compilers was not problematic at all. Objtool doesn't support x86-32, mostly because working with REL type relocations is a pain. > That said, the whole series is heartily Acked-by: Uros Bizjak > > > [1] https://gcc.gnu.org/git/?p=3Dgcc.git;a=3Dcommitdiff;h=3De1769bdd4cef5= 22ada32aec863feba41116b183a > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D81708 > > Thanks, > Uros. Brian Gerst