Re: Linux 4.9.93 - Jean-Baptiste Theou

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jean-Baptiste Theou <jb@essential.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Greg KH <gregkh@linuxfoundation.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Will Deacon <will.deacon@arm.com>, Dan Rue <dan.rue@linaro.org>,
	Mark Brown <mark.brown@linaro.org>,
	Marc Zyngier <marc.zyngier@arm.com>,
	Greg Hackmann <ghackmann@google.com>
Subject: Re: Linux 4.9.93
Date: Mon, 9 Apr 2018 19:41:11 +0900	[thread overview]
Message-ID: <20180409194111.16f69253@jbtheou> (raw)
In-Reply-To: <20180409100741.pwkflhaslx43slro@lakrids.cambridge.arm.com>

On Mon, 9 Apr 2018 11:07:41 +0100
Mark Rutland <mark.rutland@arm.com> wrote:

> On Mon, Apr 09, 2018 at 06:57:51PM +0900, Jean-Baptiste Theou wrote:
> > On Mon, 9 Apr 2018 11:49:37 +0200
> > Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> >   
> > > On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:  
> > > > On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:    
> > > >> Hi,
> > > >>
> > > >> After this patchset, a kernel built with CFI fails. Disabling
> > > >> UNMAP_KERNEL_AT_EL0 fix the issue obviously.    
> > > 
> > > How does one 'build a kernel with CFI' for arm64?  
> > 
> > From Google work on Android-4.9
> > 
> > https://android.googlesource.com/kernel/common/+/00a195e7c0752ff5d65c9caadfbcc226270ca232
> > 
> > I am not sure what is the plan on their side to upstream (Greg?), but definitely
> > useful to isolate actual issues.
> >   
> > > > Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
> > > > android-common-4.9?  
> > 
> > It's a "clean 4.9.93" + whatever is needed for Clang/CFI support
> > 
> > My take is that CFI doesn't like 
> > 
> >  * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
> > 
> > and 
> > 
> > remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
> > 
> > Maybe just flag this function to not use CFI? I remember that Sami Tolvanen did
> > similar changes.  
> 
> From a quick scan, it looks like CFI uses shadow memory for function
> prologues. Since we're taking the PA of a function pointer, presumably
> this no longer maps to valid shadow.
> 
> I'd expect the same to apply to uses of cpu_replace_ttbr1(), but it
> looks like the only user of that is marked as __init, and that patch
> adds __nocfi to __init functions.
> 
> So you probably need to mark kpti_install_ng_mappings() as __nocfi.
>  
> > I know it's a bit out of context since CFI support for ARM64 is not upstream yet,
> > but unfortunate that an stable patchset trigger such failures.  
> 
> This is simply the nature of out-of-tree code.
> 
> In future, it would be very helpful if you could provide context for
> out-of-tree patches in the initial report.
> 

I can pass the initial CFI failures by tagging the function with __nocfi, but still face issues down the road.
That said, it's out of tree, so my problem.

Will investigate.

Thanks a lot for the quick support.

Best regards

> Thanks,
> Mark.

next prev parent reply	other threads:[~2018-04-09 10:41 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-09  9:05 Linux 4.9.93 Jean-Baptiste Theou
2018-04-09  9:30 ` Greg KH
2018-04-09  9:44   ` Marc Zyngier
2018-04-09  9:49   ` Ard Biesheuvel
2018-04-09  9:57     ` Jean-Baptiste Theou
2018-04-09 10:07       ` Mark Rutland
2018-04-09 10:41         ` Jean-Baptiste Theou [this message]
2018-04-09 10:25       ` Ard Biesheuvel
2018-04-09 10:28         ` Jean-Baptiste Theou
2018-04-09 11:41       ` Greg KH
2018-04-09 17:02         ` Greg Hackmann
2018-04-09 20:32           ` Sami Tolvanen
2018-04-09  9:55 ` Mark Rutland
  -- strict thread matches above, loose matches on Subject: below --
2018-04-08 15:08 Greg KH
2018-04-08 15:08 ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180409194111.16f69253@jbtheou \
    --to=jb@essential.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=dan.rue@linaro.org \
    --cc=ghackmann@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marc.zyngier@arm.com \
    --cc=mark.brown@linaro.org \
    --cc=mark.rutland@arm.com \
    --cc=will.deacon@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.