linux-coco.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ardb@kernel.org>
To: Andi Kleen <ak@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>,
	Kevin Loughlin <kevinloughlin@google.com>,
	 Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	 Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org,  "H. Peter Anvin" <hpa@zytor.com>,
	Andy Lutomirski <luto@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	 Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	 Bill Wendling <morbo@google.com>,
	Justin Stitt <justinstitt@google.com>,
	 Tom Lendacky <thomas.lendacky@amd.com>,
	Michael Kelley <mikelley@microsoft.com>,
	 Pankaj Gupta <pankaj.gupta@amd.com>,
	Stephen Rothwell <sfr@canb.auug.org.au>,
	 Arnd Bergmann <arnd@arndb.de>,
	Steve Rutherford <srutherford@google.com>,
	 Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	 Hou Wenlong <houwenlong.hwl@antgroup.com>,
	Vegard Nossum <vegard.nossum@oracle.com>,
	 Josh Poimboeuf <jpoimboe@kernel.org>,
	Yuntao Wang <ytcoode@gmail.com>,
	 Wang Jinchao <wangjinchao@xfusion.com>,
	David Woodhouse <dwmw@amazon.co.uk>,
	 Brian Gerst <brgerst@gmail.com>, Hugh Dickins <hughd@google.com>,
	Joerg Roedel <jroedel@suse.de>,
	 Randy Dunlap <rdunlap@infradead.org>,
	Bjorn Helgaas <bhelgaas@google.com>,
	 Dionna Glaze <dionnaglaze@google.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	 Michael Roth <michael.roth@amd.com>,
	 "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	linux-kernel@vger.kernel.org,  llvm@lists.linux.dev,
	linux-coco@lists.linux.dev,  Ashish Kalra <ashish.kalra@amd.com>,
	Adam Dunlap <acdunlap@google.com>,
	 Peter Gonda <pgonda@google.com>, Jacob Xu <jacobhxu@google.com>,
	 Sidharth Telang <sidtelang@google.com>
Subject: Re: [RFC PATCH v2] x86/sev: enforce RIP-relative accesses in early SEV/SME code
Date: Wed, 17 Jan 2024 12:55:20 +0100	[thread overview]
Message-ID: <CAMj1kXEbd5tNqqLaPxFTAFnx0S-o8Fftc0fvtQUHRN6d2zSk7w@mail.gmail.com> (raw)
In-Reply-To: <Zae8ZKTpcN_BzaqU@tassilo>

On Wed, 17 Jan 2024 at 12:39, Andi Kleen <ak@linux.intel.com> wrote:
>
> On Wed, Jan 17, 2024 at 11:59:14AM +0100, Ard Biesheuvel wrote:
> > On Mon, 15 Jan 2024 at 21:47, Borislav Petkov <bp@alien8.de> wrote:
> > >
> > > On Thu, Jan 11, 2024 at 10:36:50PM +0000, Kevin Loughlin wrote:
> > > > SEV/SME code can execute prior to page table fixups for kernel
> > > > relocation. However, as with global variables accessed in
> > > > __startup_64(), the compiler is not required to generate RIP-relative
> > > > accesses for SEV/SME global variables, causing certain flavors of SEV
> > > > hosts and guests built with clang to crash during boot.
> > >
> > > So, about that. If I understand my gcc toolchain folks correctly:
> > >
> > > mcmodel=kernel - everything fits into the high 31 bit of the address
> > > space
> > >
> > > -fPIE/PIC - position independent
> > >
> > > And supplied both don't make a whole lotta of sense: if you're building
> > > position-independent, then mcmodel=kernel would be overridden by the
> > > first.
> > >
> > > I have no clue why clang enabled it...
> > >
> > > So, *actually* the proper fix here should be not to add this "fixed_up"
> > > gunk everywhere but remove mcmodel=kernel from the build and simply do
> > > -fPIE/PIC.
>
> For the SEV file this might not work because it also has functions
> that get called later at runtime, and may need to reference real
> globals. I doubt the linker could resolve that.
>

I don't think that should be a problem. If the code and data are
within -/+ 2G of each other, RIP-relative references should always be
in range.

> For linking the whole kernel, I haven't seen the latest numbers, but
> traditionally -fPIE/PIC cost some performance because globals get loaded
> through the GOT instead of directly as immediates. That's why the original
> x86-64 port went with -mcmodel=kernel.
>

We can tell the compiler to avoid the GOT (using 'hidden' visibility),
and even if we don't, the amd64 psABI now defines linker relaxations
that turn GOT loads into LEA instructions (which still bloat the code
a bit but eliminate the GOT accesses in most cases).

  reply	other threads:[~2024-01-17 11:55 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-10  1:26 [RFC PATCH] x86/sev: x86/sev: enforce PC-relative addressing in clang Kevin Loughlin
2024-01-10 11:45 ` Andi Kleen
2024-01-10 17:14   ` Kevin Loughlin
2024-01-10 17:49     ` Andi Kleen
2024-01-11 22:36       ` [RFC PATCH v2] x86/sev: enforce RIP-relative accesses in early SEV/SME code Kevin Loughlin
2024-01-12 12:17         ` Kirill A. Shutemov
2024-01-12 18:29           ` Kevin Loughlin
2024-01-15 10:12             ` Kirill A. Shutemov
2024-01-16 22:13               ` Kevin Loughlin
2024-01-15 15:53         ` Tom Lendacky
2024-01-16 23:44           ` Kevin Loughlin
2024-01-15 20:46         ` Borislav Petkov
2024-01-17  0:07           ` Kevin Loughlin
2024-01-17  2:47             ` Hou Wenlong
2024-01-17 10:59           ` Ard Biesheuvel
2024-01-17 11:39             ` Andi Kleen
2024-01-17 11:55               ` Ard Biesheuvel [this message]
2024-01-17 13:05             ` Borislav Petkov
2024-01-17 13:38               ` Ard Biesheuvel
2024-01-21 14:12                 ` Ard Biesheuvel
2024-01-21 15:37                   ` Borislav Petkov
2024-01-21 16:49                     ` Ard Biesheuvel
2024-01-21 18:20                       ` Borislav Petkov
2024-01-30 22:08                         ` [PATCH v3 0/2] x86: enforce and cleanup RIP-relative accesses in early boot code Kevin Loughlin
2024-01-31 14:00                           ` Borislav Petkov
2024-01-31 18:16                             ` Jacob Xu
2024-01-31 18:29                               ` Borislav Petkov
2024-02-03  0:22                                 ` Kevin Loughlin
2024-02-03 10:15                                   ` Ard Biesheuvel
2024-02-03 10:19                                   ` Borislav Petkov
2024-02-03 10:27                                     ` Ard Biesheuvel
2024-02-03 11:25                                       ` Borislav Petkov
2024-01-30 22:08                         ` [PATCH v3 1/2] x86/sev: enforce RIP-relative accesses in early SEV/SME code Kevin Loughlin
2024-01-31  8:20                           ` Kirill A. Shutemov
2024-02-02 22:00                             ` Kevin Loughlin
2024-02-02 22:47                               ` Ard Biesheuvel
2024-02-03  0:11                                 ` Kevin Loughlin
2024-01-31 13:42                           ` Ard Biesheuvel
2024-02-03  0:14                             ` Kevin Loughlin
2024-01-30 22:08                         ` [PATCH v3 2/2] x86/head64: Replace pointer fixups with RIP_RELATIVE_ADDR() Kevin Loughlin
2024-01-31  8:22                           ` Kirill A. Shutemov
2024-02-01 16:38                             ` Kevin Loughlin
2024-01-31 15:30                           ` Tom Lendacky
2024-01-31 15:36                             ` Kirill A. Shutemov
2024-01-10 13:36 ` [RFC PATCH] x86/sev: x86/sev: enforce PC-relative addressing in clang Kirill A. Shutemov
2024-01-10 17:28   ` Kevin Loughlin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMj1kXEbd5tNqqLaPxFTAFnx0S-o8Fftc0fvtQUHRN6d2zSk7w@mail.gmail.com \
    --to=ardb@kernel.org \
    --cc=acdunlap@google.com \
    --cc=ak@linux.intel.com \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=arnd@arndb.de \
    --cc=ashish.kalra@amd.com \
    --cc=bhelgaas@google.com \
    --cc=bp@alien8.de \
    --cc=brgerst@gmail.com \
    --cc=brijesh.singh@amd.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=dionnaglaze@google.com \
    --cc=dwmw@amazon.co.uk \
    --cc=houwenlong.hwl@antgroup.com \
    --cc=hpa@zytor.com \
    --cc=hughd@google.com \
    --cc=jacobhxu@google.com \
    --cc=jpoimboe@kernel.org \
    --cc=jroedel@suse.de \
    --cc=justinstitt@google.com \
    --cc=kevinloughlin@google.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=llvm@lists.linux.dev \
    --cc=luto@kernel.org \
    --cc=michael.roth@amd.com \
    --cc=mikelley@microsoft.com \
    --cc=mingo@redhat.com \
    --cc=morbo@google.com \
    --cc=nathan@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=pankaj.gupta@amd.com \
    --cc=peterz@infradead.org \
    --cc=pgonda@google.com \
    --cc=rdunlap@infradead.org \
    --cc=sfr@canb.auug.org.au \
    --cc=sidtelang@google.com \
    --cc=srutherford@google.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=vegard.nossum@oracle.com \
    --cc=wangjinchao@xfusion.com \
    --cc=x86@kernel.org \
    --cc=ytcoode@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).