From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qt1-f171.google.com (mail-qt1-f171.google.com [209.85.160.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D046E154BFF for ; Thu, 23 Jan 2025 19:07:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.171 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737659277; cv=none; b=DmKPajURzWYJSPXbJW3NVc65Z43UOJrbP7IHlZQbtQaIWaBQdxSEYXLgmfpJCGeiWj0gD/3fS/koBGQBpjKjJaSRD9pT0zjyK3zQHzec9dit4FMlL+RGPEOcUvxIIDwwoTI/a4lS1F1M8ivMp9+Rjm5A1sH1D1MsaW9xgBFCY7g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737659277; c=relaxed/simple; bh=KcUBGWq52l2hJBqiNzo/pXSqxNCBcW+JIH1Whlye3fQ=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=ehKJZobygh+en5IQ3EqVKAb59rR0Yh+Q1smrr3aMnbmJavwS60PJUafcVdqfMhkbfpe71kIihK1utIRsJKv+GFAZ+hfK3K71d9ENx7M/veiRlPOqID2m2AJmywjq4sXcboJNmJXIPBr0jgNO4Cuz/qZGS9nzebqUyPSJUuPo+nQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=aH1rk7EX; arc=none smtp.client-ip=209.85.160.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aH1rk7EX" Received: by mail-qt1-f171.google.com with SMTP id d75a77b69052e-46df3fc7176so12518631cf.2 for ; Thu, 23 Jan 2025 11:07:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737659274; x=1738264074; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=WMy6nY9Uj3W6g1J+bAkNkbXxNoCJrA3O6vN4QzwRqTo=; b=aH1rk7EXLJASAfIKAkDqbK43CSu9foOIfUAm6oBlgNa3pyeLT/H3gyuFC+24+Yb2pZ xz9y6YhJ0/GGfILUR7SZVnlLjY+45VvC9kDdc0GPVmKJvuCcGIXM6pvTDDO1NRZkcvPM I0h27wyOSiuA1UzJec0i75LAK86GZorRV+3mU/JDhALsO0oTQjChVse0M7xt0cdgcTew h0uzMql6kZeM/m8x7Zrc7gZ10vyeDHJaLZVeQXPMjT6R4XqGK+OBG7WYRQwEtZoR93WQ ZN8kmRJjqZfkTd9MeWhyWToA40LpWIFq0L4CycPNDqfnPrWooCA8dA1pUumXu3apcJvT /tgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737659274; x=1738264074; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WMy6nY9Uj3W6g1J+bAkNkbXxNoCJrA3O6vN4QzwRqTo=; b=eEbZoId+p6uWADTlfvY8xHhm296KmSA5NOY2wfJUqWzwE8kLMEOuWwKZx10vVMqVhz 2bV4Wzj1w6aL6ihWW1C2pthVF7/Lm9N0wEDIMHxxAPpJTHzHf0JcflmpBJ6G9HVPpWQg K89h6RgCRODtUgT6/vAKQBzwH1yxtSnIKLMZrsrZYMca+417lxnUukceVjBanmU6nKa5 ty4IYOhXbcfTFYy0gHCMawKTam4x6Drb6TpzUFRqgy10Nremu/cZ+FLsizRdn9w4olMx kI8ZPekQb/U7NdFcDrQbIy2k+641t/7GmQgW61cEibvQArSMcG64ApRo3xVA4E4ffjMO Olpg== X-Gm-Message-State: AOJu0Yy7soODHGev8Z1sRJrch7KpcyNTHqpy3zxU8gw6PwscghieqYJ5 Gg4pcLmWhUnj121kNIGT1CnUaDidurqJcWhaEMN6JdbdCg9pYRXtAnS+ X-Gm-Gg: ASbGncs0R2/z7ZuYe0JfK4HPtnsx34VIaWZNR/7bTxivdD5k55Kg2zp8Ib6KEn7RRY8 gGjE3fwTHCiSoeC4HzRaELSyFBNvQoLQ4FWGzuLhHn94tYKIV063rM7PhhUcRm699p97n7/ZEIq snp/if/pWP2YXqZtziM2gAl9IHBhMprCco6VrvjfRWrf2EZPulNEvUc+n0IJ2BpQnJqpu3cA45R wHxiMrtwx1Kh7EtjQvMGL3ni5VIXJMWHlApbxbEqH0mBR4PmP+Q16OmHOkiPZm6280cFoDa X-Google-Smtp-Source: AGHT+IEqLxPw3ywy+98hTof2R3VLkV5KEphHRQCGtGxoAgPrBOlOLAvALL7IyS8w2jI5UaYZoUqhUA== X-Received: by 2002:a05:622a:211:b0:467:6508:2385 with SMTP id d75a77b69052e-46e12b56eebmr429516241cf.34.1737659274136; Thu, 23 Jan 2025 11:07:54 -0800 (PST) Received: from citadel.lan ([2600:6c4a:4d3f:6d5c::1019]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-46e66b880b6sm1768021cf.69.2025.01.23.11.07.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jan 2025 11:07:52 -0800 (PST) From: Brian Gerst To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Ingo Molnar , "H . Peter Anvin" , Thomas Gleixner , Borislav Petkov , Ard Biesheuvel , Uros Bizjak , Brian Gerst Subject: [PATCH v6 00/15] x86-64: Stack protector and percpu improvements Date: Thu, 23 Jan 2025 14:07:32 -0500 Message-ID: <20250123190747.745588-1-brgerst@gmail.com> X-Mailer: git-send-email 2.47.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Currently, x86-64 uses an unusual percpu layout, where the percpu section is linked at absolute address 0. The reason behind this is that older GCC versions placed the stack protector (if enabled) at a fixed offset from the GS segment base. Since the GS segement is also used for percpu variables, this forced the current layout. GCC since version 8.1 supports a configurable location for the stack protector value, which allows removal of the restriction on how the percpu section is linked. This allows the percpu section to be linked normally, like other architectures. In turn, this allows removal of code that was needed to support the zero-based percpu section. v6: - Rebased to current tip tree - Dropped patches already applied - Fixed typos in commit messages - Added Reviewed-by tags Ard Biesheuvel (1): x86/module: Deal with GOT based stack cookie load on Clang < 17 Brian Gerst (14): x86: Raise minimum GCC version to 8.1 x86/stackprotector: Remove stack protector test scripts x86/boot: Disable stack protector for early boot code x86/pvh: Use fixed_percpu_data for early boot GSBASE x86/relocs: Handle R_X86_64_REX_GOTPCRELX relocations x86/stackprotector/64: Convert to normal percpu variable x86/percpu/64: Use relative percpu offsets x86/percpu/64: Remove fixed_percpu_data x86/boot/64: Remove inverse relocations x86/percpu/64: Remove INIT_PER_CPU macros percpu: Remove PER_CPU_FIRST_SECTION percpu: Remove PERCPU_VADDR() percpu: Remove __per_cpu_load kallsyms: Remove KALLSYMS_ABSOLUTE_PERCPU arch/x86/Kconfig | 11 +- arch/x86/Makefile | 20 +-- arch/x86/boot/compressed/misc.c | 14 +-- arch/x86/entry/entry.S | 2 - arch/x86/entry/entry_64.S | 2 +- arch/x86/include/asm/desc.h | 1 - arch/x86/include/asm/elf.h | 3 +- arch/x86/include/asm/percpu.h | 22 ---- arch/x86/include/asm/processor.h | 28 +---- arch/x86/include/asm/stackprotector.h | 36 +----- arch/x86/kernel/Makefile | 2 + arch/x86/kernel/asm-offsets_64.c | 6 - arch/x86/kernel/cpu/common.c | 9 +- arch/x86/kernel/head64.c | 2 +- arch/x86/kernel/head_64.S | 20 ++- arch/x86/kernel/irq_64.c | 1 - arch/x86/kernel/module.c | 15 +++ arch/x86/kernel/setup_percpu.c | 12 +- arch/x86/kernel/vmlinux.lds.S | 35 ------ arch/x86/platform/pvh/head.S | 14 ++- arch/x86/tools/relocs.c | 147 ++-------------------- arch/x86/xen/xen-head.S | 10 +- include/asm-generic/sections.h | 2 +- include/asm-generic/vmlinux.lds.h | 38 +----- include/linux/percpu-defs.h | 12 -- init/Kconfig | 5 - kernel/kallsyms.c | 12 +- mm/percpu.c | 4 +- scripts/gcc-x86_32-has-stack-protector.sh | 8 -- scripts/gcc-x86_64-has-stack-protector.sh | 4 - scripts/kallsyms.c | 72 ++--------- scripts/link-vmlinux.sh | 4 - scripts/min-tool-version.sh | 2 + 33 files changed, 100 insertions(+), 475 deletions(-) delete mode 100755 scripts/gcc-x86_32-has-stack-protector.sh delete mode 100755 scripts/gcc-x86_64-has-stack-protector.sh base-commit: b79d90e018587507fd42c4c888956668692ff431 -- 2.47.1