Re: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable

Re: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable

[kernel test robot]

Hi Brian,

kernel test robot noticed the following build errors:

[auto build test ERROR on tip/master]
[also build test ERROR on next-20231027]
[cannot apply to tip/x86/core dennis-percpu/for-next linus/master tip/auto-latest v6.6-rc7]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Brian-Gerst/x86-stackprotector-32-Remove-stack-protector-test-script/20231027-000533
base:   tip/master
patch link:    https://lore.kernel.org/r/20231026160100.195099-6-brgerst%40gmail.com
patch subject: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable
config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/config)
compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202310290927.2MuJJdu9-lkp@intel.com/

All errors (new ones prefixed by >>):

>> Unsupported relocation type: unknown type rel type name (42)

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable

[Brian Gerst]

On Sat, Oct 28, 2023 at 9:26 PM kernel test robot <lkp@intel.com> wrote:
>
> Hi Brian,
>
> kernel test robot noticed the following build errors:
>
> [auto build test ERROR on tip/master]
> [also build test ERROR on next-20231027]
> [cannot apply to tip/x86/core dennis-percpu/for-next linus/master tip/auto-latest v6.6-rc7]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url:    https://github.com/intel-lab-lkp/linux/commits/Brian-Gerst/x86-stackprotector-32-Remove-stack-protector-test-script/20231027-000533
> base:   tip/master
> patch link:    https://lore.kernel.org/r/20231026160100.195099-6-brgerst%40gmail.com
> patch subject: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable
> config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/config)
> compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202310290927.2MuJJdu9-lkp@intel.com/
>
> All errors (new ones prefixed by >>):
>
> >> Unsupported relocation type: unknown type rel type name (42)

Clang is generating a new relocation type (R_X86_64_REX_GOTPCRELX)
that the relocs tool doesn't know about.  This is supposed to allow
        movq    __stack_chk_guard@GOTPCREL(%rip), %rax
        movq    %gs:(%rax), %rax
to be relaxed to
        leaq    __stack_chk_guard(%rip), %rax
        movq    %gs:(%rax), %rax

But why is clang doing this instead of what GCC does?
        movq    %gs:__stack_chk_guard(%rip), %rax

Brian Gerst

Re: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable

[Brian Gerst]

On Sun, Oct 29, 2023 at 2:56 AM Brian Gerst <brgerst@gmail.com> wrote:
>
> On Sat, Oct 28, 2023 at 9:26 PM kernel test robot <lkp@intel.com> wrote:
> >
> > Hi Brian,
> >
> > kernel test robot noticed the following build errors:
> >
> > [auto build test ERROR on tip/master]
> > [also build test ERROR on next-20231027]
> > [cannot apply to tip/x86/core dennis-percpu/for-next linus/master tip/auto-latest v6.6-rc7]
> > [If your patch is applied to the wrong git tree, kindly drop us a note.
> > And when submitting patch, we suggest to use '--base' as documented in
> > https://git-scm.com/docs/git-format-patch#_base_tree_information]
> >
> > url:    https://github.com/intel-lab-lkp/linux/commits/Brian-Gerst/x86-stackprotector-32-Remove-stack-protector-test-script/20231027-000533
> > base:   tip/master
> > patch link:    https://lore.kernel.org/r/20231026160100.195099-6-brgerst%40gmail.com
> > patch subject: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable
> > config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/config)
> > compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/reproduce)
> >
> > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > the same patch/commit), kindly add following tags
> > | Reported-by: kernel test robot <lkp@intel.com>
> > | Closes: https://lore.kernel.org/oe-kbuild-all/202310290927.2MuJJdu9-lkp@intel.com/
> >
> > All errors (new ones prefixed by >>):
> >
> > >> Unsupported relocation type: unknown type rel type name (42)
>
> Clang is generating a new relocation type (R_X86_64_REX_GOTPCRELX)
> that the relocs tool doesn't know about.  This is supposed to allow
>         movq    __stack_chk_guard@GOTPCREL(%rip), %rax
>         movq    %gs:(%rax), %rax
> to be relaxed to
>         leaq    __stack_chk_guard(%rip), %rax
>         movq    %gs:(%rax), %rax
>
> But why is clang doing this instead of what GCC does?
>         movq    %gs:__stack_chk_guard(%rip), %rax

Digging a bit deeper, there also appears to be differences in how the
linkers behave with this new relocation:

make CC=clang LD=ld:
ffffffff81002838:       48 c7 c0 c0 5c 42 83    mov    $0xffffffff83425cc0,%rax
                        ffffffff8100283b: R_X86_64_32S  __stack_chk_guard
ffffffff8100283f:       65 48 8b 00             mov    %gs:(%rax),%rax

make CC=clang LD=ld.lld:
ffffffff81002838:       48 8d 05 81 34 42 02    lea
0x2423481(%rip),%rax        # ffffffff83425cc0 <__stack_chk_guard>
                        ffffffff8100283b: R_X86_64_REX_GOTPCRELX
 __stack_chk_guard-0x4
ffffffff8100283f:       65 48 8b 00             mov    %gs:(%rax),%rax

The LLVM linker keeps the R_X86_64_REX_GOTPCRELX even after performing
the relaxation.  It should be R_X86_64_32S based on it changing to an
LEA instruction.  The GNU linker changes it to R_X86_64_32S and a MOV
immediate.

So I think there are two issues here.  1) clang is producing code
referencing the GOT for stack protector accesses, despite -fno-PIE on
the command line and no other GOT references, and 2) ld.lld is using
the wrong relocation type after the relaxation step is performed.

I think the quick fix here is to teach the relocs tool about this new
relocation.  It should be able to be safely ignored since it's
PC-relative.  The code clang produces is functionally correct,
although not optimal.

Brian Gerst

Re: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable

[Nick Desaulniers]

On Sun, Oct 29, 2023 at 10:01 AM Brian Gerst <brgerst@gmail.com> wrote:
>
> On Sun, Oct 29, 2023 at 2:56 AM Brian Gerst <brgerst@gmail.com> wrote:
> >
> > On Sat, Oct 28, 2023 at 9:26 PM kernel test robot <lkp@intel.com> wrote:
> > >
> > > Hi Brian,
> > >
> > > kernel test robot noticed the following build errors:
> > >
> > > [auto build test ERROR on tip/master]
> > > [also build test ERROR on next-20231027]
> > > [cannot apply to tip/x86/core dennis-percpu/for-next linus/master tip/auto-latest v6.6-rc7]
> > > [If your patch is applied to the wrong git tree, kindly drop us a note.
> > > And when submitting patch, we suggest to use '--base' as documented in
> > > https://git-scm.com/docs/git-format-patch#_base_tree_information]
> > >
> > > url:    https://github.com/intel-lab-lkp/linux/commits/Brian-Gerst/x86-stackprotector-32-Remove-stack-protector-test-script/20231027-000533
> > > base:   tip/master
> > > patch link:    https://lore.kernel.org/r/20231026160100.195099-6-brgerst%40gmail.com
> > > patch subject: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable
> > > config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/config)
> > > compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> > > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/reproduce)
> > >
> > > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > > the same patch/commit), kindly add following tags
> > > | Reported-by: kernel test robot <lkp@intel.com>
> > > | Closes: https://lore.kernel.org/oe-kbuild-all/202310290927.2MuJJdu9-lkp@intel.com/
> > >
> > > All errors (new ones prefixed by >>):
> > >
> > > >> Unsupported relocation type: unknown type rel type name (42)
> >
> > Clang is generating a new relocation type (R_X86_64_REX_GOTPCRELX)
> > that the relocs tool doesn't know about.  This is supposed to allow
> >         movq    __stack_chk_guard@GOTPCREL(%rip), %rax
> >         movq    %gs:(%rax), %rax
> > to be relaxed to
> >         leaq    __stack_chk_guard(%rip), %rax
> >         movq    %gs:(%rax), %rax
> >
> > But why is clang doing this instead of what GCC does?
> >         movq    %gs:__stack_chk_guard(%rip), %rax
>
> Digging a bit deeper, there also appears to be differences in how the
> linkers behave with this new relocation:
>
> make CC=clang LD=ld:
> ffffffff81002838:       48 c7 c0 c0 5c 42 83    mov    $0xffffffff83425cc0,%rax
>                         ffffffff8100283b: R_X86_64_32S  __stack_chk_guard
> ffffffff8100283f:       65 48 8b 00             mov    %gs:(%rax),%rax
>
> make CC=clang LD=ld.lld:
> ffffffff81002838:       48 8d 05 81 34 42 02    lea
> 0x2423481(%rip),%rax        # ffffffff83425cc0 <__stack_chk_guard>
>                         ffffffff8100283b: R_X86_64_REX_GOTPCRELX
>  __stack_chk_guard-0x4
> ffffffff8100283f:       65 48 8b 00             mov    %gs:(%rax),%rax
>
> The LLVM linker keeps the R_X86_64_REX_GOTPCRELX even after performing
> the relaxation.  It should be R_X86_64_32S based on it changing to an
> LEA instruction.  The GNU linker changes it to R_X86_64_32S and a MOV
> immediate.
>
> So I think there are two issues here.  1) clang is producing code
> referencing the GOT for stack protector accesses, despite -fno-PIE on
> the command line and no other GOT references, and 2) ld.lld is using
> the wrong relocation type after the relaxation step is performed.
>
> I think the quick fix here is to teach the relocs tool about this new
> relocation.  It should be able to be safely ignored since it's
> PC-relative.  The code clang produces is functionally correct,
> although not optimal.

Thanks for the report.  + Fangrui for thoughts on relocations against
__stack_chk_guard; clang has similar issues for 32b x86 as well.

>
> Brian Gerst
>


-- 
Thanks,
~Nick Desaulniers

Re: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable

[Brian Gerst]

On Mon, Oct 30, 2023 at 11:24 AM Nick Desaulniers
<ndesaulniers@google.com> wrote:
>
> On Sun, Oct 29, 2023 at 10:01 AM Brian Gerst <brgerst@gmail.com> wrote:
> >
> > On Sun, Oct 29, 2023 at 2:56 AM Brian Gerst <brgerst@gmail.com> wrote:
> > >
> > > On Sat, Oct 28, 2023 at 9:26 PM kernel test robot <lkp@intel.com> wrote:
> > > >
> > > > Hi Brian,
> > > >
> > > > kernel test robot noticed the following build errors:
> > > >
> > > > [auto build test ERROR on tip/master]
> > > > [also build test ERROR on next-20231027]
> > > > [cannot apply to tip/x86/core dennis-percpu/for-next linus/master tip/auto-latest v6.6-rc7]
> > > > [If your patch is applied to the wrong git tree, kindly drop us a note.
> > > > And when submitting patch, we suggest to use '--base' as documented in
> > > > https://git-scm.com/docs/git-format-patch#_base_tree_information]
> > > >
> > > > url:    https://github.com/intel-lab-lkp/linux/commits/Brian-Gerst/x86-stackprotector-32-Remove-stack-protector-test-script/20231027-000533
> > > > base:   tip/master
> > > > patch link:    https://lore.kernel.org/r/20231026160100.195099-6-brgerst%40gmail.com
> > > > patch subject: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable
> > > > config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/config)
> > > > compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> > > > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/reproduce)
> > > >
> > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > > > the same patch/commit), kindly add following tags
> > > > | Reported-by: kernel test robot <lkp@intel.com>
> > > > | Closes: https://lore.kernel.org/oe-kbuild-all/202310290927.2MuJJdu9-lkp@intel.com/
> > > >
> > > > All errors (new ones prefixed by >>):
> > > >
> > > > >> Unsupported relocation type: unknown type rel type name (42)
> > >
> > > Clang is generating a new relocation type (R_X86_64_REX_GOTPCRELX)
> > > that the relocs tool doesn't know about.  This is supposed to allow
> > >         movq    __stack_chk_guard@GOTPCREL(%rip), %rax
> > >         movq    %gs:(%rax), %rax
> > > to be relaxed to
> > >         leaq    __stack_chk_guard(%rip), %rax
> > >         movq    %gs:(%rax), %rax
> > >
> > > But why is clang doing this instead of what GCC does?
> > >         movq    %gs:__stack_chk_guard(%rip), %rax
> >
> > Digging a bit deeper, there also appears to be differences in how the
> > linkers behave with this new relocation:
> >
> > make CC=clang LD=ld:
> > ffffffff81002838:       48 c7 c0 c0 5c 42 83    mov    $0xffffffff83425cc0,%rax
> >                         ffffffff8100283b: R_X86_64_32S  __stack_chk_guard
> > ffffffff8100283f:       65 48 8b 00             mov    %gs:(%rax),%rax
> >
> > make CC=clang LD=ld.lld:
> > ffffffff81002838:       48 8d 05 81 34 42 02    lea
> > 0x2423481(%rip),%rax        # ffffffff83425cc0 <__stack_chk_guard>
> >                         ffffffff8100283b: R_X86_64_REX_GOTPCRELX
> >  __stack_chk_guard-0x4
> > ffffffff8100283f:       65 48 8b 00             mov    %gs:(%rax),%rax
> >
> > The LLVM linker keeps the R_X86_64_REX_GOTPCRELX even after performing
> > the relaxation.  It should be R_X86_64_32S based on it changing to an
> > LEA instruction.  The GNU linker changes it to R_X86_64_32S and a MOV
> > immediate.

Correction:  It should be R_X86_64_PC32 for the LEA instruction.

Brian Gerst

Re: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable

[Fangrui Song]

On Mon, Oct 30, 2023 at 10:19 AM Brian Gerst <brgerst@gmail.com> wrote:
>
> On Mon, Oct 30, 2023 at 11:24 AM Nick Desaulniers
> <ndesaulniers@google.com> wrote:
> >
> > On Sun, Oct 29, 2023 at 10:01 AM Brian Gerst <brgerst@gmail.com> wrote:
> > >
> > > On Sun, Oct 29, 2023 at 2:56 AM Brian Gerst <brgerst@gmail.com> wrote:
> > > >
> > > > On Sat, Oct 28, 2023 at 9:26 PM kernel test robot <lkp@intel.com> wrote:
> > > > >
> > > > > Hi Brian,
> > > > >
> > > > > kernel test robot noticed the following build errors:
> > > > >
> > > > > [auto build test ERROR on tip/master]
> > > > > [also build test ERROR on next-20231027]
> > > > > [cannot apply to tip/x86/core dennis-percpu/for-next linus/master tip/auto-latest v6.6-rc7]
> > > > > [If your patch is applied to the wrong git tree, kindly drop us a note.
> > > > > And when submitting patch, we suggest to use '--base' as documented in
> > > > > https://git-scm.com/docs/git-format-patch#_base_tree_information]
> > > > >
> > > > > url:    https://github.com/intel-lab-lkp/linux/commits/Brian-Gerst/x86-stackprotector-32-Remove-stack-protector-test-script/20231027-000533
> > > > > base:   tip/master
> > > > > patch link:    https://lore.kernel.org/r/20231026160100.195099-6-brgerst%40gmail.com
> > > > > patch subject: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable
> > > > > config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/config)
> > > > > compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> > > > > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@intel.com/reproduce)
> > > > >
> > > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > > > > the same patch/commit), kindly add following tags
> > > > > | Reported-by: kernel test robot <lkp@intel.com>
> > > > > | Closes: https://lore.kernel.org/oe-kbuild-all/202310290927.2MuJJdu9-lkp@intel.com/
> > > > >
> > > > > All errors (new ones prefixed by >>):
> > > > >
> > > > > >> Unsupported relocation type: unknown type rel type name (42)
> > > >
> > > > Clang is generating a new relocation type (R_X86_64_REX_GOTPCRELX)
> > > > that the relocs tool doesn't know about.  This is supposed to allow
> > > >         movq    __stack_chk_guard@GOTPCREL(%rip), %rax
> > > >         movq    %gs:(%rax), %rax
> > > > to be relaxed to
> > > >         leaq    __stack_chk_guard(%rip), %rax
> > > >         movq    %gs:(%rax), %rax
> > > >
> > > > But why is clang doing this instead of what GCC does?
> > > >         movq    %gs:__stack_chk_guard(%rip), %rax

https://github.com/llvm/llvm-project/issues/60116 has some discussions
on this topic.

clang-16 -fno-pic -fstack-protector -mstack-protector-guard-reg=gs
-mstack-protector-guard-symbol=__stack_chk_guard
uses a GOT-generating relocation for __stack_chk_guard. This avoids a
copy relocation for userspace but the kernel seems to really want an
absolute relocation,
so https://reviews.llvm.org/D150841 (milestone: clang 17) has implemented it.

> If an `R_X86_64_32` relocation is used and `__stack_chk_guard` is defined by a shared object, copy relocation. We will need an ELF hack called [copy relocation](https://maskray.me/blog/2021-01-09-copy-relocations-canonical-plt-entries-and-protected).

> > > Digging a bit deeper, there also appears to be differences in how the
> > > linkers behave with this new relocation:
> > >
> > > make CC=clang LD=ld:
> > > ffffffff81002838:       48 c7 c0 c0 5c 42 83    mov    $0xffffffff83425cc0,%rax
> > >                         ffffffff8100283b: R_X86_64_32S  __stack_chk_guard
> > > ffffffff8100283f:       65 48 8b 00             mov    %gs:(%rax),%rax
> > >
> > > make CC=clang LD=ld.lld:
> > > ffffffff81002838:       48 8d 05 81 34 42 02    lea
> > > 0x2423481(%rip),%rax        # ffffffff83425cc0 <__stack_chk_guard>
> > >                         ffffffff8100283b: R_X86_64_REX_GOTPCRELX
> > >  __stack_chk_guard-0x4
> > > ffffffff8100283f:       65 48 8b 00             mov    %gs:(%rax),%rax
> > >
> > > The LLVM linker keeps the R_X86_64_REX_GOTPCRELX even after performing
> > > the relaxation.  It should be R_X86_64_32S based on it changing to an
> > > LEA instruction.  The GNU linker changes it to R_X86_64_32S and a MOV
> > > immediate.
>
> Correction:  It should be R_X86_64_PC32 for the LEA instruction.
>
> Brian Gerst

Whether --emit-relocs converts the original relocation type is debatable.
I have some comments on a similar topic on RISC-V:
https://sourceware.org/bugzilla/show_bug.cgi?id=30844#c6

> So it seems that ppc performed conversion can all be described by existing relocation types, which is nice.
>
> However, I do not know whether the property will hold for all current and future RISC-V relaxation schemes.
>
> When investigating relocation overflow pressure for x86-64 small code model, I have found that preserving the original relocation type gives me more information: I can tell how
many R_X86_64_PC32/R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX are
problematic. If they are converted to R_X86_64_PC32/R_X86_64_32, I'd
lose some information.
>
> Perhaps whether the --emit-relocs uses the original relocation type or the transformed relocation type , does not matter for the majority of use cases. E.g. Linux kernel's objtool, seems to perform a sanity check on relocations. It just needs to know the categories of relocations, e.g. absolute/PC-relative, not the exact type.



-- 
宋方睿