On 2017.10.12 at 08:34 -0700, Thomas Garnier wrote: > On Wed, Oct 11, 2017 at 2:34 PM, Tom Lendacky wrote: > > On 10/11/2017 3:30 PM, Thomas Garnier wrote: > >> Changes: > >> - patch v1: > >> - Simplify ftrace implementation. > >> - Use gcc mstack-protector-guard-reg=%gs with PIE when possible. > >> - rfc v3: > >> - Use --emit-relocs instead of -pie to reduce dynamic relocation space on > >> mapped memory. It also simplifies the relocation process. > >> - Move the start the module section next to the kernel. Remove the need for > >> -mcmodel=large on modules. Extends module space from 1 to 2G maximum. > >> - Support for XEN PVH as 32-bit relocations can be ignored with > >> --emit-relocs. > >> - Support for GOT relocations previously done automatically with -pie. > >> - Remove need for dynamic PLT in modules. > >> - Support dymamic GOT for modules. > >> - rfc v2: > >> - Add support for global stack cookie while compiler default to fs without > >> mcmodel=kernel > >> - Change patch 7 to correctly jump out of the identity mapping on kexec load > >> preserve. > >> > >> These patches make the changes necessary to build the kernel as Position > >> Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below > >> the top 2G of the virtual address space. It allows to optionally extend the > >> KASLR randomization range from 1G to 3G. > > > > Hi Thomas, > > > > I've applied your patches so that I can verify that SME works with PIE. > > Unfortunately, I'm running into build warnings and errors when I enable > > PIE. > > > > With CONFIG_STACK_VALIDATION=y I receive lots of messages like this: > > > > drivers/scsi/libfc/fc_exch.o: warning: objtool: fc_destroy_exch_mgr()+0x0: call without frame pointer save/setup > > > > Disabling CONFIG_STACK_VALIDATION suppresses those. > > I ran into that, I plan to fix it in the next iteration. > > > > > But near the end of the build, I receive errors like this: > > > > arch/x86/kernel/setup.o: In function `dump_kernel_offset': > > .../arch/x86/kernel/setup.c:801:(.text+0x32): relocation truncated to fit: R_X86_64_32S against symbol `_text' defined in .text section in .tmp_vmlinux1 > > . > > . about 10 more of the above type messages > > . > > make: *** [vmlinux] Error 1 > > Error building kernel, exiting > > > > Are there any config options that should or should not be enabled when > > building with PIE enabled? Is there a compiler requirement for PIE (I'm > > using gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.5))? > > I never ran into these ones and I tested compilers older and newer. > What was your exact configuration? I get with gcc trunk and CONFIG_RANDOMIZE_BASE_LARGE=y: ... MODPOST vmlinux.o ld: failed to convert GOTPCREL relocation; relink with --no-relax and after adding --no-relax to vmlinux_link() in scripts/link-vmlinux.sh: MODPOST vmlinux.o virt/kvm/vfio.o: In function `kvm_vfio_update_coherency.isra.4': vfio.c:(.text+0x63): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_external_check_extension' virt/kvm/vfio.o: In function `kvm_vfio_destroy': vfio.c:(.text+0xf7): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_set_kvm' vfio.c:(.text+0x10a): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_put_external_user' virt/kvm/vfio.o: In function `kvm_vfio_set_attr': vfio.c:(.text+0x2bc): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_external_group_match_file' vfio.c:(.text+0x307): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_set_kvm' vfio.c:(.text+0x31a): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_put_external_user' vfio.c:(.text+0x3b9): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_get_external_user' vfio.c:(.text+0x462): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_set_kvm' vfio.c:(.text+0x4bd): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_put_external_user' make: *** [Makefile:1000: vmlinux] Error 1 Works fine with CONFIG_RANDOMIZE_BASE_LARGE unset. -- Markus