From: Peter Zijlstra <peterz@infradead.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Randy Dunlap <rdunlap@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
broonie@kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-next@vger.kernel.org, mhocko@suse.cz,
mm-commits@vger.kernel.org, sfr@canb.auug.org.au,
Josh Poimboeuf <jpoimboe@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
viro@ZenIV.linux.org.uk, x86@kernel.org,
Steven Rostedt <rostedt@goodmis.org>
Subject: Re: mmotm 2020-05-13-20-30 uploaded (objtool warnings)
Date: Fri, 29 May 2020 17:33:36 +0200 [thread overview]
Message-ID: <20200529153336.GC706518@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20200529145325.GB706518@hirez.programming.kicks-ass.net>
On Fri, May 29, 2020 at 04:53:25PM +0200, Peter Zijlstra wrote:
> On Fri, May 29, 2020 at 04:35:56PM +0200, Peter Zijlstra wrote:
> *groan*, this is one of those CONFIG_PROFILE_ALL_BRANCHES builds. If I
> disable that it goes away.
>
> Still trying to untangle the mess it generated, but on first go it
> looks like objtool is right, but I'm not sure what went wrong.
$ tools/objtool/objtool check -fab arch/x86/lib/csum-wrappers_64.o
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0x29f: call to memset() with UACCESS enabled
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0x283: (branch)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0x113: (branch)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: .altinstr_replacement+0xffffffffffffffff: (branch)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0xea: (alt)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: .altinstr_replacement+0xffffffffffffffff: (branch)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0xe7: (alt)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0xd2: (branch)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0x7e: (branch)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0x43: (branch)
arch/x86/lib/csum-wrappers_64.o: warning: objtool: csum_and_copy_from_user()+0x0: <=== (sym)
The problem is with the +0x113 branch, which is at 0x1d1.
That looks to be:
if (!likely(user_access_begin(src, len)))
goto out_err;
Except that the brach profiling stuff confused GCC enough to leak STAC
into the error path or something.
Reproduces for me with gcc-9 and gcc-10.
$ objdump -drS arch/x86/lib/csum-wrappers_64.o
00000000000000be <csum_and_copy_from_user>:
{
be: e8 00 00 00 00 callq c3 <csum_and_copy_from_user+0x5>
bf: R_X86_64_PLT32 __fentry__-0x4
c3: 41 57 push %r15
c5: 41 56 push %r14
c7: 41 89 d6 mov %edx,%r14d
ca: 41 55 push %r13
cc: 49 89 f5 mov %rsi,%r13
cf: 41 54 push %r12
d1: 41 89 cc mov %ecx,%r12d
d4: 55 push %rbp
d5: 48 89 fd mov %rdi,%rbp
d8: 53 push %rbx
d9: 4c 89 c3 mov %r8,%rbx
dc: 41 51 push %r9
might_sleep();
de: e8 00 00 00 00 callq e3 <csum_and_copy_from_user+0x25>
df: R_X86_64_PLT32 _cond_resched-0x4
*errp = 0;
e3: 48 89 da mov %rbx,%rdx
e6: b8 ff ff 37 00 mov $0x37ffff,%eax
eb: 48 c1 e0 2a shl $0x2a,%rax
ef: 48 c1 ea 03 shr $0x3,%rdx
f3: 8a 14 02 mov (%rdx,%rax,1),%dl
f6: 48 89 d8 mov %rbx,%rax
f9: 83 e0 07 and $0x7,%eax
fc: 83 c0 03 add $0x3,%eax
ff: 38 d0 cmp %dl,%al
101: 7c 0c jl 10f <csum_and_copy_from_user+0x51>
103: 84 d2 test %dl,%dl
105: 74 08 je 10f <csum_and_copy_from_user+0x51>
107: 48 89 df mov %rbx,%rdi
10a: e8 00 00 00 00 callq 10f <csum_and_copy_from_user+0x51>
10b: R_X86_64_PLT32 __asan_report_store4_noabort-0x4
DECLARE_PER_CPU(struct task_struct *, current_task);
static __always_inline struct task_struct *get_current(void)
{
return this_cpu_read_stable(current_task);
10f: 65 4c 8b 3c 25 00 00 mov %gs:0x0,%r15
116: 00 00
114: R_X86_64_32S current_task
* checking before using them, but you have to surround them with the
* user_access_begin/end() pair.
*/
static __must_check __always_inline bool user_access_begin(const void __user *ptr, size_t len)
{
if (unlikely(!access_ok(ptr,len)))
118: 49 8d bf 10 0a 00 00 lea 0xa10(%r15),%rdi
11f: b8 ff ff 37 00 mov $0x37ffff,%eax
124: c7 03 00 00 00 00 movl $0x0,(%rbx)
if (!likely(user_access_begin(src, len)))
12a: 49 63 f6 movslq %r14d,%rsi
12d: 48 89 fa mov %rdi,%rdx
130: 48 c1 e0 2a shl $0x2a,%rax
134: 48 c1 ea 03 shr $0x3,%rdx
138: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
13c: 74 0d je 14b <csum_and_copy_from_user+0x8d>
13e: 48 89 34 24 mov %rsi,(%rsp)
142: e8 00 00 00 00 callq 147 <csum_and_copy_from_user+0x89>
143: R_X86_64_PLT32 __asan_report_load8_noabort-0x4
147: 48 8b 34 24 mov (%rsp),%rsi
14b: 49 8b 97 10 0a 00 00 mov 0xa10(%r15),%rdx
152: 48 89 ef mov %rbp,%rdi
155: e8 a6 fe ff ff callq 0 <__chk_range_not_ok>
15a: 31 c9 xor %ecx,%ecx
15c: ba 01 00 00 00 mov $0x1,%edx
161: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
164: R_X86_64_32S _ftrace_annotated_branch+0x120
168: 89 c6 mov %eax,%esi
16a: 41 89 c7 mov %eax,%r15d
16d: 83 f6 01 xor $0x1,%esi
170: 40 0f b6 f6 movzbl %sil,%esi
174: e8 00 00 00 00 callq 179 <csum_and_copy_from_user+0xbb>
175: R_X86_64_PLT32 ftrace_likely_update-0x4
179: 31 c9 xor %ecx,%ecx
17b: 31 d2 xor %edx,%edx
17d: 41 0f b6 f7 movzbl %r15b,%esi
181: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
184: R_X86_64_32S _ftrace_annotated_branch+0x150
188: e8 00 00 00 00 callq 18d <csum_and_copy_from_user+0xcf>
189: R_X86_64_PLT32 ftrace_likely_update-0x4
18d: 45 84 ff test %r15b,%r15b
190: 74 0c je 19e <csum_and_copy_from_user+0xe0>
192: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 199 <csum_and_copy_from_user+0xdb>
195: R_X86_64_PC32 _ftrace_branch+0x10c
return 0;
199: 45 31 ff xor %r15d,%r15d
19c: eb 10 jmp 1ae <csum_and_copy_from_user+0xf0>
if (unlikely(!access_ok(ptr,len)))
19e: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 1a5 <csum_and_copy_from_user+0xe7>
1a1: R_X86_64_PC32 _ftrace_branch+0x104
}
static __always_inline void stac(void)
{
/* Note: a barrier is implicit in alternative() */
alternative("", __ASM_STAC, X86_FEATURE_SMAP);
1a5: 90 nop
1a6: 90 nop
1a7: 90 nop
__uaccess_begin_nospec();
1a8: 90 nop
1a9: 90 nop
1aa: 90 nop
return 1;
1ab: 41 b7 01 mov $0x1,%r15b
1ae: 31 c9 xor %ecx,%ecx
1b0: 41 0f b6 f7 movzbl %r15b,%esi
1b4: ba 01 00 00 00 mov $0x1,%edx
1b9: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
1bc: R_X86_64_32S _ftrace_annotated_branch+0xf0
1c0: e8 00 00 00 00 callq 1c5 <csum_and_copy_from_user+0x107>
1c1: R_X86_64_PLT32 ftrace_likely_update-0x4
1c5: 45 84 ff test %r15b,%r15b
1c8: 75 0c jne 1d6 <csum_and_copy_from_user+0x118>
1ca: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 1d1 <csum_and_copy_from_user+0x113>
1cd: R_X86_64_PC32 _ftrace_branch+0xe4
goto out_err;
1d1: e9 4d 01 00 00 jmpq 323 <csum_and_copy_from_user+0x265>
if (unlikely((unsigned long)src & 6)) {
1d6: 49 89 ef mov %rbp,%r15
1d9: 31 f6 xor %esi,%esi
if (!likely(user_access_begin(src, len)))
1db: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 1e2 <csum_and_copy_from_user+0x124>
1de: R_X86_64_PC32 _ftrace_branch+0xdc
if (unlikely((unsigned long)src & 6)) {
1e2: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
1e5: R_X86_64_32S _ftrace_annotated_branch+0xc0
1e9: 41 83 e7 06 and $0x6,%r15d
1ed: 40 0f 95 c6 setne %sil
1f1: 31 c9 xor %ecx,%ecx
1f3: 31 d2 xor %edx,%edx
1f5: e8 00 00 00 00 callq 1fa <csum_and_copy_from_user+0x13c>
1f6: R_X86_64_PLT32 ftrace_likely_update-0x4
1fa: 4d 85 ff test %r15,%r15
1fd: 74 09 je 208 <csum_and_copy_from_user+0x14a>
1ff: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 206 <csum_and_copy_from_user+0x148>
202: R_X86_64_PC32 _ftrace_branch+0xbc
206: eb 4e jmp 256 <csum_and_copy_from_user+0x198>
208: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 20f <csum_and_copy_from_user+0x151>
20b: R_X86_64_PC32 _ftrace_branch+0xb4
20f: e9 96 00 00 00 jmpq 2aa <csum_and_copy_from_user+0x1ec>
*(__u16 *)dst = val16;
214: 4c 89 e8 mov %r13,%rax
217: b9 ff ff 37 00 mov $0x37ffff,%ecx
unsafe_get_user(val16, (const __u16 __user *)src, out);
21c: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 223 <csum_and_copy_from_user+0x165>
21f: R_X86_64_PC32 _ftrace_branch+0x8c
*(__u16 *)dst = val16;
223: 48 c1 e8 03 shr $0x3,%rax
227: 48 c1 e1 2a shl $0x2a,%rcx
22b: 8a 14 08 mov (%rax,%rcx,1),%dl
22e: 4c 89 e8 mov %r13,%rax
231: 83 e0 07 and $0x7,%eax
234: ff c0 inc %eax
236: 38 d0 cmp %dl,%al
238: 7d 62 jge 29c <csum_and_copy_from_user+0x1de>
23a: 66 45 89 7d 00 mov %r15w,0x0(%r13)
src += 2;
23f: 48 83 c5 02 add $0x2,%rbp
dst += 2;
243: 49 83 c5 02 add $0x2,%r13
len -= 2;
247: 41 83 ee 02 sub $0x2,%r14d
isum = (__force __wsum)add32_with_carry(
24b: 45 0f b7 ff movzwl %r15w,%r15d
asm("addl %2,%0\n\t"
24f: 45 01 fc add %r15d,%r12d
252: 41 83 d4 00 adc $0x0,%r12d
while (((unsigned long)src & 6) && len >= 2) {
256: 40 f6 c5 06 test $0x6,%bpl
25a: 74 4e je 2aa <csum_and_copy_from_user+0x1ec>
25c: 41 83 fe 01 cmp $0x1,%r14d
260: 7e 48 jle 2aa <csum_and_copy_from_user+0x1ec>
unsafe_get_user(val16, (const __u16 __user *)src, out);
262: 31 c0 xor %eax,%eax
264: 66 44 8b 7d 00 mov 0x0(%rbp),%r15w
269: 85 c0 test %eax,%eax
26b: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
26e: R_X86_64_32S _ftrace_annotated_branch+0x90
272: 89 04 24 mov %eax,(%rsp)
275: 40 0f 95 c6 setne %sil
279: 31 c9 xor %ecx,%ecx
27b: 31 d2 xor %edx,%edx
27d: 40 0f b6 f6 movzbl %sil,%esi
281: e8 00 00 00 00 callq 286 <csum_and_copy_from_user+0x1c8>
282: R_X86_64_PLT32 ftrace_likely_update-0x4
286: 8b 04 24 mov (%rsp),%eax
289: 85 c0 test %eax,%eax
28b: 74 87 je 214 <csum_and_copy_from_user+0x156>
28d: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 294 <csum_and_copy_from_user+0x1d6>
290: R_X86_64_PC32 _ftrace_branch+0x94
alternative("", __ASM_CLAC, X86_FEATURE_SMAP);
294: 90 nop
295: 90 nop
296: 90 nop
}
297: e9 87 00 00 00 jmpq 323 <csum_and_copy_from_user+0x265>
*(__u16 *)dst = val16;
29c: 84 d2 test %dl,%dl
29e: 74 9a je 23a <csum_and_copy_from_user+0x17c>
2a0: 4c 89 ef mov %r13,%rdi
2a3: e8 00 00 00 00 callq 2a8 <csum_and_copy_from_user+0x1ea>
2a4: R_X86_64_PLT32 __asan_report_store2_noabort-0x4
2a8: eb 90 jmp 23a <csum_and_copy_from_user+0x17c>
isum = csum_partial_copy_generic((__force const void *)src,
2aa: 44 89 e1 mov %r12d,%ecx
2ad: 45 31 c9 xor %r9d,%r9d
2b0: 49 89 d8 mov %rbx,%r8
2b3: 44 89 f2 mov %r14d,%edx
2b6: 4c 89 ee mov %r13,%rsi
2b9: 48 89 ef mov %rbp,%rdi
2bc: e8 00 00 00 00 callq 2c1 <csum_and_copy_from_user+0x203>
2bd: R_X86_64_PLT32 csum_partial_copy_generic-0x4
2c1: 41 89 c4 mov %eax,%r12d
alternative("", __ASM_CLAC, X86_FEATURE_SMAP);
2c4: 90 nop
2c5: 90 nop
2c6: 90 nop
if (unlikely(*errp))
2c7: b8 ff ff 37 00 mov $0x37ffff,%eax
2cc: 48 89 da mov %rbx,%rdx
2cf: 48 c1 e0 2a shl $0x2a,%rax
2d3: 48 c1 ea 03 shr $0x3,%rdx
2d7: 8a 14 02 mov (%rdx,%rax,1),%dl
2da: 48 89 d8 mov %rbx,%rax
2dd: 83 e0 07 and $0x7,%eax
2e0: 83 c0 03 add $0x3,%eax
2e3: 38 d0 cmp %dl,%al
2e5: 7c 0c jl 2f3 <csum_and_copy_from_user+0x235>
2e7: 84 d2 test %dl,%dl
2e9: 74 08 je 2f3 <csum_and_copy_from_user+0x235>
2eb: 48 89 df mov %rbx,%rdi
2ee: e8 00 00 00 00 callq 2f3 <csum_and_copy_from_user+0x235>
2ef: R_X86_64_PLT32 __asan_report_load4_noabort-0x4
2f3: 8b 2b mov (%rbx),%ebp
2f5: 31 f6 xor %esi,%esi
2f7: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
2fa: R_X86_64_32S _ftrace_annotated_branch+0x60
2fe: 85 ed test %ebp,%ebp
300: 40 0f 95 c6 setne %sil
304: 31 c9 xor %ecx,%ecx
306: 31 d2 xor %edx,%edx
308: e8 00 00 00 00 callq 30d <csum_and_copy_from_user+0x24f>
309: R_X86_64_PLT32 ftrace_likely_update-0x4
30d: 85 ed test %ebp,%ebp
30f: 74 09 je 31a <csum_and_copy_from_user+0x25c>
311: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 318 <csum_and_copy_from_user+0x25a>
314: R_X86_64_PC32 _ftrace_branch+0x6c
goto out_err;
318: eb 09 jmp 323 <csum_and_copy_from_user+0x265>
if (unlikely(*errp))
31a: 48 ff 05 00 00 00 00 incq 0x0(%rip) # 321 <csum_and_copy_from_user+0x263>
31d: R_X86_64_PC32 _ftrace_branch+0x64
321: eb 3f jmp 362 <csum_and_copy_from_user+0x2a4>
*errp = -EFAULT;
323: 48 89 da mov %rbx,%rdx
326: b8 ff ff 37 00 mov $0x37ffff,%eax
32b: 48 c1 e0 2a shl $0x2a,%rax
32f: 48 c1 ea 03 shr $0x3,%rdx
333: 8a 14 02 mov (%rdx,%rax,1),%dl
336: 48 89 d8 mov %rbx,%rax
339: 83 e0 07 and $0x7,%eax
33c: 83 c0 03 add $0x3,%eax
33f: 38 d0 cmp %dl,%al
341: 7c 0c jl 34f <csum_and_copy_from_user+0x291>
343: 84 d2 test %dl,%dl
345: 74 08 je 34f <csum_and_copy_from_user+0x291>
347: 48 89 df mov %rbx,%rdi
34a: e8 00 00 00 00 callq 34f <csum_and_copy_from_user+0x291>
34b: R_X86_64_PLT32 __asan_report_store4_noabort-0x4
34f: c7 03 f2 ff ff ff movl $0xfffffff2,(%rbx)
memset(dst, 0, len);
355: 49 63 d6 movslq %r14d,%rdx
358: 31 f6 xor %esi,%esi
35a: 4c 89 ef mov %r13,%rdi
35d: e8 00 00 00 00 callq 362 <csum_and_copy_from_user+0x2a4>
35e: R_X86_64_PLT32 memset-0x4
}
362: 5a pop %rdx
363: 44 89 e0 mov %r12d,%eax
366: 5b pop %rbx
367: 5d pop %rbp
368: 41 5c pop %r12
36a: 41 5d pop %r13
36c: 41 5e pop %r14
36e: 41 5f pop %r15
370: c3 retq
next prev parent reply other threads:[~2020-05-29 15:36 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200513175005.1f4839360c18c0238df292d1@linux-foundation.org>
2020-05-14 3:31 ` mmotm 2020-05-13-20-30 uploaded Andrew Morton
2020-05-14 15:30 ` mmotm 2020-05-13-20-30 uploaded (gpu/drm/bridge/sil-sii8620) Randy Dunlap
2020-05-14 15:32 ` mmotm 2020-05-13-20-30 uploaded (objtool warnings) Randy Dunlap
2020-05-14 15:33 ` Randy Dunlap
2020-05-28 15:54 ` Josh Poimboeuf
2020-05-28 17:04 ` Josh Poimboeuf
2020-05-28 17:20 ` Peter Zijlstra
2020-05-29 13:57 ` Christoph Hellwig
2020-05-29 14:35 ` Peter Zijlstra
2020-05-29 14:53 ` Peter Zijlstra
2020-05-29 15:33 ` Peter Zijlstra [this message]
2020-05-29 16:05 ` Josh Poimboeuf
2020-05-29 16:12 ` Peter Zijlstra
2020-05-29 16:50 ` Josh Poimboeuf
2020-05-29 16:54 ` Peter Zijlstra
2020-05-29 17:25 ` [PATCH] x86/uaccess: Remove redundant likely/unlikely annotations Josh Poimboeuf
2020-05-29 18:29 ` Randy Dunlap
2020-05-29 19:31 ` mmotm 2020-05-13-20-30 uploaded (objtool warnings) Linus Torvalds
2020-05-29 20:08 ` Al Viro
2020-05-29 20:14 ` Al Viro
2020-05-15 23:30 ` mmotm 2020-05-15-16-29 uploaded Andrew Morton
2020-05-16 5:53 ` Stephen Rothwell
2020-05-18 23:15 ` Stephen Rothwell
2020-05-20 4:48 ` mmotm 2020-05-19-21-47 uploaded Andrew Morton
2020-05-22 3:43 ` mmotm 2020-05-21-20-42 uploaded Andrew Morton
2020-05-22 16:26 ` mmotm 2020-05-21-20-42 uploaded (atomisp) Randy Dunlap
2020-05-23 3:36 ` mmotm 2020-05-22-20-35 uploaded Andrew Morton
2020-05-23 15:08 ` mmotm 2020-05-22-20-35 uploaded (phy/intel/phy-intel-combo.c) Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200529153336.GC706518@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=broonie@kernel.org \
--cc=hch@lst.de \
--cc=jpoimboe@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-next@vger.kernel.org \
--cc=mhocko@suse.cz \
--cc=mm-commits@vger.kernel.org \
--cc=rdunlap@infradead.org \
--cc=rostedt@goodmis.org \
--cc=sfr@canb.auug.org.au \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).