[linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 1793 bytes --]

CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>

Hi Tianjia,

First bad commit (maybe != root cause):

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   4b358aabb93a2c654cd1dcab1a25a589f6e2b153
commit: a7ee22ee1445c7fdb00ab80116bb9710ca86a860 [3857/7963] crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation
config: x86_64-randconfig-r024-20210816 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 7776b19eed44906e9973bfb240b6279d6feaab41)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a7ee22ee1445c7fdb00ab80116bb9710ca86a860
        git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
        git fetch --no-tags linux-next master
        git checkout a7ee22ee1445c7fdb00ab80116bb9710ca86a860
        # save the attached .config to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

>> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 35071 bytes --]

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Arnd Bergmann]

On Sun, Aug 15, 2021 at 9:41 PM kernel test robot <lkp@intel.com> wrote:
>
> CC: Linux Memory Management List <linux-mm@kvack.org>
> TO: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> CC: Herbert Xu <herbert@gondor.apana.org.au>
>
> Hi Tianjia,
>
> First bad commit (maybe != root cause):
>
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head:   4b358aabb93a2c654cd1dcab1a25a589f6e2b153
> commit: a7ee22ee1445c7fdb00ab80116bb9710ca86a860 [3857/7963] crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation
> config: x86_64-randconfig-r024-20210816 (attached as .config)
> compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 7776b19eed44906e9973bfb240b6279d6feaab41)
> reproduce (this is a W=1 build):
>         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a7ee22ee1445c7fdb00ab80116bb9710ca86a860
>         git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
>         git fetch --no-tags linux-next master
>         git checkout a7ee22ee1445c7fdb00ab80116bb9710ca86a860
>         # save the attached .config to linux build tree
>         mkdir build_dir
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
>
> All warnings (new ones prefixed by >>):
>
> >> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

I see the same thing in my randconfig builds using gcc. This is an
assembler file,
my interpretation is that objtool has found an actual code bug:

.macro FRAME_BEGIN
        push %_ASM_BP
        _ASM_MOV %_ASM_SP, %_ASM_BP
.endm
.macro FRAME_END
        pop %_ASM_BP
.endm

SYM_FUNC_START(sm4_aesni_avx_crypt8)
        /* input:
         *      %rdi: round key array, CTX
         *      %rsi: dst (1..8 blocks)
         *      %rdx: src (1..8 blocks)
         *      %rcx: num blocks (1..8)
         */
        FRAME_BEGIN

        cmpq $5, %rcx;
        jb sm4_aesni_avx_crypt4;
        ....

SYM_FUNC_START(sm4_aesni_avx_crypt4)
        /* input:
         *      %rdi: round key array, CTX
         *      %rsi: dst (1..4 blocks)
         *      %rdx: src (1..4 blocks)
         *      %rcx: num blocks (1..4)
         */
        FRAME_BEGIN
        ...
        FRAME_END
        ret;
SYM_FUNC_END(sm4_aesni_avx_crypt4)


sm4_aesni_avx_crypt8() starts a frame and conditionally branches to
sm4_aesni_avx_crypt4(), which starts another frame and returns from
that without cleaning up the parent frame.

        Arnd

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Arnd Bergmann]

[-- Attachment #1: Type: text/plain, Size: 2968 bytes --]

On Sun, Aug 15, 2021 at 9:41 PM kernel test robot <lkp@intel.com> wrote:
>
> CC: Linux Memory Management List <linux-mm@kvack.org>
> TO: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> CC: Herbert Xu <herbert@gondor.apana.org.au>
>
> Hi Tianjia,
>
> First bad commit (maybe != root cause):
>
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head:   4b358aabb93a2c654cd1dcab1a25a589f6e2b153
> commit: a7ee22ee1445c7fdb00ab80116bb9710ca86a860 [3857/7963] crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation
> config: x86_64-randconfig-r024-20210816 (attached as .config)
> compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 7776b19eed44906e9973bfb240b6279d6feaab41)
> reproduce (this is a W=1 build):
>         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a7ee22ee1445c7fdb00ab80116bb9710ca86a860
>         git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
>         git fetch --no-tags linux-next master
>         git checkout a7ee22ee1445c7fdb00ab80116bb9710ca86a860
>         # save the attached .config to linux build tree
>         mkdir build_dir
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
>
> All warnings (new ones prefixed by >>):
>
> >> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

I see the same thing in my randconfig builds using gcc. This is an
assembler file,
my interpretation is that objtool has found an actual code bug:

.macro FRAME_BEGIN
        push %_ASM_BP
        _ASM_MOV %_ASM_SP, %_ASM_BP
.endm
.macro FRAME_END
        pop %_ASM_BP
.endm

SYM_FUNC_START(sm4_aesni_avx_crypt8)
        /* input:
         *      %rdi: round key array, CTX
         *      %rsi: dst (1..8 blocks)
         *      %rdx: src (1..8 blocks)
         *      %rcx: num blocks (1..8)
         */
        FRAME_BEGIN

        cmpq $5, %rcx;
        jb sm4_aesni_avx_crypt4;
        ....

SYM_FUNC_START(sm4_aesni_avx_crypt4)
        /* input:
         *      %rdi: round key array, CTX
         *      %rsi: dst (1..4 blocks)
         *      %rdx: src (1..4 blocks)
         *      %rcx: num blocks (1..4)
         */
        FRAME_BEGIN
        ...
        FRAME_END
        ret;
SYM_FUNC_END(sm4_aesni_avx_crypt4)


sm4_aesni_avx_crypt8() starts a frame and conditionally branches to
sm4_aesni_avx_crypt4(), which starts another frame and returns from
that without cleaning up the parent frame.

        Arnd

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Josh Poimboeuf]

On Mon, Sep 20, 2021 at 01:02:07PM +0200, Arnd Bergmann wrote:
> On Sun, Aug 15, 2021 at 9:41 PM kernel test robot <lkp@intel.com> wrote:
> >
> > CC: Linux Memory Management List <linux-mm@kvack.org>
> > TO: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> > CC: Herbert Xu <herbert@gondor.apana.org.au>
> >
> > Hi Tianjia,
> >
> > First bad commit (maybe != root cause):
> >
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> > head:   4b358aabb93a2c654cd1dcab1a25a589f6e2b153
> > commit: a7ee22ee1445c7fdb00ab80116bb9710ca86a860 [3857/7963] crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation
> > config: x86_64-randconfig-r024-20210816 (attached as .config)
> > compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 7776b19eed44906e9973bfb240b6279d6feaab41)
> > reproduce (this is a W=1 build):
> >         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> >         chmod +x ~/bin/make.cross
> >         # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a7ee22ee1445c7fdb00ab80116bb9710ca86a860
> >         git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> >         git fetch --no-tags linux-next master
> >         git checkout a7ee22ee1445c7fdb00ab80116bb9710ca86a860
> >         # save the attached .config to linux build tree
> >         mkdir build_dir
> >         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> >
> > All warnings (new ones prefixed by >>):
> >
> > >> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
> 
> I see the same thing in my randconfig builds using gcc. This is an
> assembler file,
> my interpretation is that objtool has found an actual code bug:
> 
> .macro FRAME_BEGIN
>         push %_ASM_BP
>         _ASM_MOV %_ASM_SP, %_ASM_BP
> .endm
> .macro FRAME_END
>         pop %_ASM_BP
> .endm
> 
> SYM_FUNC_START(sm4_aesni_avx_crypt8)
>         /* input:
>          *      %rdi: round key array, CTX
>          *      %rsi: dst (1..8 blocks)
>          *      %rdx: src (1..8 blocks)
>          *      %rcx: num blocks (1..8)
>          */
>         FRAME_BEGIN
> 
>         cmpq $5, %rcx;
>         jb sm4_aesni_avx_crypt4;
>         ....
> 
> SYM_FUNC_START(sm4_aesni_avx_crypt4)
>         /* input:
>          *      %rdi: round key array, CTX
>          *      %rsi: dst (1..4 blocks)
>          *      %rdx: src (1..4 blocks)
>          *      %rcx: num blocks (1..4)
>          */
>         FRAME_BEGIN
>         ...
>         FRAME_END
>         ret;
> SYM_FUNC_END(sm4_aesni_avx_crypt4)
> 
> 
> sm4_aesni_avx_crypt8() starts a frame and conditionally branches to
> sm4_aesni_avx_crypt4(), which starts another frame and returns from
> that without cleaning up the parent frame.

Indeed!  This looks completely broken with CONFIG_FRAME_POINTER.

Needs something like:

---8<---

From: Josh Poimboeuf <jpoimboe@redhat.com>
Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption

sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
which sets up an additional frame pointer.  Things will not go well when
sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
then tries to return to the outermost frame pointer.

Sibling calls need to occur with an empty stack frame.  Do the
conditional sibling call *before* setting up the stack pointer.

This fixes the following warning:

  arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Arnd Bergmann <arnd@kernel.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
 arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
index fa2c3f50aecb..a50df13de222 100644
--- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
+++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
@@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
 	 *	%rdx: src (1..8 blocks)
 	 *	%rcx: num blocks (1..8)
 	 */
-	FRAME_BEGIN
 
 	cmpq $5, %rcx;
 	jb sm4_aesni_avx_crypt4;
+
+	FRAME_BEGIN
+
 	vmovdqu (0 * 16)(%rdx), RA0;
 	vmovdqu (1 * 16)(%rdx), RA1;
 	vmovdqu (2 * 16)(%rdx), RA2;
-- 
2.31.1

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Josh Poimboeuf]

[-- Attachment #1: Type: text/plain, Size: 4945 bytes --]

On Mon, Sep 20, 2021 at 01:02:07PM +0200, Arnd Bergmann wrote:
> On Sun, Aug 15, 2021 at 9:41 PM kernel test robot <lkp@intel.com> wrote:
> >
> > CC: Linux Memory Management List <linux-mm@kvack.org>
> > TO: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> > CC: Herbert Xu <herbert@gondor.apana.org.au>
> >
> > Hi Tianjia,
> >
> > First bad commit (maybe != root cause):
> >
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> > head:   4b358aabb93a2c654cd1dcab1a25a589f6e2b153
> > commit: a7ee22ee1445c7fdb00ab80116bb9710ca86a860 [3857/7963] crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation
> > config: x86_64-randconfig-r024-20210816 (attached as .config)
> > compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 7776b19eed44906e9973bfb240b6279d6feaab41)
> > reproduce (this is a W=1 build):
> >         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> >         chmod +x ~/bin/make.cross
> >         # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a7ee22ee1445c7fdb00ab80116bb9710ca86a860
> >         git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> >         git fetch --no-tags linux-next master
> >         git checkout a7ee22ee1445c7fdb00ab80116bb9710ca86a860
> >         # save the attached .config to linux build tree
> >         mkdir build_dir
> >         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> >
> > All warnings (new ones prefixed by >>):
> >
> > >> arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
> 
> I see the same thing in my randconfig builds using gcc. This is an
> assembler file,
> my interpretation is that objtool has found an actual code bug:
> 
> .macro FRAME_BEGIN
>         push %_ASM_BP
>         _ASM_MOV %_ASM_SP, %_ASM_BP
> .endm
> .macro FRAME_END
>         pop %_ASM_BP
> .endm
> 
> SYM_FUNC_START(sm4_aesni_avx_crypt8)
>         /* input:
>          *      %rdi: round key array, CTX
>          *      %rsi: dst (1..8 blocks)
>          *      %rdx: src (1..8 blocks)
>          *      %rcx: num blocks (1..8)
>          */
>         FRAME_BEGIN
> 
>         cmpq $5, %rcx;
>         jb sm4_aesni_avx_crypt4;
>         ....
> 
> SYM_FUNC_START(sm4_aesni_avx_crypt4)
>         /* input:
>          *      %rdi: round key array, CTX
>          *      %rsi: dst (1..4 blocks)
>          *      %rdx: src (1..4 blocks)
>          *      %rcx: num blocks (1..4)
>          */
>         FRAME_BEGIN
>         ...
>         FRAME_END
>         ret;
> SYM_FUNC_END(sm4_aesni_avx_crypt4)
> 
> 
> sm4_aesni_avx_crypt8() starts a frame and conditionally branches to
> sm4_aesni_avx_crypt4(), which starts another frame and returns from
> that without cleaning up the parent frame.

Indeed!  This looks completely broken with CONFIG_FRAME_POINTER.

Needs something like:

---8<---

From: Josh Poimboeuf <jpoimboe@redhat.com>
Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption

sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
which sets up an additional frame pointer.  Things will not go well when
sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
then tries to return to the outermost frame pointer.

Sibling calls need to occur with an empty stack frame.  Do the
conditional sibling call *before* setting up the stack pointer.

This fixes the following warning:

  arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Arnd Bergmann <arnd@kernel.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
 arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
index fa2c3f50aecb..a50df13de222 100644
--- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
+++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
@@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
 	 *	%rdx: src (1..8 blocks)
 	 *	%rcx: num blocks (1..8)
 	 */
-	FRAME_BEGIN
 
 	cmpq $5, %rcx;
 	jb sm4_aesni_avx_crypt4;
+
+	FRAME_BEGIN
+
 	vmovdqu (0 * 16)(%rdx), RA0;
 	vmovdqu (1 * 16)(%rdx), RA1;
 	vmovdqu (2 * 16)(%rdx), RA2;
-- 
2.31.1

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Herbert Xu]

On Mon, Sep 20, 2021 at 10:56:56AM -0700, Josh Poimboeuf wrote:
>
> Indeed!  This looks completely broken with CONFIG_FRAME_POINTER.
> 
> Needs something like:

Please send a copy to linux-crypto.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Herbert Xu]

[-- Attachment #1: Type: text/plain, Size: 373 bytes --]

On Mon, Sep 20, 2021 at 10:56:56AM -0700, Josh Poimboeuf wrote:
>
> Indeed!  This looks completely broken with CONFIG_FRAME_POINTER.
> 
> Needs something like:

Please send a copy to linux-crypto.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Peter Zijlstra]

On Mon, Sep 20, 2021 at 10:56:56AM -0700, Josh Poimboeuf wrote:
> From: Josh Poimboeuf <jpoimboe@redhat.com>
> Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption
> 
> sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
> RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
> which sets up an additional frame pointer.  Things will not go well when
> sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
> then tries to return to the outermost frame pointer.
> 
> Sibling calls need to occur with an empty stack frame.  Do the
> conditional sibling call *before* setting up the stack pointer.
> 
> This fixes the following warning:
> 
>   arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
> 
> Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Arnd Bergmann <arnd@kernel.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>

> ---
>  arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> index fa2c3f50aecb..a50df13de222 100644
> --- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> +++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> @@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
>  	 *	%rdx: src (1..8 blocks)
>  	 *	%rcx: num blocks (1..8)
>  	 */
> -	FRAME_BEGIN
>  
>  	cmpq $5, %rcx;
>  	jb sm4_aesni_avx_crypt4;
> +
> +	FRAME_BEGIN
> +
>  	vmovdqu (0 * 16)(%rdx), RA0;
>  	vmovdqu (1 * 16)(%rdx), RA1;
>  	vmovdqu (2 * 16)(%rdx), RA2;
> -- 
> 2.31.1
> 

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Peter Zijlstra]

[-- Attachment #1: Type: text/plain, Size: 1886 bytes --]

On Mon, Sep 20, 2021 at 10:56:56AM -0700, Josh Poimboeuf wrote:
> From: Josh Poimboeuf <jpoimboe@redhat.com>
> Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption
> 
> sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
> RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
> which sets up an additional frame pointer.  Things will not go well when
> sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
> then tries to return to the outermost frame pointer.
> 
> Sibling calls need to occur with an empty stack frame.  Do the
> conditional sibling call *before* setting up the stack pointer.
> 
> This fixes the following warning:
> 
>   arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
> 
> Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Arnd Bergmann <arnd@kernel.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>

> ---
>  arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> index fa2c3f50aecb..a50df13de222 100644
> --- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> +++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> @@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
>  	 *	%rdx: src (1..8 blocks)
>  	 *	%rcx: num blocks (1..8)
>  	 */
> -	FRAME_BEGIN
>  
>  	cmpq $5, %rcx;
>  	jb sm4_aesni_avx_crypt4;
> +
> +	FRAME_BEGIN
> +
>  	vmovdqu (0 * 16)(%rdx), RA0;
>  	vmovdqu (1 * 16)(%rdx), RA1;
>  	vmovdqu (2 * 16)(%rdx), RA2;
> -- 
> 2.31.1
> 

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Tianjia Zhang]

On 9/21/21 1:56 AM, Josh Poimboeuf wrote:
> From: Josh Poimboeuf <jpoimboe@redhat.com>
> Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption
> 
> sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
> RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
> which sets up an additional frame pointer.  Things will not go well when
> sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
> then tries to return to the outermost frame pointer.
> 
> Sibling calls need to occur with an empty stack frame.  Do the
> conditional sibling call *before* setting up the stack pointer.
> 
> This fixes the following warning:
> 
>    arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
> 
> Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Arnd Bergmann <arnd@kernel.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>

Thanks for your fix.

Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Thanks.

> ---
>   arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> index fa2c3f50aecb..a50df13de222 100644
> --- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> +++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> @@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
>   	 *	%rdx: src (1..8 blocks)
>   	 *	%rcx: num blocks (1..8)
>   	 */
> -	FRAME_BEGIN
>   
>   	cmpq $5, %rcx;
>   	jb sm4_aesni_avx_crypt4;
> +
> +	FRAME_BEGIN
> +
>   	vmovdqu (0 * 16)(%rdx), RA0;
>   	vmovdqu (1 * 16)(%rdx), RA1;
>   	vmovdqu (2 * 16)(%rdx), RA2;
> 

Re: [linux-next:master 3857/7963] arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame

[Tianjia Zhang]

[-- Attachment #1: Type: text/plain, Size: 1903 bytes --]



On 9/21/21 1:56 AM, Josh Poimboeuf wrote:
> From: Josh Poimboeuf <jpoimboe@redhat.com>
> Subject: [PATCH] x86/crypto/sm4: Fix frame pointer stack corruption
> 
> sm4_aesni_avx_crypt8() sets up the frame pointer (which includes pushing
> RBP) before doing a conditional sibling call to sm4_aesni_avx_crypt4(),
> which sets up an additional frame pointer.  Things will not go well when
> sm4_aesni_avx_crypt4() pops only the innermost single frame pointer and
> then tries to return to the outermost frame pointer.
> 
> Sibling calls need to occur with an empty stack frame.  Do the
> conditional sibling call *before* setting up the stack pointer.
> 
> This fixes the following warning:
> 
>    arch/x86/crypto/sm4-aesni-avx-asm_64.o: warning: objtool: sm4_aesni_avx_crypt8()+0x8: sibling call from callable instruction with modified stack frame
> 
> Fixes: a7ee22ee1445 ("crypto: x86/sm4 - add AES-NI/AVX/x86_64 implementation")
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Arnd Bergmann <arnd@kernel.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>

Thanks for your fix.

Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Thanks.

> ---
>   arch/x86/crypto/sm4-aesni-avx-asm_64.S | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/crypto/sm4-aesni-avx-asm_64.S b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> index fa2c3f50aecb..a50df13de222 100644
> --- a/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> +++ b/arch/x86/crypto/sm4-aesni-avx-asm_64.S
> @@ -367,10 +367,12 @@ SYM_FUNC_START(sm4_aesni_avx_crypt8)
>   	 *	%rdx: src (1..8 blocks)
>   	 *	%rcx: num blocks (1..8)
>   	 */
> -	FRAME_BEGIN
>   
>   	cmpq $5, %rcx;
>   	jb sm4_aesni_avx_crypt4;
> +
> +	FRAME_BEGIN
> +
>   	vmovdqu (0 * 16)(%rdx), RA0;
>   	vmovdqu (1 * 16)(%rdx), RA1;
>   	vmovdqu (2 * 16)(%rdx), RA2;
>