* [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted
@ 2018-08-16 19:41 Andy Lutomirski
2018-08-16 19:44 ` David Woodhouse
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Andy Lutomirski @ 2018-08-16 19:41 UTC (permalink / raw)
To: x86, LKML
Cc: Borislav Petkov, Andy Lutomirski, Matt Rickard, Jason Vas Dias,
David Woodhouse, Peter Zijlstra, Andi Kleen
Currently, if the vDSO ends up containing an indirect branch or
call, GCC will emit the "external thunk" style of retpoline, and it
will fail to link.
Fix it by building the vDSO with inline retpoline thunks.
I haven't seen any reports of this triggering on an unpatched
kernel.
Cc: Matt Rickard <matt@softrans.com.au>
Cc: Jason Vas Dias <jason.vas.dias@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andi Kleen <ak@linux.intel.com>
Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
This is a bit of a marginal candidate for the merge window. There are
a couple of reports of people hitting this while hacking on the vDSO,
but I haven't seen any report of anyone hitting this on a stock kernel.
Feel free to tell me to buzz of and send it later :)
Makefile | 4 ++++
arch/x86/entry/vdso/Makefile | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index a0650bf79606..7bab2e90e4e1 100644
--- a/Makefile
+++ b/Makefile
@@ -507,9 +507,13 @@ KBUILD_AFLAGS += $(call cc-option, -no-integrated-as)
endif
RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
+RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register
RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
+RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline
RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
+RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG)))
export RETPOLINE_CFLAGS
+export RETPOLINE_VDSO_CFLAGS
KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
index 9f695f517747..fa3f439f0a92 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -68,9 +68,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE
CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \
$(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \
-fno-omit-frame-pointer -foptimize-sibling-calls \
- -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
+ -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS)
-$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
+$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
#
# vDSO code runs in userspace and -pg doesn't help with profiling anyway.
@@ -132,11 +132,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32))
+KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic
KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector)
KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls)
KBUILD_CFLAGS_32 += -fno-omit-frame-pointer
KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING
+KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS)
$(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32)
$(obj)/vdso32.so.dbg: FORCE \
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted
2018-08-16 19:41 [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted Andy Lutomirski
@ 2018-08-16 19:44 ` David Woodhouse
2018-08-17 2:45 ` Matthew Rickard
2018-08-20 16:10 ` [tip:x86/urgent] " tip-bot for Andy Lutomirski
2 siblings, 0 replies; 4+ messages in thread
From: David Woodhouse @ 2018-08-16 19:44 UTC (permalink / raw)
To: Andy Lutomirski, x86, LKML
Cc: Borislav Petkov, Matt Rickard, Jason Vas Dias, Peter Zijlstra,
Andi Kleen
[-- Attachment #1: Type: text/plain, Size: 782 bytes --]
On Thu, 2018-08-16 at 12:41 -0700, Andy Lutomirski wrote:
> Currently, if the vDSO ends up containing an indirect branch or
> call, GCC will emit the "external thunk" style of retpoline, and it
> will fail to link.
>
> Fix it by building the vDSO with inline retpoline thunks.
>
> I haven't seen any reports of this triggering on an unpatched
> kernel.
>
> Cc: Matt Rickard <matt@softrans.com.au>
> Cc: Jason Vas Dias <jason.vas.dias@gmail.com>
> Cc: David Woodhouse <dwmw2@infradead.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Andi Kleen <ak@linux.intel.com>
> Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support")
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
Acked-by: David Woodhouse <dwmw@amazon.co.uk>
Thanks.
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5213 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted
2018-08-16 19:41 [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted Andy Lutomirski
2018-08-16 19:44 ` David Woodhouse
@ 2018-08-17 2:45 ` Matthew Rickard
2018-08-20 16:10 ` [tip:x86/urgent] " tip-bot for Andy Lutomirski
2 siblings, 0 replies; 4+ messages in thread
From: Matthew Rickard @ 2018-08-17 2:45 UTC (permalink / raw)
To: Andy Lutomirski, x86, LKML
Cc: Borislav Petkov, Jason Vas Dias, David Woodhouse, Peter Zijlstra,
Andi Kleen
On 17/08/2018 5:41 AM, Andy Lutomirski wrote:
> Currently, if the vDSO ends up containing an indirect branch or
> call, GCC will emit the "external thunk" style of retpoline, and it
> will fail to link.
>
> Fix it by building the vDSO with inline retpoline thunks.
>
> I haven't seen any reports of this triggering on an unpatched
> kernel.
>
> Cc: Matt Rickard <matt@softrans.com.au>
> Cc: Jason Vas Dias <jason.vas.dias@gmail.com>
> Cc: David Woodhouse <dwmw2@infradead.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Andi Kleen <ak@linux.intel.com>
> Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support")
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
> ---
>
> This is a bit of a marginal candidate for the merge window. There are
> a couple of reports of people hitting this while hacking on the vDSO,
> but I haven't seen any report of anyone hitting this on a stock kernel.
>
> Feel free to tell me to buzz of and send it later :)
>
> Makefile | 4 ++++
> arch/x86/entry/vdso/Makefile | 6 ++++--
> 2 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index a0650bf79606..7bab2e90e4e1 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -507,9 +507,13 @@ KBUILD_AFLAGS += $(call cc-option, -no-integrated-as)
> endif
>
> RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
> +RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register
> RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
> +RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline
> RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
> +RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG)))
> export RETPOLINE_CFLAGS
> +export RETPOLINE_VDSO_CFLAGS
>
> KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
> KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
> diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
> index 9f695f517747..fa3f439f0a92 100644
> --- a/arch/x86/entry/vdso/Makefile
> +++ b/arch/x86/entry/vdso/Makefile
> @@ -68,9 +68,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE
> CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \
> $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \
> -fno-omit-frame-pointer -foptimize-sibling-calls \
> - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
> + -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS)
>
> -$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
> +$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
>
> #
> # vDSO code runs in userspace and -pg doesn't help with profiling anyway.
> @@ -132,11 +132,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32))
> KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32))
> KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32))
> KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32))
> +KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32))
> KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic
> KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector)
> KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls)
> KBUILD_CFLAGS_32 += -fno-omit-frame-pointer
> KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING
> +KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS)
> $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32)
>
> $(obj)/vdso32.so.dbg: FORCE \
>
That solves my issue, thanks.
Acked-by: Matt Rickard <matt@softrans.com.au>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [tip:x86/urgent] x86/vdso: Fix vDSO build if a retpoline is emitted
2018-08-16 19:41 [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted Andy Lutomirski
2018-08-16 19:44 ` David Woodhouse
2018-08-17 2:45 ` Matthew Rickard
@ 2018-08-20 16:10 ` tip-bot for Andy Lutomirski
2 siblings, 0 replies; 4+ messages in thread
From: tip-bot for Andy Lutomirski @ 2018-08-20 16:10 UTC (permalink / raw)
To: linux-tip-commits
Cc: mingo, dwmw2, luto, linux-kernel, peterz, ak, bp, hpa, matt,
jason.vas.dias, tglx
Commit-ID: 2e549b2ee0e358bc758480e716b881f9cabedb6a
Gitweb: https://git.kernel.org/tip/2e549b2ee0e358bc758480e716b881f9cabedb6a
Author: Andy Lutomirski <luto@kernel.org>
AuthorDate: Thu, 16 Aug 2018 12:41:15 -0700
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Mon, 20 Aug 2018 18:04:41 +0200
x86/vdso: Fix vDSO build if a retpoline is emitted
Currently, if the vDSO ends up containing an indirect branch or
call, GCC will emit the "external thunk" style of retpoline, and it
will fail to link.
Fix it by building the vDSO with inline retpoline thunks.
I haven't seen any reports of this triggering on an unpatched
kernel.
Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Matt Rickard <matt@softrans.com.au>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Jason Vas Dias <jason.vas.dias@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/c76538cd3afbe19c6246c2d1715bc6a60bd63985.1534448381.git.luto@kernel.org
---
Makefile | 4 ++++
arch/x86/entry/vdso/Makefile | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index a0650bf79606..7bab2e90e4e1 100644
--- a/Makefile
+++ b/Makefile
@@ -507,9 +507,13 @@ KBUILD_AFLAGS += $(call cc-option, -no-integrated-as)
endif
RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
+RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register
RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
+RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline
RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
+RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG)))
export RETPOLINE_CFLAGS
+export RETPOLINE_VDSO_CFLAGS
KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
index 9f695f517747..fa3f439f0a92 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -68,9 +68,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE
CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \
$(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \
-fno-omit-frame-pointer -foptimize-sibling-calls \
- -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
+ -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS)
-$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
+$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
#
# vDSO code runs in userspace and -pg doesn't help with profiling anyway.
@@ -132,11 +132,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32))
+KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic
KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector)
KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls)
KBUILD_CFLAGS_32 += -fno-omit-frame-pointer
KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING
+KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS)
$(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32)
$(obj)/vdso32.so.dbg: FORCE \
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-08-20 16:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-16 19:41 [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted Andy Lutomirski
2018-08-16 19:44 ` David Woodhouse
2018-08-17 2:45 ` Matthew Rickard
2018-08-20 16:10 ` [tip:x86/urgent] " tip-bot for Andy Lutomirski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).