[PATCH] x86/boot: avoid relaxable symbols with Clang

[PATCH] x86/boot: avoid relaxable symbols with Clang

[Nick Desaulniers]

A recent change to a default value of configuration variable
(ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
relocations. LLD will relax instructions with these relocations based on
whether the image is being linked as position independent or not.  When
not, then LLD will relax these instructions to use absolute addressing
mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with Clang
and linked with LLD to fail to boot.

Also, the LLVM commit notes that these relocation types aren't supported
until binutils 2.26. Since we support binutils 2.23+, avoid the
relocations regardless of linker.

The proper solution is to build the compressed boot image as position
independent.  There's a series working its way through code review
currently that does that, but it's unlikely to be backported to stable,
due to its size.  For now, cut a smaller patch that's more likely to be
easily picked up into stable, so that we can get our kernels booting
again.

Cc: stable@vger.kernel.org # 4.14.y
Link: https://github.com/ClangBuiltLinux/linux/issues/1121
Link: https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
Link: https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/178868465
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
---
https://lore.kernel.org/lkml/20200731230820.1742553-7-keescook@chromium.org/
is the patch I'm hopeful for building the compressed image as -pie, but
I don't think the series will be backported. Regardless, we probably
want this for older binutils support.

 arch/x86/boot/compressed/Makefile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 3962f592633d..ab0f7e7dabf9 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -44,6 +44,13 @@ KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
 KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
 KBUILD_CFLAGS += -D__DISABLE_EXPORTS
 
+# Until we can build arch/x86/boot/compressed/vmlinux as -Wl,-pie, don't emit
+# R_X86_64_GOTPCRELX or R_X86_64_REX_GOTPCRELX relocations that LLD will relax
+# into absolute addressed operands, and that BFD didn't support until 2.26.
+ifdef CONFIG_CC_IS_CLANG
+KBUILD_CFLAGS += -Wa,-mrelax-relocations=no
+endif
+
 KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 GCOV_PROFILE := n
 UBSAN_SANITIZE :=n
-- 
2.28.0.236.gb10cc79966-goog

Re: [PATCH] x86/boot: avoid relaxable symbols with Clang

[Arvind Sankar]

On Fri, Aug 07, 2020 at 12:41:00PM -0700, Nick Desaulniers wrote:
> A recent change to a default value of configuration variable
> (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
> integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
> relocations. LLD will relax instructions with these relocations based on
> whether the image is being linked as position independent or not.  When
> not, then LLD will relax these instructions to use absolute addressing
> mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with Clang
> and linked with LLD to fail to boot.

It could also cause kernels compiled with gcc and linked with LLD to
fail in the same way, no? The gcc/gas combination will generate the
relaxed relocations from I think gas-2.26 onward. Although the only
troublesome symbol in the case of gcc/gas is trampoline_32bit_src,
referenced from pgtable_64.c (gcc doesn't use a GOTPC reloc for _pgtable
etc).

I'm a bit surprised you were able to boot with just _pgtable fixed
(looking at the CBL issue), there are quite a few more GOTPC relocs with
clang -- maybe LLD isn't doing all the optimizations it could yet.

This potential issue was mentioned [0] in one of the earlier threads
(see last paragraph).

[0] https://lore.kernel.org/lkml/20200526191411.GA2380966@rani.riverdale.lan/

> 
> Also, the LLVM commit notes that these relocation types aren't supported
> until binutils 2.26. Since we support binutils 2.23+, avoid the
> relocations regardless of linker.

Note that the GNU assembler won't support the option to disable the
relaxations until 2.26, when they were added.

However, it turns out that clang always uses the integrated assembler
for the decompressor (and the EFI stub) because the no-integrated-as
option gets dropped when building these pieces, due to redefinition of
KBUILD_CFLAGS. You might want to mention this in the commit log or a
comment to explain why using the option unconditionally is safe. It
might need to be made conditional if the CFLAGS ever gets fixed to
maintain no-integrated-as.

Thanks.

Re: [PATCH] x86/boot: avoid relaxable symbols with Clang

[Nick Desaulniers]

On Fri, Aug 7, 2020 at 2:29 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Fri, Aug 07, 2020 at 12:41:00PM -0700, Nick Desaulniers wrote:
> > A recent change to a default value of configuration variable
> > (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
> > integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
> > relocations. LLD will relax instructions with these relocations based on
> > whether the image is being linked as position independent or not.  When
> > not, then LLD will relax these instructions to use absolute addressing
> > mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with Clang
> > and linked with LLD to fail to boot.
>
> It could also cause kernels compiled with gcc and linked with LLD to
> fail in the same way, no? The gcc/gas combination will generate the
> relaxed relocations from I think gas-2.26 onward. Although the only
> troublesome symbol in the case of gcc/gas is trampoline_32bit_src,
> referenced from pgtable_64.c (gcc doesn't use a GOTPC reloc for _pgtable
> etc).

Thanks for taking a look, and the feedback. I appreciate it!

$ gcc --version | head -n 1
gcc (Debian 9.3.0-11) 9.3.0
$ make -j71 clean defconfig bzImage
$ llvm-readelf -r arch/x86/boot/compressed/*.o | grep -e
R_X86_64_GOTPCRELX -e R_X86_64_REX_GOTPCRELX
0000000000000114  000000120000002a R_X86_64_REX_GOTPCRELX
0000000000000000 trampoline_32bit_src - 4
$ llvm-readelf -r arch/x86/boot/compressed/vmlinux | grep -e
R_X86_64_GOTPCRELX -e R_X86_64_REX_GOTPCRELX
$

So it looks like yes.  I guess then we'd need to add a check for
CONFIG_LD_IS_LLD and CONFIG_CC_IS_GCC and binutils version is 2.26+?
I don't mind adding support for that combination, but I'd like to skip
it in this patch for the sake of backporting something small to stable
to get our CI green ASAP, since CONFIG_LD_IS_LLD probably doesn't
exist for those stable branches, which will complicate the backport of
such a patch.  So I'd do it in a follow up patch if we're cool with
that?

> I'm a bit surprised you were able to boot with just _pgtable fixed
> (looking at the CBL issue), there are quite a few more GOTPC relocs with
> clang -- maybe LLD isn't doing all the optimizations it could yet.

I am, too.  I didn't specify which symbol was problematic or put this
flag on just one object file, because it's likely that there's an
issue with multiple symbols in multiple object files, though it's just
_pgtable that causes observable boot failures.

> This potential issue was mentioned [0] in one of the earlier threads
> (see last paragraph).
>
> [0] https://lore.kernel.org/lkml/20200526191411.GA2380966@rani.riverdale.lan/

Oh, indeed.

> > Also, the LLVM commit notes that these relocation types aren't supported
> > until binutils 2.26. Since we support binutils 2.23+, avoid the
> > relocations regardless of linker.
>
> Note that the GNU assembler won't support the option to disable the
> relaxations until 2.26, when they were added.
>
> However, it turns out that clang always uses the integrated assembler
> for the decompressor (and the EFI stub) because the no-integrated-as
> option gets dropped when building these pieces, due to redefinition of
> KBUILD_CFLAGS. You might want to mention this in the commit log or a

That's why I was careful to note in the commit message that it was
Clang's integrated assembler (assembler job) vs Clang (compiler job)
itself that was producing these.  May I add precisely:

```
Note that the GNU assembler won't support the option to disable the
relaxations until 2.26, when they were added.

However, it turns out that clang always uses the integrated assembler
for the decompressor (and the EFI stub) because the no-integrated-as
option gets dropped when building these pieces, due to redefinition of
KBUILD_CFLAGS.
```
with your suggested-by tag for a v2?

> comment to explain why using the option unconditionally is safe. It
> might need to be made conditional if the CFLAGS ever gets fixed to
> maintain no-integrated-as.
>
> Thanks.



-- 
Thanks,
~Nick Desaulniers

Re: [PATCH] x86/boot: avoid relaxable symbols with Clang

[Arvind Sankar]

On Fri, Aug 07, 2020 at 02:54:39PM -0700, Nick Desaulniers wrote:
> On Fri, Aug 7, 2020 at 2:29 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> >
> > On Fri, Aug 07, 2020 at 12:41:00PM -0700, Nick Desaulniers wrote:
> > > A recent change to a default value of configuration variable
> > > (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
> > > integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
> > > relocations. LLD will relax instructions with these relocations based on
> > > whether the image is being linked as position independent or not.  When
> > > not, then LLD will relax these instructions to use absolute addressing
> > > mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with Clang
> > > and linked with LLD to fail to boot.
> >
> > It could also cause kernels compiled with gcc and linked with LLD to
> > fail in the same way, no? The gcc/gas combination will generate the
> > relaxed relocations from I think gas-2.26 onward. Although the only
> > troublesome symbol in the case of gcc/gas is trampoline_32bit_src,
> > referenced from pgtable_64.c (gcc doesn't use a GOTPC reloc for _pgtable
> > etc).
> 
> Thanks for taking a look, and the feedback. I appreciate it!
> 
> $ gcc --version | head -n 1
> gcc (Debian 9.3.0-11) 9.3.0
> $ make -j71 clean defconfig bzImage
> $ llvm-readelf -r arch/x86/boot/compressed/*.o | grep -e
> R_X86_64_GOTPCRELX -e R_X86_64_REX_GOTPCRELX
> 0000000000000114  000000120000002a R_X86_64_REX_GOTPCRELX
> 0000000000000000 trampoline_32bit_src - 4
> $ llvm-readelf -r arch/x86/boot/compressed/vmlinux | grep -e
> R_X86_64_GOTPCRELX -e R_X86_64_REX_GOTPCRELX
> $
> 
> So it looks like yes.  I guess then we'd need to add a check for
> CONFIG_LD_IS_LLD and CONFIG_CC_IS_GCC and binutils version is 2.26+?
> I don't mind adding support for that combination, but I'd like to skip
> it in this patch for the sake of backporting something small to stable
> to get our CI green ASAP, since CONFIG_LD_IS_LLD probably doesn't
> exist for those stable branches, which will complicate the backport of
> such a patch.  So I'd do it in a follow up patch if we're cool with
> that?
> 

What if we did it only if we couldn't enable -pie, like the below patch?
I think this should cover all the cases without needing LD_IS_LLD
checks.

For BFD, the only case that should change is binutils-2.26, which
supports relaxations but not -z noreloc-overflow, and will now have
relax-relocations disabled. It currently works (with gcc) only because
the relaxation of
	movq foo@GOTPCREL(%rip), %reg
to
	movq $foo, %reg
in the non-pie case was only added in 2.27, which is also when -z
noreloc-overflow was added, allowing -pie to be enabled. With 2.26, it
only gets relaxed to
	leaq foo(%rip), %reg
which is all LLD currently does as well.

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 8abc30b27ba3..d25bb71f195a 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -60,6 +60,13 @@ else
 KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \
 	&& echo "-z noreloc-overflow -pie --no-dynamic-linker")
 endif
+
+# Disable relocation relaxation if not building as PIE
+ifeq ($(filter -pie,$(KBUILD_LDFLAGS)),)
+KBUILD_CFLAGS += $(call as-option, -Wa$(comma)-mrelax-relocations=no)
+KBUILD_AFLAGS += $(call as-option, -Wa$(comma)-mrelax-relocations=no)
+endif
+
 LDFLAGS_vmlinux := -T
 
 hostprogs	:= mkpiggy

Re: [PATCH] x86/boot: avoid relaxable symbols with Clang

[Nick Desaulniers]

On Fri, Aug 7, 2020 at 6:43 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Fri, Aug 07, 2020 at 02:54:39PM -0700, Nick Desaulniers wrote:
> > On Fri, Aug 7, 2020 at 2:29 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> > >
> > > On Fri, Aug 07, 2020 at 12:41:00PM -0700, Nick Desaulniers wrote:
> > > > A recent change to a default value of configuration variable
> > > > (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
> > > > integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
> > > > relocations. LLD will relax instructions with these relocations based on
> > > > whether the image is being linked as position independent or not.  When
> > > > not, then LLD will relax these instructions to use absolute addressing
> > > > mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with Clang
> > > > and linked with LLD to fail to boot.
> > >
> > > It could also cause kernels compiled with gcc and linked with LLD to
> > > fail in the same way, no? The gcc/gas combination will generate the
> > > relaxed relocations from I think gas-2.26 onward. Although the only
> > > troublesome symbol in the case of gcc/gas is trampoline_32bit_src,
> > > referenced from pgtable_64.c (gcc doesn't use a GOTPC reloc for _pgtable
> > > etc).
> >
> > Thanks for taking a look, and the feedback. I appreciate it!
> >
> > $ gcc --version | head -n 1
> > gcc (Debian 9.3.0-11) 9.3.0
> > $ make -j71 clean defconfig bzImage
> > $ llvm-readelf -r arch/x86/boot/compressed/*.o | grep -e
> > R_X86_64_GOTPCRELX -e R_X86_64_REX_GOTPCRELX
> > 0000000000000114  000000120000002a R_X86_64_REX_GOTPCRELX
> > 0000000000000000 trampoline_32bit_src - 4
> > $ llvm-readelf -r arch/x86/boot/compressed/vmlinux | grep -e
> > R_X86_64_GOTPCRELX -e R_X86_64_REX_GOTPCRELX
> > $
> >
> > So it looks like yes.  I guess then we'd need to add a check for
> > CONFIG_LD_IS_LLD and CONFIG_CC_IS_GCC and binutils version is 2.26+?
> > I don't mind adding support for that combination, but I'd like to skip
> > it in this patch for the sake of backporting something small to stable
> > to get our CI green ASAP, since CONFIG_LD_IS_LLD probably doesn't
> > exist for those stable branches, which will complicate the backport of
> > such a patch.  So I'd do it in a follow up patch if we're cool with
> > that?
> >
>
> What if we did it only if we couldn't enable -pie, like the below patch?
> I think this should cover all the cases without needing LD_IS_LLD
> checks.
>
> For BFD, the only case that should change is binutils-2.26, which
> supports relaxations but not -z noreloc-overflow, and will now have
> relax-relocations disabled. It currently works (with gcc) only because
> the relaxation of
>         movq foo@GOTPCREL(%rip), %reg
> to
>         movq $foo, %reg
> in the non-pie case was only added in 2.27, which is also when -z
> noreloc-overflow was added, allowing -pie to be enabled. With 2.26, it
> only gets relaxed to
>         leaq foo(%rip), %reg
> which is all LLD currently does as well.

Sure, that will work, too.  If you'd like to send it along, please add my:
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>

>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index 8abc30b27ba3..d25bb71f195a 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -60,6 +60,13 @@ else
>  KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \
>         && echo "-z noreloc-overflow -pie --no-dynamic-linker")
>  endif
> +
> +# Disable relocation relaxation if not building as PIE
> +ifeq ($(filter -pie,$(KBUILD_LDFLAGS)),)
> +KBUILD_CFLAGS += $(call as-option, -Wa$(comma)-mrelax-relocations=no)
> +KBUILD_AFLAGS += $(call as-option, -Wa$(comma)-mrelax-relocations=no)
> +endif
> +
>  LDFLAGS_vmlinux := -T
>
>  hostprogs      := mkpiggy



-- 
Thanks,
~Nick Desaulniers

[PATCH] x86/boot/compressed: Disable relocation relaxation for non-pie link

[Arvind Sankar]

The x86-64 psABI [0] specifies special relocation types
(R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset
Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker
can take advantage of for optimization (relaxation) at link time. This
is supported by LLD and binutils versions 2.26 onwards.

The compressed kernel is position-independent code, however, when using
LLD or binutils versions before 2.27, it must be linked without the -pie
option. In this case, the linker may optimize certain instructions into
a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo.

This potential issue has been present with LLD and binutils-2.26 for a
long time, but it has never manifested itself before now:
- LLD and binutils-2.26 only relax
	movq	foo@GOTPCREL(%rip), %reg
  to
	leaq	foo(%rip), %reg
  which is still position-independent, rather than
	mov	$foo, %reg
  which is permitted by the psABI when -pie is not enabled.
- gcc happens to only generate GOTPCREL relocations on mov instructions.
- clang does generate GOTPCREL relocations on non-mov instructions, but
  when building the compressed kernel, it uses its integrated assembler
  (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as),
  which has so far defaulted to not generating the GOTPCRELX
  relocations.

Nick Desaulniers reports [1,2]:
  A recent change [3] to a default value of configuration variable
  (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
  integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
  relocations. LLD will relax instructions with these relocations based
  on whether the image is being linked as position independent or not.
  When not, then LLD will relax these instructions to use absolute
  addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with
  Clang and linked with LLD to fail to boot.

Patch series [4] is a solution to allow the compressed kernel to be
linked with -pie unconditionally, but even if merged is unlikely to be
backported. As a simple solution that can be applied to stable as well,
prevent the assembler from generating the relaxed relocation types using
the -mrelax-relocations=no option.

[0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65
[1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/
[2] https://github.com/ClangBuiltLinux/linux/issues/1121
[3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
[4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: stable@vger.kernel.org # 4.19.x
---
 arch/x86/boot/compressed/Makefile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 3962f592633d..c5449bea58ec 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -62,6 +62,12 @@ KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \
 endif
 LDFLAGS_vmlinux := -T
 
+# Disable relocation relaxation if not linking as PIE
+ifeq ($(filter -pie,$(KBUILD_LDFLAGS)),)
+KBUILD_CFLAGS += $(call as-option, -Wa$(comma)-mrelax-relocations=no)
+KBUILD_AFLAGS += $(call as-option, -Wa$(comma)-mrelax-relocations=no)
+endif
+
 hostprogs	:= mkpiggy
 HOST_EXTRACFLAGS += -I$(srctree)/tools/include
 
-- 
2.26.2

Re: [PATCH] x86/boot/compressed: Disable relocation relaxation for non-pie link

[Nick Desaulniers]

On Tue, Aug 11, 2020 at 10:36 AM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> The x86-64 psABI [0] specifies special relocation types
> (R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset
> Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker
> can take advantage of for optimization (relaxation) at link time. This
> is supported by LLD and binutils versions 2.26 onwards.
>
> The compressed kernel is position-independent code, however, when using
> LLD or binutils versions before 2.27, it must be linked without the -pie
> option. In this case, the linker may optimize certain instructions into
> a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo.
>
> This potential issue has been present with LLD and binutils-2.26 for a
> long time, but it has never manifested itself before now:
> - LLD and binutils-2.26 only relax
>         movq    foo@GOTPCREL(%rip), %reg
>   to
>         leaq    foo(%rip), %reg
>   which is still position-independent, rather than
>         mov     $foo, %reg
>   which is permitted by the psABI when -pie is not enabled.
> - gcc happens to only generate GOTPCREL relocations on mov instructions.
> - clang does generate GOTPCREL relocations on non-mov instructions, but
>   when building the compressed kernel, it uses its integrated assembler
>   (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as),
>   which has so far defaulted to not generating the GOTPCRELX
>   relocations.
>
> Nick Desaulniers reports [1,2]:
>   A recent change [3] to a default value of configuration variable
>   (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
>   integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
>   relocations. LLD will relax instructions with these relocations based
>   on whether the image is being linked as position independent or not.
>   When not, then LLD will relax these instructions to use absolute
>   addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with
>   Clang and linked with LLD to fail to boot.
>
> Patch series [4] is a solution to allow the compressed kernel to be
> linked with -pie unconditionally, but even if merged is unlikely to be
> backported. As a simple solution that can be applied to stable as well,
> prevent the assembler from generating the relaxed relocation types using
> the -mrelax-relocations=no option.
>
> [0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65
> [1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/
> [2] https://github.com/ClangBuiltLinux/linux/issues/1121
> [3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
> [4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/
>
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> Reported-by: Nick Desaulniers <ndesaulniers@google.com>
> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> Tested-by: Nick Desaulniers <ndesaulniers@google.com>
> Cc: stable@vger.kernel.org # 4.19.x

Thanks Arvind, good write up.  Just curious about this stable tag, how
come you picked 4.19?  I can see boot failures in our CI for x86+LLD
back to 4.9.  Can we amend that tag to use `# 4.9`? I'd be happy to
help submit backports should they fail to apply cleanly.
https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/179237488

> ---
>  arch/x86/boot/compressed/Makefile | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index 3962f592633d..c5449bea58ec 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -62,6 +62,12 @@ KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \
>  endif
>  LDFLAGS_vmlinux := -T
>
> +# Disable relocation relaxation if not linking as PIE
> +ifeq ($(filter -pie,$(KBUILD_LDFLAGS)),)
> +KBUILD_CFLAGS += $(call as-option, -Wa$(comma)-mrelax-relocations=no)
> +KBUILD_AFLAGS += $(call as-option, -Wa$(comma)-mrelax-relocations=no)
> +endif
> +
>  hostprogs      := mkpiggy
>  HOST_EXTRACFLAGS += -I$(srctree)/tools/include
>
> --
> 2.26.2
>


-- 
Thanks,
~Nick Desaulniers

Re: [PATCH] x86/boot/compressed: Disable relocation relaxation for non-pie link

[Arvind Sankar]

On Tue, Aug 11, 2020 at 10:58:40AM -0700, Nick Desaulniers wrote:
> > Cc: stable@vger.kernel.org # 4.19.x
> 
> Thanks Arvind, good write up.  Just curious about this stable tag, how
> come you picked 4.19?  I can see boot failures in our CI for x86+LLD
> back to 4.9.  Can we amend that tag to use `# 4.9`? I'd be happy to
> help submit backports should they fail to apply cleanly.
> https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/179237488
> 

4.19 renamed LDFLAGS to KBUILD_LDFLAGS. For 4.4, 4.9 and 4.14 the patch
needs to be modified, KBUILD_LDFLAGS -> LDFLAGS, so I figured we should
submit backports separately. For 4.19 onwards, it should apply without
changes I think.

Thanks.

Re: [PATCH] x86/boot/compressed: Disable relocation relaxation for non-pie link

[Nick Desaulniers]

On Tue, Aug 11, 2020 at 3:44 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Tue, Aug 11, 2020 at 10:58:40AM -0700, Nick Desaulniers wrote:
> > > Cc: stable@vger.kernel.org # 4.19.x
> >
> > Thanks Arvind, good write up.  Just curious about this stable tag, how
> > come you picked 4.19?  I can see boot failures in our CI for x86+LLD
> > back to 4.9.  Can we amend that tag to use `# 4.9`? I'd be happy to
> > help submit backports should they fail to apply cleanly.
> > https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/179237488
> >
>
> 4.19 renamed LDFLAGS to KBUILD_LDFLAGS. For 4.4, 4.9 and 4.14 the patch
> needs to be modified, KBUILD_LDFLAGS -> LDFLAGS, so I figured we should
> submit backports separately. For 4.19 onwards, it should apply without
> changes I think.

Cool, sounds good.  I'll keep an eye out for when stable goes to pick this up.

tglx, Ingo, BP, can we pretty please get this in tip/urgent for
inclusion into 5.9?
-- 
Thanks,
~Nick Desaulniers

Re: [PATCH] x86/boot/compressed: Disable relocation relaxation for non-pie link

[Arvind Sankar]

On Tue, Aug 11, 2020 at 04:04:40PM -0700, Nick Desaulniers wrote:
> On Tue, Aug 11, 2020 at 3:44 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> >
> > On Tue, Aug 11, 2020 at 10:58:40AM -0700, Nick Desaulniers wrote:
> > > > Cc: stable@vger.kernel.org # 4.19.x
> > >
> > > Thanks Arvind, good write up.  Just curious about this stable tag, how
> > > come you picked 4.19?  I can see boot failures in our CI for x86+LLD
> > > back to 4.9.  Can we amend that tag to use `# 4.9`? I'd be happy to
> > > help submit backports should they fail to apply cleanly.
> > > https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/179237488
> > >
> >
> > 4.19 renamed LDFLAGS to KBUILD_LDFLAGS. For 4.4, 4.9 and 4.14 the patch
> > needs to be modified, KBUILD_LDFLAGS -> LDFLAGS, so I figured we should
> > submit backports separately. For 4.19 onwards, it should apply without
> > changes I think.
> 
> Cool, sounds good.  I'll keep an eye out for when stable goes to pick this up.
> 
> tglx, Ingo, BP, can we pretty please get this in tip/urgent for
> inclusion into 5.9?
> -- 
> Thanks,
> ~Nick Desaulniers

Another alternative is to just do this unconditionally instead of even
checking for the -pie flag. None of the GOTPCRELs are in the
decompressor, so they shouldn't be performance-sensitive at all.

It still wouldn't apply cleanly to all the stable versions, but
backporting would be even simpler.

What do you think?

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 3962f592633d..10c2ba59d192 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -43,6 +43,7 @@ KBUILD_CFLAGS += -Wno-pointer-sign
 KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
 KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
 KBUILD_CFLAGS += -D__DISABLE_EXPORTS
+KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
 
 KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 GCOV_PROFILE := n

Re: [PATCH] x86/boot/compressed: Disable relocation relaxation for non-pie link

[Nick Desaulniers]

On Tue, Aug 11, 2020 at 4:43 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Tue, Aug 11, 2020 at 04:04:40PM -0700, Nick Desaulniers wrote:
> > On Tue, Aug 11, 2020 at 3:44 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> > >
> > > On Tue, Aug 11, 2020 at 10:58:40AM -0700, Nick Desaulniers wrote:
> > > > > Cc: stable@vger.kernel.org # 4.19.x
> > > >
> > > > Thanks Arvind, good write up.  Just curious about this stable tag, how
> > > > come you picked 4.19?  I can see boot failures in our CI for x86+LLD
> > > > back to 4.9.  Can we amend that tag to use `# 4.9`? I'd be happy to
> > > > help submit backports should they fail to apply cleanly.
> > > > https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/179237488
> > > >
> > >
> > > 4.19 renamed LDFLAGS to KBUILD_LDFLAGS. For 4.4, 4.9 and 4.14 the patch
> > > needs to be modified, KBUILD_LDFLAGS -> LDFLAGS, so I figured we should
> > > submit backports separately. For 4.19 onwards, it should apply without
> > > changes I think.
> >
> > Cool, sounds good.  I'll keep an eye out for when stable goes to pick this up.
> >
> > tglx, Ingo, BP, can we pretty please get this in tip/urgent for
> > inclusion into 5.9?
> > --
> > Thanks,
> > ~Nick Desaulniers
>
> Another alternative is to just do this unconditionally instead of even
> checking for the -pie flag. None of the GOTPCRELs are in the
> decompressor, so they shouldn't be performance-sensitive at all.
>
> It still wouldn't apply cleanly to all the stable versions, but
> backporting would be even simpler.
>
> What do you think?
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index 3962f592633d..10c2ba59d192 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -43,6 +43,7 @@ KBUILD_CFLAGS += -Wno-pointer-sign
>  KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
>  KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
>  KBUILD_CFLAGS += -D__DISABLE_EXPORTS
> +KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)

We'd still want it for KBUILD_AFLAGS, too, just to be safe. Maybe a
one line comment to the effect of `# remove me once we can link as
-pie` would help us rip off this band-aid in the future?  It's more
obvious that the added hunk can be reverted once -pie linkage is
achieved with the current patch; either are fine by me.  Thanks!

>
>  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
>  GCOV_PROFILE := n



-- 
Thanks,
~Nick Desaulniers

Re: [PATCH] x86/boot/compressed: Disable relocation relaxation for non-pie link

[Arvind Sankar]

On Tue, Aug 11, 2020 at 04:51:23PM -0700, Nick Desaulniers wrote:
> On Tue, Aug 11, 2020 at 4:43 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> >
> > On Tue, Aug 11, 2020 at 04:04:40PM -0700, Nick Desaulniers wrote:
> > > On Tue, Aug 11, 2020 at 3:44 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> > > >
> > > > On Tue, Aug 11, 2020 at 10:58:40AM -0700, Nick Desaulniers wrote:
> > > > > > Cc: stable@vger.kernel.org # 4.19.x
> > > > >
> > > > > Thanks Arvind, good write up.  Just curious about this stable tag, how
> > > > > come you picked 4.19?  I can see boot failures in our CI for x86+LLD
> > > > > back to 4.9.  Can we amend that tag to use `# 4.9`? I'd be happy to
> > > > > help submit backports should they fail to apply cleanly.
> > > > > https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/179237488
> > > > >
> > > >
> > > > 4.19 renamed LDFLAGS to KBUILD_LDFLAGS. For 4.4, 4.9 and 4.14 the patch
> > > > needs to be modified, KBUILD_LDFLAGS -> LDFLAGS, so I figured we should
> > > > submit backports separately. For 4.19 onwards, it should apply without
> > > > changes I think.
> > >
> > > Cool, sounds good.  I'll keep an eye out for when stable goes to pick this up.
> > >
> > > tglx, Ingo, BP, can we pretty please get this in tip/urgent for
> > > inclusion into 5.9?
> > > --
> > > Thanks,
> > > ~Nick Desaulniers
> >
> > Another alternative is to just do this unconditionally instead of even
> > checking for the -pie flag. None of the GOTPCRELs are in the
> > decompressor, so they shouldn't be performance-sensitive at all.
> >
> > It still wouldn't apply cleanly to all the stable versions, but
> > backporting would be even simpler.
> >
> > What do you think?
> >
> > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> > index 3962f592633d..10c2ba59d192 100644
> > --- a/arch/x86/boot/compressed/Makefile
> > +++ b/arch/x86/boot/compressed/Makefile
> > @@ -43,6 +43,7 @@ KBUILD_CFLAGS += -Wno-pointer-sign
> >  KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
> >  KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
> >  KBUILD_CFLAGS += -D__DISABLE_EXPORTS
> > +KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
> 
> We'd still want it for KBUILD_AFLAGS, too, just to be safe. Maybe a

KBUILD_CFLAGS gets included into KBUILD_AFLAGS, so this already does
that.

> one line comment to the effect of `# remove me once we can link as
> -pie` would help us rip off this band-aid in the future?  It's more
> obvious that the added hunk can be reverted once -pie linkage is
> achieved with the current patch; either are fine by me.  Thanks!
> 
> >
> >  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
> >  GCOV_PROFILE := n
> 
> 
> 
> -- 
> Thanks,
> ~Nick Desaulniers

[PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Arvind Sankar]

The x86-64 psABI [0] specifies special relocation types
(R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset
Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker
can take advantage of for optimization (relaxation) at link time. This
is supported by LLD and binutils versions 2.26 onwards.

The compressed kernel is position-independent code, however, when using
LLD or binutils versions before 2.27, it must be linked without the -pie
option. In this case, the linker may optimize certain instructions into
a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo.

This potential issue has been present with LLD and binutils-2.26 for a
long time, but it has never manifested itself before now:
- LLD and binutils-2.26 only relax
	movq	foo@GOTPCREL(%rip), %reg
  to
	leaq	foo(%rip), %reg
  which is still position-independent, rather than
	mov	$foo, %reg
  which is permitted by the psABI when -pie is not enabled.
- gcc happens to only generate GOTPCREL relocations on mov instructions.
- clang does generate GOTPCREL relocations on non-mov instructions, but
  when building the compressed kernel, it uses its integrated assembler
  (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as),
  which has so far defaulted to not generating the GOTPCRELX
  relocations.

Nick Desaulniers reports [1,2]:
  A recent change [3] to a default value of configuration variable
  (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
  integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
  relocations. LLD will relax instructions with these relocations based
  on whether the image is being linked as position independent or not.
  When not, then LLD will relax these instructions to use absolute
  addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with
  Clang and linked with LLD to fail to boot.

Patch series [4] is a solution to allow the compressed kernel to be
linked with -pie unconditionally, but even if merged is unlikely to be
backported. As a simple solution that can be applied to stable as well,
prevent the assembler from generating the relaxed relocation types using
the -mrelax-relocations=no option. For ease of backporting, do this
unconditionally.

[0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65
[1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/
[2] https://github.com/ClangBuiltLinux/linux/issues/1121
[3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
[4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
---
 arch/x86/boot/compressed/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 3962f592633d..ff7894f39e0e 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -43,6 +43,8 @@ KBUILD_CFLAGS += -Wno-pointer-sign
 KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
 KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
 KBUILD_CFLAGS += -D__DISABLE_EXPORTS
+# Disable relocation relaxation in case the link is not PIE.
+KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
 
 KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 GCOV_PROFILE := n
-- 
2.26.2

Re: [PATCH] x86/boot/compressed: Disable relocation relaxation for non-pie link

[Nick Desaulniers]

On Tue, Aug 11, 2020 at 5:42 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Tue, Aug 11, 2020 at 04:51:23PM -0700, Nick Desaulniers wrote:
> > On Tue, Aug 11, 2020 at 4:43 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> > >
> > > On Tue, Aug 11, 2020 at 04:04:40PM -0700, Nick Desaulniers wrote:
> > > > On Tue, Aug 11, 2020 at 3:44 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> > > > >
> > > > > On Tue, Aug 11, 2020 at 10:58:40AM -0700, Nick Desaulniers wrote:
> > > > > > > Cc: stable@vger.kernel.org # 4.19.x
> > > > > >
> > > > > > Thanks Arvind, good write up.  Just curious about this stable tag, how
> > > > > > come you picked 4.19?  I can see boot failures in our CI for x86+LLD
> > > > > > back to 4.9.  Can we amend that tag to use `# 4.9`? I'd be happy to
> > > > > > help submit backports should they fail to apply cleanly.
> > > > > > https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/179237488
> > > > > >
> > > > >
> > > > > 4.19 renamed LDFLAGS to KBUILD_LDFLAGS. For 4.4, 4.9 and 4.14 the patch
> > > > > needs to be modified, KBUILD_LDFLAGS -> LDFLAGS, so I figured we should
> > > > > submit backports separately. For 4.19 onwards, it should apply without
> > > > > changes I think.
> > > >
> > > > Cool, sounds good.  I'll keep an eye out for when stable goes to pick this up.
> > > >
> > > > tglx, Ingo, BP, can we pretty please get this in tip/urgent for
> > > > inclusion into 5.9?
> > > > --
> > > > Thanks,
> > > > ~Nick Desaulniers
> > >
> > > Another alternative is to just do this unconditionally instead of even
> > > checking for the -pie flag. None of the GOTPCRELs are in the
> > > decompressor, so they shouldn't be performance-sensitive at all.
> > >
> > > It still wouldn't apply cleanly to all the stable versions, but
> > > backporting would be even simpler.
> > >
> > > What do you think?
> > >
> > > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> > > index 3962f592633d..10c2ba59d192 100644
> > > --- a/arch/x86/boot/compressed/Makefile
> > > +++ b/arch/x86/boot/compressed/Makefile
> > > @@ -43,6 +43,7 @@ KBUILD_CFLAGS += -Wno-pointer-sign
> > >  KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
> > >  KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
> > >  KBUILD_CFLAGS += -D__DISABLE_EXPORTS
> > > +KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
> >
> > We'd still want it for KBUILD_AFLAGS, too, just to be safe. Maybe a
>
> KBUILD_CFLAGS gets included into KBUILD_AFLAGS, so this already does
> that.

Ah, right, just below it in the diff.

>
> > one line comment to the effect of `# remove me once we can link as
> > -pie` would help us rip off this band-aid in the future?  It's more
> > obvious that the added hunk can be reverted once -pie linkage is
> > achieved with the current patch; either are fine by me.  Thanks!
> >
> > >
> > >  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
> > >  GCOV_PROFILE := n
> >
> >
> >
> > --
> > Thanks,
> > ~Nick Desaulniers



-- 
Thanks,
~Nick Desaulniers

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Nick Desaulniers]

On Tue, Aug 11, 2020 at 5:43 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> The x86-64 psABI [0] specifies special relocation types
> (R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset
> Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker
> can take advantage of for optimization (relaxation) at link time. This
> is supported by LLD and binutils versions 2.26 onwards.
>
> The compressed kernel is position-independent code, however, when using
> LLD or binutils versions before 2.27, it must be linked without the -pie
> option. In this case, the linker may optimize certain instructions into
> a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo.
>
> This potential issue has been present with LLD and binutils-2.26 for a
> long time, but it has never manifested itself before now:
> - LLD and binutils-2.26 only relax
>         movq    foo@GOTPCREL(%rip), %reg
>   to
>         leaq    foo(%rip), %reg
>   which is still position-independent, rather than
>         mov     $foo, %reg
>   which is permitted by the psABI when -pie is not enabled.
> - gcc happens to only generate GOTPCREL relocations on mov instructions.
> - clang does generate GOTPCREL relocations on non-mov instructions, but
>   when building the compressed kernel, it uses its integrated assembler
>   (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as),
>   which has so far defaulted to not generating the GOTPCRELX
>   relocations.
>
> Nick Desaulniers reports [1,2]:
>   A recent change [3] to a default value of configuration variable
>   (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
>   integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
>   relocations. LLD will relax instructions with these relocations based
>   on whether the image is being linked as position independent or not.
>   When not, then LLD will relax these instructions to use absolute
>   addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with
>   Clang and linked with LLD to fail to boot.
>
> Patch series [4] is a solution to allow the compressed kernel to be
> linked with -pie unconditionally, but even if merged is unlikely to be
> backported. As a simple solution that can be applied to stable as well,
> prevent the assembler from generating the relaxed relocation types using
> the -mrelax-relocations=no option. For ease of backporting, do this
> unconditionally.
>
> [0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65
> [1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/
> [2] https://github.com/ClangBuiltLinux/linux/issues/1121
> [3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
> [4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/
>
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> Reported-by: Nick Desaulniers <ndesaulniers@google.com>
> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> Tested-by: Nick Desaulniers <ndesaulniers@google.com>
> Cc: stable@vger.kernel.org
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>

LGTM

> ---
>  arch/x86/boot/compressed/Makefile | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index 3962f592633d..ff7894f39e0e 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -43,6 +43,8 @@ KBUILD_CFLAGS += -Wno-pointer-sign
>  KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
>  KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
>  KBUILD_CFLAGS += -D__DISABLE_EXPORTS
> +# Disable relocation relaxation in case the link is not PIE.
> +KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
>
>  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
>  GCOV_PROFILE := n
> --
> 2.26.2
>


-- 
Thanks,
~Nick Desaulniers

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Sedat Dilek]

On Wed, Aug 12, 2020 at 2:43 AM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> The x86-64 psABI [0] specifies special relocation types
> (R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset
> Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker
> can take advantage of for optimization (relaxation) at link time. This
> is supported by LLD and binutils versions 2.26 onwards.
>
> The compressed kernel is position-independent code, however, when using
> LLD or binutils versions before 2.27, it must be linked without the -pie
> option. In this case, the linker may optimize certain instructions into
> a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo.
>
> This potential issue has been present with LLD and binutils-2.26 for a
> long time, but it has never manifested itself before now:
> - LLD and binutils-2.26 only relax
>         movq    foo@GOTPCREL(%rip), %reg
>   to
>         leaq    foo(%rip), %reg
>   which is still position-independent, rather than
>         mov     $foo, %reg
>   which is permitted by the psABI when -pie is not enabled.
> - gcc happens to only generate GOTPCREL relocations on mov instructions.
> - clang does generate GOTPCREL relocations on non-mov instructions, but
>   when building the compressed kernel, it uses its integrated assembler
>   (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as),
>   which has so far defaulted to not generating the GOTPCRELX
>   relocations.
>
> Nick Desaulniers reports [1,2]:
>   A recent change [3] to a default value of configuration variable
>   (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
>   integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
>   relocations. LLD will relax instructions with these relocations based
>   on whether the image is being linked as position independent or not.
>   When not, then LLD will relax these instructions to use absolute
>   addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with
>   Clang and linked with LLD to fail to boot.
>
> Patch series [4] is a solution to allow the compressed kernel to be
> linked with -pie unconditionally, but even if merged is unlikely to be
> backported. As a simple solution that can be applied to stable as well,
> prevent the assembler from generating the relaxed relocation types using
> the -mrelax-relocations=no option. For ease of backporting, do this
> unconditionally.
>
> [0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65
> [1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/
> [2] https://github.com/ClangBuiltLinux/linux/issues/1121
> [3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
> [4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/
>
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> Reported-by: Nick Desaulniers <ndesaulniers@google.com>
> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> Tested-by: Nick Desaulniers <ndesaulniers@google.com>
> Cc: stable@vger.kernel.org
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>

Thanks for the patch.

Tested-by: Sedat Dilek <sedat.dilek@gmail.com>

- Sedat -

[1] https://github.com/ClangBuiltLinux/linux/issues/1120#issuecomment-674409705

> ---
>  arch/x86/boot/compressed/Makefile | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index 3962f592633d..ff7894f39e0e 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -43,6 +43,8 @@ KBUILD_CFLAGS += -Wno-pointer-sign
>  KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
>  KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
>  KBUILD_CFLAGS += -D__DISABLE_EXPORTS
> +# Disable relocation relaxation in case the link is not PIE.
> +KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
>
>  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
>  GCOV_PROFILE := n
> --
> 2.26.2
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20200812004308.1448603-1-nivedita%40alum.mit.edu.

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Nick Desaulniers]

Hi Ingo,
I saw you picked up Arvind's other series into x86/boot.  Would you
mind please including this, as well?  Our CI is quite red for x86...

EOM

On Sat, Aug 15, 2020 at 8:49 AM Sedat Dilek <sedat.dilek@gmail.com> wrote:
>
> On Wed, Aug 12, 2020 at 2:43 AM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> >
> > The x86-64 psABI [0] specifies special relocation types
> > (R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset
> > Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker
> > can take advantage of for optimization (relaxation) at link time. This
> > is supported by LLD and binutils versions 2.26 onwards.
> >
> > The compressed kernel is position-independent code, however, when using
> > LLD or binutils versions before 2.27, it must be linked without the -pie
> > option. In this case, the linker may optimize certain instructions into
> > a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo.
> >
> > This potential issue has been present with LLD and binutils-2.26 for a
> > long time, but it has never manifested itself before now:
> > - LLD and binutils-2.26 only relax
> >         movq    foo@GOTPCREL(%rip), %reg
> >   to
> >         leaq    foo(%rip), %reg
> >   which is still position-independent, rather than
> >         mov     $foo, %reg
> >   which is permitted by the psABI when -pie is not enabled.
> > - gcc happens to only generate GOTPCREL relocations on mov instructions.
> > - clang does generate GOTPCREL relocations on non-mov instructions, but
> >   when building the compressed kernel, it uses its integrated assembler
> >   (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as),
> >   which has so far defaulted to not generating the GOTPCRELX
> >   relocations.
> >
> > Nick Desaulniers reports [1,2]:
> >   A recent change [3] to a default value of configuration variable
> >   (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
> >   integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
> >   relocations. LLD will relax instructions with these relocations based
> >   on whether the image is being linked as position independent or not.
> >   When not, then LLD will relax these instructions to use absolute
> >   addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with
> >   Clang and linked with LLD to fail to boot.
> >
> > Patch series [4] is a solution to allow the compressed kernel to be
> > linked with -pie unconditionally, but even if merged is unlikely to be
> > backported. As a simple solution that can be applied to stable as well,
> > prevent the assembler from generating the relaxed relocation types using
> > the -mrelax-relocations=no option. For ease of backporting, do this
> > unconditionally.
> >
> > [0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65
> > [1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/
> > [2] https://github.com/ClangBuiltLinux/linux/issues/1121
> > [3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
> > [4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/
> >
> > Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> > Reported-by: Nick Desaulniers <ndesaulniers@google.com>
> > Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> > Tested-by: Nick Desaulniers <ndesaulniers@google.com>
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
>
> Thanks for the patch.
>
> Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
>
> - Sedat -
>
> [1] https://github.com/ClangBuiltLinux/linux/issues/1120#issuecomment-674409705
>
> > ---
> >  arch/x86/boot/compressed/Makefile | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> > index 3962f592633d..ff7894f39e0e 100644
> > --- a/arch/x86/boot/compressed/Makefile
> > +++ b/arch/x86/boot/compressed/Makefile
> > @@ -43,6 +43,8 @@ KBUILD_CFLAGS += -Wno-pointer-sign
> >  KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
> >  KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
> >  KBUILD_CFLAGS += -D__DISABLE_EXPORTS
> > +# Disable relocation relaxation in case the link is not PIE.
> > +KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
> >
> >  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
> >  GCOV_PROFILE := n
> > --
> > 2.26.2
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20200812004308.1448603-1-nivedita%40alum.mit.edu.



-- 
Thanks,
~Nick Desaulniers

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Sedat Dilek]

On Sat, Aug 15, 2020 at 10:57 PM Nick Desaulniers
<ndesaulniers@google.com> wrote:
>
> Hi Ingo,
> I saw you picked up Arvind's other series into x86/boot.  Would you
> mind please including this, as well?  Our CI is quite red for x86...
>
> EOM
>

+1

- Sedat -

> On Sat, Aug 15, 2020 at 8:49 AM Sedat Dilek <sedat.dilek@gmail.com> wrote:
> >
> > On Wed, Aug 12, 2020 at 2:43 AM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> > >
> > > The x86-64 psABI [0] specifies special relocation types
> > > (R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset
> > > Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker
> > > can take advantage of for optimization (relaxation) at link time. This
> > > is supported by LLD and binutils versions 2.26 onwards.
> > >
> > > The compressed kernel is position-independent code, however, when using
> > > LLD or binutils versions before 2.27, it must be linked without the -pie
> > > option. In this case, the linker may optimize certain instructions into
> > > a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo.
> > >
> > > This potential issue has been present with LLD and binutils-2.26 for a
> > > long time, but it has never manifested itself before now:
> > > - LLD and binutils-2.26 only relax
> > >         movq    foo@GOTPCREL(%rip), %reg
> > >   to
> > >         leaq    foo(%rip), %reg
> > >   which is still position-independent, rather than
> > >         mov     $foo, %reg
> > >   which is permitted by the psABI when -pie is not enabled.
> > > - gcc happens to only generate GOTPCREL relocations on mov instructions.
> > > - clang does generate GOTPCREL relocations on non-mov instructions, but
> > >   when building the compressed kernel, it uses its integrated assembler
> > >   (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as),
> > >   which has so far defaulted to not generating the GOTPCRELX
> > >   relocations.
> > >
> > > Nick Desaulniers reports [1,2]:
> > >   A recent change [3] to a default value of configuration variable
> > >   (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
> > >   integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
> > >   relocations. LLD will relax instructions with these relocations based
> > >   on whether the image is being linked as position independent or not.
> > >   When not, then LLD will relax these instructions to use absolute
> > >   addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with
> > >   Clang and linked with LLD to fail to boot.
> > >
> > > Patch series [4] is a solution to allow the compressed kernel to be
> > > linked with -pie unconditionally, but even if merged is unlikely to be
> > > backported. As a simple solution that can be applied to stable as well,
> > > prevent the assembler from generating the relaxed relocation types using
> > > the -mrelax-relocations=no option. For ease of backporting, do this
> > > unconditionally.
> > >
> > > [0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65
> > > [1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/
> > > [2] https://github.com/ClangBuiltLinux/linux/issues/1121
> > > [3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
> > > [4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/
> > >
> > > Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> > > Reported-by: Nick Desaulniers <ndesaulniers@google.com>
> > > Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> > > Tested-by: Nick Desaulniers <ndesaulniers@google.com>
> > > Cc: stable@vger.kernel.org
> > > Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> >
> > Thanks for the patch.
> >
> > Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
> >
> > - Sedat -
> >
> > [1] https://github.com/ClangBuiltLinux/linux/issues/1120#issuecomment-674409705
> >
> > > ---
> > >  arch/x86/boot/compressed/Makefile | 2 ++
> > >  1 file changed, 2 insertions(+)
> > >
> > > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> > > index 3962f592633d..ff7894f39e0e 100644
> > > --- a/arch/x86/boot/compressed/Makefile
> > > +++ b/arch/x86/boot/compressed/Makefile
> > > @@ -43,6 +43,8 @@ KBUILD_CFLAGS += -Wno-pointer-sign
> > >  KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
> > >  KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
> > >  KBUILD_CFLAGS += -D__DISABLE_EXPORTS
> > > +# Disable relocation relaxation in case the link is not PIE.
> > > +KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
> > >
> > >  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
> > >  GCOV_PROFILE := n
> > > --
> > > 2.26.2
> > >
> > > --
> > > You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20200812004308.1448603-1-nivedita%40alum.mit.edu.
>
>
>
> --
> Thanks,
> ~Nick Desaulniers

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Arvind Sankar]

On Sat, Aug 15, 2020 at 01:56:49PM -0700, Nick Desaulniers wrote:
> Hi Ingo,
> I saw you picked up Arvind's other series into x86/boot.  Would you
> mind please including this, as well?  Our CI is quite red for x86...
> 
> EOM
> 

Hi Ingo, while this patch is unnecessary after the series in
tip/x86/boot, it is still needed for 5.9 and older. Would you be able to
send it in for the next -rc? It shouldn't hurt the tip/x86/boot series,
and we can add a revert on top of that later.

Thanks.

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Arvind Sankar]

On Tue, Aug 25, 2020 at 10:56:52AM -0400, Arvind Sankar wrote:
> On Sat, Aug 15, 2020 at 01:56:49PM -0700, Nick Desaulniers wrote:
> > Hi Ingo,
> > I saw you picked up Arvind's other series into x86/boot.  Would you
> > mind please including this, as well?  Our CI is quite red for x86...
> > 
> > EOM
> > 
> 
> Hi Ingo, while this patch is unnecessary after the series in
> tip/x86/boot, it is still needed for 5.9 and older. Would you be able to
> send it in for the next -rc? It shouldn't hurt the tip/x86/boot series,
> and we can add a revert on top of that later.
> 
> Thanks.

Ping.

Thanks.

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Arvind Sankar]

On Tue, Aug 25, 2020 at 10:56:52AM -0400, Arvind Sankar wrote:
> On Sat, Aug 15, 2020 at 01:56:49PM -0700, Nick Desaulniers wrote:
> > Hi Ingo,
> > I saw you picked up Arvind's other series into x86/boot.  Would you
> > mind please including this, as well?  Our CI is quite red for x86...
> > 
> > EOM
> > 
> 
> Hi Ingo, while this patch is unnecessary after the series in
> tip/x86/boot, it is still needed for 5.9 and older. Would you be able to
> send it in for the next -rc? It shouldn't hurt the tip/x86/boot series,
> and we can add a revert on top of that later.
> 
> Thanks.

Ping.

https://lore.kernel.org/lkml/20200812004308.1448603-1-nivedita@alum.mit.edu/

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Ard Biesheuvel]

On Mon, 14 Sep 2020 at 01:34, Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Tue, Aug 25, 2020 at 10:56:52AM -0400, Arvind Sankar wrote:
> > On Sat, Aug 15, 2020 at 01:56:49PM -0700, Nick Desaulniers wrote:
> > > Hi Ingo,
> > > I saw you picked up Arvind's other series into x86/boot.  Would you
> > > mind please including this, as well?  Our CI is quite red for x86...
> > >
> > > EOM
> > >
> >
> > Hi Ingo, while this patch is unnecessary after the series in
> > tip/x86/boot, it is still needed for 5.9 and older. Would you be able to
> > send it in for the next -rc? It shouldn't hurt the tip/x86/boot series,
> > and we can add a revert on top of that later.
> >
> > Thanks.
>
> Ping.
>
> https://lore.kernel.org/lkml/20200812004308.1448603-1-nivedita@alum.mit.edu/

Acked-by: Ard Biesheuvel <ardb@kernel.org>

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Ingo Molnar]

* Ard Biesheuvel <ardb@kernel.org> wrote:

> On Mon, 14 Sep 2020 at 01:34, Arvind Sankar <nivedita@alum.mit.edu> wrote:
> >
> > On Tue, Aug 25, 2020 at 10:56:52AM -0400, Arvind Sankar wrote:
> > > On Sat, Aug 15, 2020 at 01:56:49PM -0700, Nick Desaulniers wrote:
> > > > Hi Ingo,
> > > > I saw you picked up Arvind's other series into x86/boot.  Would you
> > > > mind please including this, as well?  Our CI is quite red for x86...
> > > >
> > > > EOM
> > > >
> > >
> > > Hi Ingo, while this patch is unnecessary after the series in
> > > tip/x86/boot, it is still needed for 5.9 and older. Would you be able to
> > > send it in for the next -rc? It shouldn't hurt the tip/x86/boot series,
> > > and we can add a revert on top of that later.
> > >
> > > Thanks.
> >
> > Ping.
> >
> > https://lore.kernel.org/lkml/20200812004308.1448603-1-nivedita@alum.mit.edu/
> 
> Acked-by: Ard Biesheuvel <ardb@kernel.org>

Thanks guys - queued up in tip:x86/urgent.

	Ingo

Re: [PATCH v2] x86/boot/compressed: Disable relocation relaxation

[Sedat Dilek]

On Mon, Sep 14, 2020 at 11:16 AM Ingo Molnar <mingo@kernel.org> wrote:
>
>
> * Ard Biesheuvel <ardb@kernel.org> wrote:
>
> > On Mon, 14 Sep 2020 at 01:34, Arvind Sankar <nivedita@alum.mit.edu> wrote:
> > >
> > > On Tue, Aug 25, 2020 at 10:56:52AM -0400, Arvind Sankar wrote:
> > > > On Sat, Aug 15, 2020 at 01:56:49PM -0700, Nick Desaulniers wrote:
> > > > > Hi Ingo,
> > > > > I saw you picked up Arvind's other series into x86/boot.  Would you
> > > > > mind please including this, as well?  Our CI is quite red for x86...
> > > > >
> > > > > EOM
> > > > >
> > > >
> > > > Hi Ingo, while this patch is unnecessary after the series in
> > > > tip/x86/boot, it is still needed for 5.9 and older. Would you be able to
> > > > send it in for the next -rc? It shouldn't hurt the tip/x86/boot series,
> > > > and we can add a revert on top of that later.
> > > >
> > > > Thanks.
> > >
> > > Ping.
> > >
> > > https://lore.kernel.org/lkml/20200812004308.1448603-1-nivedita@alum.mit.edu/
> >
> > Acked-by: Ard Biesheuvel <ardb@kernel.org>
>
> Thanks guys - queued up in tip:x86/urgent.
>

Thanks.
Did you push it?

Git-Web on <git.kernel.org> seems to be slow this Morning - checked
Linus Git an hour ago.
Does Anyone know what's going on?

- Sedat

[tip: x86/urgent] x86/boot/compressed: Disable relocation relaxation

[tip-bot2 for Arvind Sankar]

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     09e43968db40c33a73e9ddbfd937f46d5c334924
Gitweb:        https://git.kernel.org/tip/09e43968db40c33a73e9ddbfd937f46d5c334924
Author:        Arvind Sankar <nivedita@alum.mit.edu>
AuthorDate:    Tue, 11 Aug 2020 20:43:08 -04:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Mon, 14 Sep 2020 11:14:45 +02:00

x86/boot/compressed: Disable relocation relaxation

The x86-64 psABI [0] specifies special relocation types
(R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset
Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker
can take advantage of for optimization (relaxation) at link time. This
is supported by LLD and binutils versions 2.26 onwards.

The compressed kernel is position-independent code, however, when using
LLD or binutils versions before 2.27, it must be linked without the -pie
option. In this case, the linker may optimize certain instructions into
a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo.

This potential issue has been present with LLD and binutils-2.26 for a
long time, but it has never manifested itself before now:

- LLD and binutils-2.26 only relax
	movq	foo@GOTPCREL(%rip), %reg
  to
	leaq	foo(%rip), %reg
  which is still position-independent, rather than
	mov	$foo, %reg
  which is permitted by the psABI when -pie is not enabled.

- GCC happens to only generate GOTPCREL relocations on mov instructions.

- CLang does generate GOTPCREL relocations on non-mov instructions, but
  when building the compressed kernel, it uses its integrated assembler
  (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as),
  which has so far defaulted to not generating the GOTPCRELX
  relocations.

Nick Desaulniers reports [1,2]:

  "A recent change [3] to a default value of configuration variable
   (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's
   integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX
   relocations. LLD will relax instructions with these relocations based
   on whether the image is being linked as position independent or not.
   When not, then LLD will relax these instructions to use absolute
   addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with
   Clang and linked with LLD to fail to boot."

Patch series [4] is a solution to allow the compressed kernel to be
linked with -pie unconditionally, but even if merged is unlikely to be
backported. As a simple solution that can be applied to stable as well,
prevent the assembler from generating the relaxed relocation types using
the -mrelax-relocations=no option. For ease of backporting, do this
unconditionally.

[0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65
[1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/
[2] https://github.com/ClangBuiltLinux/linux/issues/1121
[3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0
[4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/

Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200812004308.1448603-1-nivedita@alum.mit.edu
---
 arch/x86/boot/compressed/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 3962f59..ff7894f 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -43,6 +43,8 @@ KBUILD_CFLAGS += -Wno-pointer-sign
 KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
 KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
 KBUILD_CFLAGS += -D__DISABLE_EXPORTS
+# Disable relocation relaxation in case the link is not PIE.
+KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no)
 
 KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 GCOV_PROFILE := n