linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Brian Gerst <brgerst@gmail.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	"the arch/x86 maintainers" <x86@kernel.org>,
	Borislav Petkov <bp@alien8.de>,
	Thomas Gleixner <tglx@linutronix.de>,
	"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@kernel.org>
Subject: Re: [PATCH 3/3] x86_64: Use relative per-cpu offsets
Date: Sun, 14 Nov 2021 13:29:46 -0500	[thread overview]
Message-ID: <CAMzpN2jWs8heND7PydKw9CCZ0cjvJgxLMwXXQj45rwR6twpJLw@mail.gmail.com> (raw)
In-Reply-To: <20211114110305.GN174703@worktop.programming.kicks-ass.net>

On Sun, Nov 14, 2021 at 6:03 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> On Sat, Nov 13, 2021 at 11:54:19PM -0500, Brian Gerst wrote:
> > On Sat, Nov 13, 2021 at 8:18 PM Andy Lutomirski <luto@kernel.org> wrote:
> > >
> > >
> > >
> > > On Sat, Nov 13, 2021, at 4:40 AM, Brian Gerst wrote:
> > > > The per-cpu section is currently linked at virtual address 0, because
> > > > older compilers hardcoded the stack protector canary value at a fixed
> > > > offset from the start of the GS segment.  Use a standard relative offset
> > > > as the GS base when the stack protector is disabled, or a newer compiler
> > > > is used that supports a configurable location for the stack canary.
> > >
> > > Can you explain the benefit?  Also, I think we should consider dropping support for the fixed model like we did on x86_32.
> >
> > This patch probably makes more sense if we drop the fixed model, as
> > that gets rid of alot of code that works around having to link the
> > percpu section differently.
>
> Can someone spell out these benefits please? To me having per-cpu start
> at 0 makes perfect sense, how does not having that make things better?

The best reason is that the percpu section is currently not subject to
KASLR.  It actually needs extra support to counter the effects of
relocation.  There have also been a number of linker bugs over the
years that have had to be worked around.

If we were to decide to drop the fixed stack protector the diffstat
would look something like:

 arch/x86/Makefile                         |  19 ++--
 arch/x86/boot/compressed/misc.c           |  12 ---
 arch/x86/entry/entry_64.S                 |   2 +-
 arch/x86/include/asm/percpu.h             |  22 -----
 arch/x86/include/asm/processor.h          |  24 ++---
 arch/x86/include/asm/stackprotector.h     |  13 +--
 arch/x86/kernel/asm-offsets_64.c          |   6 --
 arch/x86/kernel/cpu/common.c              |   8 +-
 arch/x86/kernel/head_64.S                 |  11 ++-
 arch/x86/kernel/irq_64.c                  |   1 -
 arch/x86/kernel/vmlinux.lds.S             |  33 -------
 arch/x86/tools/relocs.c                   | 143 +-----------------------------
 arch/x86/xen/xen-head.S                   |  10 +--
 scripts/gcc-x86_64-has-stack-protector.sh |   2 +-
 14 files changed, 35 insertions(+), 271 deletions(-)

--
Brian Gerst

  reply	other threads:[~2021-11-14 18:30 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-13 12:40 [PATCH 0/3] x86-64: Stack protector and percpu improvements Brian Gerst
2021-11-13 12:40 ` [PATCH 1/3] x86-64: Use per-cpu stack canary if supported by compiler Brian Gerst
2021-11-13 12:40 ` [PATCH 2/3] x86/relocs: Make absolute percpu relocations conditional Brian Gerst
2021-11-13 12:40 ` [PATCH 3/3] x86_64: Use relative per-cpu offsets Brian Gerst
2021-11-14  1:18   ` Andy Lutomirski
2021-11-14  4:24     ` H. Peter Anvin
2021-11-14  4:54     ` Brian Gerst
2021-11-14 11:03       ` Peter Zijlstra
2021-11-14 18:29         ` Brian Gerst [this message]
2021-11-15 18:12           ` Andy Lutomirski
2021-11-15 20:44           ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMzpN2jWs8heND7PydKw9CCZ0cjvJgxLMwXXQj45rwR6twpJLw@mail.gmail.com \
    --to=brgerst@gmail.com \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).