[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171012155114.GA22393@x4>
Date: Thu, 12 Oct 2017 17:51:14 +0200
From: Markus Trippelsdorf <markus@...ppelsdorf.de>
To: Thomas Garnier <thgarnie@...gle.com>
Cc: Tom Lendacky <thomas.lendacky@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S . Miller" <davem@...emloft.net>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, "H . Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>, Arnd Bergmann <arnd@...db.de>,
Kees Cook <keescook@...omium.org>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Matthias Kaehlcke <mka@...omium.org>,
Andy Lutomirski <luto@...nel.org>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Borislav Petkov <bp@...e.de>,
"Rafael J . Wysocki" <rjw@...ysocki.net>,
Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>,
Juergen Gross <jgross@...e.com>, Chris Wright <chrisw@...s-sol.org>,
Alok Kataria <akataria@...are.com>,
Rusty Russell <rusty@...tcorp.com.au>, Tejun Heo <tj@...nel.org>,
Christoph Lameter <cl@...ux.com>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Paul Gortmaker <paul.gortmaker@...driver.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Alexey Dobriyan <adobriyan@...il.com>,
"Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>,
Nicolas Pitre <nicolas.pitre@...aro.org>,
Borislav Petkov <bp@...en8.de>,
"Luis R . Rodriguez" <mcgrof@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Christopher Li <sparse@...isli.org>,
Steven Rostedt <rostedt@...dmis.org>,
Jason Baron <jbaron@...mai.com>,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
Dou Liyang <douly.fnst@...fujitsu.com>,
"Rafael J . Wysocki" <rafael.j.wysocki@...el.com>,
Lukas Wunner <lukas@...ner.de>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Joerg Roedel <joro@...tes.org>, Rik van Riel <riel@...hat.com>,
David Howells <dhowells@...hat.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Waiman Long <longman@...hat.com>, Kyle Huey <me@...ehuey.com>,
Jonathan Corbet <corbet@....net>, Michal Hocko <mhocko@...e.com>,
Peter Foley <pefoley2@...oley.com>, Paul Bolle <pebolle@...cali.nl>,
Jiri Kosina <jkosina@...e.cz>, "H . J . Lu" <hjl.tools@...il.com>,
Rob Landley <rob@...dley.net>, Baoquan He <bhe@...hat.com>,
Jan H . Schönherr <jschoenh@...zon.de>,
Daniel Micay <danielmicay@...il.com>,
the arch/x86 maintainers <x86@...nel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Linux PM list <linux-pm@...r.kernel.org>,
virtualization@...ts.linux-foundation.org,
xen-devel <xen-devel@...ts.xenproject.org>,
linux-arch <linux-arch@...r.kernel.org>,
Sparse Mailing-list <linux-sparse@...r.kernel.org>,
kvm list <kvm@...r.kernel.org>, linux-doc@...r.kernel.org,
Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH v1 00/27] x86: PIE support and option to extend KASLR
randomization
On 2017.10.12 at 08:34 -0700, Thomas Garnier wrote:
> On Wed, Oct 11, 2017 at 2:34 PM, Tom Lendacky <thomas.lendacky@....com> wrote:
> > On 10/11/2017 3:30 PM, Thomas Garnier wrote:
> >> Changes:
> >> - patch v1:
> >> - Simplify ftrace implementation.
> >> - Use gcc mstack-protector-guard-reg=%gs with PIE when possible.
> >> - rfc v3:
> >> - Use --emit-relocs instead of -pie to reduce dynamic relocation space on
> >> mapped memory. It also simplifies the relocation process.
> >> - Move the start the module section next to the kernel. Remove the need for
> >> -mcmodel=large on modules. Extends module space from 1 to 2G maximum.
> >> - Support for XEN PVH as 32-bit relocations can be ignored with
> >> --emit-relocs.
> >> - Support for GOT relocations previously done automatically with -pie.
> >> - Remove need for dynamic PLT in modules.
> >> - Support dymamic GOT for modules.
> >> - rfc v2:
> >> - Add support for global stack cookie while compiler default to fs without
> >> mcmodel=kernel
> >> - Change patch 7 to correctly jump out of the identity mapping on kexec load
> >> preserve.
> >>
> >> These patches make the changes necessary to build the kernel as Position
> >> Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below
> >> the top 2G of the virtual address space. It allows to optionally extend the
> >> KASLR randomization range from 1G to 3G.
> >
> > Hi Thomas,
> >
> > I've applied your patches so that I can verify that SME works with PIE.
> > Unfortunately, I'm running into build warnings and errors when I enable
> > PIE.
> >
> > With CONFIG_STACK_VALIDATION=y I receive lots of messages like this:
> >
> > drivers/scsi/libfc/fc_exch.o: warning: objtool: fc_destroy_exch_mgr()+0x0: call without frame pointer save/setup
> >
> > Disabling CONFIG_STACK_VALIDATION suppresses those.
>
> I ran into that, I plan to fix it in the next iteration.
>
> >
> > But near the end of the build, I receive errors like this:
> >
> > arch/x86/kernel/setup.o: In function `dump_kernel_offset':
> > .../arch/x86/kernel/setup.c:801:(.text+0x32): relocation truncated to fit: R_X86_64_32S against symbol `_text' defined in .text section in .tmp_vmlinux1
> > .
> > . about 10 more of the above type messages
> > .
> > make: *** [vmlinux] Error 1
> > Error building kernel, exiting
> >
> > Are there any config options that should or should not be enabled when
> > building with PIE enabled? Is there a compiler requirement for PIE (I'm
> > using gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.5))?
>
> I never ran into these ones and I tested compilers older and newer.
> What was your exact configuration?
I get with gcc trunk and CONFIG_RANDOMIZE_BASE_LARGE=y:
...
MODPOST vmlinux.o
ld: failed to convert GOTPCREL relocation; relink with --no-relax
and after adding --no-relax to vmlinux_link() in scripts/link-vmlinux.sh:
MODPOST vmlinux.o
virt/kvm/vfio.o: In function `kvm_vfio_update_coherency.isra.4':
vfio.c:(.text+0x63): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_external_check_extension'
virt/kvm/vfio.o: In function `kvm_vfio_destroy':
vfio.c:(.text+0xf7): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_set_kvm'
vfio.c:(.text+0x10a): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_put_external_user'
virt/kvm/vfio.o: In function `kvm_vfio_set_attr':
vfio.c:(.text+0x2bc): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_external_group_match_file'
vfio.c:(.text+0x307): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_set_kvm'
vfio.c:(.text+0x31a): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_put_external_user'
vfio.c:(.text+0x3b9): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_get_external_user'
vfio.c:(.text+0x462): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_set_kvm'
vfio.c:(.text+0x4bd): relocation truncated to fit: R_X86_64_PLT32 against undefined symbol `vfio_group_put_external_user'
make: *** [Makefile:1000: vmlinux] Error 1
Works fine with CONFIG_RANDOMIZE_BASE_LARGE unset.
--
Markus
Download attachment "config.gz" of type "application/x-gunzip" (19847 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
