| Message ID | 20210205113930.GD17488@zn.tnic (mailing list archive) |
|---|---|
| State | Deferred, archived |
| Headers | show |
| Series | x86/efi: Remove EFI PGD build time checks | expand |
On Fri, 5 Feb 2021 at 12:39, Borislav Petkov <bp@alien8.de> wrote: > > From: Borislav Petkov <bp@suse.de> > > With CONFIG_X86_5LEVEL, CONFIG_UBSAN and CONFIG_UBSAN_UNSIGNED_OVERFLOW > enabled, clang fails the build with > > x86_64-linux-ld: arch/x86/platform/efi/efi_64.o: in function `efi_sync_low_kernel_mappings': > efi_64.c:(.text+0x22c): undefined reference to `__compiletime_assert_354' > > which happens due to -fsanitize=unsigned-integer-overflow being enabled: > > -fsanitize=unsigned-integer-overflow: Unsigned integer overflow, where > the result of an unsigned integer computation cannot be represented > in its type. Unlike signed integer overflow, this is not undefined > behavior, but it is often unintentional. This sanitizer does not check > for lossy implicit conversions performed before such a computation > (see -fsanitize=implicit-conversion). > > and that fires when the (intentional) EFI_VA_START/END defines overflow > an unsigned long, leading to the assertion expressions not getting > optimized away (on GCC they do)... > > However, those checks are superfluous: the runtime services mapping > code already makes sure the ranges don't overshoot EFI_VA_END as the > EFI mapping range is hardcoded. On each runtime services call, it is > switched to the EFI-specific PGD and even if mappings manage to escape > that last PGD, this won't remain unnoticed for long. > > So rip them out. > > See https://github.com/ClangBuiltLinux/linux/issues/256 for more info. > > Reported-by: Arnd Bergmann <arnd@arndb.de> > Link: http://lkml.kernel.org/r/20210107223424.4135538-1-arnd@kernel.org > Signed-off-by: Borislav Petkov <bp@suse.de> Acked-by: Ard Biesheuvel <ardb@kernel.org> > --- > arch/x86/platform/efi/efi_64.c | 19 ------------------- > 1 file changed, 19 deletions(-) > > diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c > index e1e8d4e3a213..8efd003540ca 100644 > --- a/arch/x86/platform/efi/efi_64.c > +++ b/arch/x86/platform/efi/efi_64.c > @@ -115,31 +115,12 @@ void efi_sync_low_kernel_mappings(void) > pud_t *pud_k, *pud_efi; > pgd_t *efi_pgd = efi_mm.pgd; > > - /* > - * We can share all PGD entries apart from the one entry that > - * covers the EFI runtime mapping space. > - * > - * Make sure the EFI runtime region mappings are guaranteed to > - * only span a single PGD entry and that the entry also maps > - * other important kernel regions. > - */ > - MAYBE_BUILD_BUG_ON(pgd_index(EFI_VA_END) != pgd_index(MODULES_END)); > - MAYBE_BUILD_BUG_ON((EFI_VA_START & PGDIR_MASK) != > - (EFI_VA_END & PGDIR_MASK)); > - > pgd_efi = efi_pgd + pgd_index(PAGE_OFFSET); > pgd_k = pgd_offset_k(PAGE_OFFSET); > > num_entries = pgd_index(EFI_VA_END) - pgd_index(PAGE_OFFSET); > memcpy(pgd_efi, pgd_k, sizeof(pgd_t) * num_entries); > > - /* > - * As with PGDs, we share all P4D entries apart from the one entry > - * that covers the EFI runtime mapping space. > - */ > - BUILD_BUG_ON(p4d_index(EFI_VA_END) != p4d_index(MODULES_END)); > - BUILD_BUG_ON((EFI_VA_START & P4D_MASK) != (EFI_VA_END & P4D_MASK)); > - > pgd_efi = efi_pgd + pgd_index(EFI_VA_END); > pgd_k = pgd_offset_k(EFI_VA_END); > p4d_efi = p4d_offset(pgd_efi, 0); > -- > 2.29.2 > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette
On Fri, Feb 5, 2021 at 3:39 AM Borislav Petkov <bp@alien8.de> wrote: > > From: Borislav Petkov <bp@suse.de> > > With CONFIG_X86_5LEVEL, CONFIG_UBSAN and CONFIG_UBSAN_UNSIGNED_OVERFLOW > enabled, clang fails the build with > > x86_64-linux-ld: arch/x86/platform/efi/efi_64.o: in function `efi_sync_low_kernel_mappings': > efi_64.c:(.text+0x22c): undefined reference to `__compiletime_assert_354' > > which happens due to -fsanitize=unsigned-integer-overflow being enabled: > > -fsanitize=unsigned-integer-overflow: Unsigned integer overflow, where > the result of an unsigned integer computation cannot be represented > in its type. Unlike signed integer overflow, this is not undefined > behavior, but it is often unintentional. This sanitizer does not check > for lossy implicit conversions performed before such a computation > (see -fsanitize=implicit-conversion). > > and that fires when the (intentional) EFI_VA_START/END defines overflow > an unsigned long, leading to the assertion expressions not getting > optimized away (on GCC they do)... > > However, those checks are superfluous: the runtime services mapping > code already makes sure the ranges don't overshoot EFI_VA_END as the > EFI mapping range is hardcoded. On each runtime services call, it is > switched to the EFI-specific PGD and even if mappings manage to escape > that last PGD, this won't remain unnoticed for long. > > So rip them out. > > See https://github.com/ClangBuiltLinux/linux/issues/256 for more info. > > Reported-by: Arnd Bergmann <arnd@arndb.de> > Link: http://lkml.kernel.org/r/20210107223424.4135538-1-arnd@kernel.org > Signed-off-by: Borislav Petkov <bp@suse.de> Thanks, this fixes the failed assertion for me. Tested-by: Nick Desaulniers <ndesaulniers@google.com> (https://lore.kernel.org/lkml/20201230154104.522605-1-arnd@kernel.org/ is needed to finish a build of that configuration; going to chase that next) (consider applying Arvind's+Ard's suggested by tag) > --- > arch/x86/platform/efi/efi_64.c | 19 ------------------- > 1 file changed, 19 deletions(-) > > diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c > index e1e8d4e3a213..8efd003540ca 100644 > --- a/arch/x86/platform/efi/efi_64.c > +++ b/arch/x86/platform/efi/efi_64.c > @@ -115,31 +115,12 @@ void efi_sync_low_kernel_mappings(void) > pud_t *pud_k, *pud_efi; > pgd_t *efi_pgd = efi_mm.pgd; > > - /* > - * We can share all PGD entries apart from the one entry that > - * covers the EFI runtime mapping space. > - * > - * Make sure the EFI runtime region mappings are guaranteed to > - * only span a single PGD entry and that the entry also maps > - * other important kernel regions. > - */ > - MAYBE_BUILD_BUG_ON(pgd_index(EFI_VA_END) != pgd_index(MODULES_END)); > - MAYBE_BUILD_BUG_ON((EFI_VA_START & PGDIR_MASK) != > - (EFI_VA_END & PGDIR_MASK)); > - > pgd_efi = efi_pgd + pgd_index(PAGE_OFFSET); > pgd_k = pgd_offset_k(PAGE_OFFSET); > > num_entries = pgd_index(EFI_VA_END) - pgd_index(PAGE_OFFSET); > memcpy(pgd_efi, pgd_k, sizeof(pgd_t) * num_entries); > > - /* > - * As with PGDs, we share all P4D entries apart from the one entry > - * that covers the EFI runtime mapping space. > - */ > - BUILD_BUG_ON(p4d_index(EFI_VA_END) != p4d_index(MODULES_END)); > - BUILD_BUG_ON((EFI_VA_START & P4D_MASK) != (EFI_VA_END & P4D_MASK)); > - > pgd_efi = efi_pgd + pgd_index(EFI_VA_END); > pgd_k = pgd_offset_k(EFI_VA_END); > p4d_efi = p4d_offset(pgd_efi, 0); > -- > 2.29.2 > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette
On Fri, Feb 05, 2021 at 12:39:30PM +0100, Borislav Petkov wrote: > From: Borislav Petkov <bp@suse.de> > > With CONFIG_X86_5LEVEL, CONFIG_UBSAN and CONFIG_UBSAN_UNSIGNED_OVERFLOW > enabled, clang fails the build with > > x86_64-linux-ld: arch/x86/platform/efi/efi_64.o: in function `efi_sync_low_kernel_mappings': > efi_64.c:(.text+0x22c): undefined reference to `__compiletime_assert_354' > > which happens due to -fsanitize=unsigned-integer-overflow being enabled: > > -fsanitize=unsigned-integer-overflow: Unsigned integer overflow, where > the result of an unsigned integer computation cannot be represented > in its type. Unlike signed integer overflow, this is not undefined > behavior, but it is often unintentional. This sanitizer does not check > for lossy implicit conversions performed before such a computation > (see -fsanitize=implicit-conversion). > > and that fires when the (intentional) EFI_VA_START/END defines overflow > an unsigned long, leading to the assertion expressions not getting > optimized away (on GCC they do)... > > However, those checks are superfluous: the runtime services mapping > code already makes sure the ranges don't overshoot EFI_VA_END as the > EFI mapping range is hardcoded. On each runtime services call, it is > switched to the EFI-specific PGD and even if mappings manage to escape > that last PGD, this won't remain unnoticed for long. > > So rip them out. > > See https://github.com/ClangBuiltLinux/linux/issues/256 for more info. > > Reported-by: Arnd Bergmann <arnd@arndb.de> > Link: http://lkml.kernel.org/r/20210107223424.4135538-1-arnd@kernel.org > Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Nathan Chancellor <nathan@kernel.org> Tested-by: Nathan Chancellor <nathan@kernel.org> > --- > arch/x86/platform/efi/efi_64.c | 19 ------------------- > 1 file changed, 19 deletions(-) > > diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c > index e1e8d4e3a213..8efd003540ca 100644 > --- a/arch/x86/platform/efi/efi_64.c > +++ b/arch/x86/platform/efi/efi_64.c > @@ -115,31 +115,12 @@ void efi_sync_low_kernel_mappings(void) > pud_t *pud_k, *pud_efi; > pgd_t *efi_pgd = efi_mm.pgd; > > - /* > - * We can share all PGD entries apart from the one entry that > - * covers the EFI runtime mapping space. > - * > - * Make sure the EFI runtime region mappings are guaranteed to > - * only span a single PGD entry and that the entry also maps > - * other important kernel regions. > - */ > - MAYBE_BUILD_BUG_ON(pgd_index(EFI_VA_END) != pgd_index(MODULES_END)); > - MAYBE_BUILD_BUG_ON((EFI_VA_START & PGDIR_MASK) != > - (EFI_VA_END & PGDIR_MASK)); > - > pgd_efi = efi_pgd + pgd_index(PAGE_OFFSET); > pgd_k = pgd_offset_k(PAGE_OFFSET); > > num_entries = pgd_index(EFI_VA_END) - pgd_index(PAGE_OFFSET); > memcpy(pgd_efi, pgd_k, sizeof(pgd_t) * num_entries); > > - /* > - * As with PGDs, we share all P4D entries apart from the one entry > - * that covers the EFI runtime mapping space. > - */ > - BUILD_BUG_ON(p4d_index(EFI_VA_END) != p4d_index(MODULES_END)); > - BUILD_BUG_ON((EFI_VA_START & P4D_MASK) != (EFI_VA_END & P4D_MASK)); > - > pgd_efi = efi_pgd + pgd_index(EFI_VA_END); > pgd_k = pgd_offset_k(EFI_VA_END); > p4d_efi = p4d_offset(pgd_efi, 0); > -- > 2.29.2 > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index e1e8d4e3a213..8efd003540ca 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -115,31 +115,12 @@ void efi_sync_low_kernel_mappings(void) pud_t *pud_k, *pud_efi; pgd_t *efi_pgd = efi_mm.pgd; - /* - * We can share all PGD entries apart from the one entry that - * covers the EFI runtime mapping space. - * - * Make sure the EFI runtime region mappings are guaranteed to - * only span a single PGD entry and that the entry also maps - * other important kernel regions. - */ - MAYBE_BUILD_BUG_ON(pgd_index(EFI_VA_END) != pgd_index(MODULES_END)); - MAYBE_BUILD_BUG_ON((EFI_VA_START & PGDIR_MASK) != - (EFI_VA_END & PGDIR_MASK)); - pgd_efi = efi_pgd + pgd_index(PAGE_OFFSET); pgd_k = pgd_offset_k(PAGE_OFFSET); num_entries = pgd_index(EFI_VA_END) - pgd_index(PAGE_OFFSET); memcpy(pgd_efi, pgd_k, sizeof(pgd_t) * num_entries); - /* - * As with PGDs, we share all P4D entries apart from the one entry - * that covers the EFI runtime mapping space. - */ - BUILD_BUG_ON(p4d_index(EFI_VA_END) != p4d_index(MODULES_END)); - BUILD_BUG_ON((EFI_VA_START & P4D_MASK) != (EFI_VA_END & P4D_MASK)); - pgd_efi = efi_pgd + pgd_index(EFI_VA_END); pgd_k = pgd_offset_k(EFI_VA_END); p4d_efi = p4d_offset(pgd_efi, 0);