On Wed, Jul 13, 2022 at 09:46:58AM -0700, KernelCI bot wrote:
The KernelCI bisection bot found a boot failure on x86-64 on at least a qemu system with 32 bit EDK2 firmware triggered by a backport of upstream commit aa3d480315ba6c30 ("x86: Use return-thunk in asm code"). The boot fails with:
<6>[ 0.324425] Calibrating delay loop (skipped), value calculated using timer frequency.. 3592.02 BogoMIPS (lpj=1796010) <6>[ 0.325417] pid_max: default: 32768 minimum: 301 <2>[ 0.326744] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) <1>[ 0.327415] BUG: unable to handle page fault for address: 000000000e6038c0 <1>[ 0.327415] #PF: supervisor instruction fetch in kernel mode <1>[ 0.327415] #PF: error_code(0x0011) - permissions violation
...
<4>[ 0.327415] Call Trace: <4>[ 0.327415] <TASK> <4>[ 0.327415] ? efi_set_virtual_address_map+0x65/0x103 <4>[ 0.327415] ? efi_enter_virtual_mode+0x39e/0x3f9 <4>[ 0.327415] ? start_kernel+0x5be/0x65a <4>[ 0.327415] ? secondary_startup_64_no_verify+0xc2/0xcb <4>[ 0.327415] </TASK>
The full boot log from a failed boot can be seen at:
https://storage.kernelci.org/stable-rc/queue-5.15/v5.15.54-78-ga5f899726e59/...
I've left the full report below with more details (including a log of the bisection) and a tag from the bot below. The 32 bit EFI on x86-64 combination is unfortunately a thing some physical systems do.
- This automated bisection report was sent to you on the basis *
- that you may be involved with the breaking commit it has *
- found. No manual investigation has been done to verify it, *
- and the root cause of the problem may be somewhere else. *
*- If you do send a fix, please include this trailer: *
- Reported-by: "kernelci.org bot" bot@kernelci.org *
*- Hope this helps! *
stable-rc/queue/5.15 bisection: baseline.login on qemu_x86_64-uefi-mixed
Summary: Start: a5f899726e592 x86/static_call: Serialize __static_call_fixup() properly Plain log: https://storage.kernelci.org/stable-rc/queue/5.15/v5.15.54-78-ga5f899726e59/... HTML log: https://storage.kernelci.org/stable-rc/queue/5.15/v5.15.54-78-ga5f899726e59/... Result: a02ac6ab73cc3 x86: Use return-thunk in asm code
Checks: revert: PASS verify: PASS
Parameters: Tree: stable-rc URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Branch: queue/5.15 Target: qemu_x86_64-uefi-mixed CPU arch: x86_64 Lab: lab-baylibre Compiler: gcc-10 Config: x86_64_defconfig Test case: baseline.login
Breaking commit found:
commit a02ac6ab73cc327552cb12e13b740e3c8a118bf6 Author: Peter Zijlstra peterz@infradead.org Date: Tue Jun 14 23:15:45 2022 +0200
x86: Use return-thunk in asm codecommit aa3d480315ba6c3025a60958e1981072ea37c3df upstream. Use the return thunk in asm code. If the thunk isn't needed, it will get patched into a RET instruction during boot by apply_returns(). Since alternatives can't handle relocations outside of the first instruction, putting a 'jmp __x86_return_thunk' in one is not valid, therefore carve out the memmove ERMS path into a separate label and jump to it. Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Signed-off-by: Borislav Petkov bp@suse.de Reviewed-by: Josh Poimboeuf jpoimboe@kernel.org Signed-off-by: Borislav Petkov bp@suse.de [cascardo: no RANDSTRUCT_CFLAGS] Signed-off-by: Thadeu Lima de Souza Cascardo cascardo@canonical.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index a2dddcc189f69..c8891d3b38d30 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -92,6 +92,7 @@ endif endif $(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_AFLAGS += -DBUILD_VDSO # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. diff --git a/arch/x86/include/asm/linkage.h b/arch/x86/include/asm/linkage.h index 030907922bd07..d04e61c2f863c 100644 --- a/arch/x86/include/asm/linkage.h +++ b/arch/x86/include/asm/linkage.h @@ -18,19 +18,27 @@ #define __ALIGN_STR __stringify(__ALIGN) #endif +#if defined(CONFIG_RETPOLINE) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO) +#define RET jmp __x86_return_thunk +#else /* CONFIG_RETPOLINE */ #ifdef CONFIG_SLS #define RET ret; int3 #else #define RET ret #endif +#endif /* CONFIG_RETPOLINE */ #else /* __ASSEMBLY__ */ +#if defined(CONFIG_RETPOLINE) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO) +#define ASM_RET "jmp __x86_return_thunk\n\t" +#else /* CONFIG_RETPOLINE */ #ifdef CONFIG_SLS #define ASM_RET "ret; int3\n\t" #else #define ASM_RET "ret\n\t" #endif +#endif /* CONFIG_RETPOLINE */ #endif /* __ASSEMBLY__ */ diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S index 50ea390df7128..4b8ee3a2fcc37 100644 --- a/arch/x86/lib/memmove_64.S +++ b/arch/x86/lib/memmove_64.S @@ -40,7 +40,7 @@ SYM_FUNC_START(__memmove) /* FSRM implies ERMS => no length checks, do the copy directly */ .Lmemmove_begin_forward: ALTERNATIVE "cmp $0x20, %rdx; jb 1f", "", X86_FEATURE_FSRM
- ALTERNATIVE "", __stringify(movq %rdx, %rcx; rep movsb; RET), X86_FEATURE_ERMS
- ALTERNATIVE "", "jmp .Lmemmove_erms", X86_FEATURE_ERMS
/* * movsq instruction have many startup latency @@ -206,6 +206,11 @@ SYM_FUNC_START(__memmove) movb %r11b, (%rdi) 13: RET
+.Lmemmove_erms:
- movq %rdx, %rcx
- rep movsb
- RET
SYM_FUNC_END(__memmove) SYM_FUNC_END_ALIAS(memmove) EXPORT_SYMBOL(__memmove)
Git bisection log:
git bisect start # good: [8bb7eca972ad531c9b149c0a51ab43a417385813] Linux 5.15 git bisect good 8bb7eca972ad531c9b149c0a51ab43a417385813 # bad: [a5f899726e5928dd5640ec76f6d35bbefc7d19b4] x86/static_call: Serialize __static_call_fixup() properly git bisect bad a5f899726e5928dd5640ec76f6d35bbefc7d19b4 # good: [39738a2346b270e8f72f88d8856de2c167bd2899] ibmvnic: free reset-work-item when flushing git bisect good 39738a2346b270e8f72f88d8856de2c167bd2899 # good: [11f5f236dbd6e685356e10f158e306e592cb70ff] kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU git bisect good 11f5f236dbd6e685356e10f158e306e592cb70ff # good: [0b011b408f349e76f7903a477870051f94c7e119] tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() git bisect good 0b011b408f349e76f7903a477870051f94c7e119 # good: [f7fa3263079c55e2bbdcd5ff763c19b665e329ed] drm/msm: Fix double pm_runtime_disable() call git bisect good f7fa3263079c55e2bbdcd5ff763c19b665e329ed # good: [16b7cb2803bf088ed08e026f70fa9ac04f3c9800] memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash git bisect good 16b7cb2803bf088ed08e026f70fa9ac04f3c9800 # good: [3b9f491386698a7e39680cb3c375e62d0cae457d] btrfs: fix use of uninitialized variable at rm device ioctl git bisect good 3b9f491386698a7e39680cb3c375e62d0cae457d # good: [445d1c4b5642518587808c59f0faec9b7b4d3fe2] x86/asm: Fix register order git bisect good 445d1c4b5642518587808c59f0faec9b7b4d3fe2 # bad: [e9acb6c4a96ae59548659eca7d1c95e2ff892658] x86/bugs: Enable STIBP for JMP2RET git bisect bad e9acb6c4a96ae59548659eca7d1c95e2ff892658 # good: [3319d4d152b047d01ddea3094f72d26e601a817b] x86/retpoline: Swizzle retpoline thunk git bisect good 3319d4d152b047d01ddea3094f72d26e601a817b # good: [ae13a2bad9d648d4ebf05511a9f606ca2fd27de3] x86/kvm: Fix SETcc emulation for return thunks git bisect good ae13a2bad9d648d4ebf05511a9f606ca2fd27de3 # bad: [18de59c1eee14fcb121422919f51a47a449c812e] x86/entry: Avoid very early RET git bisect bad 18de59c1eee14fcb121422919f51a47a449c812e # good: [2c90fcb95d0ad54074480cf6b9c601348180da59] x86/sev: Avoid using __x86_return_thunk git bisect good 2c90fcb95d0ad54074480cf6b9c601348180da59 # bad: [a02ac6ab73cc327552cb12e13b740e3c8a118bf6] x86: Use return-thunk in asm code git bisect bad a02ac6ab73cc327552cb12e13b740e3c8a118bf6
# first bad commit: [a02ac6ab73cc327552cb12e13b740e3c8a118bf6] x86: Use return-thunk in asm code
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#29281): https://groups.io/g/kernelci-results/message/29281 Mute This Topic: https://groups.io/mt/92361801/1131744 Group Owner: kernelci-results+owner@groups.io Unsubscribe: https://groups.io/g/kernelci-results/unsub [broonie@kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
linux-stable-mirror@lists.linaro.org
-
Mark Brown