Re: Hang when booting guest kernels compiled with clang after SRSO mitigations

From: Nathan Chancellor
Date: Thu Aug 10 2023 - 09:41:04 EST


On Thu, Aug 10, 2023 at 03:32:16PM +0200, Borislav Petkov wrote:
> On Thu, Aug 10, 2023 at 06:27:06AM -0700, Nathan Chancellor wrote:
> > But my host kernel was compiled using GCC 13.2.0 from kernel.org for the
> > sake of testing to see if the compiler used to build the host kernel had
> > an impact on the problem and it did not.
>
> Ok, now I'm confused.

Heh, so was I at first when I was doing my regular build and boot tests
of -next :P

> Lemme see if I understand it correctly:
>
> host kernel:
> - SRSO enabled
> - built with gcc
>
> guest kernel:
> - built with clang
> - SRSO not necessary
>
> Is that the scenario?

Yes, that should be correct.

Host kernel string:

6.5.0-rc5-00039-g138bcddb86d8 (nathan@dev-arch.thelio-3990X) (x86_64-linux-gcc (GCC) 13.2.0, GNU ld (GNU Binutils) 2.41) #1 SMP PREEMPT_DYNAMIC Wed Aug 9 17:34:43 MST 2023

Guest kernel string:

6.5.0-rc5 (nathan@dev-arch.thelio-3990X) (ClangBuiltLinux clang version 16.0.6 (https://github.com/llvm/llvm-project 7cbf1a2591520c2491aa35339f227775f4d3adf6), GNU ld (GNU Binutils) 2.41.50.20230809) #1 SMP PREEMPT_DYNAMIC Wed Aug 9 16:54:33 MST 2023

> Anything else?

Shouldn't be. As I noted in the original email, it seems something
specific to the safe-ret mitigation as I don't see the problem with
ibpb, that would be a good canary for making sure that you see the same
behavior.

Cheers,
Nathan