Re: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable
From: Fangrui Song
Date: Wed Nov 01 2023 - 17:23:28 EST
On Mon, Oct 30, 2023 at 10:19 AM Brian Gerst <brgerst@xxxxxxxxx> wrote:
>
> On Mon, Oct 30, 2023 at 11:24 AM Nick Desaulniers
> <ndesaulniers@xxxxxxxxxx> wrote:
> >
> > On Sun, Oct 29, 2023 at 10:01 AM Brian Gerst <brgerst@xxxxxxxxx> wrote:
> > >
> > > On Sun, Oct 29, 2023 at 2:56 AM Brian Gerst <brgerst@xxxxxxxxx> wrote:
> > > >
> > > > On Sat, Oct 28, 2023 at 9:26 PM kernel test robot <lkp@xxxxxxxxx> wrote:
> > > > >
> > > > > Hi Brian,
> > > > >
> > > > > kernel test robot noticed the following build errors:
> > > > >
> > > > > [auto build test ERROR on tip/master]
> > > > > [also build test ERROR on next-20231027]
> > > > > [cannot apply to tip/x86/core dennis-percpu/for-next linus/master tip/auto-latest v6.6-rc7]
> > > > > [If your patch is applied to the wrong git tree, kindly drop us a note.
> > > > > And when submitting patch, we suggest to use '--base' as documented in
> > > > > https://git-scm.com/docs/git-format-patch#_base_tree_information]
> > > > >
> > > > > url: https://github.com/intel-lab-lkp/linux/commits/Brian-Gerst/x86-stackprotector-32-Remove-stack-protector-test-script/20231027-000533
> > > > > base: tip/master
> > > > > patch link: https://lore.kernel.org/r/20231026160100.195099-6-brgerst%40gmail.com
> > > > > patch subject: [PATCH v2 05/11] x86/stackprotector/64: Convert stack protector to normal percpu variable
> > > > > config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@xxxxxxxxx/config)
> > > > > compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> > > > > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231029/202310290927.2MuJJdu9-lkp@xxxxxxxxx/reproduce)
> > > > >
> > > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > > > > the same patch/commit), kindly add following tags
> > > > > | Reported-by: kernel test robot <lkp@xxxxxxxxx>
> > > > > | Closes: https://lore.kernel.org/oe-kbuild-all/202310290927.2MuJJdu9-lkp@xxxxxxxxx/
> > > > >
> > > > > All errors (new ones prefixed by >>):
> > > > >
> > > > > >> Unsupported relocation type: unknown type rel type name (42)
> > > >
> > > > Clang is generating a new relocation type (R_X86_64_REX_GOTPCRELX)
> > > > that the relocs tool doesn't know about. This is supposed to allow
> > > > movq __stack_chk_guard@GOTPCREL(%rip), %rax
> > > > movq %gs:(%rax), %rax
> > > > to be relaxed to
> > > > leaq __stack_chk_guard(%rip), %rax
> > > > movq %gs:(%rax), %rax
> > > >
> > > > But why is clang doing this instead of what GCC does?
> > > > movq %gs:__stack_chk_guard(%rip), %rax
https://github.com/llvm/llvm-project/issues/60116 has some discussions
on this topic.
clang-16 -fno-pic -fstack-protector -mstack-protector-guard-reg=gs
-mstack-protector-guard-symbol=__stack_chk_guard
uses a GOT-generating relocation for __stack_chk_guard. This avoids a
copy relocation for userspace but the kernel seems to really want an
absolute relocation,
so https://reviews.llvm.org/D150841 (milestone: clang 17) has implemented it.
> If an `R_X86_64_32` relocation is used and `__stack_chk_guard` is defined by a shared object, copy relocation. We will need an ELF hack called [copy relocation](https://maskray.me/blog/2021-01-09-copy-relocations-canonical-plt-entries-and-protected).
> > > Digging a bit deeper, there also appears to be differences in how the
> > > linkers behave with this new relocation:
> > >
> > > make CC=clang LD=ld:
> > > ffffffff81002838: 48 c7 c0 c0 5c 42 83 mov $0xffffffff83425cc0,%rax
> > > ffffffff8100283b: R_X86_64_32S __stack_chk_guard
> > > ffffffff8100283f: 65 48 8b 00 mov %gs:(%rax),%rax
> > >
> > > make CC=clang LD=ld.lld:
> > > ffffffff81002838: 48 8d 05 81 34 42 02 lea
> > > 0x2423481(%rip),%rax # ffffffff83425cc0 <__stack_chk_guard>
> > > ffffffff8100283b: R_X86_64_REX_GOTPCRELX
> > > __stack_chk_guard-0x4
> > > ffffffff8100283f: 65 48 8b 00 mov %gs:(%rax),%rax
> > >
> > > The LLVM linker keeps the R_X86_64_REX_GOTPCRELX even after performing
> > > the relaxation. It should be R_X86_64_32S based on it changing to an
> > > LEA instruction. The GNU linker changes it to R_X86_64_32S and a MOV
> > > immediate.
>
> Correction: It should be R_X86_64_PC32 for the LEA instruction.
>
> Brian Gerst
Whether --emit-relocs converts the original relocation type is debatable.
I have some comments on a similar topic on RISC-V:
https://sourceware.org/bugzilla/show_bug.cgi?id=30844#c6
> So it seems that ppc performed conversion can all be described by existing relocation types, which is nice.
>
> However, I do not know whether the property will hold for all current and future RISC-V relaxation schemes.
>
> When investigating relocation overflow pressure for x86-64 small code model, I have found that preserving the original relocation type gives me more information: I can tell how
many R_X86_64_PC32/R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX are
problematic. If they are converted to R_X86_64_PC32/R_X86_64_32, I'd
lose some information.
>
> Perhaps whether the --emit-relocs uses the original relocation type or the transformed relocation type , does not matter for the majority of use cases. E.g. Linux kernel's objtool, seems to perform a sanity check on relocations. It just needs to know the categories of relocations, e.g. absolute/PC-relative, not the exact type.
--
宋方睿