From nobody Fri Jan 31 00:01:13 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A7D31FF1B9 for ; Mon, 27 Jan 2025 11:43:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737978237; cv=none; b=juG/x8XgyYw5F3XCH29i9EzVuZXh+gYbduUrEcbOJdoVY6+7cJD42gIKphfdorhrf8agfSA01e1H5E/ZUGUOc6Eoms4jR3ENUS/J+4r4sxjUMCC2bxifb7dZyyJgOPQ7tk5HptNIU2EUNkiWTNfRdcAYosNiToKGo9YBdNXIYSI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737978237; c=relaxed/simple; bh=h5aAdCiC/z7wmjxSLB+JDCEAThZF/hexIa1w++Mdmb4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VqPhtcxeccaU6y/64W6I0cvV17BMRSGFpv2bzpZWTlLGKKqTuAejPIAa9RtpRz5RkRM2IYEpwZb5k9XFr+BVve+Bz+o6Z3KaUhpuSs628qZTc8nT4Ig8Wabs4MhYFjd2RAd1fOb9cIdYgtmZB2uGT/7gTfVkJyyF2ZKaHkY97zw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=x6EcE05p; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="x6EcE05p" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4362153dcd6so21783855e9.2 for ; Mon, 27 Jan 2025 03:43:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737978234; x=1738583034; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=cMPQzKxm/w/ffiD9n6d2cK5uExb867JwWI9r2LptbiU=; b=x6EcE05pwb7Nd9xfykOufn2LbMRHATMiiRDjUg+N6PThhv/Dr6FXZrgDpnk0EMFSBk imX2PUMzIizqsZLqSBY8I/x3gX34k6GRNQdXXVjNYsELOUbIguEf8IqCeXe3ab43ETc9 ThHqDctaBuZVRk1j/yypObdzdZOIbBfne+2ciMpz1BBEiV5BR1md/8UT0KKdV+sjItAx ADr9RvxvrUa8KCPztN5bpsqpAj/lEoVFgSEOJpQz3KVkhIUMlray0BbB4MlFs5aXZSsv kYLKA7tBlnFsHCGZ7p4wN2TzLD3JSMRxGy6HoELTy6J8zEWAxk6gbHHlDE097Br3sULj Z1UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737978234; x=1738583034; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cMPQzKxm/w/ffiD9n6d2cK5uExb867JwWI9r2LptbiU=; b=iCYoac/RL++ipgt820HvYCU1mO7ZJPmDgitquVgokHEsjrxPufIit+E57ytSXomdXC mc9gC2XYKeuPYL9l+aXCd9pjx9GUA7Fqbr/L51eLEohhHNLiUN8Fm6cL8ZfJH18wT8Jb Wusxl3VBLpAN6G98wJrrtRjZ1rAIuvB4ChAZcXmh/OoATLQ2V+BOQ1B6ObVu66NuhL1W 9JZ3DngJIvu7ABgGk0ZNjkSVJf89od3vPhG1g54ty8n9FmXBCI796XuVERFhdnda7Ic9 GIKUlflQFPGBuCpTFLT0euUcPvWqQbFwpbSUA0ZIsnxq/odQ9xooC+X2+M46yUKW8Axq LHdw== X-Gm-Message-State: AOJu0YyKXPIRYsvbWjnoISjgiSDJJRX2quUtSMwrKumuUyO2Fm2Smf5B ZomiML2oK2Hr1Yv2GgEL9Vzc2mpY7gan89yvTk2Ix9W76z+rWzH2t+1f+aC8X/exoy55+szFSRO FUonbjwCKyveB3PaARk9M+SQDy/2uVD0TmfRXJCQ/CYMpwVFfbrZTEU00tnByTp4QOcNORlo55v fG2Ufo8gDVDQ6HKqH8HUrK4TJzupZs6g== X-Google-Smtp-Source: AGHT+IF8A3ogQiVHISuxguMCz73gpQHnvFW7r9xcG5ZgPgOAO56d8vWYF84bLQrohn0FuMHvr6lthJ3k X-Received: from wmfu16.prod.google.com ([2002:a05:600c:1390:b0:434:f513:bb24]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b02:b0:431:54d9:da57 with SMTP id 5b1f17b1804b1-4389144d5a1mr407101025e9.30.1737978233933; Mon, 27 Jan 2025 03:43:53 -0800 (PST) Date: Mon, 27 Jan 2025 12:43:37 +0100 In-Reply-To: <20250127114334.1045857-4-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250127114334.1045857-4-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1308; i=ardb@kernel.org; h=from:subject; bh=4QNs9nyeGIc0ZFWgyBvYdb7WIoimOJ+gH4hygxZobHw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIX16YfZ266Z4nwNtJ73cviVnSVvmvlunJbKqakLsztTbe 73+vZDvKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABP5Vs/IcOvH5Jb7BrzqAun5 HGo8l3U0zXTK/Rasnufw8YnyJc2+FoZ/1gnvXj7kbcucdcLp2GwFa2vDmKvrVj5+t/LVXkHJOV7 LWAE= X-Mailer: git-send-email 2.48.1.262.g85cc9f2d1e-goog Message-ID: <20250127114334.1045857-6-ardb+git@google.com> Subject: [RFC PATCH 2/2] x86/sev: Disable jump tables in SEV startup code From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Ingo Molnar , Linus Torvalds , Tom Lendacky , Nathan Chancellor Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel When retpolines and IBT are both disabled, the compiler is free to use jump tables to optimize switch instructions. However, these are emitted by Clang as absolute references into .rodata, e.g., jmp *-0x7dfffe90(,%r9,8) R_X86_64_32S .rodata+0x170 Given that this code will execute before that address in .rodata has even been mapped, it is guaranteed to crash a SEV-SNP guest in a way that is difficult to diagnose. So disable jump tables when building this code. It would be better if we could attach this annotation to the __head macro but this appears to be impossible. Reported-by: Linus Torvalds Signed-off-by: Ard Biesheuvel --- arch/x86/coco/sev/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile index 08de37559307..dcb06dc8b5ae 100644 --- a/arch/x86/coco/sev/Makefile +++ b/arch/x86/coco/sev/Makefile @@ -2,6 +2,10 @@ =20 obj-y +=3D core.o =20 +# jump tables are emitted using absolute references in non-PIC code +# so they cannot be used in the early SEV startup code +CFLAGS_core.o +=3D -fno-jump-tables + ifdef CONFIG_FUNCTION_TRACER CFLAGS_REMOVE_core.o =3D -pg endif --=20 2.48.1.262.g85cc9f2d1e-goog