lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230810132706.GA3805855@dev-arch.thelio-3990X>
Date:   Thu, 10 Aug 2023 06:27:06 -0700
From:   Nathan Chancellor <nathan@...nel.org>
To:     Borislav Petkov <bp@...en8.de>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: Hang when booting guest kernels compiled with clang after SRSO
 mitigations

On Thu, Aug 10, 2023 at 02:51:22PM +0200, Borislav Petkov wrote:
> On Thu, Aug 10, 2023 at 03:16:49AM -0700, Nathan Chancellor wrote:
> > Just to clarify, this is the guest kernel at -rc5 and the host kernel
> > with the SRSO mitigations applied? If so, that's the problem. The guest
> > kernel does not have to have the SRSO mitigations applied to see this
> > problem. Sorry I should have made that more clear! If not though, that's
> > interesting because I was running -rc5 on the host without issues.
> 
> Well, how do you even build CPU_SRSO with clang?
> 
> config CPU_SRSO
>         bool "Mitigate speculative RAS overflow on AMD"
>         depends on CPU_SUP_AMD && X86_64 && RETHUNK
> 					    ^^^^^^^
> 
> config RETHUNK
>         bool "Enable return-thunks"
>         depends on RETPOLINE && CC_HAS_RETURN_THUNK
> 				^^^^^^^^^^^^^^^^^^^
> 
> config CC_HAS_RETURN_THUNK
>         def_bool $(cc-option,-mfunction-return=thunk-extern)
> 
> $ clang -mfunction-return=thunk-extern
> clang: error: unknown argument: '-mfunction-return=thunk-extern'
> clang: error: no input files
> 
> $ clang --version
> Debian clang version 14.0.6
> Target: x86_64-pc-linux-gnu
> Thread model: posix
> InstalledDir: /usr/bin
> 
> Hmmm.

That option was only backported to LLVM 15.x+ because 14.x and older
were not supported any more when it was added.

$ clang -mfunction-return=thunk-extern -x c -c -o /dev/null /dev/null

$ clang --version
clang version 15.0.7
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

But my host kernel was compiled using GCC 13.2.0 from kernel.org for the
sake of testing to see if the compiler used to build the host kernel had
an impact on the problem and it did not.

Cheers,
Nathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ