lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <173581930320.399.2851329983366045803.tip-bot2@tip-bot2>
Date: Thu, 02 Jan 2025 12:01:43 -0000
From: "tip-bot2 for Ard Biesheuvel" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Ard Biesheuvel <ardb@...nel.org>, "Borislav Petkov (AMD)" <bp@...en8.de>,
 Nathan Chancellor <nathan@...nel.org>, x86@...nel.org,
 linux-kernel@...r.kernel.org
Subject: [tip: x86/boot] x86/sev: Disable UBSAN on SEV code that may execute
 very early

The following commit has been merged into the x86/boot branch of tip:

Commit-ID:     99b863d2e87210c70354a1c75cc5bcc7a3afdc01
Gitweb:        https://git.kernel.org/tip/99b863d2e87210c70354a1c75cc5bcc7a3afdc01
Author:        Ard Biesheuvel <ardb@...nel.org>
AuthorDate:    Wed, 01 Jan 2025 12:51:20 +01:00
Committer:     Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Thu, 02 Jan 2025 12:13:13 +01:00

x86/sev: Disable UBSAN on SEV code that may execute very early

Clang 14 and older may emit UBSAN instrumentation into code that is
inlined into functions marked with __no_sanitize_undefined¹. This may
result in faults when the code is executed very early, which may be the
case for functions annotated as __head. Now that this requirement is
strictly enforced, the build will fail in this case with the following
message

  Absolute reference to symbol '.data' not permitted in .head.text

Work around this by disabling UBSAN instrumentation on all SEV core
code.

¹ https://lore.kernel.org/r/20250101024348.GA1828419@ax162

  [ bp: Add a footnote with Nathan's detailed explanation and a Fixes
    tag ]

Fixes: 3b6f99a94b04 ("x86/boot: Disable UBSAN in early boot code")
Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
Reviewed-by: Nathan Chancellor <nathan@...nel.org>
Link: https://lore.kernel.org/r/20250101115119.114584-2-ardb@kernel.org
---
 arch/x86/coco/sev/Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
index 4e375e7..08de375 100644
--- a/arch/x86/coco/sev/Makefile
+++ b/arch/x86/coco/sev/Makefile
@@ -13,3 +13,6 @@ KCOV_INSTRUMENT_core.o	:= n
 # With some compiler versions the generated code results in boot hangs, caused
 # by several compilation units. To be safe, disable all instrumentation.
 KCSAN_SANITIZE		:= n
+
+# Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
+UBSAN_SANITIZE		:= n

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ