From patchwork Tue Dec 1 21:36:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11943959 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.2 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18694C64E7A for ; Tue, 1 Dec 2020 21:37:33 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 922622085B for ; Tue, 1 Dec 2020 21:37:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uP8b9Pac" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 922622085B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20488-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 13562 invoked by uid 550); 1 Dec 2020 21:37:22 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 13540 invoked from network); 1 Dec 2020 21:37:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:message-id:mime-version:subject:from:to:cc; bh=/Ydp+qeiWXHO6I7zK5gxOYIhZihlQbGAyMr7COYjNo8=; b=uP8b9PacbViNuju3jU4Y7pQopc/D13IK9+EgFguKjQ71Rj4a4pDH62wMzEVMzTGdgL A3A67LktcpWWVek2Xxu10AIYqibTKqLwW/RJnT0sIk9Sp7B6dRZsUkovRq6s2dpn3cga 2wHcebF3x2YFGZP6VqaT8vo5ANbAkpHZH/rp2ALxYckkRwVNaaEgWhFOB0m3mB96lVrQ KhneUkQCpG+O4jwnVJbzSzP7J/KIEDqqIwxIExNayWW0lDsj1em6+v9ZazfgE8/gduNa 8aXAzKqIaIL1cj2a5t+vFZlekXsZNzqTLBCQguZ23yyj4s9L2GONhXh+25Fm257CMHTt kOYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:message-id:mime-version:subject:from :to:cc; bh=/Ydp+qeiWXHO6I7zK5gxOYIhZihlQbGAyMr7COYjNo8=; b=OfdHXhTRJiX0rjpmXIXmhax8ui/l23sVOB4o2yMnBWFz42gwdOytzpnsn+zqeDIa7d Yw8qHUcdFkdgoPZ6QSFMToL5aLztki7xySXt0j9RNMwdx6WO0I9HmueJh3PIEFjMOCra 7CIXdG++YAv9AqJf+nPEtOiOG5idAe/0uHS+ZJkHD502EOi0KDYJAaTzNWqbkAImTofv z95nWCtJec2jRllJiT7y0d3QPLdHjUAS1jmIOymUAi/5k/ZyaDzKrm+9asX2JPgXQ2pd EvnC+f1KI+al2vu2Pe04EmiIqbuqLYeeBK8XuhfNFCdU7YoKMejtCsEMOPB0y5vDwqZv ZooA== X-Gm-Message-State: AOAM5320jE3MuuFvCsqd8xfga8K9Ja2jBgQzwASEM7QRHk/vpqlsyB2V 0F+xRD5MDfxIgpKszPLvhAb0ZcGqfDPsbCocCZU= X-Google-Smtp-Source: ABdhPJynKo/QcQ3ER0aMzDLxbXuS+BG4gD3OR3K6Nh+qfPOFy0xY1fApLMu+UZgd7x2StzuuvUUGP/FHZZDZBVMpQcA= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:abae:: with SMTP id v43mr6680681ybi.397.1606858629755; Tue, 01 Dec 2020 13:37:09 -0800 (PST) Date: Tue, 1 Dec 2020 13:36:51 -0800 Message-Id: <20201201213707.541432-1-samitolvanen@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.29.2.576.ga3fc446d84-goog Subject: [PATCH v8 00/16] Add support for Clang LTO From: Sami Tolvanen To: Masahiro Yamada , Steven Rostedt , Will Deacon Cc: Josh Poimboeuf , Peter Zijlstra , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, Sami Tolvanen This patch series adds support for building the kernel with Clang's Link Time Optimization (LTO). In addition to performance, the primary motivation for LTO is to allow Clang's Control-Flow Integrity (CFI) to be used in the kernel. Google has shipped millions of Pixel devices running three major kernel versions with LTO+CFI since 2018. Most of the patches are build system changes for handling LLVM bitcode, which Clang produces with LTO instead of ELF object files, postponing ELF processing until a later stage, and ensuring initcall ordering. Note that arm64 support depends on Will's memory ordering patches [1]. I will post x86_64 patches separately after we have fixed the remaining objtool warnings [2][3]. [1] https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/lto [2] https://lore.kernel.org/lkml/20201120040424.a3wctajzft4ufoiw@treble/ [3] https://git.kernel.org/pub/scm/linux/kernel/git/jpoimboe/linux.git/log/?h=objtool-vmlinux You can also pull this series from https://github.com/samitolvanen/linux.git lto-v8 Tested-by: Nick Desaulniers --- Changes in v8: - Cleaned up the LTO Kconfig options based on suggestions from Nick and Kees. - Dropped the patch to disable LTO for the arm64 nVHE KVM code as David pointed out it's not needed anymore. Changes in v7: - Rebased to master again. - Added back arm64 patches as the prerequisites are now staged, and dropped x86_64 support until the remaining objtool issues are resolved. - Dropped ifdefs from module.lds.S. Changes in v6: - Added the missing --mcount flag to patch 5. - Dropped the arm64 patches from this series and will repost them later. Changes in v5: - Rebased on top of tip/master. - Changed the command line for objtool to use --vmlinux --duplicate to disable warnings about retpoline thunks and to fix .orc_unwind generation for vmlinux.o. - Added --noinstr flag to objtool, so we can use --vmlinux without also enabling noinstr validation. - Disabled objtool's unreachable instruction warnings with LTO to disable false positives for the int3 padding in vmlinux.o. - Added ANNOTATE_RETPOLINE_SAFE annotations to the indirect jumps in x86 assembly code to fix objtool warnings with retpoline. - Fixed modpost warnings about missing version information with CONFIG_MODVERSIONS. - Included Makefile.lib into Makefile.modpost for ld_flags. Thanks to Sedat for pointing this out. - Updated the help text for ThinLTO to better explain the trade-offs. - Updated commit messages with better explanations. Changes in v4: - Fixed a typo in Makefile.lib to correctly pass --no-fp to objtool. - Moved ftrace configs related to generating __mcount_loc to Kconfig, so they are available also in Makefile.modfinal. - Dropped two prerequisite patches that were merged to Linus' tree. Changes in v3: - Added a separate patch to remove the unused DISABLE_LTO treewide, as filtering out CC_FLAGS_LTO instead is preferred. - Updated the Kconfig help to explain why LTO is behind a choice and disabled by default. - Dropped CC_FLAGS_LTO_CLANG, compiler-specific LTO flags are now appended directly to CC_FLAGS_LTO. - Updated $(AR) flags as KBUILD_ARFLAGS was removed earlier. - Fixed ThinLTO cache handling for external module builds. - Rebased on top of Masahiro's patch for preprocessing modules.lds, and moved the contents of module-lto.lds to modules.lds.S. - Moved objtool_args to Makefile.lib to avoid duplication of the command line parameters in Makefile.modfinal. - Clarified in the commit message for the initcall ordering patch that the initcall order remains the same as without LTO. - Changed link-vmlinux.sh to use jobserver-exec to control the number of jobs started by generate_initcall_ordering.pl. - Dropped the x86/relocs patch to whitelist L4_PAGE_OFFSET as it's no longer needed with ToT kernel. - Disabled LTO for arch/x86/power/cpu.c to work around a Clang bug with stack protector attributes. Changes in v2: - Fixed -Wmissing-prototypes warnings with W=1. - Dropped cc-option from -fsplit-lto-unit and added .thinlto-cache scrubbing to make distclean. - Added a comment about Clang >=11 being required. - Added a patch to disable LTO for the arm64 KVM nVHE code. - Disabled objtool's noinstr validation with LTO unless enabled. - Included Peter's proposed objtool mcount patch in the series and replaced recordmcount with the objtool pass to avoid whitelisting relocations that are not calls. - Updated several commit messages with better explanations. Sami Tolvanen (17): tracing: move function tracer options to Kconfig kbuild: add support for Clang LTO kbuild: lto: fix module versioning kbuild: lto: limit inlining kbuild: lto: merge module sections kbuild: lto: remove duplicate dependencies from .mod files init: lto: ensure initcall ordering init: lto: fix PREL32 relocations PCI: Fix PREL32 relocations for LTO modpost: lto: strip .lto from module names scripts/mod: disable LTO for empty.c efi/libstub: disable LTO drivers/misc/lkdtm: disable LTO for rodata.o arm64: vdso: disable LTO KVM: arm64: disable LTO for the nVHE directory arm64: disable recordmcount with DYNAMIC_FTRACE_WITH_REGS arm64: allow LTO_CLANG and THINLTO to be selected .gitignore | 1 + Makefile | 45 +++-- arch/Kconfig | 74 +++++++ arch/arm64/Kconfig | 4 + arch/arm64/kernel/vdso/Makefile | 3 +- arch/arm64/kvm/hyp/nvhe/Makefile | 4 +- drivers/firmware/efi/libstub/Makefile | 2 + drivers/misc/lkdtm/Makefile | 1 + include/asm-generic/vmlinux.lds.h | 11 +- include/linux/init.h | 79 +++++++- include/linux/pci.h | 19 +- kernel/trace/Kconfig | 16 ++ scripts/Makefile.build | 50 ++++- scripts/Makefile.lib | 6 +- scripts/Makefile.modfinal | 9 +- scripts/Makefile.modpost | 25 ++- scripts/generate_initcall_order.pl | 270 ++++++++++++++++++++++++++ scripts/link-vmlinux.sh | 70 ++++++- scripts/mod/Makefile | 1 + scripts/mod/modpost.c | 16 +- scripts/mod/modpost.h | 9 + scripts/mod/sumversion.c | 6 +- scripts/module.lds.S | 24 +++ 23 files changed, 677 insertions(+), 68 deletions(-) create mode 100755 scripts/generate_initcall_order.pl base-commit: 0fa8ee0d9ab95c9350b8b84574824d9a384a9f7d