From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.40]) by mx.groups.io with SMTP id smtpd.web10.701.1681509029970086105 for ; Fri, 14 Apr 2023 14:50:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=1QKcfuI3; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.40, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FaL3EJh5NbhBx/h+V8/SGqMoHPt1CTo3OTSWO+UZwK53ppoZQpGmDWoRHtwWz4/5MeZrVkO4vjifkMSw8e4bvlsNl1MP9bPnkwOwuAiF8oNSOSiu5cM+ooYVGc1ZNLWkRXAd0af48I05UFx4OUK1mN1Yx6+x4Jiz8eOteSITCfix0uAU1nzjfkp3QvvFP7QRX7lPYzlE+jSJAlOAgc1sqcRXB5OFuExw6/EervBEsWabZSdL863BkokdHb/SNJ/vzT08hBUPAtR8eulGDY3dMDY+yGyx3LWKPeFhknvbPBhZnwpTVxl1N/F91haoxB7DEzucaXhR8orW2kwYnw4pFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6mzrld2T9XyRBfflaUBpZ5zoQ4nts6AjuH2nszoS9dA=; b=U5Eb4oSjFL63bNobnDe14aA3123mS9ZPm5+E1+hmcf2NwznmOcKD87JqkOcrl6OuKct3Y04shm8IDy/bOa5NnHvFysmCtNFcnrrMOY9VDLlC7hdPRPKwkNi+SNTqaFVyipCxRI/0O3TTZ/Asbg8TdGlv8Zqd3tfD3kFJtQwiTmMD6eSHWhZoLvv/fHIMfZzLPNVaqJ39HXX7S/fWnLVJruj8HchNnCYdbtAthRhRxzRmQ8gcZ9BFY75DFfi++NBjca8QX5rY0n/Ie3Wl/a/w2DaVk2xmcWOAXdRWjknlh8M+d5L4/8WhiL5TUEh2tmcOCgaeWF9t1A76wOELn/Nvmg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6mzrld2T9XyRBfflaUBpZ5zoQ4nts6AjuH2nszoS9dA=; b=1QKcfuI3oHlTjIgd0s9JcAKQ3NP9tbF1/Jf2ZSwvWB2qXltKUIRUI8RmZZQ3A0chBGLfnLuXNKXDxwHos1ySPU5wmfYEVjtkKSQZXNYi6gzAOxO3MBctOJJ7YRAxEdl9U0ZehlRvm22hjpwt3rl9sBBuZ7MVHymdfkep1wEwAw8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM4PR12MB8570.namprd12.prod.outlook.com (2603:10b6:8:18b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.30; Fri, 14 Apr 2023 21:50:27 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648%6]) with mapi id 15.20.6298.030; Fri, 14 Apr 2023 21:50:27 +0000 Message-ID: <9057b932-b10b-c2cd-af8c-ea0db5120bfc@amd.com> Date: Fri, 14 Apr 2023 16:50:25 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: Strange behavior between GCC 11 and GCC 12 To: Ard Biesheuvel Cc: "devel@edk2.groups.io" , Gerd Hoffmann References: <7f0f5f8e-09c7-4ae4-ffca-1a7c322949a8@amd.com> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: DS7PR06CA0048.namprd06.prod.outlook.com (2603:10b6:8:54::24) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|DM4PR12MB8570:EE_ X-MS-Office365-Filtering-Correlation-Id: e05bcb8b-bcb7-48a5-1a12-08db3d324270 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: D3JPiOBO5khHDLdZDgXxD0eot+4TBODIfG4GY/JZkFEZ9nmhFLWl4AJnws0ld5Tjpe6F63DzVm88j42dAxTRiyOweK3tEB7p8ktN9ooO5P2zg1eL9R1Nfe/OsaPPCkQ3rI3wcB+iX6hrc+zbS6+C3eeE9kPDTokFfqfQVJVNV8O8TYyHNGNFWred81Qca0CuW+Exu29TEsUszusy92JAouk98Tx/pRiZur4bnPxwPy/uURl4G21szYujvBxoskKpF3AlRCkURk8hblek2Si+gce2JwX8EiOrLJNvBMFI6kOOnoGjppvD4AUxyYXY8HzTiRePN0YCLSH4jAY3hR/BeJS235KRAL3OrUPbOkZRcjG7U97mKB3fJMk0H3cVGYAvRlSnhk4jPA+btHRvgVEA2hXkknJWQ57ogdeljLm0Bk5ot7Wd1e92baCWOl0BsgtuDULi3rOno6jczdMAoXjK689T3ER67LmRtgUMPCYSiPzPn21Bc/hTl5/1DfwqlVT1fR2IjXwjLFwvJp0vm4MVhdoEAG/6rarQKEPbIfWnHCUjF5W3fvgMY4AAdv809uNIikhaM8FMGnYEUwj/VJeD0c2zY/3fzyKR2FkBgs4uUMaO352x4eLtOusOB9TjrdIieJDrYEj10GWPL996SXKlLw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(396003)(346002)(376002)(136003)(39860400002)(366004)(451199021)(31686004)(5660300002)(36756003)(2906002)(38100700002)(316002)(8676002)(31696002)(86362001)(8936002)(41300700001)(66946007)(66556008)(6916009)(66476007)(19627235002)(83380400001)(54906003)(2616005)(6506007)(6512007)(26005)(478600001)(53546011)(186003)(6486002)(4326008)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Y1pzTzgzTkhxb2V6T0d0VUZwSy9jRndxRzJkSU8ycVpPNFBNRnNoSFpTemNF?= =?utf-8?B?OE1tS09PNUszQ1NVaWFabXJiN0l4TzJGOFpPZW5NbFJhd2hmQVEycUQ1Y09K?= =?utf-8?B?ZXQ4dWlNOXdxMktvMitCSkFmZ09USEZkT1NJUnFrZ0Z6U2RXdmx2UEI4bHo0?= =?utf-8?B?TWVLaVhNRUxNNGJPczdDdlE1aHF2SEZyc1h2VytqS3NaN1J6V3FpR2FjcThS?= =?utf-8?B?Nzk1SG1HaHNqVUlMUHRtTmI2MjFvellDbmFMZDlCYzZXeVBya0JkL2tlTm1t?= =?utf-8?B?VzlRcWF6cFR0ZnpIem93Vjk1YnVWQXUrYWJ6TnBqdFBOSm9TYmJHa1hvY0o4?= =?utf-8?B?Q3ZMczhSSkdyYWhVVVYrOUx2QUhhS2I3UjRLanIycTFxSXNBOWlleHZFZGxm?= =?utf-8?B?MEZ6djR2LzZGNjVramVoaXlRK0lUNUZTUDRKUmtkVlZJbllXZGxaVExGa2lG?= =?utf-8?B?T1JPaWZQak0vWG54dDA2dXhOTGp3NTU5b0c1OUNjc2lORUsycWhJcDBsTCtY?= =?utf-8?B?bFZIVnBxclVyME1UcDJSNjJiRFpMbUFocVlzZVpCazdyTUp1RS95bFJhL0tD?= =?utf-8?B?cmduWkNQNmdDaEV3eU02eWd2SlFlQ0tROUZidXQ0OWpkSDB2MWZEWGF5QmNC?= =?utf-8?B?OS9sMjJ1YUhvVWFHMHE1c1oxV1JhZkpNYXpyc09jWkMzcHE5NFFuSTFGaGZL?= =?utf-8?B?ZmxSeTFabjRIMUJSQTUwUloyeXNyTDJpVlIxQkdyQnB6NmdsWld3cGtVL0hs?= =?utf-8?B?ZFd5Z0RrVkJsT1I5ZitiZmcwN1FUdEorK1Ruck10QTF0Y3hodUpIS2Rva01a?= =?utf-8?B?RHoxem1DempTajJpUi92ajFGYzBsc1IxY2V0bWpHeU5vVjIvMXVDRmdsUFRG?= =?utf-8?B?OFJVaDIyUGNLNkJhT0FRYzlVald2andwMGR3TmZEZnUwU3Q0QjIrVTdTbm1k?= =?utf-8?B?eHM5QzdmViswSzU0TkczUFl0TWh6RFl2TnBiUENTVkg5UGRnZVZjM3o5NzNZ?= =?utf-8?B?TkEyakJDZVB6OTBYY0lvRmYxTUdtQXM5ZE1ZTStOdmtERzJ4cXBpSDBnN2lD?= =?utf-8?B?U3hNR0t2d0VocEE2QWVtNWE5WTRIT2tPT1F4YVpCS25ZdVJTcGxodnY3anVi?= =?utf-8?B?a3N4ZW9hUUMzYytsWWVIMEZ0b1JOb0xFUkJwNDFJYmZKM2c4NmkxZVY2Z2M1?= =?utf-8?B?N003Yk1sM2xWbkMxVjhhSmlZMnZRb2hKOXBFNUhKQ3dIRkFwOE0yaCs0SW9o?= =?utf-8?B?VHh1TG12VlBUN3daeTZvaTdmN1k2dVd6TlFhYytkd1dxMjJRUTQ5bExEVk53?= =?utf-8?B?aUZ2YldLS2Y5bWRrYTZXNG5YN2JmQW1VRmp6V1pGdVZQMVhxUXNWY0Zmd1BH?= =?utf-8?B?TzZ6Vmt1a3ZjVWc5Nko3UktTN1puRUFCNXh0b3JpcmVSL2J6L0xsTkVZcUsv?= =?utf-8?B?enhuOGlkSUgvdkVtbUpYUERaWWI0eHhCelduZUlrVEJ4R1JKdjkwdHp2K05o?= =?utf-8?B?ajRtN2o5RGJOajZqdVR0TWVuQys0V1FHcmdBL1crV2dITUhOOE1KMjRZRGM2?= =?utf-8?B?RUh3RmtzZE0zSW14L3ZrNVE4Q0tySUVNYlZtVGJJVDArOHV6SXFKdjN0SkJt?= =?utf-8?B?a2pPdFNPZCtpYmNzaWpIVTBDcENZcFlSaXFkbWVBcEZRMFdiNnIxUXhqTTlL?= =?utf-8?B?NC81TTFtRnYxZFk0VEQ5QWJvamxzZWVOSWRBdXlOY3hhblBlUklVMFpobUZG?= =?utf-8?B?TE1kc3ZUVGJzZHFRNjJBODlYcEhMWi9lZ0dmQm82Nm5LT3ZhYmhIdmIxN1Rv?= =?utf-8?B?VTMrQ1hDdXFXV1F6V1dPLzdmaU54NWVOcEFNczhKK3YvWWYxWWdhY0ZNcnJs?= =?utf-8?B?ZmRkRVJNK1B3VmxuNFd3VEc0T2pKc3g4bjdFZXBDaEJLaWJDSzNZMTFmN2Fw?= =?utf-8?B?UmZsRnhGT21EMnpoUnJ5VXBZYzBQWDdWSlJ1ZzN2NC84dDJYNGI0Y2daWlg0?= =?utf-8?B?MFZoWGM0OVF2anVUdERsWE83Y3gzOTIzTjUzYmNRUk81NjhCTGVjaWJiazhI?= =?utf-8?B?OW5ZSUxnZmM5VERoc3J1Q25xcDBmeVdiRzIyRFFYUFlwdWJKTVd0NVg4dmZk?= =?utf-8?Q?9j+wU34sjMqqz0f8bGEf81e8U?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e05bcb8b-bcb7-48a5-1a12-08db3d324270 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Apr 2023 21:50:27.6672 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XvpAaYsaHIU7lq1TfDaOErPNL5Fnaqw0YCF7OjIhEQlN5HcjvqQL7zDLNGWJ6bPsxpGz5PqNyxxR4t0Tn1HN9A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB8570 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/14/23 16:39, Ard Biesheuvel wrote: > On Fri, 14 Apr 2023 at 22:23, Tom Lendacky wrote: >> >> I've been trying to debug a problem I'm seeing when I moved to the GCC 12 >> compiler. Under SEV it results in the guest crashing. >> >> I narrowed the issue down to the call to TemporaryRamMigration() in >> PeiCheckAndSwitchStack() of MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c. >> >> I get this output on GCC11: >> Old Stack size 32768, New stack size 131072 >> Stack Hob: BaseAddress=0x3BF76000 Length=0x20000 >> Heap Offset = 0x3B786000 Stack Offset = 0x3B776000 >> *** DEBUG: PeiCheckAndSwitchStack:851 - SecCoreData=3BF95D20 >> TemporaryRamMigration(0x810000, 0x3BF8E000, 0x10000) >> *** DEBUG: PeiCheckAndSwitchStack:871 - SecCoreData=3BF95D20 >> >> and everything is good. >> >> However, I get this output on GCC12: >> Old Stack size 32768, New stack size 131072 >> Stack Hob: BaseAddress=0x3BF76000 Length=0x20000 >> Heap Offset = 0x3B786000 Stack Offset = 0x3B776000 >> *** DEBUG: PeiCheckAndSwitchStack:851 - SecCoreData=3BF95D20 >> TemporaryRamMigration(0x810000, 0x3BF8E000, 0x10000) >> *** DEBUG: PeiCheckAndSwitchStack:871 - SecCoreData=7770BD20 >> MMIO using encrypted memory: 7770BD48 >> !!!! X64 Exception Type - 0D(#GP - General Protection) CPU Apic ID - 00000000 !!!! >> >> and terminate because SecCoreData has been corrupted and points to an >> address in an MMIO range (this is an SEV-ES/SEV-SNP example). >> >> As near as I can tell from looking at the object code, on GCC12 it looks >> like the SecCoreData value is stored in the RBP register, which appears to >> be getting corrupted when calling TemporaryRamMigration(). >> >> Does anyone have any thoughts on this? >> > > The stack switching logic in OvmfPkg/Sec/SecMain.c looks highly dubious to me. > > LongJump() can be used to do a long return, i.e., it allows to return > from several levels deep in the call stack to back up to where > SetJump() was called. However, using LongJump() to return to the > caller with a different stack is, quite frankly, insane, and I'm > surprised it didn't break a lot sooner. > > In this particular case, RBX gets updated along with RSP, presumably > because the code assumes it is being used as a frame pointer? Are you > building with -fomit-frame-pointer perhaps? Looks like our emails crossed paths... turns out I was on the wrong branch for my testing and didn't have ff36b2550f94 ("OvmfPkg/Sec: fix stack switch"). So you can disregard, but thanks for taking a look. Thanks, Tom