From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+112488+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 121B1D81163
	for <rebecca@openfw.io>; Wed, 13 Dec 2023 17:32:00 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=hnibFXcuMOQhqvaMihu3hbehdkPHVChvXJ5o3T4AGoQ=;
 c=relaxed/simple; d=groups.io;
 h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1702488719; v=1;
 b=rlBxsXIBpf2hVJk79GpFjO/OVBHPnJXiycjmonKkU/HN/nz+70N+BUVil49JrC/flLEg4D3/
 Zh6USwQiVi90Ptvhn5b3xBXTyBSfOphMKCyfHVUqHmW+iKYwpZKCfdQ1bAX+dwc2YqUo7kCVJWw
 lECw701lPtUvcVaxS1yGfbGk=
X-Received: by 127.0.0.2 with SMTP id tdqsYY7687511xq8aOl67h90; Wed, 13 Dec 2023 09:31:59 -0800
X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.42509.1702488718895946611
 for <devel@edk2.groups.io>;
 Wed, 13 Dec 2023 09:31:59 -0800
X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id 3B9FC61EA8
	for <devel@edk2.groups.io>; Wed, 13 Dec 2023 17:31:58 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id EB2E0C433CC
	for <devel@edk2.groups.io>; Wed, 13 Dec 2023 17:31:57 +0000 (UTC)
X-Received: by mail-lj1-f180.google.com with SMTP id 38308e7fff4ca-2c9f72176cfso90717041fa.2
        for <devel@edk2.groups.io>; Wed, 13 Dec 2023 09:31:57 -0800 (PST)
X-Gm-Message-State: JKcHEqWbJZiG3trhYhdMwqwMx7686176AA=
X-Google-Smtp-Source: AGHT+IH/qNh5WUvGSlpfW1Cp62NTiQy+Od/9VUNz++7iEUv0KB81dTJUU0ELK5bTn802Q5FYCQ8gBrREUDvyQ70gPAw=
X-Received: by 2002:a2e:8497:0:b0:2ca:e50:234a with SMTP id
 b23-20020a2e8497000000b002ca0e50234amr1563334ljh.123.1702488716164; Wed, 13
 Dec 2023 09:31:56 -0800 (PST)
MIME-Version: 1.0
References: <e8e45970cb94a2e5402959a60988904a40c98a63.1698334090.git.jake@nvidia.com>
 <CAKbZUD3FPjk7h6oQmqV7X-Rv3uEd4bb7znCTkUiHeFL35FOdsA@mail.gmail.com>
 <PH0PR12MB7888C455DD05DD55937E7E3AADDCA@PH0PR12MB7888.namprd12.prod.outlook.com>
 <CAMj1kXH3OP1rPsMtcfSqmB_z=wG=yijq+sH5YQz2a2a3cwc32w@mail.gmail.com>
 <PH0PR12MB78889BE29EB9A39DA2848642ADDCA@PH0PR12MB7888.namprd12.prod.outlook.com>
 <CAMj1kXG-ZV0JYyenGgT8PqpGAB-Nz4hQb+XcO2JmnbWvT8hGbw@mail.gmail.com>
 <CAKbZUD36ntiQeSx33VQR07HkJiMhky_00-BSr+rHdQ7L7h_y2g@mail.gmail.com>
 <CAMj1kXGscu4sNm1pnJLSsnxEKaaxQf71cyh_2DBGkimyjpUfew@mail.gmail.com>
 <PH0PR12MB78888BF471FF31CDC602F968ADDCA@PH0PR12MB7888.namprd12.prod.outlook.com>
 <PH0PR12MB7888E5A1D9416C56CE811598ADA6A@PH0PR12MB7888.namprd12.prod.outlook.com>
 <CAKbZUD19HxHO76_fm4N_Z6i_JGXE_wYshQY+vsPFgLCss5DTNQ@mail.gmail.com>
 <PH0PR12MB7888488A91670781D6FAF772AD84A@PH0PR12MB7888.namprd12.prod.outlook.com>
 <CAMj1kXEnp1wL243-Sj-9K1J8Nifvw6nuAhEnwYnymDmuTrgLiQ@mail.gmail.com> <PH0PR12MB78883870D9DD49AB6022C49CAD8DA@PH0PR12MB7888.namprd12.prod.outlook.com>
In-Reply-To: <PH0PR12MB78883870D9DD49AB6022C49CAD8DA@PH0PR12MB7888.namprd12.prod.outlook.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Wed, 13 Dec 2023 18:31:45 +0100
X-Gmail-Original-Message-ID: <CAMj1kXE_kcB532oy-Ss_zN21aOM2nBR=DWv74v3eHpLBXvJofg@mail.gmail.com>
Message-ID: <CAMj1kXE_kcB532oy-Ss_zN21aOM2nBR=DWv74v3eHpLBXvJofg@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH] BaseTools/GenFw: Change opcode when converting ADR to ADRP
To: Jake Garver <jake@nvidia.com>
Cc: Pedro Falcato <pedro.falcato@gmail.com>, "devel@edk2.groups.io" <devel@edk2.groups.io>, 
	"rebecca@bsdio.com" <rebecca@bsdio.com>, "gaoliming@byosoft.com.cn" <gaoliming@byosoft.com.cn>, 
	"bob.c.feng@intel.com" <bob.c.feng@intel.com>, "yuwei.chen@intel.com" <yuwei.chen@intel.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=rlBxsXIB;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none)

On Wed, 13 Dec 2023 at 15:58, Jake Garver <jake@nvidia.com> wrote:
>
> Totally understand and agree, Ard.
>
> In the meantime, I've now experienced the issue with Ubuntu22's GCC 12.3.=
  Originally, we didn't see the issue on this toolchain, but a developer ra=
n into when preparing a change.  Even more concerning, when I instrumented =
that change, it went away.  So, it seems to be very sensitive to the input,=
 which will make it hard to reproduce.
>
> Specifically, like the Ubuntu20 10.5 toolchain, the Ubuntu 12.3 toolchain=
 generated an R_AARCH64_ADR_GOT_PAGE relocation against an ADR instruction.=
  Further, it was when loading the value of __stack_chk_guard.
>
> I was again unable to reproduce this using a crosstool-ng build of GCC 12=
.3, even when matching the ./configure arguments.
>
> Since it's now reproducible in a toolchain we're actively using, I'll con=
tinue looking at it.  I'll let you know what I find.

OK, mystery solved.

    # Load to set the stack canary
    2ffc:       10000480        adr     x0, 0x308c
    3008:       912ec000        add     x0, x0, #0xbb0

The location of the ADRP instruction is at the end of a 4k page
(0xffc), which could trigger erratum #843419 on Cortex-A53, and is
therefore converted into ADR.

This unfortunately implies that converting it back into ADRP is
problematic, unless the code is guaranteed to never run on affected
Cortex-A53 CPUs.

Instead, we'll need to do something like (untested)

--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -1562,7 +1562,11 @@ WriteSections64 (
             // subsequent LDR instruction (covered by a
R_AARCH64_LD64_GOT_LO12_NC
             // relocation) into an ADD instruction - this is handled above=
.
             //
-            Offset =3D (Sym->st_value - (Rel->r_offset & ~0xfff)) >> 12;
+            if ((*(UINT32 *)Targ & BIT31) =3D=3D 0) {
+              Offset =3D (Sym->st_value & ~0xfff) - Rel->r_offset;
+            } else {
+              Offset =3D (Sym->st_value - (Rel->r_offset & ~0xfff)) >> 12;
+            }

             *(UINT32 *)Targ &=3D 0x9000001f;
             *(UINT32 *)Targ |=3D ((Offset & 0x1ffffc) << (5 - 2)) |
((Offset & 0x3) << 29);

so that we keep the ADR but use the correct offset to refer to the 4k
page holding the symbol. We'll need to range check offset here,
though, as the GOT may just be within reach but the symbol itself may
not.


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112488): https://edk2.groups.io/g/devel/message/112488
Mute This Topic: https://groups.io/mt/102202314/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-