Commit 41c5ef31ad71 ("x86/ibt: Base IBT bits") added a check for a crash
in clang. However, this check does not work for two reasons.
The first reason is that '-pg' is missing from the check, which is
required for '-mfentry' to do anything.
The second reason is that cc-option only uses /dev/null as the input
file, which does not show a problem:
$ clang --version | head -1
Ubuntu clang version 12.0.1-8build1
$ clang -fcf-protection=branch -mfentry -pg -c -x c /dev/null -o /dev/null
$ echo $?
0
$ echo "void a(void) {}" | clang -fcf-protection=branch -mfentry -pg -c -x c - -o /dev/null
...
$ echo $?
139
Use this test instead so that the check works for older versions of
clang.
Fixes: 41c5ef31ad71 ("x86/ibt: Base IBT bits")
Signed-off-by: Nathan Chancellor <[email protected]>
---
arch/x86/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 4ca7bfe927b3..870e0d10452d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1867,7 +1867,7 @@ config CC_HAS_IBT
# Clang/LLVM >= 14
# fentry check to work around https://reviews.llvm.org/D111108
def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
- (CC_IS_CLANG && $(cc-option, -fcf-protection=branch -mfentry))) && \
+ (CC_IS_CLANG && $(success,echo "void a(void) {}" | $(CC) -Werror $(CLANG_FLAGS) -fcf-protection=branch -mfentry -pg -x c - -c -o /dev/null))) && \
$(as-instr,endbr64)
config X86_KERNEL_IBT
base-commit: 9e1db76f44de4d9439e48c9ef61e5d457395202b
--
2.35.1
On Fri, Mar 11, 2022 at 12:56:42PM -0700, Nathan Chancellor wrote:
> Commit 41c5ef31ad71 ("x86/ibt: Base IBT bits") added a check for a crash
> in clang. However, this check does not work for two reasons.
>
> The first reason is that '-pg' is missing from the check, which is
> required for '-mfentry' to do anything.
>
> The second reason is that cc-option only uses /dev/null as the input
> file, which does not show a problem:
>
> $ clang --version | head -1
> Ubuntu clang version 12.0.1-8build1
>
> $ clang -fcf-protection=branch -mfentry -pg -c -x c /dev/null -o /dev/null
>
> $ echo $?
> 0
>
> $ echo "void a(void) {}" | clang -fcf-protection=branch -mfentry -pg -c -x c - -o /dev/null
> ...
>
> $ echo $?
> 139
>
> Use this test instead so that the check works for older versions of
> clang.
>
> Fixes: 41c5ef31ad71 ("x86/ibt: Base IBT bits")
> Signed-off-by: Nathan Chancellor <[email protected]>
Urgh... not pretty, but that's what we gotta live with I suppose.
Thanks!
The following commit has been merged into the x86/core branch of tip:
Commit-ID: f8afc9d88e65d189653f363eacc1f3131216ef7c
Gitweb: https://git.kernel.org/tip/f8afc9d88e65d189653f363eacc1f3131216ef7c
Author: Nathan Chancellor <[email protected]>
AuthorDate: Fri, 11 Mar 2022 12:56:42 -07:00
Committer: Peter Zijlstra <[email protected]>
CommitterDate: Sat, 12 Mar 2022 13:22:13 +01:00
x86/ibt: Fix CC_HAS_IBT check for clang
Commit 41c5ef31ad71 ("x86/ibt: Base IBT bits") added a check for a crash
in clang. However, this check does not work for two reasons.
The first reason is that '-pg' is missing from the check, which is
required for '-mfentry' to do anything.
The second reason is that cc-option only uses /dev/null as the input
file, which does not show a problem:
$ clang --version | head -1
Ubuntu clang version 12.0.1-8build1
$ clang -fcf-protection=branch -mfentry -pg -c -x c /dev/null -o /dev/null
$ echo $?
0
$ echo "void a(void) {}" | clang -fcf-protection=branch -mfentry -pg -c -x c - -o /dev/null
...
$ echo $?
139
Use this test instead so that the check works for older versions of
clang.
Fixes: 41c5ef31ad71 ("x86/ibt: Base IBT bits")
Signed-off-by: Nathan Chancellor <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 4ca7bfe..870e0d1 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1867,7 +1867,7 @@ config CC_HAS_IBT
# Clang/LLVM >= 14
# fentry check to work around https://reviews.llvm.org/D111108
def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
- (CC_IS_CLANG && $(cc-option, -fcf-protection=branch -mfentry))) && \
+ (CC_IS_CLANG && $(success,echo "void a(void) {}" | $(CC) -Werror $(CLANG_FLAGS) -fcf-protection=branch -mfentry -pg -x c - -c -o /dev/null))) && \
$(as-instr,endbr64)
config X86_KERNEL_IBT