Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754095AbaJJQ0q (ORCPT ); Fri, 10 Oct 2014 12:26:46 -0400 Received: from mailout32.mail01.mtsvc.net ([216.70.64.70]:44303 "EHLO n23.mail01.mtsvc.net" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751622AbaJJQ0n (ORCPT ); Fri, 10 Oct 2014 12:26:43 -0400 From: Peter Hurley To: Russell King Cc: Aaro Koskinen , Johannes Weiner , linux-kernel@vger.kernel.org, Felipe Balbi , Peter Hurley , Rabin Vincent Subject: [PATCH] arm: Blacklist gcc 4.8.[012] and 4.9.0 with CONFIG_FRAME_POINTER Date: Fri, 10 Oct 2014 12:26:14 -0400 Message-Id: <1412958374-16090-1-git-send-email-peter@hurleysoftware.com> X-Mailer: git-send-email 2.1.1 X-Authenticated-User: 990527 peter@hurleysoftware.com X-MT-ID: 8FA290C2A27252AACF65DBC4A42F3CE3735FB2A4 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org gcc versions 4.8.[012] and 4.9.0 generates code that prematurely adjusts the stack pointer such that still-to-be-referenced locals are below the stack pointer, which allows them to be overwritten by interrupts. On 10/09/2014 04:41 PM, Rabin Vincent wrote: > 4.8.1 and 4.8.2 are known to miscompile the ARM kernel and these > find_get_entry() crashes with 0xffffffff involved smell a lot like the > earlier reports from kernels build with those compilers: > > https://lkml.org/lkml/2014/6/25/456 > https://lkml.org/lkml/2014/6/30/375 > https://lkml.org/lkml/2014/6/30/660 > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854 > https://lkml.org/lkml/2014/5/9/330 > > Also, I didn't see any public email making a definitive link between GCC > PR 58854 that Nathan pointed out in https://lkml.org/lkml/2014/6/30/660 > and the earlier find_get_entry() crashes, but I just built GCC 4.8.1 and > an ARM kernel with that, and the GCC bug is clearly seen in > radix_tree_lookup_slot() which returns the pointer which > find_get_entry() is dereferencing: > > : > e1a0c00d mov ip, sp > e92dd800 push {fp, ip, lr, pc} > e24cb004 sub fp, ip, #4 > e24dd008 sub sp, sp, #8 > e3a02000 mov r2, #0 > e24b3010 sub r3, fp, #16 > ebffffc5 bl c0176ab8 <__radix_tree_lookup> > e24bd00c sub sp, fp, #12 <--- sp moved up > e3500000 cmp r0, #0 > 151b0010 ldrne r0, [fp, #-16] <--- load from under sp > e89da800 ldm sp, {fp, sp, pc} > See gcc PR 58854, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854 Reported-by: Aaro Koskinen Reported-by: Felipe Balbi Cc: Rabin Vincent Signed-off-by: Peter Hurley --- include/linux/compiler-gcc4.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h index 2507fd2..4069fb2 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h @@ -86,3 +86,17 @@ #define __HAVE_BUILTIN_BSWAP16__ #endif #endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */ + +/* + * For ARCH=arm, gcc versions 4.8.[012] and 4.9.0 generate code that closes + * the stack frame prematurely which allows still-in-use locals to be + * overwritten by interrupts + * + * see PR 58854, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854 + */ +#ifdef __KERNEL__ +# if ((GCC_VERSION >= 40800 && GCC_VERSION <= 40802) || GCC_VERSION == 40900) \ + && defined(__arm__) && defined(CONFIG_FRAME_POINTER) +# error Your version of gcc miscompiles stack frames +# endif +#endif -- 2.1.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/