DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3603619D385
Date: Thu, 13 Jul 2017 15:18:58 -0500
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Michael Davidson <md@google.com>
Cc: Matthias Kaehlcke <mka@chromium.org>,
        Chris J Arges <chris.j.arges@canonical.com>,
        Borislav Petkov <bp@suse.de>, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
        X86 ML <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>,
        Douglas Anderson <dianders@chromium.org>,
        Greg Hackmann <ghackmann@google.com>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Stephen Hines <srhines@google.com>, Kees Cook <keescook@chromium.org>,
        Arnd Bergmann <arnd@arndb.de>, Bernhard.Rosenkranzer@linaro.org
Subject: Re: [PATCH] Revert "x86/uaccess: Add stack frame output operand in
 get_user() inline asm"
Message-ID: <20170713201858.byntnuiop7wx4lvn@treble>
References: <20170712212744.23660-1-mka@chromium.org>
 <20170712221242.puv5illztsla4nph@treble>
 <20170712222040.GD95735@google.com>
 <20170712223547.fyra43dizqooosbs@treble>
 <20170712223630.gb237t4vhrqeu5zd@treble>
 <20170712232213.GE95735@google.com>
 <20170713180001.mvwzdmudht56hdk5@treble>
 <20170713184748.GF95735@google.com>
 <20170713192554.f4xznyxjkdtrmh3f@treble>
 <CA+=D-XWi45Oor6PKtR=OpEoVPD1isXDeECJ0mRG_aU0Z4aZRWA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CA+=D-XWi45Oor6PKtR=OpEoVPD1isXDeECJ0mRG_aU0Z4aZRWA@mail.gmail.com>
User-Agent: Mutt/1.6.0.1 (2016-04-01)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 2122
Lines: 52

On Thu, Jul 13, 2017 at 12:38:32PM -0700, Michael Davidson wrote:
> On Thu, Jul 13, 2017 at 12:25 PM, Josh Poimboeuf <jpoimboe@redhat.com> wrote:
> 
> >
> > Anyway this seems like a clang bug to me.  If I specify RSP as an input
> > register then the compiler shouldn't overwrite it first.  For that
> > matter it has no reason to overwrite it if it's an output register
> > either.
> >
> 
> It's certainly  a difference in behavior between clang and gcc.
> 
> My question is whether this particular construct is really a
> "supported" (or, at least, reasonably guaranteed) way of forcing gcc
> to create a stack frame if none exists. or whether it is something
> that "just happens to work".
> 
> If someone could explain the rationale behind *why* this works the way
> that it does on gcc that might help convince the clang people that
> this is actually a bug rather than just a piece of undefined behavior
> which gcc and clang happen to handle differently.

Disclaimer: I'm no compiler expert, and there are usually a variety of
opinions about compiler undefined behavior.  So it would probably be
good for real compiler people to participate in the discussion.

But I think there are two separate issues here.

1) The first issue is whether it's supported behavior to specify RSP as
   an output constraint in order to force GCC to create a stack frame.
   As far as I know, this is a quirk of GCC, and not really considered
   defined behavior.

   However, the idea was suggested by some GCC developers:

     https://gcc.gnu.org/ml/gcc/2015-07/msg00079.html

   So at least it seems to be endorsed by GCC to some degree.  If you
   need details on why it works, that thread has the details.

2) The second issue is whether clang should corrupt RSP.  I don't see a
   reason for clang to do that.  IMO, when using a local register
   variable as an input or output to inline asm, the compiler should
   leave the contents of the register alone.

   FWIW, my reading of the GCC manual seems to support that:

     https://gcc.gnu.org/onlinedocs/gcc/Local-Register-Variables.html#Local-Register-Variables


-- 
Josh