Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2948418imm;
        Thu, 24 May 2018 19:41:36 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZovom3WiJv8JX9udH0XvmoFegIVDfsARZhBvkq629lmiddd2RtJkaR7qwFIrcFCByPoBJqK
X-Received: by 2002:a63:9812:: with SMTP id q18-v6mr477379pgd.170.1527216096097;
        Thu, 24 May 2018 19:41:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527216096; cv=none;
        d=google.com; s=arc-20160816;
        b=D9BUrw+DEUMgXehbbvqMaghW4HIZSj3DymVj2rF5exMWFS1KhlguqAsLZPDFE1LtAw
         sl7HVMtDneSOR23oBc3eUmqOWPK7+RL/NwpFo3EVx9TwDsZ3dDW0AbWTcV+c4YDvzDB7
         +0l9MquH+XCDYvQ8hJJR3y8wwVdXRvood8HaeRvNOcQ+kH07GPV9VTe7qmGN2XU+PwV9
         LzNw7hz6GpmChEZ8N6Pz9x0xHTKtxYsgR+JExjrKncltR5I1VnG28+JvgHCIH0+b/UYO
         26bu2xRmkZIXw7YgTtg3d2j6uqEnPUmdCFD3ckEU2CAmC1ed8DBW1Mir/nSeY2y/22dc
         r0Tg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:organization:from:references:cc:to:subject:reply-to
         :arc-authentication-results;
        bh=N2v5hOr1BOnP5tHImzUcDbCMdMsKzOe1sjHPVnaytJg=;
        b=fh+tSnmXAjq2WCJcAc2KWy2+q5IWmQwgS3t2hiW0N3br+J133vterSxCOlBZuAS/kr
         itClF+N199oeNkR2FF7b+3Wbq2buycLnPypc+VI64TCsK8498JtUqiEAMlNpHosn70kb
         aL5gLLOes6hQ/ybe/R76v6wMorXd5njbnPJy5G8ZW6Tx+7DghwQJJ4LjUe9FjYR4kXYl
         H1o6sV/UUvdZcW7KRB7p6XplZIQHIXnQrr6tRbY+PaYeUzKL5YGb72PmVm56AH5kHtgF
         Cl8aAp+i81M0DZLrcFT/nYbE+dyimieUEeMIgiREh6Yz1hSHQeteZA/EF0AryeWWLw/X
         N6wQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b19-v6si22819123pls.482.2018.05.24.19.41.21;
        Thu, 24 May 2018 19:41:36 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S971272AbeEXTuB (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Thu, 24 May 2018 15:50:01 -0400
Received: from mx1.redhat.com ([209.132.183.28]:57894 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S971121AbeEXTt5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 May 2018 15:49:57 -0400
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id C85E736361D;
        Thu, 24 May 2018 19:49:57 +0000 (UTC)
Received: from tstellar.remote.csb (ovpn-117-161.phx2.redhat.com [10.3.117.161])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 129E05D6B4;
        Thu, 24 May 2018 19:49:56 +0000 (UTC)
Reply-To: tstellar@redhat.com
Subject: Re: [clang] stack protector and f1f029c7bf
To:     hpa@zytor.com, Nick Desaulniers <ndesaulniers@google.com>
Cc:     Alistair Strachan <astrachan@google.com>,
        Manoj Gupta <manojgupta@google.com>,
        Matthias Kaehlcke <mka@google.com>,
        Greg Hackmann <ghackmann@google.com>, sedat.dilek@gmail.com,
        LKML <linux-kernel@vger.kernel.org>
References: <CAKwvOd=jmi_7LvZbS0PA5-zt62m5ZFPUNG7JtMQVmerCR63ebQ@mail.gmail.com>
 <57C635C3-716C-4FC3-90C7-E394AA7242BA@zytor.com>
From:   Tom Stellard <tstellar@redhat.com>
Organization: Red Hat
Message-ID: <195ec03a-0ccb-43f2-e455-c61b91aaf9eb@redhat.com>
Date:   Thu, 24 May 2018 12:49:56 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <57C635C3-716C-4FC3-90C7-E394AA7242BA@zytor.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 24 May 2018 19:49:57 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 05/24/2018 11:19 AM, hpa@zytor.com wrote:
> On May 23, 2018 3:08:19 PM PDT, Nick Desaulniers <ndesaulniers@google.com> wrote:
>> H. Peter,
>>
>> It was reported [0] that compiling the Linux kernel with Clang +
>> CC_STACKPROTECTOR_STRONG was causing a crash in native_save_fl(), due
>> to
>> how GCC does not emit a stack guard for static inline functions (see
>> Alistair's excellent report in [1]) but Clang does.
>>
>> When working with the LLVM release maintainers, Tom had suggested [2]
>> changing the inline assembly constraint in native_save_fl() from '=rm'
>> to
>> '=r', and Alistair had verified the disassembly:
>>
>> (good) code generated w/o -fstack-protector-strong:
>>
>> native_save_fl:
>>          pushfq
>>          popq    -8(%rsp)
>>          movq    -8(%rsp), %rax
>>          retq
>>
>> (good) code generated w/ =r input constraint:
>>
>> native_save_fl:
>>          pushfq
>>          popq    %rax
>>          retq
>>
>> (bad) code generated with -fstack-protector-strong:
>>
>> native_save_fl:
>>          subq    $24, %rsp
>>          movq    %fs:40, %rax
>>          movq    %rax, 16(%rsp)
>>          pushfq
>>          popq    8(%rsp)
>>          movq    8(%rsp), %rax
>>          movq    %fs:40, %rcx
>>          cmpq    16(%rsp), %rcx
>>          jne     .LBB0_2
>>          addq    $24, %rsp
>>          retq
>> .LBB0_2:
>>          callq   __stack_chk_fail
>>
>> It looks like the sugguestion is actually a revert of your commit:
>> ab94fcf528d127fcb490175512a8910f37e5b346:
>> x86: allow "=rm" in native_save_fl()
>>
>> It seemed like there was a question internally about why worry about
>> pop
>> adjusting the stack if the stack could be avoided altogether.
>>
>> I think Sedat can retest this, but I was curious as well about the
>> commit
>> message in ab94fcf528d: "[ Impact: performance ]", but Alistair's
>> analysis
>> of the disassembly seems to indicate there is no performance impact (in
>> fact, looks better as there's one less mov).
>>
>> Is there a reason we should not revert ab94fcf528d12, or maybe a better
>> approach?
>>
>> [0] https://lkml.org/lkml/2018/5/7/534
>> [1] https://bugs.llvm.org/show_bug.cgi?id=37512#c15
>> [2] https://bugs.llvm.org/show_bug.cgi?id=37512#c22
> 
> A stack canary on an *inlined* function? That's bound to break things elsewhere too sooner or later.
> 
> It feels like *once again* clang is asking for the Linux kernel to change to paper over technical or compatibility problems in clang/LLVM. This is not exactly helping the feeling that we should just rip out any and all clang hacks and call it a loss.
> 

In this case this fix is working-around a bug in the kernel.  The problem
here is that the caller of native_save_fl() assumes that it won't
clobber any of the general purpose register even though the function
is defined as a normal c function which tells the compiler that it's
OK to clobber the registers.

This is something that really needs to be fixed in the kernel.  Relying
on heuristics of internal compiler algorithms in order for code to work
correctly is always going to lead to problems like this.

-Tom