Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2948418imm; Thu, 24 May 2018 19:41:36 -0700 (PDT) X-Google-Smtp-Source: AB8JxZovom3WiJv8JX9udH0XvmoFegIVDfsARZhBvkq629lmiddd2RtJkaR7qwFIrcFCByPoBJqK X-Received: by 2002:a63:9812:: with SMTP id q18-v6mr477379pgd.170.1527216096097; Thu, 24 May 2018 19:41:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527216096; cv=none; d=google.com; s=arc-20160816; b=D9BUrw+DEUMgXehbbvqMaghW4HIZSj3DymVj2rF5exMWFS1KhlguqAsLZPDFE1LtAw sl7HVMtDneSOR23oBc3eUmqOWPK7+RL/NwpFo3EVx9TwDsZ3dDW0AbWTcV+c4YDvzDB7 +0l9MquH+XCDYvQ8hJJR3y8wwVdXRvood8HaeRvNOcQ+kH07GPV9VTe7qmGN2XU+PwV9 LzNw7hz6GpmChEZ8N6Pz9x0xHTKtxYsgR+JExjrKncltR5I1VnG28+JvgHCIH0+b/UYO 26bu2xRmkZIXw7YgTtg3d2j6uqEnPUmdCFD3ckEU2CAmC1ed8DBW1Mir/nSeY2y/22dc r0Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject:reply-to :arc-authentication-results; bh=N2v5hOr1BOnP5tHImzUcDbCMdMsKzOe1sjHPVnaytJg=; b=fh+tSnmXAjq2WCJcAc2KWy2+q5IWmQwgS3t2hiW0N3br+J133vterSxCOlBZuAS/kr itClF+N199oeNkR2FF7b+3Wbq2buycLnPypc+VI64TCsK8498JtUqiEAMlNpHosn70kb aL5gLLOes6hQ/ybe/R76v6wMorXd5njbnPJy5G8ZW6Tx+7DghwQJJ4LjUe9FjYR4kXYl H1o6sV/UUvdZcW7KRB7p6XplZIQHIXnQrr6tRbY+PaYeUzKL5YGb72PmVm56AH5kHtgF Cl8aAp+i81M0DZLrcFT/nYbE+dyimieUEeMIgiREh6Yz1hSHQeteZA/EF0AryeWWLw/X N6wQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b19-v6si22819123pls.482.2018.05.24.19.41.21; Thu, 24 May 2018 19:41:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S971272AbeEXTuB (ORCPT + 99 others); Thu, 24 May 2018 15:50:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:57894 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S971121AbeEXTt5 (ORCPT ); Thu, 24 May 2018 15:49:57 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C85E736361D; Thu, 24 May 2018 19:49:57 +0000 (UTC) Received: from tstellar.remote.csb (ovpn-117-161.phx2.redhat.com [10.3.117.161]) by smtp.corp.redhat.com (Postfix) with ESMTP id 129E05D6B4; Thu, 24 May 2018 19:49:56 +0000 (UTC) Reply-To: tstellar@redhat.com Subject: Re: [clang] stack protector and f1f029c7bf To: hpa@zytor.com, Nick Desaulniers Cc: Alistair Strachan , Manoj Gupta , Matthias Kaehlcke , Greg Hackmann , sedat.dilek@gmail.com, LKML References: <57C635C3-716C-4FC3-90C7-E394AA7242BA@zytor.com> From: Tom Stellard Organization: Red Hat Message-ID: <195ec03a-0ccb-43f2-e455-c61b91aaf9eb@redhat.com> Date: Thu, 24 May 2018 12:49:56 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <57C635C3-716C-4FC3-90C7-E394AA7242BA@zytor.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 24 May 2018 19:49:57 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/24/2018 11:19 AM, hpa@zytor.com wrote: > On May 23, 2018 3:08:19 PM PDT, Nick Desaulniers wrote: >> H. Peter, >> >> It was reported [0] that compiling the Linux kernel with Clang + >> CC_STACKPROTECTOR_STRONG was causing a crash in native_save_fl(), due >> to >> how GCC does not emit a stack guard for static inline functions (see >> Alistair's excellent report in [1]) but Clang does. >> >> When working with the LLVM release maintainers, Tom had suggested [2] >> changing the inline assembly constraint in native_save_fl() from '=rm' >> to >> '=r', and Alistair had verified the disassembly: >> >> (good) code generated w/o -fstack-protector-strong: >> >> native_save_fl: >> pushfq >> popq -8(%rsp) >> movq -8(%rsp), %rax >> retq >> >> (good) code generated w/ =r input constraint: >> >> native_save_fl: >> pushfq >> popq %rax >> retq >> >> (bad) code generated with -fstack-protector-strong: >> >> native_save_fl: >> subq $24, %rsp >> movq %fs:40, %rax >> movq %rax, 16(%rsp) >> pushfq >> popq 8(%rsp) >> movq 8(%rsp), %rax >> movq %fs:40, %rcx >> cmpq 16(%rsp), %rcx >> jne .LBB0_2 >> addq $24, %rsp >> retq >> .LBB0_2: >> callq __stack_chk_fail >> >> It looks like the sugguestion is actually a revert of your commit: >> ab94fcf528d127fcb490175512a8910f37e5b346: >> x86: allow "=rm" in native_save_fl() >> >> It seemed like there was a question internally about why worry about >> pop >> adjusting the stack if the stack could be avoided altogether. >> >> I think Sedat can retest this, but I was curious as well about the >> commit >> message in ab94fcf528d: "[ Impact: performance ]", but Alistair's >> analysis >> of the disassembly seems to indicate there is no performance impact (in >> fact, looks better as there's one less mov). >> >> Is there a reason we should not revert ab94fcf528d12, or maybe a better >> approach? >> >> [0] https://lkml.org/lkml/2018/5/7/534 >> [1] https://bugs.llvm.org/show_bug.cgi?id=37512#c15 >> [2] https://bugs.llvm.org/show_bug.cgi?id=37512#c22 > > A stack canary on an *inlined* function? That's bound to break things elsewhere too sooner or later. > > It feels like *once again* clang is asking for the Linux kernel to change to paper over technical or compatibility problems in clang/LLVM. This is not exactly helping the feeling that we should just rip out any and all clang hacks and call it a loss. > In this case this fix is working-around a bug in the kernel. The problem here is that the caller of native_save_fl() assumes that it won't clobber any of the general purpose register even though the function is defined as a normal c function which tells the compiler that it's OK to clobber the registers. This is something that really needs to be fixed in the kernel. Relying on heuristics of internal compiler algorithms in order for code to work correctly is always going to lead to problems like this. -Tom