Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2949838imm; Thu, 24 May 2018 19:43:28 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoxjbRL+j8wgsweX4GxVtkd0myaJ8uFbIEd7PKoQt88wOuO7zmISQv8Iczb9hYhIL+kTpCS X-Received: by 2002:a63:b107:: with SMTP id r7-v6mr457285pgf.167.1527216208831; Thu, 24 May 2018 19:43:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527216208; cv=none; d=google.com; s=arc-20160816; b=F3TT42Y42Kp01a0qBJvF5AdgA7LCy1Nno/qu5Pazgyf97XCL8CJ4U6pGoU1gEJ9mVb y8k618cJFgKDzN3bTIHy7TbsqxZk7ufX2GczgIFc1Ckz5iYUZ39MZRU/RUdqXBPiYW23 ynw7IEKYQErCqrmoj4kuQ5xVYk8TO5PWi3ceylz1sFOO8ynZnNge+hfzH/ZusR/hhYvD 0Sz/iRfi6GLiJy09ZcRQOXd/IZ58L3UJg6/k2esln5rnQk/yMijy/ETUxx3iOsHr18Nn 1KcU7rtIgGXiAuMOF8kX5/dGU4sYQVNRvoCM2fMZBecysv2LPvrxAstY4i9jC011YmvQ Vw+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=/BzGcJKGFPwAbuN+jNG9eoy+0qjUpX55ffjCdM8xU6k=; b=jLwvEOmRQ5gXlecIbNZi3sFBKvpLYUnr8HagIscvjpE9O6p92mrUe3g8vjxd0pHR7r GCF1ZjBaAzm6fwPrcCOZDaH6LpVCYxFMLOZY7D5KPcPGd3SotisnJ2dxImb/6B6MCSSb h7jCukkoeno7PAXGPmh8rUMBlw9DjM+3OWO/iMT9nDZ7Rn2QIluiwl9b1sQ1c5ABrIdt JVuEaKNKHawRFB0H1cjsudDvhgnUAQX/tv+xKqAlV3yp2xM3XofHhcVu2fTQN+hEdDMU QRqMeMeCJHlevBQkiPerUOcavJOXK0Wf9G36kq4IswWVeH2u4/dYDr4DewEPvJeImCLa /nOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qbTBQdU+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p1-v6si12173326plo.363.2018.05.24.19.43.14; Thu, 24 May 2018 19:43:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qbTBQdU+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S968931AbeEXU0a (ORCPT + 99 others); Thu, 24 May 2018 16:26:30 -0400 Received: from mail-pl0-f66.google.com ([209.85.160.66]:36505 "EHLO mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S967470AbeEXU00 (ORCPT ); Thu, 24 May 2018 16:26:26 -0400 Received: by mail-pl0-f66.google.com with SMTP id v24-v6so1730346plo.3 for ; Thu, 24 May 2018 13:26:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/BzGcJKGFPwAbuN+jNG9eoy+0qjUpX55ffjCdM8xU6k=; b=qbTBQdU+jxy0ugiBvkU/5d4d7VIhpcx8uHveMWVnmJVWkVOcHsfgO6Guh39zAB0+uo 446xOAq6riJtf8+WJbZWAFNGYIGG5paIidbR9dATpbY4N4wEeZSJiEid36e7reeafZ1X wtJaWub5W2y4D/ailgn1UHFbnuMp3t5K+bx3MxnEdbvE0ePG5/BPpF82DtobmPHs+99g GRrB4giawTBqFsC3LPV1nkuLouCM+Nv0LddHmmRP5qb4a/bsDYDcWL7f1LKvG62m4iWr e7ICGTz+JcqsHYWTo9D1MDxQ+r3e50urBz+BtqWksHS0gddZq8CggQfS8vpCmjzxpm8b 068Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/BzGcJKGFPwAbuN+jNG9eoy+0qjUpX55ffjCdM8xU6k=; b=cnlbOMSxcgMSF2wdTUI8sxXv5/VWu8VtLQJwRKhWgZBBtiudCpRr7GKsGBMCnxoMpo QL+D8zL2J28Ti97DnFxKtPBThwEPDiI9Uk8KclibHMfjp3VcsSuOiWD3RVSpqtu0b8rm bYGPSlWhUzvNnBtPRdjELFI+a/RQmApLeIe/qCPNL43PFnoIVqnMLOfb3NO6QpZyD6el TVaaD8doBTo8VYACvuQFdxyxUpnVveJYlkzG6aOLeGZ3Z9nx8kW6o9AqhJtPck364Z7h GJCFOxS/ePevaZ2Xtg4fNtTMXSTv10bG++eJUd8PakM3voVUR/0/Zzar28GaXvASlGOF dbQg== X-Gm-Message-State: ALKqPwetMR4x9Fw/V+cDw6Nksl2ADfAIuI42taiwkRY/SSz7bh/7GO1e 7haBuRKaXt21jprl3J40Ph0+ueWGlr98Z4jVJyv6hw== X-Received: by 2002:a17:902:710f:: with SMTP id a15-v6mr9063927pll.171.1527193585467; Thu, 24 May 2018 13:26:25 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Nick Desaulniers Date: Thu, 24 May 2018 13:26:14 -0700 Message-ID: Subject: Re: [clang] stack protector and f1f029c7bf To: hpa@zytor.com Cc: Alistair Strachan , Manoj Gupta , Matthias Kaehlcke , Greg Hackmann , sedat.dilek@gmail.com, tstellar@redhat.com, LKML , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 24, 2018 at 11:59 AM wrote: > Ok, this is the *second* thing about LLVM-originated bug reports that drives me batty. When you *do* identify a real problem, you propose a paper over and/or talk about it as an LLVM issue and don't consider the often far bigger picture. Considering the bigger picture is why we have this thread going. You have much more context about the kernel than I or the llvm maintainers do. We can't consider the bigger picture until we ask. > Issue 1: Fundamentally, Fundamentally, the Linux kernel should not rely on GCC's heuristics for adding or not adding a stack protector to functions with custom calling conventions that are not marked in any way to let the compiler know. Should GCC change their heuristic, deciding to insert stack guards for non-inlined but marked static inline functions for -fstack-protector-strong, or the kernel decide to use -fstack-protector-all, the paravirt code will break in the same way. > You are claiming it doesn't buy us anything, but you are only looking at the paravirt case which is kind of "special" (in the short bus kind of way), That's fair. Is another possible solution to have paravirt maybe not use native_save_fl() then, but its own non-static-inline-without-m-constraint implementation? > Issue 2: ... The other option is to turn stack canary explicitly off for all such functions. We're looking to add the compiler attribute no_stack_protector. It's added in mainline clang, the llvm bug cited earlier is about getting it backported into clang-6.0.1 release. Sedat has tested/verified a set of patches to the kernel that use this new feature in: https://marc.info/?l=linux-kernel&m=152697630812366&w=2 > Issue 3: Let's face it, reading and writing the flags should be builtins, exactly because it has to do stack operations, which really means the compiler should be involved. I'm happy to propose that as a feature request to llvm+gcc. -- Thanks, ~Nick Desaulniers