Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2949838imm;
        Thu, 24 May 2018 19:43:28 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZoxjbRL+j8wgsweX4GxVtkd0myaJ8uFbIEd7PKoQt88wOuO7zmISQv8Iczb9hYhIL+kTpCS
X-Received: by 2002:a63:b107:: with SMTP id r7-v6mr457285pgf.167.1527216208831;
        Thu, 24 May 2018 19:43:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527216208; cv=none;
        d=google.com; s=arc-20160816;
        b=F3TT42Y42Kp01a0qBJvF5AdgA7LCy1Nno/qu5Pazgyf97XCL8CJ4U6pGoU1gEJ9mVb
         y8k618cJFgKDzN3bTIHy7TbsqxZk7ufX2GczgIFc1Ckz5iYUZ39MZRU/RUdqXBPiYW23
         ynw7IEKYQErCqrmoj4kuQ5xVYk8TO5PWi3ceylz1sFOO8ynZnNge+hfzH/ZusR/hhYvD
         0Sz/iRfi6GLiJy09ZcRQOXd/IZ58L3UJg6/k2esln5rnQk/yMijy/ETUxx3iOsHr18Nn
         1KcU7rtIgGXiAuMOF8kX5/dGU4sYQVNRvoCM2fMZBecysv2LPvrxAstY4i9jC011YmvQ
         Vw+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature
         :arc-authentication-results;
        bh=/BzGcJKGFPwAbuN+jNG9eoy+0qjUpX55ffjCdM8xU6k=;
        b=jLwvEOmRQ5gXlecIbNZi3sFBKvpLYUnr8HagIscvjpE9O6p92mrUe3g8vjxd0pHR7r
         GCF1ZjBaAzm6fwPrcCOZDaH6LpVCYxFMLOZY7D5KPcPGd3SotisnJ2dxImb/6B6MCSSb
         h7jCukkoeno7PAXGPmh8rUMBlw9DjM+3OWO/iMT9nDZ7Rn2QIluiwl9b1sQ1c5ABrIdt
         JVuEaKNKHawRFB0H1cjsudDvhgnUAQX/tv+xKqAlV3yp2xM3XofHhcVu2fTQN+hEdDMU
         QRqMeMeCJHlevBQkiPerUOcavJOXK0Wf9G36kq4IswWVeH2u4/dYDr4DewEPvJeImCLa
         /nOg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=qbTBQdU+;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p1-v6si12173326plo.363.2018.05.24.19.43.14;
        Thu, 24 May 2018 19:43:28 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=qbTBQdU+;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S968931AbeEXU0a (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Thu, 24 May 2018 16:26:30 -0400
Received: from mail-pl0-f66.google.com ([209.85.160.66]:36505 "EHLO
        mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S967470AbeEXU00 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 May 2018 16:26:26 -0400
Received: by mail-pl0-f66.google.com with SMTP id v24-v6so1730346plo.3
        for <linux-kernel@vger.kernel.org>; Thu, 24 May 2018 13:26:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=/BzGcJKGFPwAbuN+jNG9eoy+0qjUpX55ffjCdM8xU6k=;
        b=qbTBQdU+jxy0ugiBvkU/5d4d7VIhpcx8uHveMWVnmJVWkVOcHsfgO6Guh39zAB0+uo
         446xOAq6riJtf8+WJbZWAFNGYIGG5paIidbR9dATpbY4N4wEeZSJiEid36e7reeafZ1X
         wtJaWub5W2y4D/ailgn1UHFbnuMp3t5K+bx3MxnEdbvE0ePG5/BPpF82DtobmPHs+99g
         GRrB4giawTBqFsC3LPV1nkuLouCM+Nv0LddHmmRP5qb4a/bsDYDcWL7f1LKvG62m4iWr
         e7ICGTz+JcqsHYWTo9D1MDxQ+r3e50urBz+BtqWksHS0gddZq8CggQfS8vpCmjzxpm8b
         068Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=/BzGcJKGFPwAbuN+jNG9eoy+0qjUpX55ffjCdM8xU6k=;
        b=cnlbOMSxcgMSF2wdTUI8sxXv5/VWu8VtLQJwRKhWgZBBtiudCpRr7GKsGBMCnxoMpo
         QL+D8zL2J28Ti97DnFxKtPBThwEPDiI9Uk8KclibHMfjp3VcsSuOiWD3RVSpqtu0b8rm
         bYGPSlWhUzvNnBtPRdjELFI+a/RQmApLeIe/qCPNL43PFnoIVqnMLOfb3NO6QpZyD6el
         TVaaD8doBTo8VYACvuQFdxyxUpnVveJYlkzG6aOLeGZ3Z9nx8kW6o9AqhJtPck364Z7h
         GJCFOxS/ePevaZ2Xtg4fNtTMXSTv10bG++eJUd8PakM3voVUR/0/Zzar28GaXvASlGOF
         dbQg==
X-Gm-Message-State: ALKqPwetMR4x9Fw/V+cDw6Nksl2ADfAIuI42taiwkRY/SSz7bh/7GO1e
        7haBuRKaXt21jprl3J40Ph0+ueWGlr98Z4jVJyv6hw==
X-Received: by 2002:a17:902:710f:: with SMTP id a15-v6mr9063927pll.171.1527193585467;
 Thu, 24 May 2018 13:26:25 -0700 (PDT)
MIME-Version: 1.0
References: <CAKwvOd=jmi_7LvZbS0PA5-zt62m5ZFPUNG7JtMQVmerCR63ebQ@mail.gmail.com>
 <BDEF22F0-84A5-4A36-B153-13E6A4260922@zytor.com>
In-Reply-To: <BDEF22F0-84A5-4A36-B153-13E6A4260922@zytor.com>
From:   Nick Desaulniers <ndesaulniers@google.com>
Date:   Thu, 24 May 2018 13:26:14 -0700
Message-ID: <CAKwvOdnLt5qr_5ah86qdsocTxUbo_3X1y3PPRp1EZwt=__NxnA@mail.gmail.com>
Subject: Re: [clang] stack protector and f1f029c7bf
To:     hpa@zytor.com
Cc:     Alistair Strachan <astrachan@google.com>,
        Manoj Gupta <manojgupta@google.com>,
        Matthias Kaehlcke <mka@google.com>,
        Greg Hackmann <ghackmann@google.com>, sedat.dilek@gmail.com,
        tstellar@redhat.com, LKML <linux-kernel@vger.kernel.org>,
        Kees Cook <keescook@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, May 24, 2018 at 11:59 AM <hpa@zytor.com> wrote:
> Ok, this is the *second* thing about LLVM-originated bug reports that
drives me batty. When you *do* identify a real problem, you propose a paper
over and/or talk about it as an LLVM issue and don't consider the often far
bigger picture.

Considering the bigger picture is why we have this thread going.  You have
much more context about the kernel than I or the llvm maintainers do.  We
can't consider the bigger picture until we ask.

> Issue 1: Fundamentally,

Fundamentally, the Linux kernel should not rely on GCC's heuristics for
adding or not adding a stack protector to functions with custom calling
conventions that are not marked in any way to let the compiler know.

Should GCC change their heuristic, deciding to insert stack guards for
non-inlined but marked static inline functions for
-fstack-protector-strong, or the kernel decide to use
-fstack-protector-all, the paravirt code will break in the same way.

> You are claiming it doesn't buy us anything, but you are only looking at
the paravirt case which is kind of "special" (in the short bus kind of way),

That's fair.  Is another possible solution to have paravirt maybe not use
native_save_fl() then, but its own non-static-inline-without-m-constraint
implementation?

> Issue 2: ... The other option is to turn stack canary explicitly off for
all such functions.

We're looking to add the compiler attribute no_stack_protector.  It's added
in mainline clang, the llvm bug cited earlier is about getting it
backported into clang-6.0.1 release.  Sedat has tested/verified a set of
patches to the kernel that use this new feature in:
https://marc.info/?l=linux-kernel&m=152697630812366&w=2

> Issue 3: Let's face it, reading and writing the flags should be builtins,
exactly because it has to do stack operations, which really means the
compiler should be involved.

I'm happy to propose that as a feature request to llvm+gcc.
-- 
Thanks,
~Nick Desaulniers