Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp3667470imm; Fri, 25 May 2018 09:28:19 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr9pOh6bbZ4eoKyS7eisZLTfLiv2515TaoCb/0kQbGzkcvnsaagMKsJ0R+ArrDrs2/c2IAC X-Received: by 2002:a17:902:b60b:: with SMTP id b11-v6mr3378748pls.330.1527265699707; Fri, 25 May 2018 09:28:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527265699; cv=none; d=google.com; s=arc-20160816; b=fObhoATtzpWUfIxi8c3Gydjyhntm1xAQWRgJbTNxhapfv2mf8/hpYEmM8x3WjLmudo rvUo3jV623ejPa9MPOOtsvmjEJUuNbDSbX1MKkdYMuVzgKwToD6oIkuR0VNf7BNBkiZ3 s7KQZUHLERkr5JOOjub0txxygp2hbim1e/IJvlhMTmqys2gVOPxd+h+/gkla4OX78vYy /fhqet+EhBLH7spFhUE0cBcz+u1U1Uwul+MYmPEstYT4WCMlYaBgLzsF6cBW40jcKVDy 7VMSaIu1FlECUcl3lmvIhQ2duOt6tkgK1B0CcP2va1Z89n12dH/GAmoy/XkOkm8Ibc1O n+3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=O1WEkKS5VPg3r7/KtszTAAtTdVxDizsDZb6qdT+OKrY=; b=jYLt9EPBnyvAxsEoHGXPUNBjkGwzBsSNuZLhF4KX8Y9NY6BVMb3bT3vfncxoYmVh4z ELTIJeg+d5mU21vi+zBUsFh3wc+M7sNkOao844u+i9JrHXFpssiIsPZFm/F5zJ1QkcU3 wykp4cYSqZEHUXv1xkzkujJX2heCk48UZ8EGXGE5uHdlFeKIM0pGCmY3RnNtflFbAaqt gKTV5O5jjdMV7W5wqu/c7ZdjKWjFO+7tRtUF3m3cidOICbK9VstQkW8EH46+UL+uaqpb W27kEVPvq4kfxZMgD4pC+4W3Kk2l3E10/ljLAHH5Ko8ngBPnvyHcHwF2bMwvZYNIbF8t 8EcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=DNGyeROM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i3-v6si23503488pld.189.2018.05.25.09.28.03; Fri, 25 May 2018 09:28:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=DNGyeROM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S967104AbeEYQ1z (ORCPT + 99 others); Fri, 25 May 2018 12:27:55 -0400 Received: from mail-pg0-f68.google.com ([74.125.83.68]:43573 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966873AbeEYQ1x (ORCPT ); Fri, 25 May 2018 12:27:53 -0400 Received: by mail-pg0-f68.google.com with SMTP id p8-v6so2503549pgq.10 for ; Fri, 25 May 2018 09:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=O1WEkKS5VPg3r7/KtszTAAtTdVxDizsDZb6qdT+OKrY=; b=DNGyeROMDqwmLiIbYqryEKYihtic4kKet1AMAWKxVNL0ipfV+0M9rPxaGtKAUO7w7S pT/OK7gd+NRj2G8VwGThxh9IycN+lqrPkNopouB3zUSYu+sFj3Eyo2tIa1gXfWvqBewp nBtFsHYKA9zN9MdqTTJbdGNxmi/GcHXn7Ifzc6Et/OC0auOxR96knR4iuapGfIySMqyS 9I7KkGLn+MjrzGDwP2M6046cvUmCI5wVYrl6h3fFKqVLZvgsDHqaX0KfrFt+qX9ZeSRn a73IHHzFp/64mAgUrsxQhasH2qbv5QXIusQhPTjINqfbNlPFI7BSGosu07ZlSprHMhlP RfHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=O1WEkKS5VPg3r7/KtszTAAtTdVxDizsDZb6qdT+OKrY=; b=ExQMm9UWkIyp+NnI6TZnsHgMIJpnRJwG2wLvn7rK5u0fg4zAP09hHxgkbh/DPWBmVJ iJjrYKmFoME0qQQylXzG0JvTkzSwSD5Y0t2czCdSZYh8kHF7JDUmMIDyIjhpH+n1knNd tougkAKmixV6YhAiTOKr0qT3uixcfTGisHFRVpf9gKs61yRRk7H2czIVwv7sz2hlHHKF WReY/5UI234oOFpCLMfVS6EztxHxR3S4fx5DkUEtp15FPCArQ45sEOkbFI2C0CBNa3P4 xxLR6+dkxNFJiTrkkEhXmFLnUe+gv/DXWfdIzeUpQOagWpy9WSGz/xoHF9r5iiqeYj56 X7VA== X-Gm-Message-State: ALKqPwdPaUIahClj6bQCiellteRXAnbYgcQYUbdxO/RJO2NsPYSCQm6K 0gFXqBi2WAIwvi7fH0zNT9MFzug/tOscG9qbFtpQ5A== X-Received: by 2002:a62:8d51:: with SMTP id z78-v6mr3253805pfd.69.1527265672692; Fri, 25 May 2018 09:27:52 -0700 (PDT) MIME-Version: 1.0 References: <26B017D5-4063-46CB-8768-B0E5E7CD3838@zytor.com> In-Reply-To: <26B017D5-4063-46CB-8768-B0E5E7CD3838@zytor.com> From: Nick Desaulniers Date: Fri, 25 May 2018 09:27:40 -0700 Message-ID: Subject: Re: [clang] stack protector and f1f029c7bf To: hpa@zytor.com Cc: Alistair Strachan , Manoj Gupta , Matthias Kaehlcke , Greg Hackmann , sedat.dilek@gmail.com, tstellar@redhat.com, LKML , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 24, 2018 at 3:43 PM wrote: > On May 24, 2018 3:31:05 PM PDT, Nick Desaulniers wrote: > >On Thu, May 24, 2018 at 3:05 PM H. Peter Anvin wrote: > >> COMPILER AR: "=rm" should NEVER generate worse code than "=r". That > >is > >> unequivocally a compiler bug. > > > >Filed: https://bugs.llvm.org/show_bug.cgi?id=37583 > > > >> >> You are claiming it doesn't buy us anything, but you are only > >looking > >at > >> > the paravirt case which is kind of "special" (in the short bus kind > >of > >way), > >> > > >> > That's fair. Is another possible solution to have paravirt maybe > >not > >use > >> > native_save_fl() then, but its own > >non-static-inline-without-m-constraint > >> > implementation? > > > >> KERNEL AR: change native_save_fl() to an extern inline with an > >assembly > >> out-of-line implementation, to satisfy the paravirt requirement that > >no > >> GPRs other than %rax are clobbered. > > > >i'm happy to add that, do you have a recommendation if it should go in > >an > >existing .S file or a new one (and if so where/what shall I call it?). > How about irqflags.c since that is what the .h file is called. > It should simply be: > push %rdi > popf > ret > pushf > pop %rax > ret > ... but with all the regular assembly decorations, of course. Something like the following? diff --git a/arch/x86/kernel/irqflags.c b/arch/x86/kernel/irqflags.c new file mode 100644 index 000000000000..59dc21bd3327 --- /dev/null +++ b/arch/x86/kernel/irqflags.c @@ -0,0 +1,24 @@ +#include + +extern unsigned long native_save_fl(void); +extern void native_restore_fl(unsigned long flags); + +asm( +".pushsection .text;" +".global native_save_fl;" +".type native_save_fl, @function;" +"native_save_fl:" +"pushf;" +"pop %" _ASM_AX ";" +"ret;" +".popsection"); + +asm( +".pushsection .text;" +".global native_restore_fl;" +".type native_restore_fl, @function;" +"native_restore_fl:" +"push %" _ASM_DI ";" +"popf;" +"ret;" +".popsection"); And change the declaration in arch/x86/include/asm/irqflags.h to: +extern inline unsigned long native_save_fl(void); +extern inline void native_restore_fl(unsigned long flags); This seems to work, but 1. arch/x86/boot/compressed/misc.o warns that native_save_fl() is never defined (arch_local_save_flags() uses it). Does that mean arch_local_save_flags(), and friends would also have to move to the newly created .c file as well? 2. `extern inline` doesn't inline any instances (from what I can tell from disassembling vmlinux). I think this is strictly worse. Don't we only want pv_irq_ops.save_fl to be non-inlined in a way that no stack protector can be added? If that's the case, should my assembly based implementation have a different identifier (`native_save_fl_paravirt` or something). That would also fix point #1 above. But now the paravirt code has its own copy of the function. -- Thanks, ~Nick Desaulniers