Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp3674202imm;
        Fri, 25 May 2018 09:34:51 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZrZ8AQgw7JqH9wLD6QZg2/Z+Lz5CQN8HkjpMXzDnBESHQUHCPZMJolmKnIoox0RGjl1BGEt
X-Received: by 2002:a17:902:a9c1:: with SMTP id b1-v6mr3377878plr.181.1527266091688;
        Fri, 25 May 2018 09:34:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527266091; cv=none;
        d=google.com; s=arc-20160816;
        b=mtl4eIg5LGVg5jIQlTShaoxt617c37Qhy0kErWdIJL8yzZuHdAd8Q0H4oDPVzeHWL6
         AUEmPLhiGQiKsp+ICAn/BvIWT1shoBs0n3mENvSSsrL3Led/CqTrbKEJaIPVO9DaigI6
         Y7AM/YdDYm68qonhbmZZpQzulVYj0Y5M6PliU1J7i+K4VZbJ7SqtHi/t0m/TfemXFlGz
         cl/IFY8lIl02OPfAsZ74QUI9uK5G06bfq+CFSrMSy09egbblwPn6NjttxSKFtiTqLTjx
         PCzS0Dc9rrZw4nt3ivwgpQFQlwaWg4JQ0a316u5p9L/tSVUViWarksiutc6uvl2CYo6y
         jfmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:from:cc:to:subject
         :content-transfer-encoding:mime-version:references:in-reply-to
         :user-agent:date:arc-authentication-results;
        bh=+75ClqqNi7Pjj9jz27qB2dpnDp6Y0g2q/DEyy7+H5U0=;
        b=urkwS6I97wgdiKHUGEZ+9NkQyr8QpEmRdCj1cy6De1VjS9udSo2kyNduOowZVjg7D8
         KX/nUTIN1CihoxhvgBkLRD/sp/zHhfsorxsyf9E5RzMKXM2q5pOR7MvFwy8tASSLsmdZ
         9rQfrjO18tC8DXQ23E09HiLhJ1gdMMKBA3yileWo+LHYWPzaBpJeajG/5gx7NFHfWGT7
         xQ7FweweBZnwNZWz+rraWR/xEnsvzEMhdGQxTSwYUmYklcP6scCLYiV21GVEovUaGRL4
         /CC/dfOUhMixZltleTNoxsy+5ds0yHCMvLdJGoign/LGxVvvtGyKeo/frBMUVu2/EaOH
         duBg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c3-v6si24203442pfn.245.2018.05.25.09.34.36;
        Fri, 25 May 2018 09:34:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S967209AbeEYQdL convert rfc822-to-8bit (ORCPT
        <rfc822;saikripd@gmail.com> + 99 others);
        Fri, 25 May 2018 12:33:11 -0400
Received: from terminus.zytor.com ([198.137.202.136]:59657 "EHLO
        mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S967031AbeEYQdK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 25 May 2018 12:33:10 -0400
Received: from wld62.hos.anvin.org (c-24-5-245-234.hsd1.ca.comcast.net [24.5.245.234] (may be forged))
        (authenticated bits=0)
        by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id w4PGX5HP1121812
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
        Fri, 25 May 2018 09:33:06 -0700
Date:   Fri, 25 May 2018 09:32:59 -0700
User-Agent: K-9 Mail for Android
In-Reply-To: <CAKwvOdk_4g5PsRUoLgOeWEwt+d0diyD_Ycx6s7LQsJrSMsBEuA@mail.gmail.com>
References: <CAKwvOd=jmi_7LvZbS0PA5-zt62m5ZFPUNG7JtMQVmerCR63ebQ@mail.gmail.com> <BDEF22F0-84A5-4A36-B153-13E6A4260922@zytor.com> <CAKwvOdnLt5qr_5ah86qdsocTxUbo_3X1y3PPRp1EZwt=__NxnA@mail.gmail.com> <dd1626ae-114f-3817-c8b2-f845e079bfc6@zytor.com> <CAKwvOdkEHqv7Ut8H6Rb+gSvfWsMHqO=E3f7yxm=06m9yEn=h6w@mail.gmail.com> <26B017D5-4063-46CB-8768-B0E5E7CD3838@zytor.com> <CAKwvOdk_4g5PsRUoLgOeWEwt+d0diyD_Ycx6s7LQsJrSMsBEuA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: 8BIT
Subject: Re: [clang] stack protector and f1f029c7bf
To:     Nick Desaulniers <ndesaulniers@google.com>
CC:     Alistair Strachan <astrachan@google.com>,
        Manoj Gupta <manojgupta@google.com>,
        Matthias Kaehlcke <mka@google.com>,
        Greg Hackmann <ghackmann@google.com>, sedat.dilek@gmail.com,
        tstellar@redhat.com, LKML <linux-kernel@vger.kernel.org>,
        Kees Cook <keescook@google.com>
From:   hpa@zytor.com
Message-ID: <319FB971-ABB6-4BE7-969B-D87D84853196@zytor.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On May 25, 2018 9:27:40 AM PDT, Nick Desaulniers <ndesaulniers@google.com> wrote:
>On Thu, May 24, 2018 at 3:43 PM <hpa@zytor.com> wrote:
>> On May 24, 2018 3:31:05 PM PDT, Nick Desaulniers
><ndesaulniers@google.com>
>wrote:
>> >On Thu, May 24, 2018 at 3:05 PM H. Peter Anvin <hpa@zytor.com>
>wrote:
>> >> COMPILER AR: "=rm" should NEVER generate worse code than "=r".
>That
>> >is
>> >> unequivocally a compiler bug.
>> >
>> >Filed: https://bugs.llvm.org/show_bug.cgi?id=37583
>> >
>> >> >> You are claiming it doesn't buy us anything, but you are only
>> >looking
>> >at
>> >> > the paravirt case which is kind of "special" (in the short bus
>kind
>> >of
>> >way),
>> >> >
>> >> > That's fair.  Is another possible solution to have paravirt
>maybe
>> >not
>> >use
>> >> > native_save_fl() then, but its own
>> >non-static-inline-without-m-constraint
>> >> > implementation?
>> >
>> >> KERNEL AR: change native_save_fl() to an extern inline with an
>> >assembly
>> >> out-of-line implementation, to satisfy the paravirt requirement
>that
>> >no
>> >> GPRs other than %rax are clobbered.
>> >
>> >i'm happy to add that, do you have a recommendation if it should go
>in
>> >an
>> >existing .S file or a new one (and if so where/what shall I call
>it?).
>
>> How about irqflags.c since that is what the .h file is called.
>
>> It should simply be:
>
>> push %rdi
>> popf
>> ret
>
>> pushf
>> pop %rax
>> ret
>
>> ... but with all the regular assembly decorations, of course.
>
>Something like the following?
>
>
>diff --git a/arch/x86/kernel/irqflags.c b/arch/x86/kernel/irqflags.c
>new file mode 100644
>index 000000000000..59dc21bd3327
>--- /dev/null
>+++ b/arch/x86/kernel/irqflags.c
>@@ -0,0 +1,24 @@
>+#include <asm/asm.h>
>+
>+extern unsigned long native_save_fl(void);
>+extern void native_restore_fl(unsigned long flags);
>+
>+asm(
>+".pushsection .text;"
>+".global native_save_fl;"
>+".type native_save_fl, @function;"
>+"native_save_fl:"
>+"pushf;"
>+"pop %" _ASM_AX ";"
>+"ret;"
>+".popsection");
>+
>+asm(
>+".pushsection .text;"
>+".global native_restore_fl;"
>+".type native_restore_fl, @function;"
>+"native_restore_fl:"
>+"push %" _ASM_DI ";"
>+"popf;"
>+"ret;"
>+".popsection");
>
>And change the declaration in arch/x86/include/asm/irqflags.h to:
>+extern inline unsigned long native_save_fl(void);
>+extern inline void native_restore_fl(unsigned long flags);
>
>This seems to work, but
>1. arch/x86/boot/compressed/misc.o warns that native_save_fl() is never
>defined (arch_local_save_flags() uses it).  Does that mean
>arch_local_save_flags(), and friends would also have to move to the
>newly
>created .c file as well?
>2. `extern inline` doesn't inline any instances (from what I can tell
>from
>disassembling vmlinux).  I think this is strictly worse. Don't we only
>want
>pv_irq_ops.save_fl to be non-inlined in a way that no stack protector
>can
>be added? If that's the case, should my assembly based implementation
>have
>a different identifier (`native_save_fl_paravirt` or something). That
>would
>also fix point #1 above. But now the paravirt code has its own copy of
>the
>function.

Sorry, I meant irqflags.S.

It still should be available as as inline, however, but now "extern inline".
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.