Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp221686pxx; Thu, 29 Oct 2020 00:27:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdO5Rsie2hw+a5ct06ELVPFnQhz9F4eP/27uuPadb9vto7ZGTQm1tukIx45k25F6+/sR6N X-Received: by 2002:a17:906:1310:: with SMTP id w16mr1907576ejb.467.1603956449558; Thu, 29 Oct 2020 00:27:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603956449; cv=none; d=google.com; s=arc-20160816; b=s6Eh8sKKVG9ZXVuWDP0UeZe7XcvK30mkpeQ2Z2IuaLKiup3GKjSA3jhyM4tup/fGqf fux0Vbi40e9wmOYBcePeRx0ecYAo8DcXuCU8RZ6q+sT0AJqscfbVO+pI762n+5KFt2p9 aZREEGE9ZVTDX/DgEa3I3kWzLibvpcL7cWFzmKtUsOLsdIdYeFo/7pGESvSwglkXLNpl yHMOgwJQU0mhKrIvIzfUwIitvOoBLeuUDS/rjTABcNgz9CV3n5fyUSeg6Q/lpoClcDio pnz+g4r05luGC8MgXz9z5YWC7wTddHxeFxybAYx8PJgVDIkTJjM9eMIepab95NkPVfSq Aa9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=3bgap0cBrY2hNv1egG4aLZinS+4X3ok6oJBstdQTCUE=; b=1HdCZnJDIIPIA8tt5vvy1Bo/K8RBUG+3gDT3WJ8NShtXvy6J0u4yVeOdHPdj5wbwIb C/oKqCOUXld+gJXFLn7lBPDaaeFpgebcD/vJJOW6fLU5hWiN28c9RjF1/cmwsyFBfIvq ggBry/SGQuk4X3dHXyytg2wf7LRwJnJhfWwpU5WFahkYkSXrk3PsmYzNcB0XE+nYLtYU qGGZ8yZC1HEZTJGUpn0nJfvqZmVBbCY311z0spNBB/bU+dom2QK+y9MOoSBnhsV6iAzL agq4ZwcWfmvHt7U9X//Psek2s7STTOxpwxhUV7iPBMzuwDtJwm0Y3dt0jcUKwTBTUBlO b17g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HuXd6ATO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id df6si1394227edb.540.2020.10.29.00.27.07; Thu, 29 Oct 2020 00:27:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HuXd6ATO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731828AbgJ1WSC (ORCPT + 99 others); Wed, 28 Oct 2020 18:18:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:60528 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731648AbgJ1WRj (ORCPT ); Wed, 28 Oct 2020 18:17:39 -0400 Received: from e123331-lin.nice.arm.com (lfbn-nic-1-188-42.w2-15.abo.wanadoo.fr [2.15.37.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5B40C24197; Wed, 28 Oct 2020 08:04:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1603872289; bh=S7JrzMswvUuPbRJxoo3zOS2sxFdQoBIPq4Twumglvts=; h=From:To:Cc:Subject:Date:From; b=HuXd6ATOL21iYpp7E1zoCqcZ3Jsl7qJKRb5xkP9hPT+XULusufkUPutCimgXy7Uxp Opo3Od96ZmT5pYJHsMpP+U3yiOGW+qT7SHBYrOhWwh/Hy4FSVX62DZnm+1G4maeTRS qFv5XO+l7Nnb98kyAry85wC3hQuKALM7pLIijb5Q= From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org, Ard Biesheuvel , Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , Nick Desaulniers , Arvind Sankar , Randy Dunlap , Josh Poimboeuf , Thomas Gleixner , Alexei Starovoitov , Daniel Borkmann , Peter Zijlstra , Geert Uytterhoeven , Kees Cook Subject: [PATCH] powerpc: avoid broken GCC __attribute__((optimize)) Date: Wed, 28 Oct 2020 09:04:33 +0100 Message-Id: <20201028080433.26799-1-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit 7053f80d9696 ("powerpc/64: Prevent stack protection in early boot") introduced a couple of uses of __attribute__((optimize)) with function scope, to disable the stack protector in some early boot code. Unfortunately, and this is documented in the GCC man pages [0], overriding function attributes for optimization is broken, and is only supported for debug scenarios, not for production: the problem appears to be that setting GCC -f flags using this method will cause it to forget about some or all other optimization settings that have been applied. So the only safe way to disable the stack protector is to disable it for the entire source file. [0] https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Nick Desaulniers Cc: Arvind Sankar Cc: Randy Dunlap Cc: Josh Poimboeuf Cc: Thomas Gleixner Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Peter Zijlstra (Intel) Cc: Geert Uytterhoeven Cc: Kees Cook Fixes: 7053f80d9696 ("powerpc/64: Prevent stack protection in early boot") Signed-off-by: Ard Biesheuvel --- Related discussion here: https://lore.kernel.org/lkml/CAMuHMdUg0WJHEcq6to0-eODpXPOywLot6UD2=GFHpzoj_hCoBQ@mail.gmail.com/ TL;DR using __attribute__((optimize("-fno-gcse"))) in the BPF interpreter causes the compiler to forget about -fno-asynchronous-unwind-tables passed on the command line, resulting in unexpected .eh_frame sections in vmlinux. arch/powerpc/kernel/Makefile | 3 +++ arch/powerpc/kernel/paca.c | 2 +- arch/powerpc/kernel/setup.h | 6 ------ arch/powerpc/kernel/setup_64.c | 2 +- 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index bf0bf1b900d2..fe2ef598e2ea 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -173,6 +173,9 @@ KCOV_INSTRUMENT_cputable.o := n KCOV_INSTRUMENT_setup_64.o := n KCOV_INSTRUMENT_paca.o := n +CFLAGS_setup_64.o += -fno-stack-protector +CFLAGS_paca.o += -fno-stack-protector + extra-$(CONFIG_PPC_FPU) += fpu.o extra-$(CONFIG_ALTIVEC) += vector.o extra-$(CONFIG_PPC64) += entry_64.o diff --git a/arch/powerpc/kernel/paca.c b/arch/powerpc/kernel/paca.c index 0ad15768d762..fe70834d7283 100644 --- a/arch/powerpc/kernel/paca.c +++ b/arch/powerpc/kernel/paca.c @@ -208,7 +208,7 @@ static struct rtas_args * __init new_rtas_args(int cpu, unsigned long limit) struct paca_struct **paca_ptrs __read_mostly; EXPORT_SYMBOL(paca_ptrs); -void __init __nostackprotector initialise_paca(struct paca_struct *new_paca, int cpu) +void __init initialise_paca(struct paca_struct *new_paca, int cpu) { #ifdef CONFIG_PPC_PSERIES new_paca->lppaca_ptr = NULL; diff --git a/arch/powerpc/kernel/setup.h b/arch/powerpc/kernel/setup.h index 2ec835574cc9..2dd0d9cb5a20 100644 --- a/arch/powerpc/kernel/setup.h +++ b/arch/powerpc/kernel/setup.h @@ -8,12 +8,6 @@ #ifndef __ARCH_POWERPC_KERNEL_SETUP_H #define __ARCH_POWERPC_KERNEL_SETUP_H -#ifdef CONFIG_CC_IS_CLANG -#define __nostackprotector -#else -#define __nostackprotector __attribute__((__optimize__("no-stack-protector"))) -#endif - void initialize_cache_info(void); void irqstack_early_init(void); diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index bb9cab3641d7..da447a62ea1e 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -283,7 +283,7 @@ void __init record_spr_defaults(void) * device-tree is not accessible via normal means at this point. */ -void __init __nostackprotector early_setup(unsigned long dt_ptr) +void __init early_setup(unsigned long dt_ptr) { static __initdata struct paca_struct boot_paca; -- 2.17.1