Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2600156pxb;
        Sun, 17 Oct 2021 20:08:24 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyzkYsKG4iawUx3FoVIBN2cpAXJC0qF+f/ss/shM58Z0VSuZl4r3LTWfKg98zQtPOFjNKQ7
X-Received: by 2002:a62:31c5:0:b0:447:cd37:61f8 with SMTP id x188-20020a6231c5000000b00447cd3761f8mr26282370pfx.29.1634526504311;
        Sun, 17 Oct 2021 20:08:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1634526504; cv=none;
        d=google.com; s=arc-20160816;
        b=K1VmFuTrIHFd66sD/WXIwV9/y/BPtxvvjZ0mOkG11ZoQsVs4OiYOjAE8YHLJ0g/hg3
         7G7TD1FiGWIaUU1VYDX4ndxc9ZsT1YRCWb8+21MXvZT63MTaFpR4vqSZqKM4KIoZvatj
         ROKR6kM5gpCVseoudNa3taE52oGJ1b55eCW0Pihs9FUYa2Ii+2EnW+y/dg1dpAD0eav4
         AhZaDnUi/NM1AhCsVrlQJsULtCe9oKBxmNIf2AqbsrKGxXcPwImj9wz/tSxjiILNnUnd
         b08NjRw5MbCp6MnwDf10e/XmYtIiPsJAaMBHd3LHI1yZqaLb3JJM8u3VnLBZT3xQsl/L
         3klg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=7NPVmhIdHeITzzx11iC6Jr7f+CjnNuOv+gW0FQmNnXc=;
        b=E4jiN/eCHMIBQ1IgaCE3Ynnvm8r5k2Ws1yHg1TYktdfzP79Bo9RIKIc2g4NSJ/gwCj
         SxkCRHFZwyJpqSwzYLEvlklSICFB/c6vKCNzWkmxZ8/7ynymjO+E3gUKRtho1Ua9CFld
         gn9pa59TmFzFA0t9ERzXT3WSxMvQLE28TSqqP4+1UzeLx6ERVCsaQyWIl6F0toXQ3Yp5
         dz9uyPrQAHBaq5gVx4wiK/E9G+L3C6sd/v0gBEYgXvQPUFGyN2XhYjRHMAbsiwN4IM08
         ENON7PLC3N3eD9HN0YPcx75YxY/pHdTTb8d1db2tSWKm1STW21apyq3A+Ym0UiUyFJe5
         K8BQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id j6si15040425pgg.211.2021.10.17.20.08.12;
        Sun, 17 Oct 2021 20:08:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238713AbhJOVyR (ORCPT <rfc822;loic.yhuel@gmail.com> + 99 others);
        Fri, 15 Oct 2021 17:54:17 -0400
Received: from out30-54.freemail.mail.aliyun.com ([115.124.30.54]:60782 "EHLO
        out30-54.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S229921AbhJOVyR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 15 Oct 2021 17:54:17 -0400
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R201e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04395;MF=ashimida@linux.alibaba.com;NM=1;PH=DS;RN=28;SR=0;TI=SMTPD_---0UsFO8L2_1634334723;
Received: from ashimida.local(mailfrom:ashimida@linux.alibaba.com fp:SMTPD_---0UsFO8L2_1634334723)
          by smtp.aliyun-inc.com(127.0.0.1);
          Sat, 16 Oct 2021 05:52:05 +0800
Subject: Re: [PATCH] [PATCH V4]ARM64: SCS: Add gcc plugin to support Shadow
 Call Stack
To:     Nick Desaulniers <ndesaulniers@google.com>
Cc:     masahiroy@kernel.org, michal.lkml@markovi.net,
        catalin.marinas@arm.com, will@kernel.org, keescook@chromium.org,
        nathan@kernel.org, tglx@linutronix.de, akpm@linux-foundation.org,
        samitolvanen@google.com, frederic@kernel.org, rppt@kernel.org,
        mark.rutland@arm.com, yifeifz2@illinois.edu, rostedt@goodmis.org,
        viresh.kumar@linaro.org, andreyknvl@gmail.com,
        colin.king@canonical.com, ojeda@kernel.org,
        luc.vanoostenryck@gmail.com, elver@google.com,
        nivedita@alum.mit.edu, ardb@kernel.org,
        linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org,
        linux-hardening@vger.kernel.org, clang-built-linux@googlegroups.com
References: <1634167668-60198-1-git-send-email-ashimida@linux.alibaba.com>
 <CAKwvOdkv70XDdK-k3n4ycFQsz+h7V-sTiH8RuxxaLofp-okweQ@mail.gmail.com>
 <722d9662-e27c-2efb-e8cf-d505b6950475@linux.alibaba.com>
 <CAKwvOdnMvBP-1=YbXTpYOgWqCBy44tUvWdtMXp8p485bYnPYNQ@mail.gmail.com>
From:   Dan Li <ashimida@linux.alibaba.com>
Message-ID: <d1873b11-2aa2-d08c-921c-0a28c4edd33f@linux.alibaba.com>
Date:   Sat, 16 Oct 2021 05:52:03 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:68.0)
 Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <CAKwvOdnMvBP-1=YbXTpYOgWqCBy44tUvWdtMXp8p485bYnPYNQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 10/16/21 3:13 AM, Nick Desaulniers wrote:
> On Fri, Oct 15, 2021 at 11:29 AM Dan Li <ashimida@linux.alibaba.com> wrote:
>>
>>
>>
>> On 10/15/21 2:44 AM, Nick Desaulniers wrote:
>>>    On Wed, Oct 13, 2021 at 4:28 PM Dan Li <ashimida@linux.alibaba.com> wrote:
>>>> --- a/include/linux/compiler-gcc.h
>>>> +++ b/include/linux/compiler-gcc.h
>>>> @@ -50,6 +50,10 @@
>>>>    #define __latent_entropy __attribute__((latent_entropy))
>>>>    #endif
>>>>
>>>> +#if defined(SHADOW_CALL_STACK_PLUGIN) && !defined(__CHECKER__)
>>>> +#define __noscs __attribute__((no_shadow_call_stack))
>>>> +#endif
>>>
>>> Cool this is a nice addition, and something I don't think that clang
>>> has.  For any new feature, having a function attribute to disable it
>>> at the function granularity is nice, and plays better with LTO than -f
>>> group flags.  Though that begs the question: what happens if a __noscs
>>> callee is inlined into a non-__noscs caller, or vice versa?
>> Thanks Nick,
>>
>> According to my understanding, all inline optimizations in gcc should
>> happen before inserting scs insns (scs and paciasp/autiasp use the
>> same insertion point). Therefore, the check for the __noscs attribute
>> will also occur after all inlining is completed.
>>
>> As in the following example:
>> - Since __noscs attribute is specified, scs_test1 does not insert scs insns
>> - Since normal functions scs_test2/3 uses x30, it needs to insert scs insns
>> - Since __noscs attribute is specified, scs_test4 after inlining does not
>> need to insert scs insns
>>
>> __always_inline __noscs void scs_test1(void)
>> {
>>       asm volatile("mov x1, x1\n\t":::"x30");
>> }
>>
>> //scs insns inserted after function inline
>> void scs_test2(void)
>> {
>>       scs_test1();
>> }
> 
> That may be surprising to developers.  Perhaps __always_inline on
> scs_test1 is distracting this test case, but I suspect it may not make
> a difference.  This particular issue comes up time and again with
> stack protectors; ie. the callee is marked no stack protector, then
> gets inlined into a caller and suddenly gets a stack protector.
>
Yes.

I haven’t noticed this issue. I just took a quick look at the stack
canary code, and found that the instructions are generated in the
RTL stage like scs/pac (AST => GIMPLE => RTL => asm output), and
the inlining should have been completed before this.

Generally, instructions that are sensitive to assembly order can
only be inserted during RTL, otherwise their order is difficult to
guarantee. I think this may be the reason why the similar problem
always appears.