Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3549327pxb; Mon, 4 Apr 2022 20:54:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7lneDOHFRVV1hTvAY2ZQVLCaeuNDg5FZDYp/AAVGE3VabilO3qPzyL6YDWbFqfvH4aITE X-Received: by 2002:a63:5145:0:b0:381:4051:1f5a with SMTP id r5-20020a635145000000b0038140511f5amr1240350pgl.300.1649130848902; Mon, 04 Apr 2022 20:54:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649130848; cv=none; d=google.com; s=arc-20160816; b=poUhRTWGQ5frQGrs5klcfjsdblLt12FXzgsnGGdz5a2SOJnjThaGtrg/CoRSzEdeke 9omsMxkh+LjXPWeYPb+tYvL3HC5PFzVmWmUU877SvR1rS8W9B5WJPmsF4CldWqsjrxM6 0U5e2IolF35bMyNSF55kprCCPfa7+hfv7QXSMaex72wMlC87V+CN40HfPV+XMsIXh+M+ CQauzgJ/1HT04xG3PyyIPRPZVOG7z/Z7rtvvid/j9G+s0OoV8syckPCdQ2MEykwNigaN UQSopuZClJLpgk2jV7toiLuKZMY+VO8AqMdH+ykwzUrqsTI5WSl1ZFss5RaGcIdkrTqp qMhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=RzCNHATVinMYtEKVMMIDubor35Dt80OzooLQrltUApM=; b=hiCWXl7zzOjL9ZANaojX/rOYlD/AC7XB3l5BnlWoOT/du86GYZgUuuyNAta3vtDdsO KwReIu7yJl6fbVqz/kgGJQ8uv13iDLWzi07CV+bL/2jRVJUokaGaJUzqcou8z4qDoke2 Vid0FljIVIPl6tBZe0Nur6ollytsZVAVqGQizXqTnIm9bb6eD3i2MSNApIp1moCf3jvx nFuNatr0jH9DGocJD4pOXoC6IpJXFc61oZsUE4YV1VTqPbC0Z6XtmR8dZnemLCvL4d71 9FGZZR++Q4XdGC6UjGaTxiT9x+rhoEbdIo28P0+FSrKXhiJPQhREuN6zOl/UI3ADL+hE 4Scg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=N9TdufpW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id ck6-20020a17090afe0600b001c7a0e0d825si997176pjb.91.2022.04.04.20.54.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 20:54:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=N9TdufpW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 561A634B9F; Mon, 4 Apr 2022 20:07:46 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231417AbiDEDJh (ORCPT + 99 others); Mon, 4 Apr 2022 23:09:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231425AbiDEDJ0 (ORCPT ); Mon, 4 Apr 2022 23:09:26 -0400 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A639119EC43 for ; Mon, 4 Apr 2022 19:53:06 -0700 (PDT) Received: by mail-pj1-x102b.google.com with SMTP id g15-20020a17090adb0f00b001caa9a230c7so1168934pjv.5 for ; Mon, 04 Apr 2022 19:53:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=RzCNHATVinMYtEKVMMIDubor35Dt80OzooLQrltUApM=; b=N9TdufpWDVKbp38k8iCOC/2EFCcd30wxtzwCUb1TTzlkaZsDEt8KaHMZszH4iOb2jD OR2cD1+XafBXpJ5pq6VC+wNGWQKqqHRjkN+XPqOXB/RLxr+DW7Yv/M06mMn8R/O7wVO3 kFjNq2hpO9C8vosv9I9ffSM+ZDtvuR+bVaKYs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=RzCNHATVinMYtEKVMMIDubor35Dt80OzooLQrltUApM=; b=2FmqDsjvIqUWms8m0hiB2PcY6dQWTxHEHe9jw6lnkVEqT2+KoMFcrjhbZ62mOg3R13 79NmxaffGQZyq/KBAGTjckJ9WpnhRLvCei5gfofIE3kGKXbYvcHnbNplsJz6wjuNSUUW /57pLlrFmGAuzz1gvfHL3Ppvq0sTbCFv8eLEZNYH/HrtQxoF7U0XkoZra348YigmuvUf aa4XElz3t8C33Y8RNteXIgGx/h5Hcw/C8dBdqoQZ50MNwLzznksTvCE+BhKvGbtnEZch zHKAO6ZhTBlq0YYTR8GNLk+rDb2FklrZOx7Cnb5BFio2tx8s0K3SrA5ERktdGGm+KaAL OZpQ== X-Gm-Message-State: AOAM533mW5L9nKhXAzIC0XVdDpqvuRPzAvPmZKunHUCiWkvy2/5d2huL PCKw3arq8FGYIaut5vzUaCiv+A== X-Received: by 2002:a17:902:c401:b0:154:3b8a:5e6e with SMTP id k1-20020a170902c40100b001543b8a5e6emr1238570plk.18.1649127186112; Mon, 04 Apr 2022 19:53:06 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id w129-20020a628287000000b004fdc453b49asm13683585pfd.39.2022.04.04.19.53.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 19:53:05 -0700 (PDT) Date: Mon, 4 Apr 2022 19:53:05 -0700 From: Kees Cook To: Nathan Chancellor Cc: Sami Tolvanen , Masahiro Yamada , Catalin Marinas , Mark Rutland , Nick Desaulniers , Will Deacon , linux-arm-kernel , Linux Kernel Mailing List , llvm@lists.linux.dev Subject: Re: [PATCH 1/3] kbuild: Change CFI_CLANG to depend on __builtin_function_start Message-ID: <202204041950.B13AD5CB@keescook> References: <20220401201916.1487500-1-samitolvanen@google.com> <20220401201916.1487500-2-samitolvanen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 04, 2022 at 03:52:11PM -0700, Nathan Chancellor wrote: > On Mon, Apr 04, 2022 at 12:40:46PM -0700, Sami Tolvanen wrote: > > On Sat, Apr 2, 2022 at 6:32 AM Masahiro Yamada wrote: > > > > > > On Sat, Apr 2, 2022 at 5:19 AM Sami Tolvanen wrote: > > > > > > > > Clang 14 added support for the __builtin_function_start() > > > > built-in function, which allows us to implement function_nocfi() > > > > without architecture-specific inline assembly. This patch changes > > > > CONFIG_CFI_CLANG to depend on the built-in and effectively upgrades > > > > the minimum supported compiler version for CFI to Clang 14. > > > > > > From this description, I think the straight-forward change would be: > > > > > > depends on CLANG_VERSION >= 120000 > > > --> > > > depends on CLANG_VERSION >= 140000 > > > > > > Any reason to avoid this? > > > > I thought testing for the compiler feature was preferred, but I can > > certainly just increase the minimum version number here too. > > I think we have been somewhat inconsistent with feature versus version > checking. It might be nice to hash out when a feature check should be > done instead of a version one. > > Generally, I think we tend to prefer version checks, as they are > "cheaper" since we do not have to call the compiler again because we > already cached the version code. When adding version checks, our policy > has always been use the upstream version of LLVM that the feature in > question shipped in, even if it is a top of tree version, as people who > are using prereleased versions of LLVM should be frequently updating > them. > > Unfortunately, that does not always match reality. For example, > Android's LLVM tracks the main branch but they are almost always behind > by a few months. For example, the latest release is 14.0.4, based on a > version of LLVM from January 28th: > > https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+/ab73cd180863dbd17fdb8f20e39b33ab38030cf9/clang-r450784b/clang_source_info.md > https://github.com/llvm/llvm-project/commits/282c83c32384cb2f37030c28650fef4150a8b67c > > Normally, I would say "who cares?" but Android's LLVM is used by the > Android kernel team both downstream and upstream, so I would argue it is > important to take that into account when deciding to do a feature check > versus a version check. In other words, by moving to a version check, > will we knowingly break a version of clang that is relatively widely > used? > > In this case, 14.0.4 has __builtin_function_start(), so I think it is > okay to use a version check instead of a feature one. Thanks for checking the details on that. Yeah, I think it's fine to go with a version check here. Sami, can you send a v2, and I can take it via the hardening for -next? (Unless the ARM folks _really_ want it for -rc2 -- this is kind of a fix, but it's also kind of not.) -- Kees Cook