Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp35821lqa;
        Fri, 26 Apr 2024 13:28:13 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXVHW5F+f23M3SEqBSoqYEIWACvTzP7gDrEG1p0OFNB4SGu+AtTF35Uq0Usti70EHLcVge/up5c2PcUf+CjC7n1XvqtJ72Y6yKuGZ6UjA==
X-Google-Smtp-Source: AGHT+IGlyxr77RthFOs2q9QFz0TS5RV0sQ4Rp1bcIcMtBlav0bZo6bN8/okCkAmgWpICI4czBAI0
X-Received: by 2002:a05:6358:a087:b0:18e:7b94:9323 with SMTP id u7-20020a056358a08700b0018e7b949323mr532724rwn.14.1714163293300;
        Fri, 26 Apr 2024 13:28:13 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1714163293; cv=pass;
        d=google.com; s=arc-20160816;
        b=MWxOqcZlazT5/EVZt4o4F33JxSPOfF+8nXXsQwgS0xtEITnTy0sM/wS6llBaBwPt4h
         uwwzvKkzA0HYiBezLWC2gDmYOJ9Qv17ecUL1V0pBujeol91fo1mtNX0qVMbTqiy86Q27
         P+C2bn9iQ1NYYMX4wQ8F6tncnYyXzzgqyMHM5S9s/XU7vZL4lYawiZAFSfUv2JAqgWVD
         onCfxyVV8T+zDOxv6/YVfnhgAJGIEHys6oRUCt0OdZ9Sl+OtRwWN2xb1vCDgM5FJjweu
         Lv6aZCneWbbliszqi380nRZQU9KkdkVjj5tD1kijbnxiLH068nDQW4t8VdgOn7mSD1za
         g8nA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=z0HjfgQeMYeniizrlmmHEmgJt7Z1IePAUwGcoRhvByo=;
        fh=9y8Zc6yXqg9AvIHoRrmuBoGSyNXz5Se+5Fe1cfXJ59s=;
        b=Yw3KDcbZkj1x7NS8EHkTY8P8dwpAxndgrv/SdX3JlAuTV/cAUY7SBwInIhSonm69UZ
         fbAW5j52pKRlZZ08BBEWbVy6XeaOKK+HgUxpOQSx8WXy1dZh6gCdCW2qWrz166sHnmoy
         T4odw3t1ZogK8EDRbxd1IKVojEai7pB4YPYexpGItXlEfyIUhYBXg7sRWRkHNbea+hiI
         uVeEM8IyPnkA28ZlI+koBskDL9yEaYG/Bb5oMkERKDZdKvXhmr+o9cSTV8OFq0IOfCY3
         bQRUWIps/hvmY0TU4KrXhqJdsqEm61xv2KexTaEh4c+eQGGQ6T3KtqsF0aias9W7csUd
         Zikw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=FErdlgSN;
       arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-160669-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-160669-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-160669-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id o1-20020ac87c41000000b0043a11044e90si8051493qtv.710.2024.04.26.13.28.13
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 26 Apr 2024 13:28:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-160669-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=FErdlgSN;
       arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-160669-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-160669-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id EE82D1C21D41
	for <linux.lists.archive@gmail.com>; Fri, 26 Apr 2024 20:28:12 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id E0D7823772;
	Fri, 26 Apr 2024 20:28:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FErdlgSN"
Received: from mail-io1-f45.google.com (mail-io1-f45.google.com [209.85.166.45])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 905702263E
	for <linux-kernel@vger.kernel.org>; Fri, 26 Apr 2024 20:28:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.45
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1714163288; cv=none; b=VFdSxmfvvB4202NSMUdaV5nvDFs9hkaC9vtRS/aj3kVUUJSanZVG3awGAJeADTsqKV8sVYVkgJrHFikCZuxN+l24IBcIgxDdNSICbU+3f9dWyuCI93nloL/Yr6hmOV+BDBQj83F4FLxe1kv7SESFvX5WV/6Yq6HJ8r914jO77j4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1714163288; c=relaxed/simple;
	bh=TtoJasaeQGgnALP0rtQ0ZwOtOqDfU1tZPTxkeDPjRHM=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=HCz6RAJM2soRf2R0WaW4jS/Z0E+ALdCxDrZG5Bgn6aI73bpDS6LFEnooOPOrcC5P9TO5V9qWDa2Fh+U1NXsPxS3lsh5ObeM6g0Zzs5xARoxBKGqCw5fEI/iNTBj9bnOcXN8K2nE2GDM+msJz3VoBphy7t/36Abwu/qhndAJtW3I=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FErdlgSN; arc=none smtp.client-ip=209.85.166.45
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com
Received: by mail-io1-f45.google.com with SMTP id ca18e2360f4ac-7dbc33bdf08so108688939f.1
        for <linux-kernel@vger.kernel.org>; Fri, 26 Apr 2024 13:28:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1714163285; x=1714768085; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=z0HjfgQeMYeniizrlmmHEmgJt7Z1IePAUwGcoRhvByo=;
        b=FErdlgSNO+GLA3SvFOE3zjd01Zk7xrenh8RXkYSsAk2PmPl0pcadsASxDvy9mbJTCK
         CS+O9fcZh/bqMFn37X+YS5Ctu5d59G38behd+aN1qs/AJqFbgwJHFL/DRolLFVBje3zI
         pHvZ9mcWPk3Y6d74NHD3y3HpHFRkhshIOi9An7lP9T/j8mfS7Nu32JxY+44luzknGkuc
         vgqfYm8YO8poN8t59+NZwuC9DPN36S6Qri8kz/TS4FVgPyaWw6Z61YH3O4XcfBsOejtm
         +W4HPUzcP6JSzY7c/N7xbu+MRefFdMKNqYhwYP61EMQZf2XdQWRd3YPws5aQRxFs1Npi
         VdiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1714163285; x=1714768085;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=z0HjfgQeMYeniizrlmmHEmgJt7Z1IePAUwGcoRhvByo=;
        b=TDJvAT0R+SFv3pEnN6NzDogtTavmS3YL9W4Sg6TY5jVT9fgD/Gg1CaXXWqTtUWX6JJ
         hOlraYL7z7vE0Vv9hIlkH514o8ww2d2zkEtpFZ+J5pz6l6c3bmas0OVv88RG2uV0+q4O
         rxIvdhnUgJ/1qIIJ27S9duAxoN3bOXKhEiwdXk+H5yBsJQNFnA/YHRCvHHwOBq7LU5yZ
         gj4c6IudylxJQ41+DAu3UgLuaQXyyd3tStoDJh0C6LT6Ikkjje3vFbtufseEpI3Mjgaa
         4TDCI+78NjrgYmCdBS6vdrrkQ4XYCoTgglbR02wd3ld1e02P5/kIBh+dqUSfuCebxerD
         ESaQ==
X-Forwarded-Encrypted: i=1; AJvYcCWWqZqY+aVP7LsUaadbxvi9gjkkVAv9QzaZ37fyKwcNOu2GWqUeb7rNKnarIp/I1mUcD2u6tHD5Bbvrgr452uqKsq6TSx3g8yJReM6o
X-Gm-Message-State: AOJu0YzUMILuxTGeCS7C+Uqkjy5pYBFsjzZCjycOBcIfJVYMkn054+/i
	ByIfU3mxgZEl3L0Em/Euq5nQFiWLJ3VttsgSbmq+6ffse9pd4n/3SLSZ5lGbtw==
X-Received: by 2002:a05:6e02:13a9:b0:368:80ff:9bc4 with SMTP id h9-20020a056e0213a900b0036880ff9bc4mr1236703ilo.1.1714163285655;
        Fri, 26 Apr 2024 13:28:05 -0700 (PDT)
Received: from google.com (195.121.66.34.bc.googleusercontent.com. [34.66.121.195])
        by smtp.gmail.com with ESMTPSA id x17-20020a920611000000b0036c28ba3ecesm1089777ilg.85.2024.04.26.13.28.05
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 26 Apr 2024 13:28:05 -0700 (PDT)
Date: Fri, 26 Apr 2024 20:28:01 +0000
From: Justin Stitt <justinstitt@google.com>
To: Kees Cook <keescook@chromium.org>
Cc: Marco Elver <elver@google.com>, Erhard Furtner <erhard_f@mailbox.org>, 
	Andrey Konovalov <andreyknvl@gmail.com>, Andrey Ryabinin <ryabinin.a.a@gmail.com>, 
	Nathan Chancellor <nathan@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, 
	Bill Wendling <morbo@google.com>, llvm@lists.linux.dev, kasan-dev@googlegroups.com, 
	linux-hardening@vger.kernel.org, Andrew Morton <akpm@linux-foundation.org>, 
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] ubsan: Avoid i386 UBSAN handler crashes with Clang
Message-ID: <kxzozn56f7xknswj4xmss5agncpy7t7apke665swpcvrijt4uw@35rfqgyuyp5v>
References: <20240424224026.it.216-kees@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240424224026.it.216-kees@kernel.org>

Hi,

On Wed, Apr 24, 2024 at 03:40:29PM -0700, Kees Cook wrote:
> When generating Runtime Calls, Clang doesn't respect the -mregparm=3
> option used on i386. Hopefully this will be fixed correctly in Clang 19:
> https://github.com/llvm/llvm-project/pull/89707
> but we need to fix this for earlier Clang versions today. Force the
> calling convention to use non-register arguments.
> 
> Reported-by: Erhard Furtner <erhard_f@mailbox.org>
> Closes: https://github.com/KSPP/linux/issues/350
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> Cc: Marco Elver <elver@google.com>
> Cc: Andrey Konovalov <andreyknvl@gmail.com>
> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
> Cc: Nathan Chancellor <nathan@kernel.org>
> Cc: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Bill Wendling <morbo@google.com>
> Cc: Justin Stitt <justinstitt@google.com>
> Cc: llvm@lists.linux.dev
> Cc: kasan-dev@googlegroups.com
> Cc: linux-hardening@vger.kernel.org
>  v2:
>    - use email address in Reported-by
>    - link to upstream llvm bug in ubsan.h comment
>    - drop needless /**/
>    - explicitly test Clang version
>  v1: https://lore.kernel.org/lkml/20240424162942.work.341-kees@kernel.org/
> ---
>  lib/ubsan.h | 41 +++++++++++++++++++++++++++--------------
>  1 file changed, 27 insertions(+), 14 deletions(-)
> 
> diff --git a/lib/ubsan.h b/lib/ubsan.h
> index 50ef50811b7c..07e37d4429b4 100644
> --- a/lib/ubsan.h
> +++ b/lib/ubsan.h
> @@ -124,19 +124,32 @@ typedef s64 s_max;
>  typedef u64 u_max;
>  #endif
>  
> -void __ubsan_handle_add_overflow(void *data, void *lhs, void *rhs);
> -void __ubsan_handle_sub_overflow(void *data, void *lhs, void *rhs);
> -void __ubsan_handle_mul_overflow(void *data, void *lhs, void *rhs);
> -void __ubsan_handle_negate_overflow(void *_data, void *old_val);
> -void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs);
> -void __ubsan_handle_type_mismatch(struct type_mismatch_data *data, void *ptr);
> -void __ubsan_handle_type_mismatch_v1(void *_data, void *ptr);
> -void __ubsan_handle_out_of_bounds(void *_data, void *index);
> -void __ubsan_handle_shift_out_of_bounds(void *_data, void *lhs, void *rhs);
> -void __ubsan_handle_builtin_unreachable(void *_data);
> -void __ubsan_handle_load_invalid_value(void *_data, void *val);
> -void __ubsan_handle_alignment_assumption(void *_data, unsigned long ptr,
> -					 unsigned long align,
> -					 unsigned long offset);
> +/*
> + * When generating Runtime Calls, Clang doesn't respect the -mregparm=3
> + * option used on i386: https://github.com/llvm/llvm-project/issues/89670
> + * Fix this for earlier Clang versions by forcing the calling convention
> + * to use non-register arguments.
> + */
> +#if defined(CONFIG_X86_32) && \
> +    defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 190000
> +# define ubsan_linkage asmlinkage

Clever.

Acked-by: Justin Stitt <justinstitt@google.com>

> +#else
> +# define ubsan_linkage
> +#endif
> +
> +void ubsan_linkage __ubsan_handle_add_overflow(void *data, void *lhs, void *rhs);
> +void ubsan_linkage __ubsan_handle_sub_overflow(void *data, void *lhs, void *rhs);
> +void ubsan_linkage __ubsan_handle_mul_overflow(void *data, void *lhs, void *rhs);
> +void ubsan_linkage __ubsan_handle_negate_overflow(void *_data, void *old_val);
> +void ubsan_linkage __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs);
> +void ubsan_linkage __ubsan_handle_type_mismatch(struct type_mismatch_data *data, void *ptr);
> +void ubsan_linkage __ubsan_handle_type_mismatch_v1(void *_data, void *ptr);
> +void ubsan_linkage __ubsan_handle_out_of_bounds(void *_data, void *index);
> +void ubsan_linkage __ubsan_handle_shift_out_of_bounds(void *_data, void *lhs, void *rhs);
> +void ubsan_linkage __ubsan_handle_builtin_unreachable(void *_data);
> +void ubsan_linkage __ubsan_handle_load_invalid_value(void *_data, void *val);
> +void ubsan_linkage __ubsan_handle_alignment_assumption(void *_data, unsigned long ptr,
> +						       unsigned long align,
> +						       unsigned long offset);
>  
>  #endif
> -- 
> 2.34.1
> 

Thanks
Justin