From: Borislav Petkov <bp@suse.de>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
Arvind Sankar <nivedita@alum.mit.edu>,
Kalle Valo <kvalo@codeaurora.org>,
linux-wireless <linux-wireless@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Kees Cook <keescook@chromium.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: gcc-10: kernel stack is corrupted and fails to boot
Date: Thu, 14 May 2020 01:36:16 +0200 [thread overview]
Message-ID: <20200513233616.GD6733@zn.tnic> (raw)
In-Reply-To: <CAHk-=wgybuOF+Jp2XYWqM7Xn1CW6szWQw_FgVoFh5jx_4YoCVw@mail.gmail.com>
On Wed, May 13, 2020 at 04:13:53PM -0700, Linus Torvalds wrote:
> The check itself doesn't seem worth it. If your worry is that an empty
> asm() can be optimized away, then don't use an empty asm!
gcc guys said we should use that since the first attempt using
__attribute__((optimize("-fno-stack-protector")))
didn't work because, well, that attribute turned out to be "not suitable in
production code". :)
Full thread here:
https://lore.kernel.org/lkml/20200314164451.346497-1-slyfox@gentoo.org/
> In other words, the only reason for that check seems to be a worry
> that simply isn't worth having.
Yes, that was me asking for a way to check whether any future gccs would
violate that. But if they'd do that, they would break a lot of code
depending on it.
> In fact, I think the check is wrong anyway, since the main thing I can
> see that would do a tailcall despite the empty asm is link-time
> optimizations that that check doesn't even check for!
>
> So everything I see there just screams "the check is bogus" to me. The
> check doesn't work, and if it were to work it only means that the
> prevent_tail_call_optimization() thing is too fragile.
So I did test it trivially by removing the asm("") and then it would
tailcall optimize. But we didn't think about LTO so hm, that would
probably break it.
> Just put a full memory barrier in there, with an actual "mfence"
> instruction or whatever, so that you know that the check is pointless,
> and so that you know that a link-time optimizer can't turn the
> call+return into a tailcall.
Right, the intention here was to have it arch-agnostic in
include/linux/compiler.h because powerpc might need it too soon:
arch/powerpc/kernel/smp.c:1296: boot_init_stack_canary();
Looking at them, they do have an mb() too so how about this then
instead?
#define prevent_tail_call_optimization() mb()
Thx.
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 36809, AG Nürnberg
next prev parent reply other threads:[~2020-05-13 23:36 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-09 12:06 [PATCH net-next 1/2] ath10k: fix gcc-10 zero-length-bounds warnings Arnd Bergmann
2020-05-09 12:06 ` Arnd Bergmann
2020-05-09 12:06 ` [PATCH net-next 2/2] ath10k: fix ath10k_pci struct layout Arnd Bergmann
2020-05-09 12:06 ` Arnd Bergmann
2020-05-11 12:05 ` Kalle Valo
2020-05-11 12:05 ` Kalle Valo
2020-05-11 12:17 ` Kalle Valo
2020-05-11 12:17 ` Kalle Valo
2020-05-11 12:39 ` Arnd Bergmann
2020-05-11 12:39 ` Arnd Bergmann
2020-05-13 6:50 ` gcc-10: kernel stack is corrupted and fails to boot Kalle Valo
2020-05-13 8:49 ` Arnd Bergmann
2020-05-13 12:45 ` Kalle Valo
2020-05-13 13:45 ` Arnd Bergmann
2020-05-13 15:31 ` Kalle Valo
2020-05-13 16:00 ` Arnd Bergmann
2020-05-13 16:07 ` David Laight
2020-05-14 9:13 ` Harald Arnesen
2020-05-13 15:48 ` Arvind Sankar
2020-05-13 21:28 ` Arnd Bergmann
2020-05-13 21:41 ` Borislav Petkov
2020-05-13 21:49 ` Arnd Bergmann
2020-05-13 22:20 ` Borislav Petkov
2020-05-13 22:51 ` Arvind Sankar
2020-05-13 23:13 ` Linus Torvalds
2020-05-13 23:36 ` Borislav Petkov [this message]
2020-05-14 0:11 ` Linus Torvalds
2020-05-14 0:51 ` Nick Desaulniers
2020-05-14 2:20 ` Linus Torvalds
2020-05-14 3:50 ` Andy Lutomirski
[not found] ` <CAHk-=wgiGxRgJGS-zyer1C_x2MQUVo6iZn0=aJyuFTqJWk-mpA@mail.gmail.com>
2020-05-14 5:22 ` Arvind Sankar
2020-05-14 8:40 ` Arnd Bergmann
2020-05-14 13:27 ` [PATCH] x86: Fix early boot crash on gcc-10, third try Borislav Petkov
2020-05-14 14:45 ` Kalle Valo
2020-05-14 15:50 ` gcc-10: kernel stack is corrupted and fails to boot Arvind Sankar
2020-05-14 8:11 ` David Laight
2020-05-13 23:07 ` Linus Torvalds
2020-05-09 15:48 ` [PATCH net-next 1/2] ath10k: fix gcc-10 zero-length-bounds warnings Gustavo A. R. Silva
2020-05-09 15:48 ` Gustavo A. R. Silva
2020-05-11 12:02 ` Kalle Valo
2020-05-11 12:02 ` Kalle Valo
2020-05-11 12:46 ` Arnd Bergmann
2020-05-11 12:46 ` Arnd Bergmann
2020-05-11 13:09 ` Kalle Valo
2020-05-11 13:09 ` Kalle Valo
2020-05-11 13:47 ` Arnd Bergmann
2020-05-11 13:47 ` Arnd Bergmann
2020-05-12 7:33 ` Kalle Valo
2020-05-12 7:33 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200513233616.GD6733@zn.tnic \
--to=bp@suse.de \
--cc=arnd@arndb.de \
--cc=keescook@chromium.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=ndesaulniers@google.com \
--cc=nivedita@alum.mit.edu \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.