* [PATCH] arm64/bti: Disable in kernel BTI when cross section thunks are broken
@ 2022-09-02 12:47 Mark Brown
2022-09-05 13:52 ` Will Deacon
0 siblings, 1 reply; 3+ messages in thread
From: Mark Brown @ 2022-09-02 12:47 UTC (permalink / raw)
To: D Scott Phillips, Catalin Marinas, Will Deacon
Cc: linux-arm-kernel, Mark Rutland, Mark Brown
GCC does not insert a `bti c` instruction at the beginning of a function
when it believes that all callers reach the function through a direct
branch[1]. Unfortunately the logic it uses to determine this is not
sufficiently robust, for example not taking account of functions being
placed in different sections which may be loaded separately, so we may
still see thunks being generated to these functions. If that happens,
the first instruction in the callee function will result in a Branch
Target Exception due to the missing landing pad.
While this has currently only been observed in the case of modules
having their main code loaded sufficiently far from their init section
to require thunks it could potentially happen for other cases so the
safest thing is to disable BTI for the kernel when building with an
affected toolchain.
[1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
Reported-by: D Scott Phillips <scott@os.amperecomputing.com>
[Bits of the commit message are lifted from his report & workaround]
Signed-off-by: Mark Brown <broonie@kernel.org>
---
I'm sending this as an alternative to Scott's workaround in:
https://lore.kernel.org/r/20220902001551.2349544-1-scott@os.amperecomputing.com
in case people aren't comfortable with that, given the GCC bug it seems
likely that it is possible to generate some other case where there might
be issues.
arch/arm64/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 9fb9fff08c94..863b807681ce 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1885,8 +1885,8 @@ config ARM64_BTI_KERNEL
depends on ARM64_BTI
depends on ARM64_PTR_AUTH_KERNEL
depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
- depends on !CC_IS_GCC || GCC_VERSION >= 100100
+ # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
+ depends on !CC_IS_GCC
# https://github.com/llvm/llvm-project/commit/a88c722e687e6780dcd6a58718350dc76fcc4cc9
depends on !CC_IS_CLANG || CLANG_VERSION >= 120000
depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
--
2.30.2
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] arm64/bti: Disable in kernel BTI when cross section thunks are broken
2022-09-02 12:47 [PATCH] arm64/bti: Disable in kernel BTI when cross section thunks are broken Mark Brown
@ 2022-09-05 13:52 ` Will Deacon
2022-09-05 13:56 ` Mark Brown
0 siblings, 1 reply; 3+ messages in thread
From: Will Deacon @ 2022-09-05 13:52 UTC (permalink / raw)
To: Mark Brown
Cc: D Scott Phillips, Catalin Marinas, linux-arm-kernel, Mark Rutland
On Fri, Sep 02, 2022 at 01:47:24PM +0100, Mark Brown wrote:
> GCC does not insert a `bti c` instruction at the beginning of a function
> when it believes that all callers reach the function through a direct
> branch[1]. Unfortunately the logic it uses to determine this is not
> sufficiently robust, for example not taking account of functions being
> placed in different sections which may be loaded separately, so we may
> still see thunks being generated to these functions. If that happens,
> the first instruction in the callee function will result in a Branch
> Target Exception due to the missing landing pad.
>
> While this has currently only been observed in the case of modules
> having their main code loaded sufficiently far from their init section
> to require thunks it could potentially happen for other cases so the
> safest thing is to disable BTI for the kernel when building with an
> affected toolchain.
>
> [1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
>
> Reported-by: D Scott Phillips <scott@os.amperecomputing.com>
> [Bits of the commit message are lifted from his report & workaround]
> Signed-off-by: Mark Brown <broonie@kernel.org>
> ---
>
> I'm sending this as an alternative to Scott's workaround in:
>
> https://lore.kernel.org/r/20220902001551.2349544-1-scott@os.amperecomputing.com
>
> in case people aren't comfortable with that, given the GCC bug it seems
> likely that it is possible to generate some other case where there might
> be issues.
Thanks; I much prefer this simple fix for now, especially as the GCC bug
doesn't seem to have concluded. Just one comment:
> arch/arm64/Kconfig | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 9fb9fff08c94..863b807681ce 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1885,8 +1885,8 @@ config ARM64_BTI_KERNEL
> depends on ARM64_BTI
> depends on ARM64_PTR_AUTH_KERNEL
> depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI
> - # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
> - depends on !CC_IS_GCC || GCC_VERSION >= 100100
Can we keep this dependency too, please? Hopefully we'll be able to add
a 'GCC_VERSION >= nnnnnn' for this new issue, and then I think it's helpful
to call out the issues separately so people don't think they can cherry-pick
just one of the compiler fixes and it will work.
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] arm64/bti: Disable in kernel BTI when cross section thunks are broken
2022-09-05 13:52 ` Will Deacon
@ 2022-09-05 13:56 ` Mark Brown
0 siblings, 0 replies; 3+ messages in thread
From: Mark Brown @ 2022-09-05 13:56 UTC (permalink / raw)
To: Will Deacon
Cc: D Scott Phillips, Catalin Marinas, linux-arm-kernel, Mark Rutland
[-- Attachment #1.1: Type: text/plain, Size: 647 bytes --]
On Mon, Sep 05, 2022 at 02:52:49PM +0100, Will Deacon wrote:
> On Fri, Sep 02, 2022 at 01:47:24PM +0100, Mark Brown wrote:
> > - # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
> > - depends on !CC_IS_GCC || GCC_VERSION >= 100100
> Can we keep this dependency too, please? Hopefully we'll be able to add
> a 'GCC_VERSION >= nnnnnn' for this new issue, and then I think it's helpful
> to call out the issues separately so people don't think they can cherry-pick
> just one of the compiler fixes and it will work.
We can do, though note that there were some other issues before the one
highlighted here so there'll still be some risk there.
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-05 16:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-02 12:47 [PATCH] arm64/bti: Disable in kernel BTI when cross section thunks are broken Mark Brown
2022-09-05 13:52 ` Will Deacon
2022-09-05 13:56 ` Mark Brown
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).