[PATCH v2] arm64/bti: Disable in kernel BTI when cross section thunks are broken

[PATCH v2] arm64/bti: Disable in kernel BTI when cross section thunks are broken

[Mark Brown]

GCC does not insert a `bti c` instruction at the beginning of a function
when it believes that all callers reach the function through a direct
branch[1]. Unfortunately the logic it uses to determine this is not
sufficiently robust, for example not taking account of functions being
placed in different sections which may be loaded separately, so we may
still see thunks being generated to these functions. If that happens,
the first instruction in the callee function will result in a Branch
Target Exception due to the missing landing pad.

While this has currently only been observed in the case of modules
having their main code loaded sufficiently far from their init section
to require thunks it could potentially happen for other cases so the
safest thing is to disable BTI for the kernel when building with an
affected toolchain.

[1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671

Reported-by: D Scott Phillips <scott@os.amperecomputing.com>
[Bits of the commit message are lifted from his report & workaround]
Signed-off-by: Mark Brown <broonie@kernel.org>
---

v2:
 - Leave the check for the older GCC bug in place for documentation
   purposes.

 arch/arm64/Kconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 9fb9fff08c94..1ce7685ad5de 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1887,6 +1887,8 @@ config ARM64_BTI_KERNEL
 	depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI
 	# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
 	depends on !CC_IS_GCC || GCC_VERSION >= 100100
+	# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
+	depends on !CC_IS_GCC
 	# https://github.com/llvm/llvm-project/commit/a88c722e687e6780dcd6a58718350dc76fcc4cc9
 	depends on !CC_IS_CLANG || CLANG_VERSION >= 120000
 	depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
-- 
2.30.2


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH v2] arm64/bti: Disable in kernel BTI when cross section thunks are broken

[Will Deacon]

On Mon, 5 Sep 2022 15:22:55 +0100, Mark Brown wrote:
> GCC does not insert a `bti c` instruction at the beginning of a function
> when it believes that all callers reach the function through a direct
> branch[1]. Unfortunately the logic it uses to determine this is not
> sufficiently robust, for example not taking account of functions being
> placed in different sections which may be loaded separately, so we may
> still see thunks being generated to these functions. If that happens,
> the first instruction in the callee function will result in a Branch
> Target Exception due to the missing landing pad.
> 
> [...]

Applied to arm64 (for-next/fixes), thanks!

[1/1] arm64/bti: Disable in kernel BTI when cross section thunks are broken
      https://git.kernel.org/arm64/c/c0a454b9044f

Cheers,
-- 
Will

https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel