* Re: [PATCH] ARM: stackprotector: prefer compiler for TLS based per-task protector [not found] <20211021142516.1843042-1-ardb@kernel.org> @ 2022-01-25 18:50 ` Nathan Chancellor 2022-01-25 18:55 ` Ard Biesheuvel 0 siblings, 1 reply; 3+ messages in thread From: Nathan Chancellor @ 2022-01-25 18:50 UTC (permalink / raw) To: Ard Biesheuvel, Kees Cook; +Cc: linux-arm-kernel, Nick Desaulniers, llvm On Thu, Oct 21, 2021 at 04:25:16PM +0200, Ard Biesheuvel wrote: > Currently, we implement the per-task stack protector for ARM using a GCC > plugin, due to lack of native compiler support. However, work is > underway to get this implemented in the compiler, which means we will be > able to deprecate the GCC plugin at some point. > > In the meantime, we will need to support both, where the native compiler > implementation is obviously preferred. So let's wire this up in Kconfig > and the Makefile. > > Cc: Kees Cook <keescook@chromium.org> > Cc: Nick Desaulniers <ndesaulniers@google.com> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> I see this patch in the KSPP tree as commit 151bbc8be85e ("ARM: stackprotector: prefer compiler for TLS based per-task protector"), which breaks booting aspeed_g5_defconfig in QEMU with clang-14. It seems like this patch depends on Ard's patch "ARM: decompressor: disable stack protector" [1]; applying that on top of next-20220125 allows me to boot again. This patch is still queued up in Russell's devel-stable branch as commit f05eb1d24eb5 ("ARM: stackprotector: prefer compiler for TLS based per-task protector") so perhaps this patch should be dropped from the KSPP tree? I assume once Ard's recent fixes series [2] is applied to devel-stable, it will be added back to for-next? [1]: https://lore.kernel.org/r/20220124174744.1054712-9-ardb@kernel.org/ [2]: https://lore.kernel.org/r/20220125091453.1475246-1-ardb@kernel.org/ Cheers, Nathan ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ARM: stackprotector: prefer compiler for TLS based per-task protector 2022-01-25 18:50 ` [PATCH] ARM: stackprotector: prefer compiler for TLS based per-task protector Nathan Chancellor @ 2022-01-25 18:55 ` Ard Biesheuvel 2022-01-25 20:58 ` Kees Cook 0 siblings, 1 reply; 3+ messages in thread From: Ard Biesheuvel @ 2022-01-25 18:55 UTC (permalink / raw) To: Nathan Chancellor; +Cc: Kees Cook, Linux ARM, Nick Desaulniers, llvm On Tue, 25 Jan 2022 at 19:50, Nathan Chancellor <nathan@kernel.org> wrote: > > On Thu, Oct 21, 2021 at 04:25:16PM +0200, Ard Biesheuvel wrote: > > Currently, we implement the per-task stack protector for ARM using a GCC > > plugin, due to lack of native compiler support. However, work is > > underway to get this implemented in the compiler, which means we will be > > able to deprecate the GCC plugin at some point. > > > > In the meantime, we will need to support both, where the native compiler > > implementation is obviously preferred. So let's wire this up in Kconfig > > and the Makefile. > > > > Cc: Kees Cook <keescook@chromium.org> > > Cc: Nick Desaulniers <ndesaulniers@google.com> > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > > I see this patch in the KSPP tree as commit 151bbc8be85e ("ARM: > stackprotector: prefer compiler for TLS based per-task protector"), > which breaks booting aspeed_g5_defconfig in QEMU with clang-14. It seems > like this patch depends on Ard's patch "ARM: decompressor: disable stack > protector" [1]; applying that on top of next-20220125 allows me to boot > again. > > This patch is still queued up in Russell's devel-stable branch as > commit f05eb1d24eb5 ("ARM: stackprotector: prefer compiler for TLS based > per-task protector") so perhaps this patch should be dropped from the > KSPP tree? I assume once Ard's recent fixes series [2] is applied to > devel-stable, it will be added back to for-next? > > [1]: https://lore.kernel.org/r/20220124174744.1054712-9-ardb@kernel.org/ > [2]: https://lore.kernel.org/r/20220125091453.1475246-1-ardb@kernel.org/ > Yeah. better drop it from KSPP. The problem is that the compiler version of the per-task stackprotector feature does not get disabled when building the decompressor, which means it ends up dereferencing bogus TLS register values. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ARM: stackprotector: prefer compiler for TLS based per-task protector 2022-01-25 18:55 ` Ard Biesheuvel @ 2022-01-25 20:58 ` Kees Cook 0 siblings, 0 replies; 3+ messages in thread From: Kees Cook @ 2022-01-25 20:58 UTC (permalink / raw) To: Ard Biesheuvel; +Cc: Nathan Chancellor, Linux ARM, Nick Desaulniers, llvm On Tue, Jan 25, 2022 at 07:55:37PM +0100, Ard Biesheuvel wrote: > On Tue, 25 Jan 2022 at 19:50, Nathan Chancellor <nathan@kernel.org> wrote: > > > > On Thu, Oct 21, 2021 at 04:25:16PM +0200, Ard Biesheuvel wrote: > > > Currently, we implement the per-task stack protector for ARM using a GCC > > > plugin, due to lack of native compiler support. However, work is > > > underway to get this implemented in the compiler, which means we will be > > > able to deprecate the GCC plugin at some point. > > > > > > In the meantime, we will need to support both, where the native compiler > > > implementation is obviously preferred. So let's wire this up in Kconfig > > > and the Makefile. > > > > > > Cc: Kees Cook <keescook@chromium.org> > > > Cc: Nick Desaulniers <ndesaulniers@google.com> > > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > > > > I see this patch in the KSPP tree as commit 151bbc8be85e ("ARM: > > stackprotector: prefer compiler for TLS based per-task protector"), > > which breaks booting aspeed_g5_defconfig in QEMU with clang-14. It seems > > like this patch depends on Ard's patch "ARM: decompressor: disable stack > > protector" [1]; applying that on top of next-20220125 allows me to boot > > again. > > > > This patch is still queued up in Russell's devel-stable branch as > > commit f05eb1d24eb5 ("ARM: stackprotector: prefer compiler for TLS based > > per-task protector") so perhaps this patch should be dropped from the > > KSPP tree? I assume once Ard's recent fixes series [2] is applied to > > devel-stable, it will be added back to for-next? > > > > [1]: https://lore.kernel.org/r/20220124174744.1054712-9-ardb@kernel.org/ > > [2]: https://lore.kernel.org/r/20220125091453.1475246-1-ardb@kernel.org/ > > > > Yeah. better drop it from KSPP. > > The problem is that the compiler version of the per-task > stackprotector feature does not get disabled when building the > decompressor, which means it ends up dereferencing bogus TLS register > values. Ooh! Whoops, sorry. Dropping. -- Kees Cook ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-25 20:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20211021142516.1843042-1-ardb@kernel.org>
2022-01-25 18:50 ` [PATCH] ARM: stackprotector: prefer compiler for TLS based per-task protector Nathan Chancellor
2022-01-25 18:55 ` Ard Biesheuvel
2022-01-25 20:58 ` Kees Cook
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox