From: Nathan Chancellor <nathan@kernel.org> To: ndesaulniers@google.com Cc: "Borislav Petkov (AMD)" <bp@alien8.de>, Peter Zijlstra <peterz@infradead.org>, Josh Poimboeuf <jpoimboe@kernel.org>, x86@kernel.org, Michael Ellerman <mpe@ellerman.id.au>, Nicholas Piggin <npiggin@gmail.com>, Christophe Leroy <christophe.leroy@csgroup.eu>, Miguel Ojeda <ojeda@kernel.org>, Tom Rix <trix@redhat.com>, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH 1/2] start_kernel: add no_stack_protector fn attr Date: Wed, 12 Apr 2023 15:03:48 -0700 [thread overview] Message-ID: <20230412220348.GA1120303@dev-arch.thelio-3990X> (raw) In-Reply-To: <20230412-no_stackp-v1-1-46a69b507a4b@google.com> On Wed, Apr 12, 2023 at 11:32:12AM -0700, ndesaulniers@google.com wrote: > Back during the discussion of > commit a9a3ed1eff36 ("x86: Fix early boot crash on gcc-10, third try") > we discussed the need for a function attribute to control the omission > of stack protectors on a per-function basis; at the time Clang had > support for no_stack_protector but GCC did not. This was fixed in > gcc-11. Now that the function attribute is available, let's start using > it. > > Callers of boot_init_stack_canary need to use this function attribute > unless they're compiled with -fno-stack-protector, otherwise the canary > stored in the stack slot of the caller will differ upon the call to > boot_init_stack_canary. This will lead to a call to __stack_chk_fail > then panic. > > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94722 > Link: https://lore.kernel.org/all/20200316130414.GC12561@hirez.programming.kicks-ass.net/ > Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> I applied this in front of Josh's series and defconfig no longer panics on boot :) Tested-by: Nathan Chancellor <nathan@kernel.org> > --- > arch/powerpc/kernel/smp.c | 1 + > include/linux/compiler_attributes.h | 12 ++++++++++++ > init/main.c | 3 ++- > 3 files changed, 15 insertions(+), 1 deletion(-) > > diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c > index 6b90f10a6c81..7d4c12b1abb7 100644 > --- a/arch/powerpc/kernel/smp.c > +++ b/arch/powerpc/kernel/smp.c > @@ -1603,6 +1603,7 @@ static void add_cpu_to_masks(int cpu) > } > > /* Activate a secondary processor. */ > +__no_stack_protector > void start_secondary(void *unused) > { > unsigned int cpu = raw_smp_processor_id(); > diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h > index e659cb6fded3..84864767a56a 100644 > --- a/include/linux/compiler_attributes.h > +++ b/include/linux/compiler_attributes.h > @@ -255,6 +255,18 @@ > */ > #define __noreturn __attribute__((__noreturn__)) > > +/* > + * Optional: only supported since GCC >= 11.1, clang >= 7.0. > + * > + * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-no_005fstack_005fprotector-function-attribute > + * clang: https://clang.llvm.org/docs/AttributeReference.html#no-stack-protector-safebuffers > + */ > +#if __has_attribute(__no_stack_protector__) > +# define __no_stack_protector __attribute__((__no_stack_protector__)) > +#else > +# define __no_stack_protector > +#endif > + > /* > * Optional: not supported by gcc. > * > diff --git a/init/main.c b/init/main.c > index bb87b789c543..213baf7b8cb1 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -941,7 +941,8 @@ static void __init print_unknown_bootoptions(void) > memblock_free(unknown_options, len); > } > > -asmlinkage __visible void __init __no_sanitize_address start_kernel(void) > +asmlinkage __visible __init __no_sanitize_address __no_stack_protector > +void start_kernel(void) > { > char *command_line; > char *after_dashes; > > -- > 2.40.0.577.gac1e443424-goog > >
WARNING: multiple messages have this Message-ID (diff)
From: Nathan Chancellor <nathan@kernel.org> To: ndesaulniers@google.com Cc: llvm@lists.linux.dev, Peter Zijlstra <peterz@infradead.org>, x86@kernel.org, linux-kernel@vger.kernel.org, Nicholas Piggin <npiggin@gmail.com>, "Borislav Petkov \(AMD\)" <bp@alien8.de>, Tom Rix <trix@redhat.com>, Miguel Ojeda <ojeda@kernel.org>, linuxppc-dev@lists.ozlabs.org, Josh Poimboeuf <jpoimboe@kernel.org> Subject: Re: [PATCH 1/2] start_kernel: add no_stack_protector fn attr Date: Wed, 12 Apr 2023 15:03:48 -0700 [thread overview] Message-ID: <20230412220348.GA1120303@dev-arch.thelio-3990X> (raw) In-Reply-To: <20230412-no_stackp-v1-1-46a69b507a4b@google.com> On Wed, Apr 12, 2023 at 11:32:12AM -0700, ndesaulniers@google.com wrote: > Back during the discussion of > commit a9a3ed1eff36 ("x86: Fix early boot crash on gcc-10, third try") > we discussed the need for a function attribute to control the omission > of stack protectors on a per-function basis; at the time Clang had > support for no_stack_protector but GCC did not. This was fixed in > gcc-11. Now that the function attribute is available, let's start using > it. > > Callers of boot_init_stack_canary need to use this function attribute > unless they're compiled with -fno-stack-protector, otherwise the canary > stored in the stack slot of the caller will differ upon the call to > boot_init_stack_canary. This will lead to a call to __stack_chk_fail > then panic. > > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94722 > Link: https://lore.kernel.org/all/20200316130414.GC12561@hirez.programming.kicks-ass.net/ > Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> I applied this in front of Josh's series and defconfig no longer panics on boot :) Tested-by: Nathan Chancellor <nathan@kernel.org> > --- > arch/powerpc/kernel/smp.c | 1 + > include/linux/compiler_attributes.h | 12 ++++++++++++ > init/main.c | 3 ++- > 3 files changed, 15 insertions(+), 1 deletion(-) > > diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c > index 6b90f10a6c81..7d4c12b1abb7 100644 > --- a/arch/powerpc/kernel/smp.c > +++ b/arch/powerpc/kernel/smp.c > @@ -1603,6 +1603,7 @@ static void add_cpu_to_masks(int cpu) > } > > /* Activate a secondary processor. */ > +__no_stack_protector > void start_secondary(void *unused) > { > unsigned int cpu = raw_smp_processor_id(); > diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h > index e659cb6fded3..84864767a56a 100644 > --- a/include/linux/compiler_attributes.h > +++ b/include/linux/compiler_attributes.h > @@ -255,6 +255,18 @@ > */ > #define __noreturn __attribute__((__noreturn__)) > > +/* > + * Optional: only supported since GCC >= 11.1, clang >= 7.0. > + * > + * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-no_005fstack_005fprotector-function-attribute > + * clang: https://clang.llvm.org/docs/AttributeReference.html#no-stack-protector-safebuffers > + */ > +#if __has_attribute(__no_stack_protector__) > +# define __no_stack_protector __attribute__((__no_stack_protector__)) > +#else > +# define __no_stack_protector > +#endif > + > /* > * Optional: not supported by gcc. > * > diff --git a/init/main.c b/init/main.c > index bb87b789c543..213baf7b8cb1 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -941,7 +941,8 @@ static void __init print_unknown_bootoptions(void) > memblock_free(unknown_options, len); > } > > -asmlinkage __visible void __init __no_sanitize_address start_kernel(void) > +asmlinkage __visible __init __no_sanitize_address __no_stack_protector > +void start_kernel(void) > { > char *command_line; > char *after_dashes; > > -- > 2.40.0.577.gac1e443424-goog > >
next prev parent reply other threads:[~2023-04-12 22:03 UTC|newest] Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-04-12 18:32 [PATCH 0/2] start_kernel: omit stack canary ndesaulniers 2023-04-12 18:32 ` ndesaulniers 2023-04-12 18:32 ` [PATCH 1/2] start_kernel: add no_stack_protector fn attr ndesaulniers 2023-04-12 18:32 ` ndesaulniers 2023-04-12 20:22 ` Miguel Ojeda 2023-04-12 20:22 ` Miguel Ojeda 2023-04-12 22:03 ` Nathan Chancellor [this message] 2023-04-12 22:03 ` Nathan Chancellor 2023-04-14 0:09 ` Michael Ellerman 2023-04-14 0:09 ` Michael Ellerman 2023-04-12 18:32 ` [PATCH 2/2] start_kernel: omit prevent_tail_call_optimization for newer toolchains ndesaulniers 2023-04-12 18:32 ` ndesaulniers 2023-04-12 22:04 ` Nathan Chancellor 2023-04-12 22:04 ` Nathan Chancellor 2023-04-13 7:51 ` [PATCH 0/2] start_kernel: omit stack canary Peter Zijlstra 2023-04-13 7:51 ` Peter Zijlstra 2023-04-17 21:54 ndesaulniers 2023-04-17 21:54 ` [PATCH 1/2] start_kernel: add no_stack_protector fn attr ndesaulniers 2023-04-17 21:54 ` ndesaulniers
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230412220348.GA1120303@dev-arch.thelio-3990X \ --to=nathan@kernel.org \ --cc=bp@alien8.de \ --cc=christophe.leroy@csgroup.eu \ --cc=jpoimboe@kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=llvm@lists.linux.dev \ --cc=mpe@ellerman.id.au \ --cc=ndesaulniers@google.com \ --cc=npiggin@gmail.com \ --cc=ojeda@kernel.org \ --cc=peterz@infradead.org \ --cc=trix@redhat.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.