From: Mark Rutland <mark.rutland@arm.com>
To: Arnd Bergmann <arnd@arndb.de>,
Nick Desaulniers <ndesaulniers@google.com>,
Fangrui Song <maskray@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
Kees Cook <keescook@chromium.org>,
clang-built-linux@googlegroups.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] arm64: disable -fsanitize=shadow-call-stack for big-endian
Date: Wed, 27 May 2020 16:24:06 +0100 [thread overview]
Message-ID: <20200527152406.GD59947@C02TD0UTHF1T.local> (raw)
In-Reply-To: <20200527134016.753354-1-arnd@arndb.de>
On Wed, May 27, 2020 at 03:39:46PM +0200, Arnd Bergmann wrote:
> clang-11 and earlier do not support -fsanitize=shadow-call-stack
> in combination with -mbig-endian, but the Kconfig check does not
> pass the endianess flag, so building a big-endian kernel with
> this fails at build time:
>
> clang: error: unsupported option '-fsanitize=shadow-call-stack' for target 'aarch64_be-unknown-linux'
>
> Change the Kconfig check to let Kconfig figure this out earlier
> and prevent the broken configuration. I assume this is a bug
> in clang that needs to be fixed, but we also have to work
> around existing releases.
>
> Fixes: 5287569a790d ("arm64: Implement Shadow Call Stack")
> Link: https://bugs.llvm.org/show_bug.cgi?id=46076
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
I suspect this is similar to the patchable-function-entry issue, and
this is an oversight that we'd rather fix toolchain side.
Nick, Fangrui, thoughts?
Mark.
> ---
> arch/arm64/Kconfig | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index a82441d6dc36..692e1575a6c8 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1031,7 +1031,9 @@ config ARCH_ENABLE_SPLIT_PMD_PTLOCK
>
> # Supported by clang >= 7.0
> config CC_HAVE_SHADOW_CALL_STACK
> - def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
> + bool
> + default $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18 -mbig-endian) if CPU_BIG_ENDIAN
> + default $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18 -mlittle-endian) if !CPU_BIG_ENDIAN
>
> config SECCOMP
> bool "Enable seccomp to safely compute untrusted bytecode"
> --
> 2.26.2
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Arnd Bergmann <arnd@arndb.de>,
Nick Desaulniers <ndesaulniers@google.com>,
Fangrui Song <maskray@google.com>
Cc: Kees Cook <keescook@chromium.org>,
Catalin Marinas <catalin.marinas@arm.com>,
linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com,
Sami Tolvanen <samitolvanen@google.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] arm64: disable -fsanitize=shadow-call-stack for big-endian
Date: Wed, 27 May 2020 16:24:06 +0100 [thread overview]
Message-ID: <20200527152406.GD59947@C02TD0UTHF1T.local> (raw)
In-Reply-To: <20200527134016.753354-1-arnd@arndb.de>
On Wed, May 27, 2020 at 03:39:46PM +0200, Arnd Bergmann wrote:
> clang-11 and earlier do not support -fsanitize=shadow-call-stack
> in combination with -mbig-endian, but the Kconfig check does not
> pass the endianess flag, so building a big-endian kernel with
> this fails at build time:
>
> clang: error: unsupported option '-fsanitize=shadow-call-stack' for target 'aarch64_be-unknown-linux'
>
> Change the Kconfig check to let Kconfig figure this out earlier
> and prevent the broken configuration. I assume this is a bug
> in clang that needs to be fixed, but we also have to work
> around existing releases.
>
> Fixes: 5287569a790d ("arm64: Implement Shadow Call Stack")
> Link: https://bugs.llvm.org/show_bug.cgi?id=46076
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
I suspect this is similar to the patchable-function-entry issue, and
this is an oversight that we'd rather fix toolchain side.
Nick, Fangrui, thoughts?
Mark.
> ---
> arch/arm64/Kconfig | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index a82441d6dc36..692e1575a6c8 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1031,7 +1031,9 @@ config ARCH_ENABLE_SPLIT_PMD_PTLOCK
>
> # Supported by clang >= 7.0
> config CC_HAVE_SHADOW_CALL_STACK
> - def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
> + bool
> + default $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18 -mbig-endian) if CPU_BIG_ENDIAN
> + default $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18 -mlittle-endian) if !CPU_BIG_ENDIAN
>
> config SECCOMP
> bool "Enable seccomp to safely compute untrusted bytecode"
> --
> 2.26.2
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-05-27 15:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-27 13:39 [PATCH] arm64: disable -fsanitize=shadow-call-stack for big-endian Arnd Bergmann
2020-05-27 13:39 ` Arnd Bergmann
2020-05-27 15:24 ` Mark Rutland [this message]
2020-05-27 15:24 ` Mark Rutland
2020-05-27 17:28 ` Nick Desaulniers
2020-05-27 17:28 ` Nick Desaulniers
2020-05-27 18:28 ` Arnd Bergmann
2020-05-27 18:28 ` Arnd Bergmann
2020-05-27 18:35 ` Fangrui Song
2020-05-27 18:35 ` Fangrui Song
2020-05-27 19:01 ` Arnd Bergmann
2020-05-27 19:01 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200527152406.GD59947@C02TD0UTHF1T.local \
--to=mark.rutland@arm.com \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=clang-built-linux@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maskray@google.com \
--cc=ndesaulniers@google.com \
--cc=samitolvanen@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.