From: Mark Rutland <mark.rutland@arm.com> To: Arnd Bergmann <arnd@arndb.de>, Nick Desaulniers <ndesaulniers@google.com>, Fangrui Song <maskray@google.com> Cc: Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Sami Tolvanen <samitolvanen@google.com>, Kees Cook <keescook@chromium.org>, clang-built-linux@googlegroups.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] arm64: disable -fsanitize=shadow-call-stack for big-endian Date: Wed, 27 May 2020 16:24:06 +0100 [thread overview] Message-ID: <20200527152406.GD59947@C02TD0UTHF1T.local> (raw) In-Reply-To: <20200527134016.753354-1-arnd@arndb.de> On Wed, May 27, 2020 at 03:39:46PM +0200, Arnd Bergmann wrote: > clang-11 and earlier do not support -fsanitize=shadow-call-stack > in combination with -mbig-endian, but the Kconfig check does not > pass the endianess flag, so building a big-endian kernel with > this fails at build time: > > clang: error: unsupported option '-fsanitize=shadow-call-stack' for target 'aarch64_be-unknown-linux' > > Change the Kconfig check to let Kconfig figure this out earlier > and prevent the broken configuration. I assume this is a bug > in clang that needs to be fixed, but we also have to work > around existing releases. > > Fixes: 5287569a790d ("arm64: Implement Shadow Call Stack") > Link: https://bugs.llvm.org/show_bug.cgi?id=46076 > Signed-off-by: Arnd Bergmann <arnd@arndb.de> I suspect this is similar to the patchable-function-entry issue, and this is an oversight that we'd rather fix toolchain side. Nick, Fangrui, thoughts? Mark. > --- > arch/arm64/Kconfig | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a82441d6dc36..692e1575a6c8 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1031,7 +1031,9 @@ config ARCH_ENABLE_SPLIT_PMD_PTLOCK > > # Supported by clang >= 7.0 > config CC_HAVE_SHADOW_CALL_STACK > - def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18) > + bool > + default $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18 -mbig-endian) if CPU_BIG_ENDIAN > + default $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18 -mlittle-endian) if !CPU_BIG_ENDIAN > > config SECCOMP > bool "Enable seccomp to safely compute untrusted bytecode" > -- > 2.26.2 > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com> To: Arnd Bergmann <arnd@arndb.de>, Nick Desaulniers <ndesaulniers@google.com>, Fangrui Song <maskray@google.com> Cc: Kees Cook <keescook@chromium.org>, Catalin Marinas <catalin.marinas@arm.com>, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Sami Tolvanen <samitolvanen@google.com>, Will Deacon <will@kernel.org>, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH] arm64: disable -fsanitize=shadow-call-stack for big-endian Date: Wed, 27 May 2020 16:24:06 +0100 [thread overview] Message-ID: <20200527152406.GD59947@C02TD0UTHF1T.local> (raw) In-Reply-To: <20200527134016.753354-1-arnd@arndb.de> On Wed, May 27, 2020 at 03:39:46PM +0200, Arnd Bergmann wrote: > clang-11 and earlier do not support -fsanitize=shadow-call-stack > in combination with -mbig-endian, but the Kconfig check does not > pass the endianess flag, so building a big-endian kernel with > this fails at build time: > > clang: error: unsupported option '-fsanitize=shadow-call-stack' for target 'aarch64_be-unknown-linux' > > Change the Kconfig check to let Kconfig figure this out earlier > and prevent the broken configuration. I assume this is a bug > in clang that needs to be fixed, but we also have to work > around existing releases. > > Fixes: 5287569a790d ("arm64: Implement Shadow Call Stack") > Link: https://bugs.llvm.org/show_bug.cgi?id=46076 > Signed-off-by: Arnd Bergmann <arnd@arndb.de> I suspect this is similar to the patchable-function-entry issue, and this is an oversight that we'd rather fix toolchain side. Nick, Fangrui, thoughts? Mark. > --- > arch/arm64/Kconfig | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a82441d6dc36..692e1575a6c8 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1031,7 +1031,9 @@ config ARCH_ENABLE_SPLIT_PMD_PTLOCK > > # Supported by clang >= 7.0 > config CC_HAVE_SHADOW_CALL_STACK > - def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18) > + bool > + default $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18 -mbig-endian) if CPU_BIG_ENDIAN > + default $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18 -mlittle-endian) if !CPU_BIG_ENDIAN > > config SECCOMP > bool "Enable seccomp to safely compute untrusted bytecode" > -- > 2.26.2 > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-05-27 15:24 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-05-27 13:39 [PATCH] arm64: disable -fsanitize=shadow-call-stack for big-endian Arnd Bergmann 2020-05-27 13:39 ` Arnd Bergmann 2020-05-27 15:24 ` Mark Rutland [this message] 2020-05-27 15:24 ` Mark Rutland 2020-05-27 17:28 ` Nick Desaulniers 2020-05-27 17:28 ` Nick Desaulniers 2020-05-27 18:28 ` Arnd Bergmann 2020-05-27 18:28 ` Arnd Bergmann 2020-05-27 18:35 ` Fangrui Song 2020-05-27 18:35 ` Fangrui Song 2020-05-27 19:01 ` Arnd Bergmann 2020-05-27 19:01 ` Arnd Bergmann
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200527152406.GD59947@C02TD0UTHF1T.local \ --to=mark.rutland@arm.com \ --cc=arnd@arndb.de \ --cc=catalin.marinas@arm.com \ --cc=clang-built-linux@googlegroups.com \ --cc=keescook@chromium.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=maskray@google.com \ --cc=ndesaulniers@google.com \ --cc=samitolvanen@google.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.