On 15.11.2018 13:24, Florian Weimer wrote:
> * Alexander Popov:
> 
>> Of course, there is a naive solution for this issue -- just skip stackleak
>> instrumentation for acpi_duplicate_processor_id(). But it would be great to find
>> out the reasons behind this compiler behavior. It might help to create a better
>> solution.
> 
> Please show us the RTL dumps with both compilers, both before and after
> the plugin pass.

Thanks a lot for your reply, Florian!

I have more information to share.

I attach the list of gcc passes. The 'rtl-stackleak_cleanup' runs after the
'rtl-reload' pass.

I attach RTL dumps both for gcc-5 and gcc-7 for:
  - 'rtl-reload' pass,
  - 'rtl-stackleak_cleanup' pass,
  - 'rtl-pro_and_epilogue' pass.

I've found out that for gcc-5:
  - if I put the 'rtl-stackleak_cleanup' pass (deleting CALL insn) *before* the
'rtl-pro_and_epilogue' pass, objtool reports about stack state mismatch in
acpi_duplicate_processor_id();
  - if I put the 'rtl-stackleak_cleanup' pass *after* the 'rtl-pro_and_epilogue'
pass, objtool *doesn't* report about stack state mismatch.

So gcc-5 does some mistake during the 'rtl-pro_and_epilogue' pass. And gcc-7
doesn't have this issue.

In the original grsecurity code the stackleak RTL pass was registered just
before the 'rtl-final' pass. Some time ago Richard Sandiford noted that:

>>> This might be too late, since it happens e.g. after addresses have
>>> been calculated for branch ranges, and after machine-specific passes
>>> (e.g. bundling on ia64).
>>>
>>> The stack size is final after reload, so inserting the pass after that
>>> might be better.

https://lore.kernel.org/patchwork/patch/879912/


So what is the best moment when we know the stack frame size and can safely
delete the CALL insn using delete_insn_and_edges()?

Thanks!

Best regards,
Alexander