Re: [PATCH RFC 16/43] x86-64: Use per-cpu stack canary if supported by compiler

From: Nick Desaulniers
Date: Mon May 01 2023 - 13:28:10 EST

Next message: Conor Dooley: "Re: [PATCH v6 4/4] risc/purgatory: Add linker script"
Previous message: cilujain77: "Qualitative and quantitative analysis is point toward…"
Next in thread: Hou Wenlong: "Re: [PATCH RFC 16/43] x86-64: Use per-cpu stack canary if supported by compiler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 28, 2023 at 2:52 AM Hou Wenlong <houwenlong.hwl@xxxxxxxxxxxx> wrote:
>
> From: Brian Gerst <brgerst@xxxxxxxxx>
>
> From: Brian Gerst <brgerst@xxxxxxxxx>
>
> If the compiler supports it, use a standard per-cpu variable for the
> stack protector instead of the old fixed location. Keep the fixed
> location code for compatibility with older compilers.
>
> [Hou Wenlong: Disable it on Clang, adapt new code change and adapt
> missing GS set up path in pvh_start_xen()]
>
> Signed-off-by: Brian Gerst <brgerst@xxxxxxxxx>
> Co-developed-by: Hou Wenlong <houwenlong.hwl@xxxxxxxxxxxx>
> Signed-off-by: Hou Wenlong <houwenlong.hwl@xxxxxxxxxxxx>
> Cc: Thomas Garnier <thgarnie@xxxxxxxxxxxx>
> Cc: Lai Jiangshan <jiangshan.ljs@xxxxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
> arch/x86/Kconfig | 12 ++++++++++++
> arch/x86/Makefile | 21 ++++++++++++++-------
> arch/x86/entry/entry_64.S | 6 +++++-
> arch/x86/include/asm/processor.h | 17 ++++++++++++-----
> arch/x86/include/asm/stackprotector.h | 16 +++++++---------
> arch/x86/kernel/asm-offsets_64.c | 2 +-
> arch/x86/kernel/cpu/common.c | 15 +++++++--------
> arch/x86/kernel/head_64.S | 16 ++++++++++------
> arch/x86/kernel/vmlinux.lds.S | 4 +++-
> arch/x86/platform/pvh/head.S | 8 ++++++++
> arch/x86/xen/xen-head.S | 14 +++++++++-----
> 11 files changed, 88 insertions(+), 43 deletions(-)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 68e5da464b96..55cce8cdf9bd 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -410,6 +410,18 @@ config CC_HAS_SANE_STACKPROTECTOR
> the compiler produces broken code or if it does not let us control
> the segment on 32-bit kernels.
>
> +config CC_HAS_CUSTOMIZED_STACKPROTECTOR
> + bool
> + # Although clang supports -mstack-protector-guard-reg option, it
> + # would generate GOT reference for __stack_chk_guard even with
> + # -fno-PIE flag.
> + default y if (!CC_IS_CLANG && $(cc-option,-mstack-protector-guard-reg=gs))

Hi Hou,
I've filed this bug against LLVM and will work with LLVM folks at
Intel to resolve:
https://github.com/llvm/llvm-project/issues/62481
Can you please review that report and let me know here or there if I
missed anything? Would you also mind including a link to that in the
comments in the next version of this patch?

Less relevant issues I filed looking at some related codegen:
https://github.com/llvm/llvm-project/issues/62482
https://github.com/llvm/llvm-project/issues/62480

And we should probably look into:
https://github.com/llvm/llvm-project/issues/22476

--
Thanks,
~Nick Desaulniers

Next message: Conor Dooley: "Re: [PATCH v6 4/4] risc/purgatory: Add linker script"
Previous message: cilujain77: "Qualitative and quantitative analysis is point toward…"
Next in thread: Hou Wenlong: "Re: [PATCH RFC 16/43] x86-64: Use per-cpu stack canary if supported by compiler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]