lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 13 Jul 2017 15:18:58 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Michael Davidson <md@...gle.com>
Cc:     Matthias Kaehlcke <mka@...omium.org>,
        Chris J Arges <chris.j.arges@...onical.com>,
        Borislav Petkov <bp@...e.de>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>, X86 ML <x86@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Douglas Anderson <dianders@...omium.org>,
        Greg Hackmann <ghackmann@...gle.com>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Stephen Hines <srhines@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Arnd Bergmann <arnd@...db.de>, Bernhard.Rosenkranzer@...aro.org
Subject: Re: [PATCH] Revert "x86/uaccess: Add stack frame output operand in
 get_user() inline asm"

On Thu, Jul 13, 2017 at 12:38:32PM -0700, Michael Davidson wrote:
> On Thu, Jul 13, 2017 at 12:25 PM, Josh Poimboeuf <jpoimboe@...hat.com> wrote:
> 
> >
> > Anyway this seems like a clang bug to me.  If I specify RSP as an input
> > register then the compiler shouldn't overwrite it first.  For that
> > matter it has no reason to overwrite it if it's an output register
> > either.
> >
> 
> It's certainly  a difference in behavior between clang and gcc.
> 
> My question is whether this particular construct is really a
> "supported" (or, at least, reasonably guaranteed) way of forcing gcc
> to create a stack frame if none exists. or whether it is something
> that "just happens to work".
> 
> If someone could explain the rationale behind *why* this works the way
> that it does on gcc that might help convince the clang people that
> this is actually a bug rather than just a piece of undefined behavior
> which gcc and clang happen to handle differently.

Disclaimer: I'm no compiler expert, and there are usually a variety of
opinions about compiler undefined behavior.  So it would probably be
good for real compiler people to participate in the discussion.

But I think there are two separate issues here.

1) The first issue is whether it's supported behavior to specify RSP as
   an output constraint in order to force GCC to create a stack frame.
   As far as I know, this is a quirk of GCC, and not really considered
   defined behavior.

   However, the idea was suggested by some GCC developers:

     https://gcc.gnu.org/ml/gcc/2015-07/msg00079.html

   So at least it seems to be endorsed by GCC to some degree.  If you
   need details on why it works, that thread has the details.

2) The second issue is whether clang should corrupt RSP.  I don't see a
   reason for clang to do that.  IMO, when using a local register
   variable as an input or output to inline asm, the compiler should
   leave the contents of the register alone.

   FWIW, my reading of the GCC manual seems to support that:

     https://gcc.gnu.org/onlinedocs/gcc/Local-Register-Variables.html#Local-Register-Variables


-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ