lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 30 Aug 2017 16:39:42 -0700
From:   "H. Peter Anvin" <hpa@...or.com>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     arnd@...db.de, linux-kernel@...r.kernel.org, mingo@...nel.org,
        fengguang.wu@...el.com, torvalds@...ux-foundation.org,
        tglx@...utronix.de, peterz@...radead.org,
        linux-tip-commits@...r.kernel.org
Subject: Re: [tip:x86/asm] objtool: Handle GCC stack pointer adjustment bug

On 08/30/17 13:14, Josh Poimboeuf wrote:
> On Wed, Aug 30, 2017 at 12:23:24PM -0700, H. Peter Anvin wrote:
>> On 08/30/17 02:43, tip-bot for Josh Poimboeuf wrote:
>>>
>>> Those warnings are caused by an unusual GCC non-optimization where it
>>> uses an intermediate register to adjust the stack pointer.  It does:
>>>
>>>   lea    0x8(%rsp), %rcx
>>>   ...
>>>   mov    %rcx, %rsp
>>>
>>> Instead of the obvious:
>>>
>>>   add    $0x8, %rsp
>>>
>>> It makes no sense to use an intermediate register, so I opened a GCC bug
>>> to track it:
>>>
>>>   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81813
>>>
>>> But it's not exactly a high-priority bug and it looks like we'll be
>>> stuck with this issue for a while.  So for now we have to track register
>>> values when they're loaded with stack pointer offsets.
>>>
>>
>> This seems like a good reason to try to extract this information from
>> the DWARF data *if available*?
> 
> Well, I haven't ruled that out for the future, but in this case,
> integrating DWARF would be a lot more work than this relatively simple
> patch.
> 
> If we did go that route, it could be tricky deciding when to trust
> DWARF vs. when to trust objtool's reverse engineering.
> 
> Another (vague) idea I'm thinking about is to write a GCC plugin which
> annotates the object files in a way that would help objtool become more
> GCC-ignorant.  If it worked, this approach would be more powerful and
> less error-prone than relying on DWARF.
> 
> Depending on how much work we can offload to the plugin, it might also
> help make it easier to port objtool to other arches and compilers (e.g.,
> clang).
> 
> I'm not 100% sold on that idea either, because it still requires objtool
> to trust the compiler to some extent.  But I think it would be worth it
> because it would make the objtool code simpler, more portable, more
> robust, and easier to maintain (so I don't always have to stay on top of
> all of GCC's latest optimizations).
> 
> In the meantime, objtool's current design is working fine (for now).  I
> haven't found any issues it can't handle (yet).
> 

Reverse engineering this way is at least NP-complete, and quite possibly
undecidable.  A gcc plugin would tie the kernel *way* harder to gcc than
it is now, and it seems incredibly unlikely that you would come up with
something simpler and more reliable than a DWARF parser.  What you *can*
do, of course, is cross-correlate the two, and *way* more importantly,
you cover assembly.

	-hpa

Powered by blists - more mailing lists