| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK8P3a0C6jvBqsO2KXOV-j3eQ07zvCjUWqaYdTKDfne72EWUDA@mail.gmail.com>
Date: Wed, 28 Aug 2019 21:41:47 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Nick Desaulniers <ndesaulniers@...gle.com>,
Ilie Halip <ilie.halip@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
clang-built-linux <clang-built-linux@...glegroups.com>
Subject: Re: objtool warning "uses BP as a scratch register" with clang-9
On Wed, Aug 28, 2019 at 7:57 PM Josh Poimboeuf <jpoimboe@...hat.com> wrote:
> On Wed, Aug 28, 2019 at 05:29:39PM +0200, Arnd Bergmann wrote:
> > On Wed, Aug 28, 2019 at 4:51 PM Josh Poimboeuf <jpoimboe@...hat.com> wrote:
> exit.o: warning: objtool: abort()+0x3: unreachable instruction
> hugetlb.o: warning: objtool: hugetlb_vm_op_fault()+0x3: unreachable instruction
> idle.o: warning: objtool: switched_to_idle()+0x3: unreachable instruction
> madvise.o: warning: objtool: hugepage_madvise()+0x3: unreachable instruction
> privcmd.o: warning: objtool: privcmd_ioctl_mmap_batch()+0x5dd: unreachable instruction
> process.o: warning: objtool: play_dead()+0x3: unreachable instruction
> rmap.o: warning: objtool: anon_vma_clone()+0x1c2: unreachable instruction
> s5c73m3-core.o: warning: objtool: s5c73m3_probe()+0x262: unreachable instruction
> videobuf2-core.o: warning: objtool: vb2_core_dqbuf()+0xae6: unreachable instruction
> xfrm_output.o: warning: objtool: xfrm_outer_mode_output()+0x109: unreachable instruction
> - clang issue: trying to finish frame pointer setup after BUG() in unreachable code path
>
> pinctrl-ingenic.o: warning: objtool: ingenic_pinconf_set()+0x10d: sibling call from callable instruction with modified stack frame
> - bad clang bug: sibling call without first popping registers
I reduced the last one to https://godbolt.org/z/7lZZL3
enum { PIN_CONFIG_BIAS_DISABLE } pinconf_to_config_param(void);
void ingenic_pinconf_set() {
switch (pinconf_to_config_param())
case PIN_CONFIG_BIAS_DISABLE: {
asm("%c0:\n\t.pushsection .discard.unreachable\n\t.long %c0b - "
".\n\t.popsection\n\t"
:
: "i"(6));
__builtin_unreachable();
}
}
void ingenic_pinconf_group_set() {}
$ clang-9 -Os -mretpoline-external-thunk -fno-omit-frame-pointer -c
pinctrl-ingenic.i
$ objtool check --retpoline --uaccess pinctrl-ingenic.o
pinctrl-ingenic.o: warning: objtool: ingenic_pinconf_set()+0xb:
sibling call from callable instruction with modified stack frame
$objdump -d pinctrl-ingenic.o
0000000000000000 <ingenic_pinconf_set>:
0: 55 push %rbp
1: 48 89 e5 mov %rsp,%rbp
4: e8 00 00 00 00 callq 9 <ingenic_pinconf_set+0x9>
5: R_X86_64_PLT32 pinconf_to_config_param-0x4
9: 85 c0 test %eax,%eax
b: 74 02 je f <ingenic_pinconf_group_set>
d: 5d pop %rbp
e: c3 retq
000000000000000f <ingenic_pinconf_group_set>:
f: c3 retq
I suspect that's actually another variant of the others. It doesn't
seem to be an
actual sibling call, just branching into what happens to be the start of the
next function in an unreachable code path.
Using '-O2' instead of '-0s', I get
pinctrl-ingenic.o: warning: objtool: ingenic_pinconf_set() falls
through to next function ingenic_pinconf_group_set()
0000000000000000 <ingenic_pinconf_set>:
0: 55 push %rbp
1: 48 89 e5 mov %rsp,%rbp
4: e8 00 00 00 00 callq 9 <ingenic_pinconf_set+0x9>
5: R_X86_64_PLT32 pinconf_to_config_param-0x4
9: 85 c0 test %eax,%eax
b: 74 02 je f <ingenic_pinconf_set+0xf>
d: 5d pop %rbp
e: c3 retq
f: 90 nop
0000000000000010 <ingenic_pinconf_group_set>:
10: c3 retq
Arnd
Powered by blists - more mailing lists