lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200417085859.GU2424@tucnak>
Date:   Fri, 17 Apr 2020 10:58:59 +0200
From:   Jakub Jelinek <jakub@...hat.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Sergei Trofimovich <slyfox@...too.org>,
        Michael Matz <matz@...e.de>, linux-kernel@...r.kernel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>, x86@...nel.org
Subject: Re: [PATCH v2] x86: fix early boot crash on gcc-10

On Fri, Apr 17, 2020 at 10:42:24AM +0200, Borislav Petkov wrote:
> On Fri, Apr 17, 2020 at 10:07:26AM +0200, Jakub Jelinek wrote:
> > If you want minimal changes, you can as I said earlier either
> > mark cpu_startup_entry noreturn (in the declaration in some header so that
> > smpboot.c sees it), or you could add something after the cpu_startup_entry
> > call to ensure it is not tail call optimized (e.g. just
> > 	/* Prevent tail call to cpu_startup_entry because the stack
> > 	   protector guard has been changed in the middle of this function
> > 	   and must not be checked before tail calling another function.  */
> > 	asm ("");
> 
> That sounds ok-ish to me too.
> 
> I know you probably can't tell the future :) but what stops gcc from
> doing the tail-call optimization in the future?
> 
> Or are optimization decisions behind an inline asm a no-no and will
> pretty much always stay that way?

GCC intentionally treats asm as a black box, the only thing which it does
with it is: non-volatile asm (but asm without outputs is implicitly
volatile) can be CSEd, and if the compiler needs to estimate size, it
uses some heuristics by counting ; and newlines.
And it will stay this way.

> And I hope the clang folks don't come around and say, err, nope, we're
> much more aggressive here.

Unlike GCC, I think clang uses the builtin assembler to parse the string,
but don't know if it still treats the asms more like black boxes or not.
Certainly there is a lot of code in the wild that uses inline asm
as optimization barriers, so if it doesn't, then it would cause a lot of
problems.

Or go with the for (;;);, I don't think any compiler optimizes those away;
GCC 10 for C++ can optimize away infinite loops that have some conditional
exit because the language guarantees forward progress, but the C language
rules are different and for unconditional infinite loops GCC doesn't
optimize them away even if explicitly asked to -ffinite-loops.

	Jakub

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ