lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKwvOdnuiV3mHxxCpWbMaZn9vggL4B+PPrMtuX=QOO-yUQj2mA@mail.gmail.com>
Date:   Thu, 9 Sep 2021 10:19:52 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     ashimida <ashimida@...ux.alibaba.com>
Cc:     masahiroy@...nel.org, michal.lkml@...kovi.net, nathan@...nel.org,
        linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
        clang-built-linux@...glegroups.com,
        Alistair Delva <adelva@...gle.com>
Subject: Re: [PATCH] [RFC] kbuild: add CLANG_TRIPLE to prevent clang from
 compiling with wrong --target

On Thu, Sep 9, 2021 at 12:42 AM ashimida <ashimida@...ux.alibaba.com> wrote:
>
> Kernel compiled with tool chain CROSS_COMPILE=aarch64-linux-android-
> will panic during the startup phase.
>
> Clang's --target option comes from $(CROSS_COMPILE). At the time
> -fstack-protector-strong is enabled, and compiled with command:
> make CC=clang HOSTCC=clang ARCH=arm64 CROSS_COMPILE=aarch64-linux-android-
>
> clang will insert code like:
>    mrs     x8, TPIDR_EL0        //default value is zero
>    str     x8, [sp]
>    ldr     x8, [x8, #40]        //access addr 0x40
>
> instead of the code that accesses __stack_chk_guard to get the
> canary, which will cause the kernel to crash due to 0x40
> address access.
>
> This patch (from android) is used to remind the user that current
> tool chain cannot be used as the "--target" of clang, the user
> should specify an additional "--target" through CLANG_TRIPLE.

Hi Ashimida,
Thanks for sending this patch; I recognize it from Android, which we
had to carry for years due to:
1. reliance on GNU `as` ie. "GAS"
2. not distributing binary prefixes of GNU binutils with a target
triple that clang recognized. (ie. Android's binutils were prefixed
aarch64-linux-android- while Clang expected something more like
aarch64-linux-gnu for --target=)

We solved this by working out the issues in clang's assembler.  With
LLVM=1 LLVM_IAS=1, we no longer rely on GNU binutils, and no longer
need such patch.  You'll find it's been dropped from Android Common
Kernels now.  With mainline, LLVM_IAS=1 is now the default when
building with LLVM=1, and CROSS_COMPILE is now inferred from ARCH for
LLVM=1 as well.

So all you should need is:
$ ARCH=arm64 make LLVM=1 -j$(nproc)

Is there a reason why the above doesn't work for you?  I do not wish
to see this patch upstream (or downstream; it should be unnecessary).

>
> Signed-off-by: ashimida <ashimida@...ux.alibaba.com>
> ---
>  Makefile                 | 6 +++++-
>  scripts/clang-android.sh | 4 ++++
>  2 files changed, 9 insertions(+), 1 deletion(-)
>  create mode 100755 scripts/clang-android.sh
>
> diff --git a/Makefile b/Makefile
> index 61741e9..09bb314 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -586,7 +586,11 @@ CC_VERSION_TEXT = $(subst $(pound),,$(shell $(CC) --version 2>/dev/null | head -
>
>  ifneq ($(findstring clang,$(CC_VERSION_TEXT)),)
>  ifneq ($(CROSS_COMPILE),)
> -CLANG_FLAGS    += --target=$(notdir $(CROSS_COMPILE:%-=%))
> +CLANG_TRIPLE    ?= $(CROSS_COMPILE)
> +CLANG_FLAGS     += --target=$(notdir $(CLANG_TRIPLE:%-=%))
> +ifeq ($(shell $(srctree)/scripts/clang-android.sh $(CC) $(CLANG_FLAGS)), y)
> +$(error "Clang with Android --target detected. Did you specify CLANG_TRIPLE?")
> +endif
>  endif
>  ifeq ($(LLVM_IAS),1)
>  CLANG_FLAGS    += -integrated-as
> diff --git a/scripts/clang-android.sh b/scripts/clang-android.sh
> new file mode 100755
> index 0000000..9186c4f
> --- /dev/null
> +++ b/scripts/clang-android.sh
> @@ -0,0 +1,4 @@
> +#!/bin/sh
> +# SPDX-License-Identifier: GPL-2.0
> +
> +$* -dM -E - </dev/null 2>&1 | grep -q __ANDROID__ && echo "y"
> --
> 2.7.4
>


-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ