lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Mar 2022 12:56:42 -0700 From: Nathan Chancellor <nathan@...nel.org> To: Peter Zijlstra <peterz@...radead.org>, x86@...nel.org Cc: Nick Desaulniers <ndesaulniers@...gle.com>, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev, Nathan Chancellor <nathan@...nel.org> Subject: [PATCH] x86/ibt: Fix CC_HAS_IBT check for clang Commit 41c5ef31ad71 ("x86/ibt: Base IBT bits") added a check for a crash in clang. However, this check does not work for two reasons. The first reason is that '-pg' is missing from the check, which is required for '-mfentry' to do anything. The second reason is that cc-option only uses /dev/null as the input file, which does not show a problem: $ clang --version | head -1 Ubuntu clang version 12.0.1-8build1 $ clang -fcf-protection=branch -mfentry -pg -c -x c /dev/null -o /dev/null $ echo $? 0 $ echo "void a(void) {}" | clang -fcf-protection=branch -mfentry -pg -c -x c - -o /dev/null ... $ echo $? 139 Use this test instead so that the check works for older versions of clang. Fixes: 41c5ef31ad71 ("x86/ibt: Base IBT bits") Signed-off-by: Nathan Chancellor <nathan@...nel.org> --- arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4ca7bfe927b3..870e0d10452d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1867,7 +1867,7 @@ config CC_HAS_IBT # Clang/LLVM >= 14 # fentry check to work around https://reviews.llvm.org/D111108 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \ - (CC_IS_CLANG && $(cc-option, -fcf-protection=branch -mfentry))) && \ + (CC_IS_CLANG && $(success,echo "void a(void) {}" | $(CC) -Werror $(CLANG_FLAGS) -fcf-protection=branch -mfentry -pg -x c - -c -o /dev/null))) && \ $(as-instr,endbr64) config X86_KERNEL_IBT base-commit: 9e1db76f44de4d9439e48c9ef61e5d457395202b -- 2.35.1
Powered by blists - more mailing lists