lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 11 Mar 2022 12:56:42 -0700
From:   Nathan Chancellor <nathan@...nel.org>
To:     Peter Zijlstra <peterz@...radead.org>, x86@...nel.org
Cc:     Nick Desaulniers <ndesaulniers@...gle.com>,
        linux-kernel@...r.kernel.org, llvm@...ts.linux.dev,
        Nathan Chancellor <nathan@...nel.org>
Subject: [PATCH] x86/ibt: Fix CC_HAS_IBT check for clang

Commit 41c5ef31ad71 ("x86/ibt: Base IBT bits") added a check for a crash
in clang. However, this check does not work for two reasons.

The first reason is that '-pg' is missing from the check, which is
required for '-mfentry' to do anything.

The second reason is that cc-option only uses /dev/null as the input
file, which does not show a problem:

$ clang --version | head -1
Ubuntu clang version 12.0.1-8build1

$ clang -fcf-protection=branch -mfentry -pg -c -x c /dev/null -o /dev/null

$ echo $?
0

$ echo "void a(void) {}" | clang -fcf-protection=branch -mfentry -pg -c -x c - -o /dev/null
...

$ echo $?
139

Use this test instead so that the check works for older versions of
clang.

Fixes: 41c5ef31ad71 ("x86/ibt: Base IBT bits")
Signed-off-by: Nathan Chancellor <nathan@...nel.org>
---
 arch/x86/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 4ca7bfe927b3..870e0d10452d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1867,7 +1867,7 @@ config CC_HAS_IBT
 	# Clang/LLVM >= 14
 	# fentry check to work around https://reviews.llvm.org/D111108
 	def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
-		  (CC_IS_CLANG && $(cc-option, -fcf-protection=branch -mfentry))) && \
+		  (CC_IS_CLANG && $(success,echo "void a(void) {}" | $(CC) -Werror $(CLANG_FLAGS) -fcf-protection=branch -mfentry -pg -x c - -c -o /dev/null))) && \
 		  $(as-instr,endbr64)
 
 config X86_KERNEL_IBT

base-commit: 9e1db76f44de4d9439e48c9ef61e5d457395202b
-- 
2.35.1

Powered by blists - more mailing lists