| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Mar 2022 16:15:39 -0700
From: "Andy Lutomirski" <luto@...nel.org>
To: "Segher Boessenkool" <segher@...nel.crashing.org>,
"Linus Torvalds" <torvalds@...ux-foundation.org>
Cc: "Andrew Cooper" <Andrew.Cooper3@...rix.com>,
"Nick Desaulniers" <ndesaulniers@...gle.com>,
"H. Peter Anvin" <hpa@...or.com>,
"Bill Wendling" <morbo@...gle.com>,
"Thomas Gleixner" <tglx@...utronix.de>,
"Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov" <bp@...en8.de>,
"Dave Hansen" <dave.hansen@...ux.intel.com>,
"the arch/x86 maintainers" <x86@...nel.org>,
"Nathan Chancellor" <nathan@...nel.org>,
"Juergen Gross" <jgross@...e.com>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
"llvm@...ts.linux.dev" <llvm@...ts.linux.dev>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
linux-toolchains <linux-toolchains@...r.kernel.org>
Subject: Re: [PATCH v5] x86: use builtins to read eflags
On Fri, Mar 18, 2022, at 4:42 PM, Segher Boessenkool wrote:
> On Fri, Mar 18, 2022 at 04:10:55PM -0700, Linus Torvalds wrote:
>> It would be lovely to have some explicit model for "I want the frame
>> to have been set up for backtraces", but here we are.
>
> So please define exactly what that *means*? Preferably portably, but I
> reckon at least some of it will have to be machine-specific (and ABI-
> specific). But it needs to be well-defined, clearly defined, defined at
> all, and *documented* :-)
>
>> Marking '%rsp
>> used makes the compiler understand it's not a leaf function.
>
> As I said before, this is explicitly incorrect code. Always was, but
> it is documented since a while (since GCC 9). Clobbering the stack
> pointer can never be correct, the stack pointer after an asm has to be
> identical to the one before that asm!
>
>> And while we have other uses for it that then use the actual value,
>> those don't care about the exact value of the stack pointer register,
>> they just want "give me a pointer that is contained within the current
>> stack", because we control the stack allocation and do funky things
>> there. So "any random stack pointer value in this function" is
>> perfectly fine and expected.
>
> You can use %rsp as *input* operand just fine, which is all you need for
> that.
>
>> But for user mode, it would probably be a great idea to also have a "I
>> cannot use a redzone in this function" thing. The kernel can't use it
>> because we have nested exceptions, but maybe some day even the kernel
>> could make use of (controlled) red-zoning.
>
> Yes. We just have to figure out what the exact semantics we want is,
> and how to express that in a target-independent way, and then relatedly
> what a good name for it would be ("redzone" in the clobber list is the
> best I can come up with right now, but that may have to change).
Here’s the semantics I want:
I want to tell the compiler that an asm statement makes a function call. I want to specify the stack alignment and offset I need. I want the compiler to make it work. Something like this, but preferably with better syntax:
asm("asm here" ::: "call" (align=16, offset=0));
This means that the asm in question wants rsp to be 0 more than a multiple of 16 and that it wants precisely the setup needed for a call to be done. If frame pointers are enabled, a frame should be set up. If there is a redzone then either the compiler needs to not use it or needs to advance rsp past it.
>
>
> Segher
Powered by blists - more mailing lists