lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAK7LNASdVHz4961=NWxiXuxj-wEFozLMaXivBwse96PVO=49LA@mail.gmail.com>
Date: Sun, 28 Jul 2024 11:32:46 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: Nathan Chancellor <nathan@...nel.org>
Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, 
	dave.hansen@...ux.intel.com, x86@...nel.org, nicolas@...sle.eu, 
	maskray@...gle.com, morbo@...gle.com, justinstitt@...gle.com, kees@...nel.org, 
	linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org, 
	llvm@...ts.linux.dev, patches@...ts.linux.dev, stable@...r.kernel.org
Subject: Re: [PATCH] kbuild: Fix '-S -c' in x86 stack protector scripts

On Sat, Jul 27, 2024 at 3:05 AM Nathan Chancellor <nathan@...nel.org> wrote:
>
> After a recent change in clang to stop consuming all instances of '-S'
> and '-c' [1], the stack protector scripts break due to the kernel's use
> of -Werror=unused-command-line-argument to catch cases where flags are
> not being properly consumed by the compiler driver:
>
>   $ echo | clang -o - -x c - -S -c -Werror=unused-command-line-argument
>   clang: error: argument unused during compilation: '-c' [-Werror,-Wunused-command-line-argument]
>
> This results in CONFIG_STACKPROTECTOR getting disabled because
> CONFIG_CC_HAS_SANE_STACKPROTECTOR is no longer set.
>
> '-c' and '-S' both instruct the compiler to stop at different stages of
> the pipeline ('-S' after compiling, '-c' after assembling), so having
> them present together in the same command makes little sense. In this
> case, the test wants to stop before assembling because it is looking at
> the textual assembly output of the compiler for either '%fs' or '%gs',
> so remove '-c' from the list of arguments to resolve the error.
>
> All versions of GCC continue to work after this change, along with
> versions of clang that do or do not contain the change mentioned above.
>
> Cc: stable@...r.kernel.org
> Fixes: 4f7fd4d7a791 ("[PATCH] Add the -fstack-protector option to the CFLAGS")
> Fixes: 60a5317ff0f4 ("x86: implement x86_32 stack protector")
> Link: https://github.com/llvm/llvm-project/commit/6461e537815f7fa68cef06842505353cf5600e9c [1]
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
> ---
> I think this could go via either -tip or Kbuild?
>
> Perhaps this is an issue in the clang commit mentioned in the message
> above since it deviates from GCC (Fangrui is on CC here) but I think the
> combination of these options is a little dubious to begin with, hence
> this change.


I agree.

I can offer to pick up this to kbuild/fixes.


If this goes somewhere else,
Reviewed-by: Masahiro Yamada <masahiroy@...nel.org>


> ---
>  scripts/gcc-x86_32-has-stack-protector.sh | 2 +-
>  scripts/gcc-x86_64-has-stack-protector.sh | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/gcc-x86_32-has-stack-protector.sh b/scripts/gcc-x86_32-has-stack-protector.sh
> index 825c75c5b715..9459ca4f0f11 100755
> --- a/scripts/gcc-x86_32-has-stack-protector.sh
> +++ b/scripts/gcc-x86_32-has-stack-protector.sh
> @@ -5,4 +5,4 @@
>  # -mstack-protector-guard-reg, added by
>  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81708
>
> -echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -m32 -O0 -fstack-protector -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard - -o - 2> /dev/null | grep -q "%fs"
> +echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -m32 -O0 -fstack-protector -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard - -o - 2> /dev/null | grep -q "%fs"
> diff --git a/scripts/gcc-x86_64-has-stack-protector.sh b/scripts/gcc-x86_64-has-stack-protector.sh
> index 75e4e22b986a..f680bb01aeeb 100755
> --- a/scripts/gcc-x86_64-has-stack-protector.sh
> +++ b/scripts/gcc-x86_64-has-stack-protector.sh
> @@ -1,4 +1,4 @@
>  #!/bin/sh
>  # SPDX-License-Identifier: GPL-2.0
>
> -echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -m64 -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
> +echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -m64 -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
>
> ---
> base-commit: 1722389b0d863056d78287a120a1d6cadb8d4f7b
> change-id: 20240726-fix-x86-stack-protector-tests-b542b1b9416b
>
> Best regards,
> --
> Nathan Chancellor <nathan@...nel.org>
>
>


-- 
Best Regards
Masahiro Yamada

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ