| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMzpN2i6_-tiYKuXgq0ppowtfB8JipZvkMLmT8Mn02YE5shC5g@mail.gmail.com>
Date: Sat, 27 Jul 2024 23:13:23 -0400
From: Brian Gerst <brgerst@...il.com>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, nicolas@...sle.eu,
maskray@...gle.com, morbo@...gle.com, justinstitt@...gle.com, kees@...nel.org,
linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org,
llvm@...ts.linux.dev, patches@...ts.linux.dev, stable@...r.kernel.org
Subject: Re: [PATCH] kbuild: Fix '-S -c' in x86 stack protector scripts
On Sat, Jul 27, 2024 at 10:36 PM Masahiro Yamada <masahiroy@...nel.org> wrote:
>
> On Sun, Jul 28, 2024 at 5:43 AM Brian Gerst <brgerst@...il.com> wrote:
> >
> > On Fri, Jul 26, 2024 at 2:05 PM Nathan Chancellor <nathan@...nel.org> wrote:
> > >
> > > After a recent change in clang to stop consuming all instances of '-S'
> > > and '-c' [1], the stack protector scripts break due to the kernel's use
> > > of -Werror=unused-command-line-argument to catch cases where flags are
> > > not being properly consumed by the compiler driver:
> > >
> > > $ echo | clang -o - -x c - -S -c -Werror=unused-command-line-argument
> > > clang: error: argument unused during compilation: '-c' [-Werror,-Wunused-command-line-argument]
> > >
> > > This results in CONFIG_STACKPROTECTOR getting disabled because
> > > CONFIG_CC_HAS_SANE_STACKPROTECTOR is no longer set.
> > >
> > > '-c' and '-S' both instruct the compiler to stop at different stages of
> > > the pipeline ('-S' after compiling, '-c' after assembling), so having
> > > them present together in the same command makes little sense. In this
> > > case, the test wants to stop before assembling because it is looking at
> > > the textual assembly output of the compiler for either '%fs' or '%gs',
> > > so remove '-c' from the list of arguments to resolve the error.
> > >
> > > All versions of GCC continue to work after this change, along with
> > > versions of clang that do or do not contain the change mentioned above.
> > >
> > > Cc: stable@...r.kernel.org
> > > Fixes: 4f7fd4d7a791 ("[PATCH] Add the -fstack-protector option to the CFLAGS")
> > > Fixes: 60a5317ff0f4 ("x86: implement x86_32 stack protector")
> > > Link: https://github.com/llvm/llvm-project/commit/6461e537815f7fa68cef06842505353cf5600e9c [1]
> > > Signed-off-by: Nathan Chancellor <nathan@...nel.org>
> > > ---
> > > I think this could go via either -tip or Kbuild?
> > >
> > > Perhaps this is an issue in the clang commit mentioned in the message
> > > above since it deviates from GCC (Fangrui is on CC here) but I think the
> > > combination of these options is a little dubious to begin with, hence
> > > this change.
> >
> > As part of my stack protector cleanup series, I found that these
> > scripts can simply be removed. I can repost those patches as a
> > standalone cleanup.
> >
> > https://lore.kernel.org/lkml/20240322165233.71698-1-brgerst@gmail.com/
> >
> > Brian Gerst
>
> Judging from the Fixes tags, Nathan meant this patch is
> a back-port candidate so that the latest LLVM can be used for stable kernels.
>
> You are making big changes, and do you mean they can be back-ported?
I was referring to just the first two patches of that series. That
said, it would be simpler to take Nathan's fix for backporting.
Brian Gerst
Powered by blists - more mailing lists