lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMzpN2iXMtzvyvwjLHMDz2DR-Me8exU_DtQpfO3MJS5BzTnJfg@mail.gmail.com>
Date: Sun, 28 Jul 2024 03:20:50 -0400
From: Brian Gerst <brgerst@...il.com>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, 
	dave.hansen@...ux.intel.com, x86@...nel.org, nicolas@...sle.eu, 
	maskray@...gle.com, morbo@...gle.com, justinstitt@...gle.com, kees@...nel.org, 
	linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org, 
	llvm@...ts.linux.dev, patches@...ts.linux.dev, stable@...r.kernel.org
Subject: Re: [PATCH] kbuild: Fix '-S -c' in x86 stack protector scripts

On Sun, Jul 28, 2024 at 2:24 AM Masahiro Yamada <masahiroy@...nel.org> wrote:
>
> On Sun, Jul 28, 2024 at 12:13 PM Brian Gerst <brgerst@...il.com> wrote:
> >
> > On Sat, Jul 27, 2024 at 10:36 PM Masahiro Yamada <masahiroy@...nel.org> wrote:
> > >
> > > On Sun, Jul 28, 2024 at 5:43 AM Brian Gerst <brgerst@...il.com> wrote:
> > > >
> > > > On Fri, Jul 26, 2024 at 2:05 PM Nathan Chancellor <nathan@...nel.org> wrote:
> > > > >
> > > > > After a recent change in clang to stop consuming all instances of '-S'
> > > > > and '-c' [1], the stack protector scripts break due to the kernel's use
> > > > > of -Werror=unused-command-line-argument to catch cases where flags are
> > > > > not being properly consumed by the compiler driver:
> > > > >
> > > > >   $ echo | clang -o - -x c - -S -c -Werror=unused-command-line-argument
> > > > >   clang: error: argument unused during compilation: '-c' [-Werror,-Wunused-command-line-argument]
> > > > >
> > > > > This results in CONFIG_STACKPROTECTOR getting disabled because
> > > > > CONFIG_CC_HAS_SANE_STACKPROTECTOR is no longer set.
> > > > >
> > > > > '-c' and '-S' both instruct the compiler to stop at different stages of
> > > > > the pipeline ('-S' after compiling, '-c' after assembling), so having
> > > > > them present together in the same command makes little sense. In this
> > > > > case, the test wants to stop before assembling because it is looking at
> > > > > the textual assembly output of the compiler for either '%fs' or '%gs',
> > > > > so remove '-c' from the list of arguments to resolve the error.
> > > > >
> > > > > All versions of GCC continue to work after this change, along with
> > > > > versions of clang that do or do not contain the change mentioned above.
> > > > >
> > > > > Cc: stable@...r.kernel.org
> > > > > Fixes: 4f7fd4d7a791 ("[PATCH] Add the -fstack-protector option to the CFLAGS")
> > > > > Fixes: 60a5317ff0f4 ("x86: implement x86_32 stack protector")
> > > > > Link: https://github.com/llvm/llvm-project/commit/6461e537815f7fa68cef06842505353cf5600e9c [1]
> > > > > Signed-off-by: Nathan Chancellor <nathan@...nel.org>
> > > > > ---
> > > > > I think this could go via either -tip or Kbuild?
> > > > >
> > > > > Perhaps this is an issue in the clang commit mentioned in the message
> > > > > above since it deviates from GCC (Fangrui is on CC here) but I think the
> > > > > combination of these options is a little dubious to begin with, hence
> > > > > this change.
> > > >
> > > > As part of my stack protector cleanup series, I found that these
> > > > scripts can simply be removed.  I can repost those patches as a
> > > > standalone cleanup.
> > > >
> > > > https://lore.kernel.org/lkml/20240322165233.71698-1-brgerst@gmail.com/
> > > >
> > > > Brian Gerst
> > >
> > > Judging from the Fixes tags, Nathan meant this patch is
> > > a back-port candidate so that the latest LLVM can be used for stable kernels.
> > >
> > > You are making big changes, and do you mean they can be back-ported?
> >
> > I was referring to just the first two patches of that series.  That
> > said, it would be simpler to take Nathan's fix for backporting.
>
>
>
> Even the first two patches are not trivial.
>
> The second patch 02/16:
> https://lore.kernel.org/lkml/20240322165233.71698-3-brgerst@gmail.com/
>
> is completely removing scripts/gcc-x86_64-has-stack-protector.sh,
>
>
> In fact, I also noticed it was a workaround for old buggy compilers.
> I attempted to do the equivalent clean up, then it was rejected.
> https://lore.kernel.org/lkml/1541992013-18657-1-git-send-email-yamada.masahiro@socionext.com/
>
> It was 6 years ago, so the situation might have changed.
> Good luck.

It's a workaround for an old buggy compiler that isn't even supported
by the kernel anymore.

Brian Gerst
>
>
>
>
>
>
>
> --
> Best Regards
> Masahiro Yamada

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ