arch/x86/Makefile | 5 +++-- arch/x86/entry/entry.S | 16 ++++++++++++++++ arch/x86/kernel/cpu/common.c | 2 ++ arch/x86/kernel/vmlinux.lds.S | 3 +++ 4 files changed, 24 insertions(+), 2 deletions(-)
From: Ard Biesheuvel <ardb@kernel.org>
GCC and Clang both implement stack protector support based on Thread
Local Storage (TLS) variables, and this is used in the kernel to
implement per-task stack cookies, by copying a task's stack cookie into
a per-CPU variable every time it is scheduled in.
Both now also implement -mstack-protector-guard-symbol=, which permits
the TLS variable to be specified directly. This is useful because it
will allow us to move away from using a fixed offset of 40 bytes into
the per-CPU area on x86_64, which requires a lot of special handling in
the per-CPU code and the runtime relocation code.
However, while GCC is rather lax in its implementation of this command
line option, Clang actually requires that the provided symbol name
refers to a TLS variable (i.e., one declared with __thread), although it
also permits the variable to be undeclared entirely, in which case it
will use an implicit declaration of the right type.
The upshot of this is that Clang will emit the correct references to the
stack cookie variable in most cases, e.g.,
10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax
10f: R_386_32 __stack_chk_guard
However, if a non-TLS definition of the symbol in question is visible in
the same compilation unit (which amounts to the whole of vmlinux if LTO
is enabled), it will drop the per-CPU prefix and emit a load from a
bogus address.
Work around this by using a symbol name that never occurs in C code, and
emit it as an alias in the linker script.
Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable")
Cc: <stable@vger.kernel.org>
Cc: Fangrui Song <i@maskray.me>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Uros Bizjak <ubizjak@gmail.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>
Link: https://github.com/ClangBuiltLinux/linux/issues/1854
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/x86/Makefile | 5 +++--
arch/x86/entry/entry.S | 16 ++++++++++++++++
arch/x86/kernel/cpu/common.c | 2 ++
arch/x86/kernel/vmlinux.lds.S | 3 +++
4 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index cd75e78a06c1..5b773b34768d 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -142,9 +142,10 @@ ifeq ($(CONFIG_X86_32),y)
ifeq ($(CONFIG_STACKPROTECTOR),y)
ifeq ($(CONFIG_SMP),y)
- KBUILD_CFLAGS += -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard
+ KBUILD_CFLAGS += -mstack-protector-guard-reg=fs \
+ -mstack-protector-guard-symbol=__ref_stack_chk_guard
else
- KBUILD_CFLAGS += -mstack-protector-guard=global
+ KBUILD_CFLAGS += -mstack-protector-guard=global
endif
endif
else
diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S
index d9feadffa972..a503e6d535f8 100644
--- a/arch/x86/entry/entry.S
+++ b/arch/x86/entry/entry.S
@@ -46,3 +46,19 @@ EXPORT_SYMBOL_GPL(mds_verw_sel);
.popsection
THUNK warn_thunk_thunk, __warn_thunk
+
+#ifndef CONFIG_X86_64
+/*
+ * Clang's implementation of TLS stack cookies requires the variable in
+ * question to be a TLS variable. If the variable happens to be defined as an
+ * ordinary variable with external linkage in the same compilation unit (which
+ * amounts to the whole of vmlinux with LTO enabled), Clang will drop the
+ * segment register prefix from the references, resulting in broken code. Work
+ * around this by avoiding the symbol used in -mstack-protector-guard-symbol=
+ * entirely in the C code, and use an alias emitted by the linker script
+ * instead.
+ */
+#ifdef CONFIG_STACKPROTECTOR
+EXPORT_SYMBOL(__ref_stack_chk_guard);
+#endif
+#endif
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 07a34d723505..ba83f54dfaa8 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -2085,8 +2085,10 @@ void syscall_init(void)
#ifdef CONFIG_STACKPROTECTOR
DEFINE_PER_CPU(unsigned long, __stack_chk_guard);
+#ifndef CONFIG_SMP
EXPORT_PER_CPU_SYMBOL(__stack_chk_guard);
#endif
+#endif
#endif /* CONFIG_X86_64 */
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 2b7c8c14c6fd..a80ad2bf8da4 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -490,6 +490,9 @@ SECTIONS
. = ASSERT((_end - LOAD_OFFSET <= KERNEL_IMAGE_SIZE),
"kernel image bigger than KERNEL_IMAGE_SIZE");
+/* needed for Clang - see arch/x86/entry/entry.S */
+PROVIDE(__ref_stack_chk_guard = __stack_chk_guard);
+
#ifdef CONFIG_X86_64
/*
* Per-cpu symbols which need to be offset from __per_cpu_load
--
2.46.1.824.gd892dcdcdd-googHi Ard, kernel test robot noticed the following build warnings: [auto build test WARNING on tip/x86/core] [also build test WARNING on tip/master linus/master tip/x86/asm v6.12-rc1 next-20241003] [cannot apply to tip/auto-latest] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Ard-Biesheuvel/x86-stackprotector-Work-around-strict-Clang-TLS-symbol-requirements/20241002-172733 base: tip/x86/core patch link: https://lore.kernel.org/r/20241002092534.3163838-2-ardb%2Bgit%40google.com patch subject: [PATCH] x86/stackprotector: Work around strict Clang TLS symbol requirements config: i386-randconfig-061-20241003 (https://download.01.org/0day-ci/archive/20241004/202410040122.shftyeMf-lkp@intel.com/config) compiler: clang version 18.1.8 (https://github.com/llvm/llvm-project 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241004/202410040122.shftyeMf-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202410040122.shftyeMf-lkp@intel.com/ All warnings (new ones prefixed by >>, old ones prefixed by <<): WARNING: modpost: missing MODULE_DESCRIPTION() in kernel/locking/test-ww_mutex.o WARNING: modpost: EXPORT symbol "__ref_stack_chk_guard" [vmlinux] version generation failed, symbol will not be versioned. Is "__ref_stack_chk_guard" prototyped in <asm/asm-prototypes.h>? WARNING: modpost: "__ref_stack_chk_guard" [kernel/rcu/refscale.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [kernel/torture.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [fs/nfs/nfsv4.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [fs/unicode/utf8-selftest.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [fs/smb/client/cifs.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/gcm.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [lib/kunit/kunit-test.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/string_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/string_helpers_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_hexdump.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_hash.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [lib/test_printf.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_scanf.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_bitmap.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_uuid.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [lib/cmdline_kunit.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [lib/memcpy_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/overflow_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/stackinit_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/fortify_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/siphash_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpu/drm/tests/drm_cmdline_parser_test.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpu/drm/tests/drm_connector_test.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpu/drm/tests/drm_format_helper_test.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpu/drm/display/drm_display_helper.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/base/test/property-entry-test.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/power/supply/test_power.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [net/mptcp/mptcp_crypto_test.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [net/dns_resolver/dns_resolver.ko] has no CRC! -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
Hi Ard, kernel test robot noticed the following build warnings: [auto build test WARNING on tip/x86/core] [also build test WARNING on tip/master linus/master tip/x86/asm v6.12-rc1 next-20241003] [cannot apply to tip/auto-latest] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Ard-Biesheuvel/x86-stackprotector-Work-around-strict-Clang-TLS-symbol-requirements/20241002-172733 base: tip/x86/core patch link: https://lore.kernel.org/r/20241002092534.3163838-2-ardb%2Bgit%40google.com patch subject: [PATCH] x86/stackprotector: Work around strict Clang TLS symbol requirements config: i386-buildonly-randconfig-006-20241003 (https://download.01.org/0day-ci/archive/20241003/202410032133.9218ziFI-lkp@intel.com/config) compiler: clang version 18.1.8 (https://github.com/llvm/llvm-project 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241003/202410032133.9218ziFI-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202410032133.9218ziFI-lkp@intel.com/ All warnings (new ones prefixed by >>, old ones prefixed by <<): WARNING: modpost: missing MODULE_DESCRIPTION() in arch/x86/mm/testmmiotrace.o WARNING: modpost: missing MODULE_DESCRIPTION() in drivers/devfreq/governor_performance.o WARNING: modpost: missing MODULE_DESCRIPTION() in drivers/devfreq/governor_powersave.o >> WARNING: modpost: EXPORT symbol "__ref_stack_chk_guard" [vmlinux] version generation failed, symbol will not be versioned. Is "__ref_stack_chk_guard" prototyped in <asm/asm-prototypes.h>? >> WARNING: modpost: "__ref_stack_chk_guard" [arch/x86/events/amd/amd-uncore.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [arch/x86/events/intel/intel-uncore.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [arch/x86/kernel/apm.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [arch/x86/crypto/serpent-sse2-i586.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [arch/x86/platform/iris/iris.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [kernel/locking/locktorture.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [kernel/rcu/rcutorture.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [kernel/rcu/rcuscale.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [kernel/time/test_udelay.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [kernel/trace/ring_buffer_benchmark.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [kernel/backtracetest.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [fs/quota/quota_v1.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [fs/configfs/configfs.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [fs/nls/nls_base.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [fs/nls/nls_euc-jp.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [fs/nls/nls_utf8.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [fs/autofs/autofs4.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [fs/fuse/fuse.ko] has no CRC! >> WARNING: modpost: "__ref_stack_chk_guard" [crypto/geniv.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/echainiv.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/crypto_null.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/xts.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/ctr.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/ccm.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/chacha20poly1305.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/cryptd.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/chacha_generic.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/authenc.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/authencesn.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/lzo.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/lzo-rle.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/essiv.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/ecdh_generic.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [crypto/crypto_simd.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/kunit/kunit-example-test.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/math/rational-test.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/crypto/libcurve25519-generic.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/crypto/libdes.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_hexdump.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/cpumask_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_hash.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_ubsan.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_vmalloc.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_scanf.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_xarray.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_maple_tree.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/test_lockup.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/842/842_compress.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/842/842_decompress.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/lzo/lzo_compress.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/overflow_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [lib/siphash_kunit.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/bus/mhi/host/mhi.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/bus/mhi/host/mhi_pci_generic.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/allwinner/phy-sun6i-mipi-dphy.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/amlogic/phy-meson-g12a-usb3-pcie.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/intel/phy-intel-lgm-emmc.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/marvell/phy-berlin-sata.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/mediatek/phy-mtk-pcie.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/mediatek/phy-mtk-hdmi-drv.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/mediatek/phy-mtk-mipi-dsi-drv.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/qualcomm/phy-qcom-qmp-combo.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/qualcomm/phy-qcom-qmp-usbc.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/qualcomm/phy-qcom-snps-femto-v2.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/ralink/phy-ralink-usb.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/rockchip/phy-rockchip-pcie.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/ti/phy-da8xx-usb.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/ti/phy-am654-serdes.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/phy/ti/phy-j721e-wiz.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/freescale/pinctrl-imx.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/nuvoton/pinctrl-wpcm450.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/pxa/pinctrl-pxa25x.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/pxa/pinctrl-pxa27x.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/qcom/pinctrl-msm.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/qcom/pinctrl-ssbi-gpio.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/qcom/pinctrl-ssbi-mpp.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/qcom/pinctrl-lpass-lpi.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/sprd/pinctrl-sprd.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/pinctrl-da9062.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/pinctrl-max77620.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/pinctrl-microchip-sgpio.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/pinctrl-single.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pinctrl/meson/pinctrl-meson.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-104-dio-48e.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-aspeed.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-ath79.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-bd71815.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-cadence.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-da9055.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-eic-sprd.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-hlwd.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-idt3243x.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-lp873x.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-max77620.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-mc33880.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-pch.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-sch311x.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-sim.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-syscon.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-tps65912.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-ts4800.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-ts4900.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-uniphier.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-wm8994.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-xgene-sb.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/gpio/gpio-xra1403.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pci/hotplug/cpqphp.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pci/controller/pcie-altera.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pci/controller/pcie-mt7621.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/pci/pci-stub.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/video/backlight/ams369fg06.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/video/backlight/l4f00242t03.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/video/backlight/lms283gf05.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/video/backlight/88pm860x_bl.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/video/backlight/aat2870_bl.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/video/backlight/adp8870_bl.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/video/backlight/as3711_bl.ko] has no CRC! WARNING: modpost: "__ref_stack_chk_guard" [drivers/video/backlight/backlight.ko] has no CRC! -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
On Wed, 2 Oct 2024 at 11:25, Ard Biesheuvel <ardb+git@google.com> wrote:
>
> From: Ard Biesheuvel <ardb@kernel.org>
>
> GCC and Clang both implement stack protector support based on Thread
> Local Storage (TLS) variables, and this is used in the kernel to
> implement per-task stack cookies, by copying a task's stack cookie into
> a per-CPU variable every time it is scheduled in.
>
> Both now also implement -mstack-protector-guard-symbol=, which permits
> the TLS variable to be specified directly. This is useful because it
> will allow us to move away from using a fixed offset of 40 bytes into
> the per-CPU area on x86_64, which requires a lot of special handling in
> the per-CPU code and the runtime relocation code.
>
> However, while GCC is rather lax in its implementation of this command
> line option, Clang actually requires that the provided symbol name
> refers to a TLS variable (i.e., one declared with __thread), although it
> also permits the variable to be undeclared entirely, in which case it
> will use an implicit declaration of the right type.
>
> The upshot of this is that Clang will emit the correct references to the
> stack cookie variable in most cases, e.g.,
>
> 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax
> 10f: R_386_32 __stack_chk_guard
>
> However, if a non-TLS definition of the symbol in question is visible in
> the same compilation unit (which amounts to the whole of vmlinux if LTO
> is enabled), it will drop the per-CPU prefix and emit a load from a
> bogus address.
>
> Work around this by using a symbol name that never occurs in C code, and
> emit it as an alias in the linker script.
>
> Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable")
> Cc: <stable@vger.kernel.org>
> Cc: Fangrui Song <i@maskray.me>
> Cc: Brian Gerst <brgerst@gmail.com>
> Cc: Uros Bizjak <ubizjak@gmail.com>
> Cc: Nathan Chancellor <nathan@kernel.org>
> Cc: Andy Lutomirski <luto@kernel.org>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1854
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> arch/x86/Makefile | 5 +++--
> arch/x86/entry/entry.S | 16 ++++++++++++++++
> arch/x86/kernel/cpu/common.c | 2 ++
> arch/x86/kernel/vmlinux.lds.S | 3 +++
> 4 files changed, 24 insertions(+), 2 deletions(-)
>
This needs the hunk below applied on top for CONFIG_MODVERSIONS:
--- a/arch/x86/include/asm/asm-prototypes.h
+++ b/arch/x86/include/asm/asm-prototypes.h
@@ -20,3 +20,6 @@
extern void cmpxchg8b_emu(void);
#endif
+#ifdef CONFIG_STACKPROTECTOR
+extern unsigned long __ref_stack_chk_guard;
+#endif
On Wed, Oct 2, 2024 at 7:04 AM Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Wed, 2 Oct 2024 at 11:25, Ard Biesheuvel <ardb+git@google.com> wrote:
> >
> > From: Ard Biesheuvel <ardb@kernel.org>
> >
> > GCC and Clang both implement stack protector support based on Thread
> > Local Storage (TLS) variables, and this is used in the kernel to
> > implement per-task stack cookies, by copying a task's stack cookie into
> > a per-CPU variable every time it is scheduled in.
> >
> > Both now also implement -mstack-protector-guard-symbol=, which permits
> > the TLS variable to be specified directly. This is useful because it
> > will allow us to move away from using a fixed offset of 40 bytes into
> > the per-CPU area on x86_64, which requires a lot of special handling in
> > the per-CPU code and the runtime relocation code.
> >
> > However, while GCC is rather lax in its implementation of this command
> > line option, Clang actually requires that the provided symbol name
> > refers to a TLS variable (i.e., one declared with __thread), although it
> > also permits the variable to be undeclared entirely, in which case it
> > will use an implicit declaration of the right type.
> >
> > The upshot of this is that Clang will emit the correct references to the
> > stack cookie variable in most cases, e.g.,
> >
> > 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax
> > 10f: R_386_32 __stack_chk_guard
> >
> > However, if a non-TLS definition of the symbol in question is visible in
> > the same compilation unit (which amounts to the whole of vmlinux if LTO
> > is enabled), it will drop the per-CPU prefix and emit a load from a
> > bogus address.
> >
> > Work around this by using a symbol name that never occurs in C code, and
> > emit it as an alias in the linker script.
> >
> > Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable")
> > Cc: <stable@vger.kernel.org>
> > Cc: Fangrui Song <i@maskray.me>
> > Cc: Brian Gerst <brgerst@gmail.com>
> > Cc: Uros Bizjak <ubizjak@gmail.com>
> > Cc: Nathan Chancellor <nathan@kernel.org>
> > Cc: Andy Lutomirski <luto@kernel.org>
> > Link: https://github.com/ClangBuiltLinux/linux/issues/1854
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> > arch/x86/Makefile | 5 +++--
> > arch/x86/entry/entry.S | 16 ++++++++++++++++
> > arch/x86/kernel/cpu/common.c | 2 ++
> > arch/x86/kernel/vmlinux.lds.S | 3 +++
> > 4 files changed, 24 insertions(+), 2 deletions(-)
> >
>
> This needs the hunk below applied on top for CONFIG_MODVERSIONS:
>
> --- a/arch/x86/include/asm/asm-prototypes.h
> +++ b/arch/x86/include/asm/asm-prototypes.h
> @@ -20,3 +20,6 @@
> extern void cmpxchg8b_emu(void);
> #endif
>
> +#ifdef CONFIG_STACKPROTECTOR
> +extern unsigned long __ref_stack_chk_guard;
> +#endif
Shouldn't this also be guarded by __GENKSYMS__, since the whole point
of this is to hide the declaration from the compiler?
Brian Gerst
On Sat, 5 Oct 2024 at 17:48, Brian Gerst <brgerst@gmail.com> wrote:
>
> On Wed, Oct 2, 2024 at 7:04 AM Ard Biesheuvel <ardb@kernel.org> wrote:
> >
> > On Wed, 2 Oct 2024 at 11:25, Ard Biesheuvel <ardb+git@google.com> wrote:
> > >
> > > From: Ard Biesheuvel <ardb@kernel.org>
> > >
> > > GCC and Clang both implement stack protector support based on Thread
> > > Local Storage (TLS) variables, and this is used in the kernel to
> > > implement per-task stack cookies, by copying a task's stack cookie into
> > > a per-CPU variable every time it is scheduled in.
> > >
> > > Both now also implement -mstack-protector-guard-symbol=, which permits
> > > the TLS variable to be specified directly. This is useful because it
> > > will allow us to move away from using a fixed offset of 40 bytes into
> > > the per-CPU area on x86_64, which requires a lot of special handling in
> > > the per-CPU code and the runtime relocation code.
> > >
> > > However, while GCC is rather lax in its implementation of this command
> > > line option, Clang actually requires that the provided symbol name
> > > refers to a TLS variable (i.e., one declared with __thread), although it
> > > also permits the variable to be undeclared entirely, in which case it
> > > will use an implicit declaration of the right type.
> > >
> > > The upshot of this is that Clang will emit the correct references to the
> > > stack cookie variable in most cases, e.g.,
> > >
> > > 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax
> > > 10f: R_386_32 __stack_chk_guard
> > >
> > > However, if a non-TLS definition of the symbol in question is visible in
> > > the same compilation unit (which amounts to the whole of vmlinux if LTO
> > > is enabled), it will drop the per-CPU prefix and emit a load from a
> > > bogus address.
> > >
> > > Work around this by using a symbol name that never occurs in C code, and
> > > emit it as an alias in the linker script.
> > >
> > > Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable")
> > > Cc: <stable@vger.kernel.org>
> > > Cc: Fangrui Song <i@maskray.me>
> > > Cc: Brian Gerst <brgerst@gmail.com>
> > > Cc: Uros Bizjak <ubizjak@gmail.com>
> > > Cc: Nathan Chancellor <nathan@kernel.org>
> > > Cc: Andy Lutomirski <luto@kernel.org>
> > > Link: https://github.com/ClangBuiltLinux/linux/issues/1854
> > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > > ---
> > > arch/x86/Makefile | 5 +++--
> > > arch/x86/entry/entry.S | 16 ++++++++++++++++
> > > arch/x86/kernel/cpu/common.c | 2 ++
> > > arch/x86/kernel/vmlinux.lds.S | 3 +++
> > > 4 files changed, 24 insertions(+), 2 deletions(-)
> > >
> >
> > This needs the hunk below applied on top for CONFIG_MODVERSIONS:
> >
> > --- a/arch/x86/include/asm/asm-prototypes.h
> > +++ b/arch/x86/include/asm/asm-prototypes.h
> > @@ -20,3 +20,6 @@
> > extern void cmpxchg8b_emu(void);
> > #endif
> >
> > +#ifdef CONFIG_STACKPROTECTOR
> > +extern unsigned long __ref_stack_chk_guard;
> > +#endif
>
> Shouldn't this also be guarded by __GENKSYMS__, since the whole point
> of this is to hide the declaration from the compiler?
>
Yes, good point. Even though it does not matter in practice (the issue
is tickled only by a visible *definition*, not by a declaration), this
file is included into C code, which should be avoided.
© 2016 - 2024 Red Hat, Inc.