[PATCH] arm64/bti: Disable in kernel BTI when cross section thunks are broken
Will Deacon
will at kernel.org
Mon Sep 5 06:52:49 PDT 2022
On Fri, Sep 02, 2022 at 01:47:24PM +0100, Mark Brown wrote:
> GCC does not insert a `bti c` instruction at the beginning of a function
> when it believes that all callers reach the function through a direct
> branch[1]. Unfortunately the logic it uses to determine this is not
> sufficiently robust, for example not taking account of functions being
> placed in different sections which may be loaded separately, so we may
> still see thunks being generated to these functions. If that happens,
> the first instruction in the callee function will result in a Branch
> Target Exception due to the missing landing pad.
>
> While this has currently only been observed in the case of modules
> having their main code loaded sufficiently far from their init section
> to require thunks it could potentially happen for other cases so the
> safest thing is to disable BTI for the kernel when building with an
> affected toolchain.
>
> [1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
>
> Reported-by: D Scott Phillips <scott at os.amperecomputing.com>
> [Bits of the commit message are lifted from his report & workaround]
> Signed-off-by: Mark Brown <broonie at kernel.org>
> ---
>
> I'm sending this as an alternative to Scott's workaround in:
>
> https://lore.kernel.org/r/20220902001551.2349544-1-scott@os.amperecomputing.com
>
> in case people aren't comfortable with that, given the GCC bug it seems
> likely that it is possible to generate some other case where there might
> be issues.
Thanks; I much prefer this simple fix for now, especially as the GCC bug
doesn't seem to have concluded. Just one comment:
> arch/arm64/Kconfig | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 9fb9fff08c94..863b807681ce 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1885,8 +1885,8 @@ config ARM64_BTI_KERNEL
> depends on ARM64_BTI
> depends on ARM64_PTR_AUTH_KERNEL
> depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI
> - # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
> - depends on !CC_IS_GCC || GCC_VERSION >= 100100
Can we keep this dependency too, please? Hopefully we'll be able to add
a 'GCC_VERSION >= nnnnnn' for this new issue, and then I think it's helpful
to call out the issues separately so people don't think they can cherry-pick
just one of the compiler fixes and it will work.
Will
More information about the linux-arm-kernel
mailing list