This is a note to let you know that I've just added the patch titled
arm64/bti: Disable in kernel BTI when cross section thunks are broken
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
arm64-bti-disable-in-kernel-bti-when-cross-section-t.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit f42e94f5739b6ae0eb6e63bed2d753f2aae79041
Author: Mark Brown <broonie@xxxxxxxxxx>
Date: Mon Sep 5 15:22:55 2022 +0100
arm64/bti: Disable in kernel BTI when cross section thunks are broken
[ Upstream commit c0a454b9044fdc99486853aa424e5b3be2107078 ]
GCC does not insert a `bti c` instruction at the beginning of a function
when it believes that all callers reach the function through a direct
branch[1]. Unfortunately the logic it uses to determine this is not
sufficiently robust, for example not taking account of functions being
placed in different sections which may be loaded separately, so we may
still see thunks being generated to these functions. If that happens,
the first instruction in the callee function will result in a Branch
Target Exception due to the missing landing pad.
While this has currently only been observed in the case of modules
having their main code loaded sufficiently far from their init section
to require thunks it could potentially happen for other cases so the
safest thing is to disable BTI for the kernel when building with an
affected toolchain.
[1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
Reported-by: D Scott Phillips <scott@xxxxxxxxxxxxxxxxxxxxxx>
[Bits of the commit message are lifted from his report & workaround]
Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20220905142255.591990-1-broonie@xxxxxxxxxx
Cc: <stable@xxxxxxxxxxxxxxx> # v5.10+
Signed-off-by: Will Deacon <will@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 662311a513f0..af65ab83e63d 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1654,6 +1654,8 @@ config ARM64_BTI_KERNEL
depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
depends on !CC_IS_GCC || GCC_VERSION >= 100100
+ # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
+ depends on !CC_IS_GCC
# https://github.com/llvm/llvm-project/commit/a88c722e687e6780dcd6a58718350dc76fcc4cc9
depends on !CC_IS_CLANG || CLANG_VERSION >= 120000
depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
