Patch "arm64: scs: Work around full LTO issue with dynamic SCS" has been added to the 6.7-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    arm64: scs: Work around full LTO issue with dynamic SCS

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     arm64-scs-work-around-full-lto-issue-with-dynamic-sc.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 9d8d73251dc2720caa42aa1d3fc2f290232d9412
Author: Ard Biesheuvel <ardb@xxxxxxxxxx>
Date:   Wed Jan 10 14:26:20 2024 +0100

    arm64: scs: Work around full LTO issue with dynamic SCS
    
    [ Upstream commit 8c5a19cb17a71e52303150335b459c7d2d28a155 ]
    
    Full LTO takes the '-mbranch-protection=none' passed to the compiler
    when generating the dynamic shadow call stack patching code as a hint to
    stop emitting PAC instructions altogether. (Thin LTO appears unaffected
    by this)
    
    Work around this by stripping unwind tables from the object in question,
    which should be sufficient to prevent the patching code from attempting
    to patch itself.
    
    Fixes: 3b619e22c460 ("arm64: implement dynamic shadow call stack for Clang")
    Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
    Reviewed-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>
    Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240110132619.258809-2-ardb+git@xxxxxxxxxx
    Signed-off-by: Will Deacon <will@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
index d95b3d6b471a..e5d03a7039b4 100644
--- a/arch/arm64/kernel/Makefile
+++ b/arch/arm64/kernel/Makefile
@@ -73,7 +73,13 @@ obj-$(CONFIG_ARM64_MTE)			+= mte.o
 obj-y					+= vdso-wrap.o
 obj-$(CONFIG_COMPAT_VDSO)		+= vdso32-wrap.o
 obj-$(CONFIG_UNWIND_PATCH_PAC_INTO_SCS)	+= patch-scs.o
-CFLAGS_patch-scs.o			+= -mbranch-protection=none
+
+# We need to prevent the SCS patching code from patching itself. Using
+# -mbranch-protection=none here to avoid the patchable PAC opcodes from being
+# generated triggers an issue with full LTO on Clang, which stops emitting PAC
+# instructions altogether. So instead, omit the unwind tables used by the
+# patching code, so it will not be able to locate its own PAC instructions.
+CFLAGS_patch-scs.o			+= -fno-asynchronous-unwind-tables -fno-unwind-tables
 
 # Force dependency (vdso*-wrap.S includes vdso.so through incbin)
 $(obj)/vdso-wrap.o: $(obj)/vdso/vdso.so




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux