search for: mindirect

...s pushed onto the > stack? What are the semantics? Is there a spec anywheere? > > LLVM only needs this on 32-bit x86, but we do kind of need an answer > before we update all of our branches with new names.... That would be __x86_indirect_thunk but the kernel doesn't use it. We use -mindirect-branch-register and only ever expect the compiler to use the register versions which are CET-compatible. However, in at least one case in the 32-bit kernel we do emit the old ret-equivalent retpoline inline, because there literally wasn't a single register we could use (yay x86). I would defini...

On Wed, 2018-02-07 at 00:36 +0000, Chandler Carruth wrote: > > > > That would be __x86_indirect_thunk but the kernel doesn't use it. > > We use -mindirect-branch-register and only ever expect the compiler > > to use the register versions which are CET-compatible. > > > > However, in at least one case in the 32-bit kernel we do emit the > > old ret-equivalent retpoline inline, because there literally wasn't > > a sin...

...Feb 6, 2018 at 4:46 PM David Woodhouse <dwmw2 at infradead.org> > wrote: > >> On Wed, 2018-02-07 at 00:36 +0000, Chandler Carruth wrote: >> >> > > >> > > That would be __x86_indirect_thunk but the kernel doesn't use it. >> > > We use -mindirect-branch-register and only ever expect the compiler >> > > to use the register versions which are CET-compatible. >> > > >> > > However, in at least one case in the 32-bit kernel we do emit the >> > > old ret-equivalent retpoline inline, because there l...

...ter Host: x86_64-pc-linux-gnu Compiler: /usr/bin/gcc-8 Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE Preprocessor flags: -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE Linker flags: -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie Libra...

...tack? > What are the semantics? Is there a spec anywheere? > > LLVM only needs this on 32-bit x86, but we do kind of need an answer > before we update all of our branches with new names.... > > > That would be __x86_indirect_thunk but the kernel doesn't use it. We use > -mindirect-branch-register and only ever expect the compiler to use the > register versions which are CET-compatible. > > However, in at least one case in the 32-bit kernel we do emit the old > ret-equivalent retpoline inline, because there literally wasn't a single > register we could use...

On Thu, Jun 07, 2018 at 06:14:42PM -0700, PGNet Dev wrote: > On 6/7/18 6:08 PM, Darren Tucker wrote: > > Well the intent is you should be able to set CC and LD to whatever you > > want as long as they work. In this case, the OSSH_CHECK_LDFLAG_LINK > > test invokes autoconf's AC_LINK_IFELSE with uses CC not LD. I'm not > > sure what to do about it yet though. I

On Tue, Feb 6, 2018 at 4:46 PM David Woodhouse <dwmw2 at infradead.org> wrote: > On Wed, 2018-02-07 at 00:36 +0000, Chandler Carruth wrote: > > > > > > > That would be __x86_indirect_thunk but the kernel doesn't use it. > > > We use -mindirect-branch-register and only ever expect the compiler > > > to use the register versions which are CET-compatible. > > > > > > However, in at least one case in the 32-bit kernel we do emit the > > > old ret-equivalent retpoline inline, because there literally wasn...

On Wed, Mar 22, 2023 at 03:59:45PM +0800, Peng Fan (OSS) wrote: > From: Peng Fan <peng.fan at nxp.com> > > "-mfunction-return=thunk -mindirect-branch-register" are only valid > for x86. So introduce compiler operation check to avoid such issues > > Fixes: 0d0ed4006127 ("tools/virtio: enable to build with retpoline") > Signed-off-by: Peng Fan <peng.fan at nxp.com> > --- > tools/virtio/Makefile | 21...

On Thu, 23 Mar 2023 12:00:24 +0800, "Peng Fan (OSS)" <peng.fan at oss.nxp.com> wrote: > From: Peng Fan <peng.fan at nxp.com> > > "-mfunction-return=thunk -mindirect-branch-register" are only valid > for x86. So introduce compiler operation check to avoid such issues > > Fixes: 0d0ed4006127 ("tools/virtio: enable to build with retpoline") > Signed-off-by: Peng Fan <peng.fan at nxp.com> > --- > > V2: > Use /dev/null...

...d Woodhouse <dwmw2 at infradead.org> >> wrote: >> >>> On Wed, 2018-02-07 at 00:36 +0000, Chandler Carruth wrote: >>> >>> > > >>> > > That would be __x86_indirect_thunk but the kernel doesn't use it. >>> > > We use -mindirect-branch-register and only ever expect the compiler >>> > > to use the register versions which are CET-compatible. >>> > > >>> > > However, in at least one case in the 32-bit kernel we do emit the >>> > > old ret-equivalent retpoline inline,...

...I also saw a failure due to a segfault. It's the same crash Thore is seeing: /bin/sh ../../libtool --tag=CC --mode=link x86_64-pc-linux-gnu-gcc -std=gnu99 -O0 -g -pipe -march=native -mtune=native -ggdb -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=thunk -mindirect-branch=thunk -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -module -avoid-version -Wl,-O1 -Wl,--as-needed -o libauthdb_imap.la -rpath /usr/lib64/dovecot/auth libauthdb_imap_la-passdb...

...no configure: error: fd passing is required for Dovecot to work .... config.log shows: configure:22538: checking whether shared mmaps get updated by write()s configure:22585: gcc -o conftest -std=gnu99 -g -O2 -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=thunk -mindirect-branch=thunk -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2?? conftest.c? >&5 configure:22585: $? = 0 configure:22585: ./conftest ./configure[2026]: eval: line 1: 29183: Memory...

We recently discovered that our OpenSSH distribution binaries contain retpoline thunks. It's due to this OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc This was quite surprising because at least the GNU/Linux userspace has no provisions for retpolines. You also fail to enable -fno-plt, so you need a special linker that produces non-standard PLT stubs. (And this has to be repeated for all system libraries you call.) In our...

On Tue, Feb 6, 2018 at 4:16 PM Chandler Carruth <chandlerc at google.com> wrote: > On Tue, Feb 6, 2018 at 2:56 PM David Woodhouse <dwmw2 at infradead.org> > wrote: > >> At this point, what we really want is for identical thunks to have >> identical names — just like we do for builtins and other stuff, to avoid >> having differences between clang and GCC

...with-zlib --with-bzlib --with-libwrap --with-libcap --without-solr --without-gssapi --without-docs --without-sia --without-pgsql --without-lucene --without-stemmer THanks libtool: link: gcc -std=gnu99 -g -O2 -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=thunk -mindirect-branch=thunk -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -Wl,--as-needed -o test-lib test_lib-test-lib.o test_lib-test-array.o test_lib-test-aqueue.o test_lib-test-base32.o test_lib-t...

On Tue, Feb 6, 2018 at 2:56 PM David Woodhouse <dwmw2 at infradead.org> wrote: > On Tue, 2018-02-06 at 22:08 +0000, Chandler Carruth wrote: > > So, I was waiting to hear a definitive response on whether using aliases > is hard, and didn't see one here, which is why I haven't responded further. > > However, a colleauge pointed me at an LKML thread where it seems

...nclude/linux/kconfig.h +CFLAGS += -g -O2 -Werror -Wno-maybe-uninitialized -Wall -I. -I../include/ -I ../../usr/include/ -Wno-pointer-sign -fno-strict-overflow -fno-strict-aliasing -fno-common -MMD -U_FORTIFY_SOURCE -include ../../include/linux/kconfig.h -mfunction-return=thunk -fcf-protection=none -mindirect-branch-register CFLAGS += -pthread LDFLAGS += -pthread vpath %.c ../../drivers/virtio ../../drivers/vhost -- 2.25.1

...t works fine, but the make fails as follows: *** Warning: Linking the executable test-http-payload against the loadable module *** libssl_iostream_openssl.so is not portable! libtool: link: gcc -std=gnu99 -g -O2 -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=keep -mindirect-branch=keep -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -Wl,--as-needed -o .libs/test-http-payload test-http-payload.o -Wl,--export-dynamic -L/share/CACHEDEV1_DATA/.qpkg/Entware/lib...

...;egcs"; then OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) if test "x$use_toolchain_hardening" = "x1"; then + OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc + OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc + OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang + OSSH_CHECK_CFLAG_LINK([-z retpolineplt]) # clang OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) -- Darren Tucker (dtucker at dtucker.net) GPG...

...with-libcap --without-solr > --without-gssapi --without-docs --without-sia --without-pgsql > --without-lucene --without-stemmer > > THanks > > libtool: link: gcc -std=gnu99 -g -O2 -fstack-protector-strong > -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=thunk > -mindirect-branch=thunk -Wall -W -Wmissing-prototypes > -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 > -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 > -Wl,--as-needed -o test-lib test_lib-test-lib.o test_lib-test-array.o > test_lib-test-aqueue.o test_lib-test...