This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] for PR 28281: enable -fstack-protector for the x86_64 linux kernel

From: Arjan van de Ven <arjan at linux dot intel dot com>
To: Jakub Jelinek <jakub at redhat dot com>
Cc: gcc-patches at gcc dot gnu dot org, rth at redhat dot com
Date: Thu, 06 Jul 2006 13:11:27 +0200
Subject: Re: [patch] for PR 28281: enable -fstack-protector for the x86_64 linux kernel
References: <1152178432.3084.20.camel@laptopd505.fenrus.org> <20060706104738.GN3115@devserv.devel.redhat.com>

Jakub Jelinek wrote:

ok patch updated

sadly another buffer overflow has been found in the linux kernel
(http://www.heise.de/newsticker/meldung/75117 and
http://bugzilla.kernel.org/show_bug.cgi?id=2966 ).
I'd really like to be able to use -fstack-protector for the kernel, and
have a kernel patch series lined up for that. However, due to the
different segment registers used for TLS between userspace and kernel
space, a small mod to gcc is needed to actually make this work.
(The reason for the different segment registers is performance: by using
different registers, a system call doesn't need to trash the userspace
segment register, which would be expensive)

Below is the patch to fix this, including a testcase

2006-07-06 Arjan van de Ven <arjan@linux.intel.com>

 	* config/i386/i386.md (stack_tls_protect_set_di,
 	stack_tls_protect_test_di): Use %gs rather than %fs for
 	-mcmodel=kernel.

* gcc.target/i386/stack-prot-kernel.c: New test.

Index: gcc/testsuite/gcc.target/i386/stack-prot-kernel.c
===================================================================
--- gcc/testsuite/gcc.target/i386/stack-prot-kernel.c	(revision 0)
+++ gcc/testsuite/gcc.target/i386/stack-prot-kernel.c	(revision 0)
@@ -0,0 +1,12 @@
+/* { dg-do compile { target lp64 } } */
+/* { dg-options "-O2 -fstack-protector-all -mcmodel=kernel" } */
+
+void test1 (int x)
+{
+  char p[40];
+  int i;
+  for (i=0; i<40; i++)
+	p[i] = x;
+}
+
+/* { dg-final { scan-assembler-not "%fs" } } */
Index: gcc/config/i386/i386.md
===================================================================
--- gcc/config/i386/i386.md	(revision 115220)
+++ gcc/config/i386/i386.md	(working copy)
@@ -20393,7 +20393,12 @@
    (set (match_scratch:DI 2 "=&r") (const_int 0))
    (clobber (reg:CC FLAGS_REG))]
   "TARGET_64BIT"
-  "mov{q}\t{%%fs:%P1, %2|%2, QWORD PTR %%fs:%P1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2"
+  {
+     if (ix86_cmodel != CM_KERNEL)
+        return "mov{q}\t{%%fs:%P1, %2|%2, QWORD PTR %%fs:%P1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2";
+     else
+        return "mov{q}\t{%%gs:%P1, %2|%2, QWORD PTR %%gs:%P1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2";
+  }
   [(set_attr "type" "multi")])

 (define_expand "stack_protect_test"
@@ -20461,7 +20466,12 @@
 		    UNSPEC_SP_TLS_TEST))
    (clobber (match_scratch:DI 3 "=r"))]
   "TARGET_64BIT"
-  "mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%%fs:%P2, %3|%3, QWORD PTR %%fs:%P2}"
+  {
+     if (ix86_cmodel != CM_KERNEL)
+        return "mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%%fs:%P2, %3|%3, QWORD PTR %%fs:%P2}";
+     else
+        return "mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%%gs:%P2, %3|%3, QWORD PTR %%gs:%P2}";
+  }
   [(set_attr "type" "multi")])

(include "sse.md")

Follow-Ups:
- Re: [patch] for PR 28281: enable -fstack-protector for the x86_64 linux kernel
  - From: Ian Lance Taylor

References:
- [patch] for PR 28281: enable -fstack-protector for the x86_64 linux kernel
  - From: Arjan van de Ven
- Re: [patch] for PR 28281: enable -fstack-protector for the x86_64 linux kernel
  - From: Jakub Jelinek

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]