Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 3 Dec 2018 21:25:01 +0300
From: Alexander Popov <>
To: Kees Cook <>
Cc: Kernel Hardening <>,
 Jann Horn <>, Andy Lutomirski <>,
 Borislav Petkov <>, Thomas Gleixner <>,
 Dave Hansen <>,
 Steven Rostedt <>, Peter Zijlstra <>,
 Masami Hiramatsu <>, Florian Weimer <>,
 Richard Sandiford <>,
 Segher Boessenkool <>,,
 Tycho Andersen <>, Laura Abbott <>,
 Mark Rutland <>, Emese Revfy <>,
 Thomas Garnier <>, Ingo Molnar <>,
 Will Deacon <>, Alexei Starovoitov <>,
 Ard Biesheuvel <>, "H. Peter Anvin"
 <>, "David S. Miller" <>,
 linux-arm-kernel <>,,
 LKML <>
Subject: Re: [PATCH 1/1] stackleak: Register the 'stackleak_cleanup' pass
 before the 'mach' pass

On 30.11.2018 20:12, Kees Cook wrote:
> On Fri, Nov 30, 2018 at 9:09 AM Kees Cook <> wrote:
>> On Fri, Nov 30, 2018 at 5:20 AM Alexander Popov <> wrote:
>>> Currently the 'stackleak_cleanup' pass deleting a CALL insn is executed
>>> after the 'reload' pass. That allows gcc to do some weird optimization in
>>> function prologues and epilogues, which are generated later [1].
>>> Let's avoid that by registering the 'stackleak_cleanup' pass before
>>> the 'mach' pass, which performs the machine dependent code transformations.
>>> It's the moment when the stack frame size is final and function prologues
>>> and epilogues are already generated.
>>> [1]
>>> Reported-by: kbuild test robot <>
>>> Signed-off-by: Alexander Popov <>
>> Thanks, applied!
> Eek, no, this is breaking my build badly:
> *** WARNING *** there are active plugins, do not report this as a bug
> unless you can reproduce it without enabling any plugins.
> Event                            | Plugins
> PLUGIN_START_UNIT                | stackleak_plugin
> kernel/exit.c: In function ‘release_task’:
> kernel/exit.c:228:1: internal compiler error: Segmentation fault
>  }
> Failing with:
> gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0

I've done debugging of gcc with gdb and now understand my mistake.

It turned out that I register the 'stackleak_cleanup' pass deleting CALL insn
for that particular moment when the control flow graph is inconsistent.

That's what the machine-specific reorg passes do on various architectures:

  /* We are freeing block_for_insn in the toplev to keep compatibility
     with old MDEP_REORGS that are not CFG based.  Recompute it now.  */
  compute_bb_for_insn ();

So recomputing basic block info for insns before calling delete_insn_and_edges()
fixes the issue.

But I think it's better to register the 'stackleak_cleanup' pass just one pass
earlier -- before the '*free_cfg' pass. I'll double check it for different
versions of gcc on all supported architectures and return with a new patch.

Best regards,

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.