Hi Arjan,

There doesn't seem to be an entry in MAINTAINERS for stack protector, but your signoff was on the last stack protector related commit I could find, so it's probably a good bet.

I get the following in my dmesg after testing linux-next with the stack protector turned on.  This is an x86-64 UP box if that helps.  It appears to be related to the test for the feature (or perhaps that is supposed to happen when the feature is tested, I'm not sure...).  Config below.


[    6.536023] Testing -fstack-protector-all feature
[    6.536054] No -fstack-protector-stack-frame!
[    6.536084] -fstack-protector-all test failed
[    6.536118] ------------[ cut here ]------------
[    6.536148] WARNING: at kernel/panic.c:375 __stack_chk_test+0x50/0x54()
[    6.536185] Pid: 1, comm: swapper Not tainted 2.6.25-next-20080430 #20
[    6.536219]
[    6.536219] Call Trace:
[    6.536270]  [<ffffffff8022edac>] warn_on_slowpath+0x67/0xa2
[    6.536305]  [<ffffffff8022fe90>] ? printk+0x93/0x9d
[    6.536339]  [<ffffffff80245db0>] ? up+0x14/0x3e
[    6.536373]  [<ffffffff8025b73f>] ? ftrace_record_ip+0x230/0x242
[    6.536409]  [<ffffffff8020b5b0>] ? mcount_call+0x5/0x35
[    6.536443]  [<ffffffff8022ee37>] __stack_chk_test+0x50/0x54
[    6.536477]  [<ffffffff806378e7>] kernel_init+0xbf/0x203
[    6.536512]  [<ffffffff804caa96>] ? _spin_unlock_irq+0x55/0x62
[    6.536547]  [<ffffffff804c9faf>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[    6.536584]  [<ffffffff8024d4d5>] ? trace_hardirqs_on_caller+0x12e/0x158
[    6.536620]  [<ffffffff8020c268>] child_rip+0xa/0x12
[    6.536653]  [<ffffffff8020bdc3>] ? restore_args+0x0/0x30
[    6.536686]  [<ffffffff80637828>] ? kernel_init+0x0/0x203
[    6.536719]  [<ffffffff8020c25e>] ? child_rip+0x0/0x12
[    6.536750]
[    6.536782] ---[ end trace 1927d5b2739e166a ]---

#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.25
# Wed Apr 30 20:21:38 2008
...
[ message continues ]

the important question is: exactly what gcc are you using? (and if you use a distro gcc,
which distro)

second question would be, what does the following command give?

echo "int foo(void) { char X[200]; return 3; }" | $1 -S -xc -c -O0 -mcmodel=kernel -fstack-protector - -o -

(this is the command from scripts/gcc-x86_64-has-stack-protector.sh that the kernel uses to test at compiletime
  if you have stack protector support)
--

Ubuntu Hardy Heron

kevin@alekhine:~$ gcc --version
gcc (GCC) 4.2.3 (Ubuntu 4.2.3-2ubuntu7)
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


kevin@alekhine:~$ echo "int foo(void) { char X[200]; return 3; }" | $1 -S -xc -c -O0 -mcmodel=kernel -fstack-protector - -o -
bash: -S: command not found

I assume that $1 was supposed to be gcc, so how about:

kevin@alekhine:~/linux/linux-2.6/scripts$ sh gcc-x86_64-has-stack-protector.sh gcc something
something

So I would assume that means I pass...

Does that help at all?

-- 
Kevin Winchester




--

On Wed, 30 Apr 2008 21:24:27 -0300



I would rather really like to see the assembly output this thing spits; to see if your compiler behaves sanely.
(Some distros tend to badly patch their gcc unfortunately and this may break the stack protector feature)
--

Sure, here we go:

kevin@alekhine:~$ echo "int foo(void) { char X[200]; return 3; }" | gcc -S -xc -c -O0 -mcmodel=kernel -fstack-protector - -o -
        .file   ""
        .text
.globl foo
        .type   foo, @function
foo:
.LFB2:
        pushq   %rbp
.LCFI0:
        movq    %rsp, %rbp
.LCFI1:
        subq    $208, %rsp
.LCFI2:
        movq    %gs:40, %rax
        movq    %rax, -8(%rbp)
        xorl    %eax, %eax
        movl    $3, %eax
        movq    -8(%rbp), %rdx
        xorq    %gs:40, %rdx
        je      .L3
        call    __stack_chk_fail
.L3:
        leave
        ret
.LFE2:
        .size   foo, .-foo
        .section        .eh_frame,"a",@progbits
.Lframe1:
        .long   .LECIE1-.LSCIE1
.LSCIE1:
        .long   0x0
        .byte   0x1
        .string ""
        .uleb128 0x1
        .sleb128 -8
        .byte   0x10
        .byte   0xc
        .uleb128 0x7
        .uleb128 0x8
        .byte   0x90
        .uleb128 0x1
        .align 8
.LECIE1:
.LSFDE1:
        .long   .LEFDE1-.LASFDE1
.LASFDE1:
        .long   .LASFDE1-.Lframe1
        .quad   .LFB2
        .quad   .LFE2-.LFB2
        .byte   0x4
        .long   .LCFI0-.LFB2
        .byte   0xe
        .uleb128 0x10
        .byte   0x86
        .uleb128 0x2
        .byte   0x4
        .long   .LCFI1-.LCFI0
        .byte   0xd
        .uleb128 0x6
        .align 8
.LEFDE1:
        .ident  "GCC: (GNU) 4.2.3 (Ubuntu 4.2.3-2ubuntu7)"
        .section        .note.GNU-stack,"",@progbits

Does that help?

-- 
Kevin Winchester
--

somewhat. If you still have your source tree, can you do

make kernel/panic.s and send that file to me as well?
(offlist is fine)

Greetings,
--

I didn't have the source tree around, but I created the tree+config, and 
here is what I get (I believe it is not too big for the list):

	.file	"panic.c"
# GNU C version 4.2.3 (Ubuntu 4.2.3-2ubuntu7) (x86_64-linux-gnu)
#	compiled by GNU C version 4.2.3 (Ubuntu 4.2.3-2ubuntu7).
# GGC heuristics: --param ggc-min-expand=98 --param ggc-min-heapsize=127739
# options passed:  -nostdinc -Iinclude -Iinclude/asm-x86/mach-default
# -D__KERNEL__ -DGCC_HAS_SP -DKBUILD_STR(s)=#s
# -DKBUILD_BASENAME=KBUILD_STR(panic) -DKBUILD_MODNAME=KBUILD_STR(panic)
# -isystem -include -MD -m64 -march=k8 -mno-red-zone -mcmodel=kernel
# -maccumulate-outgoing-args -mno-sse -mno-mmx -mno-sse2 -mno-3dnow
# -auxbase-strip -g -Os -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
# -Werror-implicit-function-declaration -Wno-sign-compare
# -Wdeclaration-after-statement -Wno-pointer-sign -p -fno-strict-aliasing
# -fno-common -funit-at-a-time -fstack-protector -fstack-protector-all
# -fno-asynchronous-unwind-tables -fno-omit-frame-pointer
# -fno-optimize-sibling-calls -fverbose-asm -fstack-protector
# -fstack-protector
# options enabled:  -falign-loops -fargument-alias -fbranch-count-reg
# -fcaller-saves -fcprop-registers -fcrossjumping -fcse-follow-jumps
# -fcse-skip-blocks -fdefer-pop -fdelete-null-pointer-checks
# -fearly-inlining -feliminate-unused-debug-types -fexpensive-optimizations
# -ffunction-cse -fgcse -fgcse-lm -fguess-branch-probability -fident
# -fif-conversion -fif-conversion2 -finline-functions
# -finline-functions-called-once -fipa-pure-const -fipa-reference
# -fipa-type-escape -fivopts -fkeep-static-consts -fleading-underscore
# -fmath-errno -fmerge-constants -fmove-loop-invariants
# -foptimize-register-move -fpeephole -fpeephole2 -fprofile
# -freg-struct-return -fregmove -freorder-functions -frerun-cse-after-loop
# -fsched-interblock -fsched-spec -fsched-stalled-insns-dep
# -fschedule-insns2 -fshow-column -fsplit-ivs-in-unroller -fstack-protector
# -fstrict-overflow -fthread-jumps -ftoplevel-reorder...
[ message continues ]

interesting; somehow gcc does NOT put stack-protector in place despite it being
told so with -fstack-protector-all.

# -fno-common -funit-at-a-time -fstack-protector -fstack-protector-all
# -fno-asynchronous-unwind-tables -fno-omit-frame-pointer
# -fno-optimize-sibling-calls -fverbose-asm -fstack-protector
# -fstack-protector


this is weird; something is adding ANOTHER -fstack-protector to the (effective) gcc
flags.. which might be overriding the -fstack-protector-all setting.

I wonder if this is a distro special ;(
--

From: Arjan van de Ven <arjan@linux.intel.com>

Ubuntu adds -fstack-protector to the GCC command line.

But I've been able to override it trivially when, for example, doing
GCC builds, by simply adding -fno-stack-protector.
--

I assume adding -fno-stack-protector would not really be an option in 
this case (since if I understand correctly it would be appended to the 
end of the flags which would turn the option off).

I guess I'll be figuring out how to build my own gcc...

-- 
Kevin Winchester
--

one question (since I don't have an ubuntu system on my desk right now)

if you do

make V=1 kernel/panic.o

(after deleting that file if needed), can you check that -fstack-protector-all is the last
stack protector option we explicitly give to gcc ?

--

kevin@alekhine:~/linux/linux-2.6$ make V=1 kernel/panic.o
rm -f include/config/kernel.release
echo 2.6.25-next-20080430 > include/config/kernel.release
set -e; :; mkdir -p include/linux/;     (echo \#define 
LINUX_VERSION_CODE 132633; echo '#define KERNEL_VERSION(a,b,c) (((a) << 
16) + ((b) << 8) + (c))';) < /home/kevin/linux/linux-2.6/Makefile > 
include/linux/version.h.tmp; if [ -r include/linux/version.h ] && cmp -s 
include/linux/version.h include/linux/version.h.tmp; then rm -f 
include/linux/version.h.tmp; else :; mv -f include/linux/version.h.tmp 
include/linux/version.h; fi
set -e; :; mkdir -p include/linux/;     if [ `echo -n 
"2.6.25-next-20080430" | wc -c ` -gt 64 ]; then echo 
'"2.6.25-next-20080430" exceeds 64 characters' >&2; exit 1; fi; (echo 
\#define UTS_RELEASE \"2.6.25-next-20080430\";) < 
include/config/kernel.release > include/linux/utsrelease.h.tmp; if [ -r 
include/linux/utsrelease.h ] && cmp -s include/linux/utsrelease.h 
include/linux/utsrelease.h.tmp; then rm -f 
include/linux/utsrelease.h.tmp; else :; mv -f 
include/linux/utsrelease.h.tmp include/linux/utsrelease.h; fi
set -e; asmlink=`readlink include/asm | cut -d '-' -f 2`;   \
         if [ -L include/asm ]; then                                     \
                 if [ "$asmlink" != "x86" ]; then                \
                         echo "ERROR: the symlink include/asm points to 
asm-$asmlink but asm-x86 was expected"; \
                         echo "       set ARCH or save .config and run 
'make mrproper' to fix it";             \
                         exit 1;                                         \
                 fi;                                                     \
         else                                                            \
                 echo '  SYMLINK include/asm -> include/asm-x86';          \
                 if [ ! -d include ]; then                               \
                         mkdir -p inclu...
[ message continues ]

the kernel makefiles are doing exactly the right things....
yet your previous data showed that something adds a -fstack-protector
after it.... grrr.

Sounds like I need to figure how to make a testcase for this that we
can then use to, at build time, detect this b0rked gcc behavior.

thanks a lot for helping me diagnosing this so far!

--

well hold on a second ;)

I'd like to do a few more experiments, but if this is really an ubuntu special thing
I'd like to at least get the ubuntu gcc folks involved.
--