From: Kees Cook <keescook@chromium.org>
To: Guenter Roeck <linux@roeck-us.net>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, linux@armlinux.org.uk,
Emese Revfy <re.emese@gmail.com>, Arnd Bergmann <arnd@arndb.de>,
Laura Abbott <labbott@redhat.com>,
kernel-hardening@lists.openwall.com
Subject: Re: [PATCH v3] ARM: smp: add support for per-task stack canaries
Date: Wed, 11 Mar 2020 11:47:20 -0700 [thread overview]
Message-ID: <202003111146.E3FC1924@keescook> (raw)
In-Reply-To: <04a8c31a-3c43-3dcf-c9fd-82ba225a19f6@roeck-us.net>
On Wed, Mar 11, 2020 at 11:31:13AM -0700, Guenter Roeck wrote:
> On 3/11/20 10:21 AM, Kees Cook wrote:
> > On Mon, Mar 09, 2020 at 09:49:31AM -0700, Guenter Roeck wrote:
> >> On Thu, Dec 06, 2018 at 09:32:57AM +0100, Ard Biesheuvel wrote:
> >>> On ARM, we currently only change the value of the stack canary when
> >>> switching tasks if the kernel was built for UP. On SMP kernels, this
> >>> is impossible since the stack canary value is obtained via a global
> >>> symbol reference, which means
> >>> a) all running tasks on all CPUs must use the same value
> >>> b) we can only modify the value when no kernel stack frames are live
> >>> on any CPU, which is effectively never.
> >>>
> >>> So instead, use a GCC plugin to add a RTL pass that replaces each
> >>> reference to the address of the __stack_chk_guard symbol with an
> >>> expression that produces the address of the 'stack_canary' field
> >>> that is added to struct thread_info. This way, each task will use
> >>> its own randomized value.
> >>>
> >>> Cc: Russell King <linux@armlinux.org.uk>
> >>> Cc: Kees Cook <keescook@chromium.org>
> >>> Cc: Emese Revfy <re.emese@gmail.com>
> >>> Cc: Arnd Bergmann <arnd@arndb.de>
> >>> Cc: Laura Abbott <labbott@redhat.com>
> >>> Cc: kernel-hardening@lists.openwall.com
> >>> Acked-by: Nicolas Pitre <nico@linaro.org>
> >>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >>
> >> Since this patch is in the tree, cc-option no longer works on
> >> the arm architecture if CONFIG_STACKPROTECTOR_PER_TASK is enabled.
> >>
> >> Any idea how to fix that ?
> >
> > I thought Arnd sent a patch to fix it and it got picked up?
> >
>
> Yes, but the fix is not upstream (it is only in -next), and I missed it.
Ah, yes, I found it again now too; it went through rmk's tree.
For thread posterity:
ARM: 8961/2: Fix Kbuild issue caused by per-task stack protector GCC plugin
https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=8961/2
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Guenter Roeck <linux@roeck-us.net>
Cc: Arnd Bergmann <arnd@arndb.de>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
kernel-hardening@lists.openwall.com, linux@armlinux.org.uk,
linux-kernel@vger.kernel.org, Emese Revfy <re.emese@gmail.com>,
Laura Abbott <labbott@redhat.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v3] ARM: smp: add support for per-task stack canaries
Date: Wed, 11 Mar 2020 11:47:20 -0700 [thread overview]
Message-ID: <202003111146.E3FC1924@keescook> (raw)
In-Reply-To: <04a8c31a-3c43-3dcf-c9fd-82ba225a19f6@roeck-us.net>
On Wed, Mar 11, 2020 at 11:31:13AM -0700, Guenter Roeck wrote:
> On 3/11/20 10:21 AM, Kees Cook wrote:
> > On Mon, Mar 09, 2020 at 09:49:31AM -0700, Guenter Roeck wrote:
> >> On Thu, Dec 06, 2018 at 09:32:57AM +0100, Ard Biesheuvel wrote:
> >>> On ARM, we currently only change the value of the stack canary when
> >>> switching tasks if the kernel was built for UP. On SMP kernels, this
> >>> is impossible since the stack canary value is obtained via a global
> >>> symbol reference, which means
> >>> a) all running tasks on all CPUs must use the same value
> >>> b) we can only modify the value when no kernel stack frames are live
> >>> on any CPU, which is effectively never.
> >>>
> >>> So instead, use a GCC plugin to add a RTL pass that replaces each
> >>> reference to the address of the __stack_chk_guard symbol with an
> >>> expression that produces the address of the 'stack_canary' field
> >>> that is added to struct thread_info. This way, each task will use
> >>> its own randomized value.
> >>>
> >>> Cc: Russell King <linux@armlinux.org.uk>
> >>> Cc: Kees Cook <keescook@chromium.org>
> >>> Cc: Emese Revfy <re.emese@gmail.com>
> >>> Cc: Arnd Bergmann <arnd@arndb.de>
> >>> Cc: Laura Abbott <labbott@redhat.com>
> >>> Cc: kernel-hardening@lists.openwall.com
> >>> Acked-by: Nicolas Pitre <nico@linaro.org>
> >>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >>
> >> Since this patch is in the tree, cc-option no longer works on
> >> the arm architecture if CONFIG_STACKPROTECTOR_PER_TASK is enabled.
> >>
> >> Any idea how to fix that ?
> >
> > I thought Arnd sent a patch to fix it and it got picked up?
> >
>
> Yes, but the fix is not upstream (it is only in -next), and I missed it.
Ah, yes, I found it again now too; it went through rmk's tree.
For thread posterity:
ARM: 8961/2: Fix Kbuild issue caused by per-task stack protector GCC plugin
https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=8961/2
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-03-11 18:47 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-06 8:32 [PATCH v3] ARM: smp: add support for per-task stack canaries Ard Biesheuvel
2018-12-06 8:32 ` Ard Biesheuvel
2018-12-09 10:28 ` kbuild test robot
2018-12-09 10:28 ` kbuild test robot
2018-12-09 10:28 ` kbuild test robot
2018-12-09 10:37 ` Russell King - ARM Linux
2018-12-09 10:37 ` Russell King - ARM Linux
2018-12-10 22:34 ` Kees Cook
2018-12-10 22:34 ` Kees Cook
2018-12-12 21:26 ` Kees Cook
2018-12-12 21:26 ` Kees Cook
2018-12-13 2:53 ` [kbuild-all] " Rong Chen
2018-12-13 2:53 ` Rong Chen
2019-01-09 6:30 ` Rong Chen
2019-01-09 21:37 ` Kees Cook
2019-01-09 21:37 ` Kees Cook
2020-03-09 16:49 ` Guenter Roeck
2020-03-09 16:49 ` Guenter Roeck
2020-03-11 17:21 ` Kees Cook
2020-03-11 17:21 ` Kees Cook
2020-03-11 18:31 ` Guenter Roeck
2020-03-11 18:31 ` Guenter Roeck
2020-03-11 18:47 ` Kees Cook [this message]
2020-03-11 18:47 ` Kees Cook
2020-03-11 20:45 ` Russell King - ARM Linux admin
2020-03-11 20:45 ` Russell King - ARM Linux admin
2020-03-11 21:39 ` Guenter Roeck
2020-03-11 21:39 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202003111146.E3FC1924@keescook \
--to=keescook@chromium.org \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linux@roeck-us.net \
--cc=re.emese@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.