From: Kees Cook <keescook@chromium.org>
To: Ard Biesheuvel <ardb@kernel.org>, Qing Zhao <qing.zhao@oracle.com>
Cc: linux-hardening@vger.kernel.org,
Keith Packard <keithpac@amazon.com>,
thomas.preudhomme@celest.fr, adhemerval.zanella@linaro.org,
Richard Sandiford <richard.sandiford@arm.com>,
gcc-patches@gcc.gnu.org
Subject: Re: [PATCH v3 1/1] [ARM] Add support for TLS register based stack protector canary access
Date: Tue, 26 Oct 2021 10:13:08 -0700 [thread overview]
Message-ID: <202110260959.25C44F4@keescook> (raw)
In-Reply-To: <20211026081836.3518758-2-ardb@kernel.org>
On Tue, Oct 26, 2021 at 10:18:36AM +0200, Ard Biesheuvel wrote:
> Add support for accessing the stack canary value via the TLS register,
> so that multiple threads running in the same address space can use
> distinct canary values. This is intended for the Linux kernel running in
> SMP mode, where processes entering the kernel are essentially threads
> running the same program concurrently: using a global variable for the
> canary in that context is problematic because it can never be rotated,
> and so the OS is forced to use the same value as long as it remains up.
>
> Using the TLS register to index the stack canary helps with this, as it
> allows each CPU to context switch the TLS register along with the rest
> of the process, permitting each process to use its own value for the
> stack canary.
>
> 2021-10-21 Ard Biesheuvel <ardb@kernel.org>
>
> * config/arm/arm-opts.h (enum stack_protector_guard): New
> * config/arm/arm-protos.h (arm_stack_protect_tls_canary_mem):
> New
> * config/arm/arm.c (TARGET_STACK_PROTECT_GUARD): Define
> (arm_option_override_internal): Handle and put in error checks
> for stack protector guard options.
> (arm_option_reconfigure_globals): Likewise
> (arm_stack_protect_tls_canary_mem): New
> (arm_stack_protect_guard): New
> * config/arm/arm.md (stack_protect_set): New
> (stack_protect_set_tls): Likewise
> (stack_protect_test): Likewise
> (stack_protect_test_tls): Likewise
> * config/arm/arm.opt (-mstack-protector-guard): New
> (-mstack-protector-guard-offset): New.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
I can't speak to the specific implementation details here, but this
builds for me, and behaves as expected. I get a working kernel[1],
and have verified[2] that we have per-task canaries for arm32. :) Yay!
Tested-by: Kees Cook <keescook@chromium.org>
Who's best to review and commit this? Qing, is something you're able to
review?
Thanks!
-Kees
[1] https://lore.kernel.org/linux-arm-kernel/20211021142516.1843042-1-ardb@kernel.org/
[2] https://lore.kernel.org/linux-hardening/20211022223826.330653-3-keescook@chromium.org/
--
Kees Cook
prev parent reply other threads:[~2021-10-26 17:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-26 8:18 [PATCH v3 0/1] implement TLS register based stack canary for ARM Ard Biesheuvel
2021-10-26 8:18 ` [PATCH v3 1/1] [ARM] Add support for TLS register based stack protector canary access Ard Biesheuvel
2021-10-26 17:13 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202110260959.25C44F4@keescook \
--to=keescook@chromium.org \
--cc=adhemerval.zanella@linaro.org \
--cc=ardb@kernel.org \
--cc=gcc-patches@gcc.gnu.org \
--cc=keithpac@amazon.com \
--cc=linux-hardening@vger.kernel.org \
--cc=qing.zhao@oracle.com \
--cc=richard.sandiford@arm.com \
--cc=thomas.preudhomme@celest.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.