From: Will Deacon <will.deacon@arm.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: mark.rutland@arm.com, linux-hardened@lists.openwall.com,
keescook@chromium.org, arnd@arndb.de,
Ramana.Radhakrishnan@arm.com,
linux-arm-kernel@lists.infradead.org, labbott@fedoraproject.org
Subject: Re: [PATCH v2] arm64: enable per-task stack canaries
Date: Fri, 7 Dec 2018 15:31:31 +0000 [thread overview]
Message-ID: <20181207153130.GA2835@edgewater-inn.cambridge.arm.com> (raw)
In-Reply-To: <20181203170343.2602-1-ard.biesheuvel@linaro.org>
On Mon, Dec 03, 2018 at 06:03:43PM +0100, Ard Biesheuvel wrote:
> This enables the use of per-task stack canary values if GCC has
> support for emitting the stack canary reference relative to the
> value of sp_el0, which holds the task struct pointer in the arm64
> kernel.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> Note that the cc-option invocation below relies on the fact that Ramana's
> current implementation of the GCC support permits -mstack-protector-guard=sysreg
> to appear without defining the register name or offset.
>
> The $(eval) extends KBUILD_CFLAGS at the moment the make rule is applied,
> which means asm-offsets.o (which we rely on for the offset value) is built
> without the arguments, and everything built afterwards has the options set.
>
> arch/arm64/Kconfig | 5 +++++
> arch/arm64/Makefile | 10 ++++++++++
> arch/arm64/include/asm/stackprotector.h | 3 ++-
> arch/arm64/kernel/asm-offsets.c | 3 +++
> arch/arm64/kernel/process.c | 2 +-
> 5 files changed, 21 insertions(+), 2 deletions(-)
This looks really good to me, but I'm not sure what we should do next.
Ramana -- is your implementation stable, or are we likely to see changes
to the way the options are passed?
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
prev parent reply other threads:[~2018-12-07 15:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-03 17:03 [PATCH v2] arm64: enable per-task stack canaries Ard Biesheuvel
2018-12-03 20:53 ` Kees Cook
2018-12-03 20:56 ` Ard Biesheuvel
2018-12-03 20:58 ` Ard Biesheuvel
2018-12-07 15:31 ` Will Deacon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181207153130.GA2835@edgewater-inn.cambridge.arm.com \
--to=will.deacon@arm.com \
--cc=Ramana.Radhakrishnan@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=keescook@chromium.org \
--cc=labbott@fedoraproject.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardened@lists.openwall.com \
--cc=mark.rutland@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox