From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=6Q0g=PJ=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3A9A1C433F5
	for <linux-arm-kernel@archiver.kernel.org>; Thu, 21 Oct 2021 14:26:46 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id F050B6121F
	for <linux-arm-kernel@archiver.kernel.org>; Thu, 21 Oct 2021 14:26:45 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org F050B6121F
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=rsJwOjqqq0jwPY0adjB9NMzRGX7EGWLX8Is3IqyklYY=; b=Xi4nRF2tjS9SLS
	02TFtN5uMvmCGqQzG6hT+LyQaVxlrEwOZzluBiImBAlrARQ5hUBlBRVc+SSZkQ3ZDa5Yi9Wwr18UN
	lO9/3RptiJYx+ddK8IfExb5KnErsxBLBTtLaC4XU/kpB4nGFKDtDk4YD+phIlXX5T7CO+oqXR2rpC
	FyW+bjzOVdjsPOWR1rvZntCyx0taTvu0HwUl4CaRBbTeap7ggqLTVD66nLk+7Lga2lxW0CsRuzhjk
	gzuQnMqwJd7qDXYMoA67IeukZcM+lWROgxB4jGA15kHoj6Vvj3CruUYt7knpvZSnXFBUPEAM/Y74p
	tpSzGMewr/QbrNbmTLFg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1mdZ0d-007pau-V5; Thu, 21 Oct 2021 14:25:32 +0000
Received: from mail.kernel.org ([198.145.29.99])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1mdZ0b-007paW-1l
 for linux-arm-kernel@lists.infradead.org; Thu, 21 Oct 2021 14:25:30 +0000
Received: by mail.kernel.org (Postfix) with ESMTPSA id 897AD6120F;
 Thu, 21 Oct 2021 14:25:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1634826328;
 bh=nHNwRX+kylIcJKJI2sYRIHXD9lBZvThKIZqt5UaU3Iw=;
 h=From:To:Cc:Subject:Date:From;
 b=VeKU4ecJDghHL7mc5mxW0vz9VplhO48lO9HJh9XsDS9oMtKHLDtG1hCinPiLNd+Jw
 yLSXIRBORZ5VXKODMejPxPO3KU8S2Hgu06JA6jm21xelymGmvOEVJ3Ljh5t/st0X1X
 MYfSNvCf983eBLmOC7gkMNxDgo7Cz4OUZHpmMzxN9uJxznYCTFD2+4LdiF+gI19v2g
 ZxOM1aUBaRwqfzbUMPyNWAYMLliZHP0EprMELd3aj8qIZVA+5j7w+W0H3o5pGckTL+
 bv3y33ApK8JA6ey7OhuFC9rZ13k5R9RjDx0NicsveU4Z1vGdhp7FhiMtYzKjpcDkqk
 RPjkFCM2bzOpg==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Kees Cook <keescook@chromium.org>,
 Nick Desaulniers <ndesaulniers@google.com>
Subject: [PATCH] ARM: stackprotector: prefer compiler for TLS based per-task
 protector
Date: Thu, 21 Oct 2021 16:25:16 +0200
Message-Id: <20211021142516.1843042-1-ardb@kernel.org>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=2495; h=from:subject;
 bh=nHNwRX+kylIcJKJI2sYRIHXD9lBZvThKIZqt5UaU3Iw=;
 b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBhcXhLNJ2fCjMBbmleYOOyY7ogvtxn9vdWp6p0jSJ9
 PI6xHo6JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYXF4SwAKCRDDTyI5ktmPJGH5DA
 CJhg7VO1rgqk9ijsKbrvzQJB1iXEQzIS3C2CiSfjYr/mBkFRmVaRSt1Hwn3Bxi7nAuZkOKKiI2ug1p
 WW0iAuVbM9XeCZ0jVMEzosp7P8DtxqGrYbMH0EIzhjdBPLOqshnv5sn8APvyB8Mb8rPokY/frnwUg8
 4PhdtnLIxCqBZ9qMy/SlOLt9Nrx4X8L4/81JyjVmR3+90lhuvfjqzBZJ4dbu5jTyRFkpWEJnzuZHbt
 3hWwW5U+HgUbWa7LWECfTTydolR8b7Z6Kf6Z+7Rz/VP/Oyex8COOeHaByGois+HJmtRKDTkFyq+qUV
 QA808KkDo4nIb5ySXDGhigT57VMJrKdUiDIpdjGiC5XLKO9eHFD3kJBiuDy6I3eeh+T3NaqRmGticI
 D8jzn2GBX/rDzts83SJJeKpbCVEjw4CNR+4L4Up+Pa+mouSDv9QlgM+AkiHpDQyUjQOFFP6vzpOdjd
 Ur0xOH2Bf+yqeUesv8fTRSXnRVklARCV37j4cZuvdc7Fw=
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20211021_072529_174665_EFCD7978 
X-CRM114-Status: GOOD (  13.04  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Currently, we implement the per-task stack protector for ARM using a GCC
plugin, due to lack of native compiler support. However, work is
underway to get this implemented in the compiler, which means we will be
able to deprecate the GCC plugin at some point.

In the meantime, we will need to support both, where the native compiler
implementation is obviously preferred. So let's wire this up in Kconfig
and the Makefile.

Cc: Kees Cook <keescook@chromium.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm/Kconfig  | 8 ++++++--
 arch/arm/Makefile | 9 +++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 4f61c9789e7f..130449332521 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1604,10 +1604,14 @@ config XEN
 	help
 	  Say Y if you want to run Linux in a Virtual Machine on Xen on ARM.
 
+config CC_HAVE_STACKPROTECTOR_TLS
+	def_bool $(cc-option,-mtp=cp15 -mstack-protector-guard=tls -mstack-protector-guard-offset=0)
+
 config STACKPROTECTOR_PER_TASK
 	bool "Use a unique stack canary value for each task"
-	depends on GCC_PLUGINS && STACKPROTECTOR && THREAD_INFO_IN_TASK && !XIP_DEFLATED_DATA
-	select GCC_PLUGIN_ARM_SSP_PER_TASK
+	depends on STACKPROTECTOR && THREAD_INFO_IN_TASK && !XIP_DEFLATED_DATA
+	depends on GCC_PLUGINS || CC_HAVE_STACKPROTECTOR_TLS
+	select GCC_PLUGIN_ARM_SSP_PER_TASK if !CC_HAVE_STACKPROTECTOR_TLS
 	default y
 	help
 	  Due to the fact that GCC uses an ordinary symbol reference from
diff --git a/arch/arm/Makefile b/arch/arm/Makefile
index 1c540157e283..bfa861d3ccbb 100644
--- a/arch/arm/Makefile
+++ b/arch/arm/Makefile
@@ -275,6 +275,14 @@ endif
 
 ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
 prepare: stack_protector_prepare
+ifeq ($(CONFIG_CC_HAVE_STACKPROTECTOR_TLS),y)
+stack_protector_prepare: prepare0
+	$(eval KBUILD_CFLAGS += \
+		-mstack-protector-guard=tls \
+		-mstack-protector-guard-offset=$(shell	\
+			awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}'\
+				include/generated/asm-offsets.h))
+else
 stack_protector_prepare: prepare0
 	$(eval SSP_PLUGIN_CFLAGS := \
 		-fplugin-arg-arm_ssp_per_task_plugin-offset=$(shell	\
@@ -283,6 +291,7 @@ stack_protector_prepare: prepare0
 	$(eval KBUILD_CFLAGS += $(SSP_PLUGIN_CFLAGS))
 	$(eval GCC_PLUGINS_CFLAGS += $(SSP_PLUGIN_CFLAGS))
 endif
+endif
 
 all:	$(notdir $(KBUILD_IMAGE))
 
-- 
2.30.2


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel