From: Kees Cook <keescook@chromium.org>
To: Ard Biesheuvel <ardb@kernel.org>, Qing Zhao <qing.zhao@oracle.com>
Cc: linux-hardening@vger.kernel.org,
Keith Packard <keithpac@amazon.com>,
thomas.preudhomme@celest.fr, adhemerval.zanella@linaro.org,
Richard Sandiford <richard.sandiford@arm.com>,
gcc-patches@gcc.gnu.org
Subject: Re: [PATCH v3 1/1] [ARM] Add support for TLS register based stack protector canary access
Date: Tue, 26 Oct 2021 10:13:08 -0700 [thread overview]
Message-ID: <202110260959.25C44F4@keescook> (raw)
In-Reply-To: <20211026081836.3518758-2-ardb@kernel.org>
On Tue, Oct 26, 2021 at 10:18:36AM +0200, Ard Biesheuvel wrote:
> Add support for accessing the stack canary value via the TLS register,
> so that multiple threads running in the same address space can use
> distinct canary values. This is intended for the Linux kernel running in
> SMP mode, where processes entering the kernel are essentially threads
> running the same program concurrently: using a global variable for the
> canary in that context is problematic because it can never be rotated,
> and so the OS is forced to use the same value as long as it remains up.
>
> Using the TLS register to index the stack canary helps with this, as it
> allows each CPU to context switch the TLS register along with the rest
> of the process, permitting each process to use its own value for the
> stack canary.
>
> 2021-10-21 Ard Biesheuvel <ardb@kernel.org>
>
> * config/arm/arm-opts.h (enum stack_protector_guard): New
> * config/arm/arm-protos.h (arm_stack_protect_tls_canary_mem):
> New
> * config/arm/arm.c (TARGET_STACK_PROTECT_GUARD): Define
> (arm_option_override_internal): Handle and put in error checks
> for stack protector guard options.
> (arm_option_reconfigure_globals): Likewise
> (arm_stack_protect_tls_canary_mem): New
> (arm_stack_protect_guard): New
> * config/arm/arm.md (stack_protect_set): New
> (stack_protect_set_tls): Likewise
> (stack_protect_test): Likewise
> (stack_protect_test_tls): Likewise
> * config/arm/arm.opt (-mstack-protector-guard): New
> (-mstack-protector-guard-offset): New.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
I can't speak to the specific implementation details here, but this
builds for me, and behaves as expected. I get a working kernel[1],
and have verified[2] that we have per-task canaries for arm32. :) Yay!
Tested-by: Kees Cook <keescook@chromium.org>
Who's best to review and commit this? Qing, is something you're able to
review?
Thanks!
-Kees
[1] https://lore.kernel.org/linux-arm-kernel/20211021142516.1843042-1-ardb@kernel.org/
[2] https://lore.kernel.org/linux-hardening/20211022223826.330653-3-keescook@chromium.org/
--
Kees Cook
prev parent reply other threads:[~2021-10-26 17:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-26 8:18 [PATCH v3 0/1] implement TLS register based stack canary for ARM Ard Biesheuvel
2021-10-26 8:18 ` [PATCH v3 1/1] [ARM] Add support for TLS register based stack protector canary access Ard Biesheuvel
2021-10-26 17:13 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202110260959.25C44F4@keescook \
--to=keescook@chromium.org \
--cc=adhemerval.zanella@linaro.org \
--cc=ardb@kernel.org \
--cc=gcc-patches@gcc.gnu.org \
--cc=keithpac@amazon.com \
--cc=linux-hardening@vger.kernel.org \
--cc=qing.zhao@oracle.com \
--cc=richard.sandiford@arm.com \
--cc=thomas.preudhomme@celest.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox