From: Thomas Garnier <thgarnie@google.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Thomas Garnier <thgarnie@google.com>,
Philippe Ombredanne <pombredanne@nexb.com>,
Kate Stewart <kstewart@linuxfoundation.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Yonghong Song <yhs@fb.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Kees Cook <keescook@chromium.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Borislav Petkov <bp@alien8.de>, Borislav Petkov <bp@suse.de>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
Len
Cc: linux-arch@vger.kernel.org, kvm@vger.kernel.org,
linux-pm@vger.kernel.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
linux-sparse@vger.kernel.org, linux-crypto@vger.kernel.org,
kernel-hardening@lists.openwall.com,
xen-devel@lists.xenproject.org
Subject: [PATCH v3 20/27] x86: Support global stack cookie
Date: Wed, 23 May 2018 12:54:14 -0700 [thread overview]
Message-ID: <20180523195421.180248-21-thgarnie@google.com> (raw)
In-Reply-To: <20180523195421.180248-1-thgarnie@google.com>
Add an off-by-default configuration option to use a global stack cookie
instead of the default TLS. This configuration option will only be used
with PIE binaries.
For kernel stack cookie, the compiler uses the mcmodel=kernel to switch
between the fs segment to gs segment. A PIE binary does not use
mcmodel=kernel because it can be relocated anywhere, therefore the
compiler will default to the fs segment register. This is fixed on the
latest version of gcc.
If the segment selector is available, it will be automatically added. If
the automatic configuration was selected, a warning is written and the
global variable stack cookie is used. If a specific stack mode was
selected (regular or strong) and the compiler does not support selecting
the segment register, an error is emitted.
Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
arch/x86/Kconfig | 12 ++++++++++++
arch/x86/Makefile | 9 +++++++++
arch/x86/entry/entry_32.S | 3 ++-
arch/x86/entry/entry_64.S | 3 ++-
arch/x86/include/asm/processor.h | 3 ++-
arch/x86/include/asm/stackprotector.h | 19 ++++++++++++++-----
arch/x86/kernel/asm-offsets.c | 3 ++-
arch/x86/kernel/asm-offsets_32.c | 3 ++-
arch/x86/kernel/asm-offsets_64.c | 3 ++-
arch/x86/kernel/cpu/common.c | 3 ++-
arch/x86/kernel/head_32.S | 3 ++-
arch/x86/kernel/process.c | 5 +++++
12 files changed, 56 insertions(+), 13 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index dda87a331a7e..0fc2e981458d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2199,6 +2199,18 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING
If unsure, leave at the default value.
+config X86_GLOBAL_STACKPROTECTOR
+ bool "Stack cookie using a global variable"
+ depends on CC_STACKPROTECTOR_AUTO
+ default n
+ ---help---
+ This option turns on the "stack-protector" GCC feature using a global
+ variable instead of a segment register. It is useful when the
+ compiler does not support custom segment registers when building a
+ position independent (PIE) binary.
+
+ If unsure, say N
+
config HOTPLUG_CPU
bool "Support for hot-pluggable CPUs"
depends on SMP
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 60135cbd905c..277ffc57ae13 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -141,6 +141,15 @@ else
KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time)
endif
+ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+ ifeq ($(call cc-option, -mstack-protector-guard=global),)
+ $(error Cannot use CONFIG_X86_GLOBAL_STACKPROTECTOR: \
+ -mstack-protector-guard=global not supported \
+ by compiler)
+ endif
+ KBUILD_CFLAGS += -mstack-protector-guard=global
+endif
+
ifdef CONFIG_X86_X32
x32_ld_ok := $(call try-run,\
/bin/echo -e '1: .quad 1b' | \
diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
index bb4f540be234..2f9bdbc6be6d 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -241,7 +241,8 @@ ENTRY(__switch_to_asm)
movl %esp, TASK_threadsp(%eax)
movl TASK_threadsp(%edx), %esp
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
movl TASK_stack_canary(%edx), %ebx
movl %ebx, PER_CPU_VAR(stack_canary)+stack_canary_offset
#endif
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index c1700b00b1b6..c8b4e8a7d1e1 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -359,7 +359,8 @@ ENTRY(__switch_to_asm)
movq %rsp, TASK_threadsp(%rdi)
movq TASK_threadsp(%rsi), %rsp
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
movq TASK_stack_canary(%rsi), %rbx
movq %rbx, PER_CPU_VAR(irq_stack_union + stack_canary_offset)
#endif
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 5cf36fa30254..6e5d9ac3bf17 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -414,7 +414,8 @@ extern asmlinkage void ignore_sysret(void);
void save_fsgs_for_kvm(void);
#endif
#else /* X86_64 */
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
/*
* Make sure stack canary segment base is cached-aligned:
* "For Intel Atom processors, avoid non zero segment base address
diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
index 371b3a4af000..5063f57d99f5 100644
--- a/arch/x86/include/asm/stackprotector.h
+++ b/arch/x86/include/asm/stackprotector.h
@@ -52,6 +52,10 @@
#define GDT_STACK_CANARY_INIT \
[GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x18),
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+extern unsigned long __stack_chk_guard;
+#endif
+
/*
* Initialize the stackprotector canary value.
*
@@ -63,7 +67,7 @@ static __always_inline void boot_init_stack_canary(void)
u64 canary;
u64 tsc;
-#ifdef CONFIG_X86_64
+#if defined(CONFIG_X86_64) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
BUILD_BUG_ON(offsetof(union irq_stack_union, stack_canary) != 40);
#endif
/*
@@ -77,17 +81,22 @@ static __always_inline void boot_init_stack_canary(void)
canary += tsc + (tsc << 32UL);
canary &= CANARY_MASK;
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+ if (__stack_chk_guard == 0)
+ __stack_chk_guard = canary ?: 1;
+#else /* !CONFIG_X86_GLOBAL_STACKPROTECTOR */
current->stack_canary = canary;
#ifdef CONFIG_X86_64
this_cpu_write(irq_stack_union.stack_canary, canary);
-#else
+#else /* CONFIG_X86_32 */
this_cpu_write(stack_canary.canary, canary);
#endif
+#endif
}
static inline void setup_stack_canary_segment(int cpu)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
unsigned long canary = (unsigned long)&per_cpu(stack_canary, cpu);
struct desc_struct *gdt_table = get_cpu_gdt_rw(cpu);
struct desc_struct desc;
@@ -100,7 +109,7 @@ static inline void setup_stack_canary_segment(int cpu)
static inline void load_stack_canary_segment(void)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
asm("mov %0, %%gs" : : "r" (__KERNEL_STACK_CANARY) : "memory");
#endif
}
@@ -116,7 +125,7 @@ static inline void setup_stack_canary_segment(int cpu)
static inline void load_stack_canary_segment(void)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
asm volatile ("mov %0, %%gs" : : "r" (0));
#endif
}
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
index 76417a9aab73..4c9e1b667bda 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -32,7 +32,8 @@
void common(void) {
BLANK();
OFFSET(TASK_threadsp, task_struct, thread.sp);
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
OFFSET(TASK_stack_canary, task_struct, stack_canary);
#endif
diff --git a/arch/x86/kernel/asm-offsets_32.c b/arch/x86/kernel/asm-offsets_32.c
index f91ba53e06c8..cf8ef55a8b82 100644
--- a/arch/x86/kernel/asm-offsets_32.c
+++ b/arch/x86/kernel/asm-offsets_32.c
@@ -50,7 +50,8 @@ void foo(void)
DEFINE(TSS_sysenter_sp0, offsetof(struct cpu_entry_area, tss.x86_tss.sp0) -
offsetofend(struct cpu_entry_area, entry_stack_page.stack));
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
BLANK();
OFFSET(stack_canary_offset, stack_canary, canary);
#endif
diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c
index bf51e51d808d..a3c7e14f6434 100644
--- a/arch/x86/kernel/asm-offsets_64.c
+++ b/arch/x86/kernel/asm-offsets_64.c
@@ -69,7 +69,8 @@ int main(void)
OFFSET(TSS_sp1, tss_struct, x86_tss.sp1);
BLANK();
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
DEFINE(stack_canary_offset, offsetof(union irq_stack_union, stack_canary));
BLANK();
#endif
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 39ed2e6ff8a0..d279a7df5018 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1540,7 +1540,8 @@ DEFINE_PER_CPU(unsigned long, cpu_current_top_of_stack) =
(unsigned long)&init_thread_union + THREAD_SIZE;
EXPORT_PER_CPU_SYMBOL(cpu_current_top_of_stack);
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
DEFINE_PER_CPU_ALIGNED(struct stack_canary, stack_canary);
#endif
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index b59e4fb40fd9..0e849242de91 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -375,7 +375,8 @@ ENDPROC(startup_32_smp)
*/
__INIT
setup_once:
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
/*
* Configure the stack canary. The linker can't handle this by
* relocation. Manually set base address in stack canary
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 03408b942adb..ebe21d258a82 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -86,6 +86,11 @@ EXPORT_PER_CPU_SYMBOL(cpu_tss_rw);
DEFINE_PER_CPU(bool, __tss_limit_invalid);
EXPORT_PER_CPU_SYMBOL_GPL(__tss_limit_invalid);
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+unsigned long __stack_chk_guard __read_mostly;
+EXPORT_SYMBOL(__stack_chk_guard);
+#endif
+
/*
* this gets called so that we can store lazy state into memory and copy the
* current task into the new thread.
--
2.17.0.441.gb46fe60e1d-goog
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Garnier <thgarnie@google.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Thomas Garnier <thgarnie@google.com>,
Philippe Ombredanne <pombredanne@nexb.com>,
Kate Stewart <kstewart@linuxfoundation.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Yonghong Song <yhs@fb.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Kees Cook <keescook@chromium.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Borislav Petkov <bp@alien8.de>, Borislav Petkov <bp@suse.de>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>Len
Cc: linux-arch@vger.kernel.org, kvm@vger.kernel.org,
linux-pm@vger.kernel.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
linux-sparse@vger.kernel.org, linux-crypto@vger.kernel.org,
kernel-hardening@lists.openwall.com,
xen-devel@lists.xenproject.org
Subject: [PATCH v3 20/27] x86: Support global stack cookie
Date: Wed, 23 May 2018 12:54:14 -0700 [thread overview]
Message-ID: <20180523195421.180248-21-thgarnie@google.com> (raw)
In-Reply-To: <20180523195421.180248-1-thgarnie@google.com>
Add an off-by-default configuration option to use a global stack cookie
instead of the default TLS. This configuration option will only be used
with PIE binaries.
For kernel stack cookie, the compiler uses the mcmodel=kernel to switch
between the fs segment to gs segment. A PIE binary does not use
mcmodel=kernel because it can be relocated anywhere, therefore the
compiler will default to the fs segment register. This is fixed on the
latest version of gcc.
If the segment selector is available, it will be automatically added. If
the automatic configuration was selected, a warning is written and the
global variable stack cookie is used. If a specific stack mode was
selected (regular or strong) and the compiler does not support selecting
the segment register, an error is emitted.
Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
arch/x86/Kconfig | 12 ++++++++++++
arch/x86/Makefile | 9 +++++++++
arch/x86/entry/entry_32.S | 3 ++-
arch/x86/entry/entry_64.S | 3 ++-
arch/x86/include/asm/processor.h | 3 ++-
arch/x86/include/asm/stackprotector.h | 19 ++++++++++++++-----
arch/x86/kernel/asm-offsets.c | 3 ++-
arch/x86/kernel/asm-offsets_32.c | 3 ++-
arch/x86/kernel/asm-offsets_64.c | 3 ++-
arch/x86/kernel/cpu/common.c | 3 ++-
arch/x86/kernel/head_32.S | 3 ++-
arch/x86/kernel/process.c | 5 +++++
12 files changed, 56 insertions(+), 13 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index dda87a331a7e..0fc2e981458d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2199,6 +2199,18 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING
If unsure, leave at the default value.
+config X86_GLOBAL_STACKPROTECTOR
+ bool "Stack cookie using a global variable"
+ depends on CC_STACKPROTECTOR_AUTO
+ default n
+ ---help---
+ This option turns on the "stack-protector" GCC feature using a global
+ variable instead of a segment register. It is useful when the
+ compiler does not support custom segment registers when building a
+ position independent (PIE) binary.
+
+ If unsure, say N
+
config HOTPLUG_CPU
bool "Support for hot-pluggable CPUs"
depends on SMP
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 60135cbd905c..277ffc57ae13 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -141,6 +141,15 @@ else
KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time)
endif
+ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+ ifeq ($(call cc-option, -mstack-protector-guard=global),)
+ $(error Cannot use CONFIG_X86_GLOBAL_STACKPROTECTOR: \
+ -mstack-protector-guard=global not supported \
+ by compiler)
+ endif
+ KBUILD_CFLAGS += -mstack-protector-guard=global
+endif
+
ifdef CONFIG_X86_X32
x32_ld_ok := $(call try-run,\
/bin/echo -e '1: .quad 1b' | \
diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
index bb4f540be234..2f9bdbc6be6d 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -241,7 +241,8 @@ ENTRY(__switch_to_asm)
movl %esp, TASK_threadsp(%eax)
movl TASK_threadsp(%edx), %esp
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
movl TASK_stack_canary(%edx), %ebx
movl %ebx, PER_CPU_VAR(stack_canary)+stack_canary_offset
#endif
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index c1700b00b1b6..c8b4e8a7d1e1 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -359,7 +359,8 @@ ENTRY(__switch_to_asm)
movq %rsp, TASK_threadsp(%rdi)
movq TASK_threadsp(%rsi), %rsp
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
movq TASK_stack_canary(%rsi), %rbx
movq %rbx, PER_CPU_VAR(irq_stack_union + stack_canary_offset)
#endif
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 5cf36fa30254..6e5d9ac3bf17 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -414,7 +414,8 @@ extern asmlinkage void ignore_sysret(void);
void save_fsgs_for_kvm(void);
#endif
#else /* X86_64 */
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
/*
* Make sure stack canary segment base is cached-aligned:
* "For Intel Atom processors, avoid non zero segment base address
diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
index 371b3a4af000..5063f57d99f5 100644
--- a/arch/x86/include/asm/stackprotector.h
+++ b/arch/x86/include/asm/stackprotector.h
@@ -52,6 +52,10 @@
#define GDT_STACK_CANARY_INIT \
[GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x18),
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+extern unsigned long __stack_chk_guard;
+#endif
+
/*
* Initialize the stackprotector canary value.
*
@@ -63,7 +67,7 @@ static __always_inline void boot_init_stack_canary(void)
u64 canary;
u64 tsc;
-#ifdef CONFIG_X86_64
+#if defined(CONFIG_X86_64) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
BUILD_BUG_ON(offsetof(union irq_stack_union, stack_canary) != 40);
#endif
/*
@@ -77,17 +81,22 @@ static __always_inline void boot_init_stack_canary(void)
canary += tsc + (tsc << 32UL);
canary &= CANARY_MASK;
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+ if (__stack_chk_guard == 0)
+ __stack_chk_guard = canary ?: 1;
+#else /* !CONFIG_X86_GLOBAL_STACKPROTECTOR */
current->stack_canary = canary;
#ifdef CONFIG_X86_64
this_cpu_write(irq_stack_union.stack_canary, canary);
-#else
+#else /* CONFIG_X86_32 */
this_cpu_write(stack_canary.canary, canary);
#endif
+#endif
}
static inline void setup_stack_canary_segment(int cpu)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
unsigned long canary = (unsigned long)&per_cpu(stack_canary, cpu);
struct desc_struct *gdt_table = get_cpu_gdt_rw(cpu);
struct desc_struct desc;
@@ -100,7 +109,7 @@ static inline void setup_stack_canary_segment(int cpu)
static inline void load_stack_canary_segment(void)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
asm("mov %0, %%gs" : : "r" (__KERNEL_STACK_CANARY) : "memory");
#endif
}
@@ -116,7 +125,7 @@ static inline void setup_stack_canary_segment(int cpu)
static inline void load_stack_canary_segment(void)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
asm volatile ("mov %0, %%gs" : : "r" (0));
#endif
}
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
index 76417a9aab73..4c9e1b667bda 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -32,7 +32,8 @@
void common(void) {
BLANK();
OFFSET(TASK_threadsp, task_struct, thread.sp);
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
OFFSET(TASK_stack_canary, task_struct, stack_canary);
#endif
diff --git a/arch/x86/kernel/asm-offsets_32.c b/arch/x86/kernel/asm-offsets_32.c
index f91ba53e06c8..cf8ef55a8b82 100644
--- a/arch/x86/kernel/asm-offsets_32.c
+++ b/arch/x86/kernel/asm-offsets_32.c
@@ -50,7 +50,8 @@ void foo(void)
DEFINE(TSS_sysenter_sp0, offsetof(struct cpu_entry_area, tss.x86_tss.sp0) -
offsetofend(struct cpu_entry_area, entry_stack_page.stack));
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
BLANK();
OFFSET(stack_canary_offset, stack_canary, canary);
#endif
diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c
index bf51e51d808d..a3c7e14f6434 100644
--- a/arch/x86/kernel/asm-offsets_64.c
+++ b/arch/x86/kernel/asm-offsets_64.c
@@ -69,7 +69,8 @@ int main(void)
OFFSET(TSS_sp1, tss_struct, x86_tss.sp1);
BLANK();
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
DEFINE(stack_canary_offset, offsetof(union irq_stack_union, stack_canary));
BLANK();
#endif
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 39ed2e6ff8a0..d279a7df5018 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1540,7 +1540,8 @@ DEFINE_PER_CPU(unsigned long, cpu_current_top_of_stack) =
(unsigned long)&init_thread_union + THREAD_SIZE;
EXPORT_PER_CPU_SYMBOL(cpu_current_top_of_stack);
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
DEFINE_PER_CPU_ALIGNED(struct stack_canary, stack_canary);
#endif
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index b59e4fb40fd9..0e849242de91 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -375,7 +375,8 @@ ENDPROC(startup_32_smp)
*/
__INIT
setup_once:
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
/*
* Configure the stack canary. The linker can't handle this by
* relocation. Manually set base address in stack canary
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 03408b942adb..ebe21d258a82 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -86,6 +86,11 @@ EXPORT_PER_CPU_SYMBOL(cpu_tss_rw);
DEFINE_PER_CPU(bool, __tss_limit_invalid);
EXPORT_PER_CPU_SYMBOL_GPL(__tss_limit_invalid);
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+unsigned long __stack_chk_guard __read_mostly;
+EXPORT_SYMBOL(__stack_chk_guard);
+#endif
+
/*
* this gets called so that we can store lazy state into memory and copy the
* current task into the new thread.
--
2.17.0.441.gb46fe60e1d-goog
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Garnier <thgarnie@google.com>
To: "Herbert Xu" <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Thomas Garnier" <thgarnie@google.com>,
"Philippe Ombredanne" <pombredanne@nexb.com>,
"Kate Stewart" <kstewart@linuxfoundation.org>,
"Arnaldo Carvalho de Melo" <acme@redhat.com>,
"Yonghong Song" <yhs@fb.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Kees Cook" <keescook@chromium.org>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Dominik Brodowski" <linux@dominikbrodowski.net>,
"Borislav Petkov" <bp@alien8.de>, "Borislav Petkov" <bp@suse.de>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
"Len Brown" <len.brown@intel.com>, "Pavel Machek" <pavel@ucw.cz>,
"Juergen Gross" <jgross@suse.com>,
"Alok Kataria" <akataria@vmware.com>,
"Steven Rostedt" <rostedt@goodmis.org>,
"Jan Kiszka" <jan.kiszka@siemens.com>,
"Tejun Heo" <tj@kernel.org>, "Christoph Lameter" <cl@linux.com>,
"Dennis Zhou" <dennisszhou@gmail.com>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Alexey Dobriyan" <adobriyan@gmail.com>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Cao jin" <caoj.fnst@cn.fujitsu.com>,
"Francis Deslauriers" <francis.deslauriers@efficios.com>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
"Nicolas Pitre" <nicolas.pitre@linaro.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"Christopher Li" <sparse@chrisli.org>,
"Jason Baron" <jbaron@akamai.com>,
"Mika Westerberg" <mika.westerberg@linux.intel.com>,
"Lukas Wunner" <lukas@wunner.de>,
"Dou Liyang" <douly.fnst@cn.fujitsu.com>,
"Sergey Senozhatsky" <sergey.senozhatsky.work@gmail.com>,
"Petr Mladek" <pmladek@suse.com>,
"Masahiro Yamada" <yamada.masahiro@socionext.com>,
"Ingo Molnar" <mingo@kernel.org>,
"Nicholas Piggin" <npiggin@gmail.com>,
"H . J . Lu" <hjl.tools@gmail.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Joerg Roedel" <joro@8bytes.org>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
"Rik van Riel" <riel@redhat.com>,
"Jia Zhang" <qianyue.zj@alibaba-inc.com>,
"Ricardo Neri" <ricardo.neri-calderon@linux.intel.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Jan Beulich" <JBeulich@suse.com>,
"Matthias Kaehlcke" <mka@chromium.org>,
"Baoquan He" <bhe@redhat.com>,
"Jan H . Schönherr" <jschoenh@amazon.de>,
"Daniel Micay" <danielmicay@gmail.com>
Cc: x86@kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
virtualization@lists.linux-foundation.org,
xen-devel@lists.xenproject.org, linux-arch@vger.kernel.org,
linux-sparse@vger.kernel.org, kvm@vger.kernel.org,
linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [PATCH v3 20/27] x86: Support global stack cookie
Date: Wed, 23 May 2018 12:54:14 -0700 [thread overview]
Message-ID: <20180523195421.180248-21-thgarnie@google.com> (raw)
In-Reply-To: <20180523195421.180248-1-thgarnie@google.com>
Add an off-by-default configuration option to use a global stack cookie
instead of the default TLS. This configuration option will only be used
with PIE binaries.
For kernel stack cookie, the compiler uses the mcmodel=kernel to switch
between the fs segment to gs segment. A PIE binary does not use
mcmodel=kernel because it can be relocated anywhere, therefore the
compiler will default to the fs segment register. This is fixed on the
latest version of gcc.
If the segment selector is available, it will be automatically added. If
the automatic configuration was selected, a warning is written and the
global variable stack cookie is used. If a specific stack mode was
selected (regular or strong) and the compiler does not support selecting
the segment register, an error is emitted.
Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
arch/x86/Kconfig | 12 ++++++++++++
arch/x86/Makefile | 9 +++++++++
arch/x86/entry/entry_32.S | 3 ++-
arch/x86/entry/entry_64.S | 3 ++-
arch/x86/include/asm/processor.h | 3 ++-
arch/x86/include/asm/stackprotector.h | 19 ++++++++++++++-----
arch/x86/kernel/asm-offsets.c | 3 ++-
arch/x86/kernel/asm-offsets_32.c | 3 ++-
arch/x86/kernel/asm-offsets_64.c | 3 ++-
arch/x86/kernel/cpu/common.c | 3 ++-
arch/x86/kernel/head_32.S | 3 ++-
arch/x86/kernel/process.c | 5 +++++
12 files changed, 56 insertions(+), 13 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index dda87a331a7e..0fc2e981458d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2199,6 +2199,18 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING
If unsure, leave at the default value.
+config X86_GLOBAL_STACKPROTECTOR
+ bool "Stack cookie using a global variable"
+ depends on CC_STACKPROTECTOR_AUTO
+ default n
+ ---help---
+ This option turns on the "stack-protector" GCC feature using a global
+ variable instead of a segment register. It is useful when the
+ compiler does not support custom segment registers when building a
+ position independent (PIE) binary.
+
+ If unsure, say N
+
config HOTPLUG_CPU
bool "Support for hot-pluggable CPUs"
depends on SMP
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 60135cbd905c..277ffc57ae13 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -141,6 +141,15 @@ else
KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time)
endif
+ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+ ifeq ($(call cc-option, -mstack-protector-guard=global),)
+ $(error Cannot use CONFIG_X86_GLOBAL_STACKPROTECTOR: \
+ -mstack-protector-guard=global not supported \
+ by compiler)
+ endif
+ KBUILD_CFLAGS += -mstack-protector-guard=global
+endif
+
ifdef CONFIG_X86_X32
x32_ld_ok := $(call try-run,\
/bin/echo -e '1: .quad 1b' | \
diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
index bb4f540be234..2f9bdbc6be6d 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -241,7 +241,8 @@ ENTRY(__switch_to_asm)
movl %esp, TASK_threadsp(%eax)
movl TASK_threadsp(%edx), %esp
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
movl TASK_stack_canary(%edx), %ebx
movl %ebx, PER_CPU_VAR(stack_canary)+stack_canary_offset
#endif
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index c1700b00b1b6..c8b4e8a7d1e1 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -359,7 +359,8 @@ ENTRY(__switch_to_asm)
movq %rsp, TASK_threadsp(%rdi)
movq TASK_threadsp(%rsi), %rsp
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
movq TASK_stack_canary(%rsi), %rbx
movq %rbx, PER_CPU_VAR(irq_stack_union + stack_canary_offset)
#endif
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 5cf36fa30254..6e5d9ac3bf17 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -414,7 +414,8 @@ extern asmlinkage void ignore_sysret(void);
void save_fsgs_for_kvm(void);
#endif
#else /* X86_64 */
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
/*
* Make sure stack canary segment base is cached-aligned:
* "For Intel Atom processors, avoid non zero segment base address
diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
index 371b3a4af000..5063f57d99f5 100644
--- a/arch/x86/include/asm/stackprotector.h
+++ b/arch/x86/include/asm/stackprotector.h
@@ -52,6 +52,10 @@
#define GDT_STACK_CANARY_INIT \
[GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x18),
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+extern unsigned long __stack_chk_guard;
+#endif
+
/*
* Initialize the stackprotector canary value.
*
@@ -63,7 +67,7 @@ static __always_inline void boot_init_stack_canary(void)
u64 canary;
u64 tsc;
-#ifdef CONFIG_X86_64
+#if defined(CONFIG_X86_64) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
BUILD_BUG_ON(offsetof(union irq_stack_union, stack_canary) != 40);
#endif
/*
@@ -77,17 +81,22 @@ static __always_inline void boot_init_stack_canary(void)
canary += tsc + (tsc << 32UL);
canary &= CANARY_MASK;
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+ if (__stack_chk_guard == 0)
+ __stack_chk_guard = canary ?: 1;
+#else /* !CONFIG_X86_GLOBAL_STACKPROTECTOR */
current->stack_canary = canary;
#ifdef CONFIG_X86_64
this_cpu_write(irq_stack_union.stack_canary, canary);
-#else
+#else /* CONFIG_X86_32 */
this_cpu_write(stack_canary.canary, canary);
#endif
+#endif
}
static inline void setup_stack_canary_segment(int cpu)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
unsigned long canary = (unsigned long)&per_cpu(stack_canary, cpu);
struct desc_struct *gdt_table = get_cpu_gdt_rw(cpu);
struct desc_struct desc;
@@ -100,7 +109,7 @@ static inline void setup_stack_canary_segment(int cpu)
static inline void load_stack_canary_segment(void)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
asm("mov %0, %%gs" : : "r" (__KERNEL_STACK_CANARY) : "memory");
#endif
}
@@ -116,7 +125,7 @@ static inline void setup_stack_canary_segment(int cpu)
static inline void load_stack_canary_segment(void)
{
-#ifdef CONFIG_X86_32
+#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
asm volatile ("mov %0, %%gs" : : "r" (0));
#endif
}
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
index 76417a9aab73..4c9e1b667bda 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -32,7 +32,8 @@
void common(void) {
BLANK();
OFFSET(TASK_threadsp, task_struct, thread.sp);
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
OFFSET(TASK_stack_canary, task_struct, stack_canary);
#endif
diff --git a/arch/x86/kernel/asm-offsets_32.c b/arch/x86/kernel/asm-offsets_32.c
index f91ba53e06c8..cf8ef55a8b82 100644
--- a/arch/x86/kernel/asm-offsets_32.c
+++ b/arch/x86/kernel/asm-offsets_32.c
@@ -50,7 +50,8 @@ void foo(void)
DEFINE(TSS_sysenter_sp0, offsetof(struct cpu_entry_area, tss.x86_tss.sp0) -
offsetofend(struct cpu_entry_area, entry_stack_page.stack));
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
BLANK();
OFFSET(stack_canary_offset, stack_canary, canary);
#endif
diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c
index bf51e51d808d..a3c7e14f6434 100644
--- a/arch/x86/kernel/asm-offsets_64.c
+++ b/arch/x86/kernel/asm-offsets_64.c
@@ -69,7 +69,8 @@ int main(void)
OFFSET(TSS_sp1, tss_struct, x86_tss.sp1);
BLANK();
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
DEFINE(stack_canary_offset, offsetof(union irq_stack_union, stack_canary));
BLANK();
#endif
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 39ed2e6ff8a0..d279a7df5018 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1540,7 +1540,8 @@ DEFINE_PER_CPU(unsigned long, cpu_current_top_of_stack) =
(unsigned long)&init_thread_union + THREAD_SIZE;
EXPORT_PER_CPU_SYMBOL(cpu_current_top_of_stack);
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
DEFINE_PER_CPU_ALIGNED(struct stack_canary, stack_canary);
#endif
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index b59e4fb40fd9..0e849242de91 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -375,7 +375,8 @@ ENDPROC(startup_32_smp)
*/
__INIT
setup_once:
-#ifdef CONFIG_CC_STACKPROTECTOR
+#if defined(CONFIG_CC_STACKPROTECTOR) && \
+ !defined(CONFIG_X86_GLOBAL_STACKPROTECTOR)
/*
* Configure the stack canary. The linker can't handle this by
* relocation. Manually set base address in stack canary
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 03408b942adb..ebe21d258a82 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -86,6 +86,11 @@ EXPORT_PER_CPU_SYMBOL(cpu_tss_rw);
DEFINE_PER_CPU(bool, __tss_limit_invalid);
EXPORT_PER_CPU_SYMBOL_GPL(__tss_limit_invalid);
+#ifdef CONFIG_X86_GLOBAL_STACKPROTECTOR
+unsigned long __stack_chk_guard __read_mostly;
+EXPORT_SYMBOL(__stack_chk_guard);
+#endif
+
/*
* this gets called so that we can store lazy state into memory and copy the
* current task into the new thread.
--
2.17.0.441.gb46fe60e1d-goog
next prev parent reply other threads:[~2018-05-23 19:54 UTC|newest]
Thread overview: 190+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-23 19:53 [PATCH v3 00/27] x86: PIE support and option to extend KASLR randomization Thomas Garnier via Virtualization
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier via Virtualization
2018-05-23 19:53 ` [PATCH v3 01/27] x86/crypto: Adapt assembly for PIE support Thomas Garnier via Virtualization
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier via Virtualization
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` [PATCH v3 02/27] x86: Use symbol name on bug table " Thomas Garnier via Virtualization
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier via Virtualization
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` [PATCH v3 03/27] x86: Use symbol name in jump " Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier via Virtualization
2018-05-23 19:53 ` [PATCH v3 04/27] x86: Add macro to get symbol address " Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier via Virtualization
2018-05-23 19:53 ` [PATCH v3 05/27] x86: relocate_kernel - Adapt assembly " Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier
2018-05-23 19:53 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 06/27] x86/entry/64: " Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 07/27] x86: pm-trace - " Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 08/27] x86/CPU: " Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 09/27] x86/acpi: " Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-24 11:03 ` Pavel Machek
2018-05-24 11:03 ` Pavel Machek
2018-05-24 16:35 ` Thomas Garnier
2018-05-24 16:35 ` Thomas Garnier via Virtualization
2018-05-24 16:35 ` Thomas Garnier
2018-05-24 16:35 ` Thomas Garnier
2018-05-24 16:35 ` Thomas Garnier
2018-05-25 9:14 ` Pavel Machek
2018-05-25 9:14 ` Pavel Machek
2018-05-25 9:14 ` Pavel Machek
2018-05-25 17:00 ` Thomas Garnier via Virtualization
2018-05-25 17:00 ` Thomas Garnier
2018-05-25 17:00 ` Thomas Garnier
2018-05-25 17:00 ` Thomas Garnier
2018-05-29 12:31 ` Pavel Machek
2018-05-29 12:31 ` Pavel Machek
2018-05-29 12:31 ` Pavel Machek
2018-05-29 15:55 ` Thomas Garnier
2018-05-29 15:55 ` Thomas Garnier
2018-05-29 15:55 ` Thomas Garnier
2018-05-29 15:55 ` Thomas Garnier
2018-05-29 15:55 ` Thomas Garnier via Virtualization
2018-05-29 12:31 ` Pavel Machek
2018-05-25 17:00 ` Thomas Garnier
2018-05-25 9:14 ` Pavel Machek
2018-05-25 9:14 ` Pavel Machek
2018-05-24 11:03 ` Pavel Machek
2018-05-24 11:03 ` Pavel Machek
2018-05-23 19:54 ` [PATCH v3 10/27] x86/boot/64: " Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 11/27] x86/power/64: " Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-24 11:03 ` Pavel Machek
2018-05-24 11:03 ` Pavel Machek
2018-05-24 11:03 ` Pavel Machek
2018-05-24 16:37 ` Thomas Garnier via Virtualization
2018-05-24 16:37 ` Thomas Garnier
2018-05-24 16:37 ` Thomas Garnier via Virtualization
2018-05-25 9:10 ` Pavel Machek
2018-05-25 9:10 ` Pavel Machek
2018-05-25 9:10 ` Pavel Machek
2018-05-25 9:10 ` Pavel Machek
2018-05-24 16:37 ` Thomas Garnier
2018-05-24 11:03 ` Pavel Machek
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 12/27] x86/paravirt: " Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 14/27] x86/percpu: Adapt percpu for PIE support Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 15/27] compiler: Option to default to hidden symbols Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 16/27] compiler: Option to add PROVIDE_HIDDEN replacement for weak symbols Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 21:16 ` Randy Dunlap
2018-05-23 21:16 ` Randy Dunlap
2018-05-23 21:16 ` Randy Dunlap
2018-05-23 21:16 ` Randy Dunlap
2018-05-23 21:16 ` Randy Dunlap
2018-05-23 19:54 ` [PATCH v3 17/27] x86/relocs: Handle PIE relocations Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 18/27] xen: Adapt assembly for PIE support Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-24 9:11 ` Juergen Gross
2018-05-24 9:11 ` Juergen Gross
2018-05-24 9:11 ` Juergen Gross
2018-05-24 9:11 ` Juergen Gross
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 19/27] kvm: " Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier [this message]
2018-05-23 19:54 ` [PATCH v3 20/27] x86: Support global stack cookie Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 21/27] x86/ftrace: Adapt function tracing for PIE support Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-24 11:40 ` Petr Mladek
2018-05-24 11:40 ` Petr Mladek
2018-05-24 11:40 ` Petr Mladek
2018-05-24 20:16 ` Steven Rostedt
2018-05-24 20:16 ` Steven Rostedt
2018-05-24 20:16 ` Steven Rostedt
2018-05-24 20:41 ` Thomas Garnier
2018-05-24 20:41 ` Thomas Garnier via Virtualization
2018-05-24 20:41 ` Thomas Garnier
2018-05-24 20:41 ` Thomas Garnier via Virtualization
2018-05-29 18:37 ` Thomas Garnier via Virtualization
2018-05-29 18:37 ` Thomas Garnier
2018-05-29 18:37 ` Thomas Garnier via Virtualization
2018-05-29 18:37 ` Thomas Garnier
2018-05-24 20:16 ` Steven Rostedt
2018-05-24 11:40 ` Petr Mladek
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 22/27] x86/modules: Add option to start module section after kernel Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 23/27] x86/modules: Adapt module loading for PIE support Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 21:26 ` Randy Dunlap
2018-05-23 21:26 ` Randy Dunlap
2018-05-23 21:26 ` Randy Dunlap
2018-05-23 21:26 ` Randy Dunlap
2018-05-23 22:01 ` Thomas Garnier
2018-05-23 22:01 ` Thomas Garnier
2018-05-23 22:01 ` Thomas Garnier
2018-05-23 22:01 ` Thomas Garnier
2018-05-23 23:07 ` Randy Dunlap
2018-05-23 23:07 ` Randy Dunlap
2018-05-23 23:07 ` Randy Dunlap
2018-05-23 23:07 ` Randy Dunlap
2018-05-23 23:07 ` Randy Dunlap
2018-05-23 22:01 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 24/27] x86/mm: Make the x86 GOT read-only Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 25/27] x86/pie: Add option to build the kernel as PIE Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 26/27] x86/relocs: Add option to generate 64-bit relocations Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB Thomas Garnier via Virtualization
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180523195421.180248-21-thgarnie@google.com \
--to=thgarnie@google.com \
--cc=acme@redhat.com \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=bp@suse.de \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kstewart@linuxfoundation.org \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-sparse@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=pombredanne@nexb.com \
--cc=rjw@rjwysocki.net \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.