From: Masahiro Yamada <masahiroy@kernel.org> To: Michal Suchanek <msuchanek@suse.de> Cc: linux-arm-kernel <linux-arm-kernel@lists.infradead.org>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org> Subject: Re: [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable. Date: Tue, 9 Mar 2021 22:22:36 +0900 [thread overview] Message-ID: <CAK7LNAT+8mGunqXSPLHxhF1FTXQEzbAoKPY=48pBgtLbhcB0jg@mail.gmail.com> (raw) In-Reply-To: <20210309123544.14040-1-msuchanek@suse.de> On Tue, Mar 9, 2021 at 9:35 PM Michal Suchanek <msuchanek@suse.de> wrote: > > When using dummy-tools STACKPROTECTOR_PER_TASK is unconditionally > selected. This defeats the purpose of the all-enabled tool. > > Description copied from arm > > Cc: Masahiro Yamada <masahiroy@kernel.org> > Signed-off-by: Michal Suchanek <msuchanek@suse.de> Could you explain what problem this patch is trying to solve? > --- > arch/arm64/Kconfig | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a8ff7cd5f096..f59d391e31a4 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1549,9 +1549,20 @@ config RANDOMIZE_MODULE_REGION_FULL > config CC_HAVE_STACKPROTECTOR_SYSREG > def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) > > + > config STACKPROTECTOR_PER_TASK > - def_bool y > + bool "Use a unique stack canary value for each task" > depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG > + default y > + help > + Due to the fact that GCC uses an ordinary symbol reference from > + which to load the value of the stack canary, this value can only > + change at reboot time on SMP systems, and all tasks running in the > + kernel's address space are forced to use the same canary value for > + the entire duration that the system is up. > + > + Enable this option to switch to a different method that uses a > + different canary value for each task. > > endmenu > > -- > 2.26.2 > -- Best Regards Masahiro Yamada
WARNING: multiple messages have this Message-ID (diff)
From: Masahiro Yamada <masahiroy@kernel.org> To: Michal Suchanek <msuchanek@suse.de> Cc: linux-arm-kernel <linux-arm-kernel@lists.infradead.org>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org> Subject: Re: [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable. Date: Tue, 9 Mar 2021 22:22:36 +0900 [thread overview] Message-ID: <CAK7LNAT+8mGunqXSPLHxhF1FTXQEzbAoKPY=48pBgtLbhcB0jg@mail.gmail.com> (raw) In-Reply-To: <20210309123544.14040-1-msuchanek@suse.de> On Tue, Mar 9, 2021 at 9:35 PM Michal Suchanek <msuchanek@suse.de> wrote: > > When using dummy-tools STACKPROTECTOR_PER_TASK is unconditionally > selected. This defeats the purpose of the all-enabled tool. > > Description copied from arm > > Cc: Masahiro Yamada <masahiroy@kernel.org> > Signed-off-by: Michal Suchanek <msuchanek@suse.de> Could you explain what problem this patch is trying to solve? > --- > arch/arm64/Kconfig | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a8ff7cd5f096..f59d391e31a4 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1549,9 +1549,20 @@ config RANDOMIZE_MODULE_REGION_FULL > config CC_HAVE_STACKPROTECTOR_SYSREG > def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) > > + > config STACKPROTECTOR_PER_TASK > - def_bool y > + bool "Use a unique stack canary value for each task" > depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG > + default y > + help > + Due to the fact that GCC uses an ordinary symbol reference from > + which to load the value of the stack canary, this value can only > + change at reboot time on SMP systems, and all tasks running in the > + kernel's address space are forced to use the same canary value for > + the entire duration that the system is up. > + > + Enable this option to switch to a different method that uses a > + different canary value for each task. > > endmenu > > -- > 2.26.2 > -- Best Regards Masahiro Yamada _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-03-09 13:24 UTC|newest] Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-09 12:35 [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable Michal Suchanek 2021-03-09 12:35 ` Michal Suchanek 2021-03-09 12:39 ` Ard Biesheuvel 2021-03-09 12:39 ` Ard Biesheuvel 2021-03-09 13:22 ` Masahiro Yamada [this message] 2021-03-09 13:22 ` Masahiro Yamada 2021-03-09 13:35 ` Michal Suchánek 2021-03-09 13:35 ` Michal Suchánek 2021-03-09 14:53 ` Masahiro Yamada 2021-03-09 14:53 ` Masahiro Yamada 2021-03-09 15:10 ` Michal Suchánek 2021-03-09 15:10 ` Michal Suchánek 2021-03-09 19:07 ` Masahiro Yamada 2021-03-09 19:07 ` Masahiro Yamada 2021-03-09 19:44 ` Michal Suchánek 2021-03-09 19:44 ` Michal Suchánek 2021-03-10 16:24 ` Michal Suchánek 2021-03-10 16:24 ` Michal Suchánek
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAK7LNAT+8mGunqXSPLHxhF1FTXQEzbAoKPY=48pBgtLbhcB0jg@mail.gmail.com' \ --to=masahiroy@kernel.org \ --cc=catalin.marinas@arm.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=msuchanek@suse.de \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.