From: Masahiro Yamada <masahiroy@kernel.org>
To: Michal Suchanek <msuchanek@suse.de>
Cc: linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable.
Date: Tue, 9 Mar 2021 22:22:36 +0900 [thread overview]
Message-ID: <CAK7LNAT+8mGunqXSPLHxhF1FTXQEzbAoKPY=48pBgtLbhcB0jg@mail.gmail.com> (raw)
In-Reply-To: <20210309123544.14040-1-msuchanek@suse.de>
On Tue, Mar 9, 2021 at 9:35 PM Michal Suchanek <msuchanek@suse.de> wrote:
>
> When using dummy-tools STACKPROTECTOR_PER_TASK is unconditionally
> selected. This defeats the purpose of the all-enabled tool.
>
> Description copied from arm
>
> Cc: Masahiro Yamada <masahiroy@kernel.org>
> Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Could you explain what problem
this patch is trying to solve?
> ---
> arch/arm64/Kconfig | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index a8ff7cd5f096..f59d391e31a4 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1549,9 +1549,20 @@ config RANDOMIZE_MODULE_REGION_FULL
> config CC_HAVE_STACKPROTECTOR_SYSREG
> def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0)
>
> +
> config STACKPROTECTOR_PER_TASK
> - def_bool y
> + bool "Use a unique stack canary value for each task"
> depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG
> + default y
> + help
> + Due to the fact that GCC uses an ordinary symbol reference from
> + which to load the value of the stack canary, this value can only
> + change at reboot time on SMP systems, and all tasks running in the
> + kernel's address space are forced to use the same canary value for
> + the entire duration that the system is up.
> +
> + Enable this option to switch to a different method that uses a
> + different canary value for each task.
>
> endmenu
>
> --
> 2.26.2
>
--
Best Regards
Masahiro Yamada
WARNING: multiple messages have this Message-ID (diff)
From: Masahiro Yamada <masahiroy@kernel.org>
To: Michal Suchanek <msuchanek@suse.de>
Cc: linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable.
Date: Tue, 9 Mar 2021 22:22:36 +0900 [thread overview]
Message-ID: <CAK7LNAT+8mGunqXSPLHxhF1FTXQEzbAoKPY=48pBgtLbhcB0jg@mail.gmail.com> (raw)
In-Reply-To: <20210309123544.14040-1-msuchanek@suse.de>
On Tue, Mar 9, 2021 at 9:35 PM Michal Suchanek <msuchanek@suse.de> wrote:
>
> When using dummy-tools STACKPROTECTOR_PER_TASK is unconditionally
> selected. This defeats the purpose of the all-enabled tool.
>
> Description copied from arm
>
> Cc: Masahiro Yamada <masahiroy@kernel.org>
> Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Could you explain what problem
this patch is trying to solve?
> ---
> arch/arm64/Kconfig | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index a8ff7cd5f096..f59d391e31a4 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1549,9 +1549,20 @@ config RANDOMIZE_MODULE_REGION_FULL
> config CC_HAVE_STACKPROTECTOR_SYSREG
> def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0)
>
> +
> config STACKPROTECTOR_PER_TASK
> - def_bool y
> + bool "Use a unique stack canary value for each task"
> depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG
> + default y
> + help
> + Due to the fact that GCC uses an ordinary symbol reference from
> + which to load the value of the stack canary, this value can only
> + change at reboot time on SMP systems, and all tasks running in the
> + kernel's address space are forced to use the same canary value for
> + the entire duration that the system is up.
> +
> + Enable this option to switch to a different method that uses a
> + different canary value for each task.
>
> endmenu
>
> --
> 2.26.2
>
--
Best Regards
Masahiro Yamada
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-03-09 13:24 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-09 12:35 [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable Michal Suchanek
2021-03-09 12:35 ` Michal Suchanek
2021-03-09 12:39 ` Ard Biesheuvel
2021-03-09 12:39 ` Ard Biesheuvel
2021-03-09 13:22 ` Masahiro Yamada [this message]
2021-03-09 13:22 ` Masahiro Yamada
2021-03-09 13:35 ` Michal Suchánek
2021-03-09 13:35 ` Michal Suchánek
2021-03-09 14:53 ` Masahiro Yamada
2021-03-09 14:53 ` Masahiro Yamada
2021-03-09 15:10 ` Michal Suchánek
2021-03-09 15:10 ` Michal Suchánek
2021-03-09 19:07 ` Masahiro Yamada
2021-03-09 19:07 ` Masahiro Yamada
2021-03-09 19:44 ` Michal Suchánek
2021-03-09 19:44 ` Michal Suchánek
2021-03-10 16:24 ` Michal Suchánek
2021-03-10 16:24 ` Michal Suchánek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAK7LNAT+8mGunqXSPLHxhF1FTXQEzbAoKPY=48pBgtLbhcB0jg@mail.gmail.com' \
--to=masahiroy@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=msuchanek@suse.de \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.