From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15910C433DB for ; Tue, 9 Mar 2021 12:40:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DA5A565272 for ; Tue, 9 Mar 2021 12:40:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230299AbhCIMkN (ORCPT ); Tue, 9 Mar 2021 07:40:13 -0500 Received: from mail.kernel.org ([198.145.29.99]:37172 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229544AbhCIMjs (ORCPT ); Tue, 9 Mar 2021 07:39:48 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id E0F5165274 for ; Tue, 9 Mar 2021 12:39:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1615293588; bh=pwMguO9Q1vd5NbKDPpSQnYbWyabGZ1kPQE2NN5ezZGQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=WeKxuO6yVrmWja4085fcv0wYsLWN6sDohVC3sZEvDxsNsbjH/taYp2JWxiRnaJRff +/zEfm8J47P2WmJN6+YBo9fV4vQVGXS8xe6+aszk/m6v7nK7bKKCv5EdxQuBV2X1HO GJfcz7SU8+uKNmj4lbGJwVZMLms4+YTjCeo+UyxKJX/2GQM9EmNxkTd31G9b1Dpi0W gkSDvN6qLSmhD+oDHBbmVS1kxHvHNtWIb5N+MVVhKQlkAoWFQ8hXJap8/YkK3qfwBS Zrfr6GJE1ESjVjGFtCYfxzLjIvmHrP28Xyu22Ar8SbCfxV3q2jbUVEsoiZFxgdrF/T EW0mS8l+e/P5g== Received: by mail-oi1-f180.google.com with SMTP id z126so14743736oiz.6 for ; Tue, 09 Mar 2021 04:39:47 -0800 (PST) X-Gm-Message-State: AOAM533Awqg10Qojy9cbODxvnPF4nihqxiQOjKhKsVUcM+mlN1xmEHg0 SPdM4o+GGXxvPrWdbevK3KxW4lInwzK17zUM/UM= X-Google-Smtp-Source: ABdhPJyMOElJotc+ybmUr9uW1bQxFpuMOrYGhV+eh1ttdw9hq91bQxmDGkKQsgSDU8aBdYCTfJZisbpilekU65evJAM= X-Received: by 2002:aca:538c:: with SMTP id h134mr2802823oib.174.1615293587253; Tue, 09 Mar 2021 04:39:47 -0800 (PST) MIME-Version: 1.0 References: <20210309123544.14040-1-msuchanek@suse.de> In-Reply-To: <20210309123544.14040-1-msuchanek@suse.de> From: Ard Biesheuvel Date: Tue, 9 Mar 2021 13:39:36 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable. To: Michal Suchanek Cc: Linux ARM , Catalin Marinas , Will Deacon , Linux Kernel Mailing List , Masahiro Yamada Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 9 Mar 2021 at 13:37, Michal Suchanek wrote: > > When using dummy-tools STACKPROTECTOR_PER_TASK is unconditionally > selected. This defeats the purpose of the all-enabled tool. > What is dummy-tools and why should we care about it? > Description copied from arm > > Cc: Masahiro Yamada > Signed-off-by: Michal Suchanek > --- > arch/arm64/Kconfig | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a8ff7cd5f096..f59d391e31a4 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1549,9 +1549,20 @@ config RANDOMIZE_MODULE_REGION_FULL > config CC_HAVE_STACKPROTECTOR_SYSREG > def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) > > + > config STACKPROTECTOR_PER_TASK > - def_bool y > + bool "Use a unique stack canary value for each task" > depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG > + default y > + help > + Due to the fact that GCC uses an ordinary symbol reference from > + which to load the value of the stack canary, this value can only > + change at reboot time on SMP systems, and all tasks running in the > + kernel's address space are forced to use the same canary value for > + the entire duration that the system is up. > + > + Enable this option to switch to a different method that uses a > + different canary value for each task. > > endmenu > > -- > 2.26.2 > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77A1FC433E0 for ; Tue, 9 Mar 2021 12:43:32 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0D3976525D for ; Tue, 9 Mar 2021 12:43:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0D3976525D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=8fTl2KvIDsvd2Jjswi8OySKQxQLHCmWYXij7YHPx+MY=; b=rSFW10PvsfqFA5W6h2Awfr4Ib 5YaTllGAPWj7K9RT7bcNXphz00cozgiiSjrPAzqTHndHWPvh7ntlxtuxEGIC0KoeP/LRXQpT46roq 61ewDrbBa04mWp22XVMB6+6K2/lnXCggPCEGpmb6dCEhEo8gNflEojEXqA30Nuc6eJSH0Dc8KmP4E f5cUqwohU0F76XPxU+ByxoZZbtQi9vgUHj2Xyx/WWhfTQk4aAeSjTRK7yqZqTtf/zQgvcaeAqPmP5 GaK/kTFlaHCn07rpu5FUzNG9l4rNppxPcPESYEbuKcrDrznKzaxVxOYwMIr+HF9DBkqDl1f8Qv+0c KyrCMg9JA==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lJbgT-004Tlc-UR; Tue, 09 Mar 2021 12:41:59 +0000 Received: from mail.kernel.org ([198.145.29.99]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lJbeP-004TcO-CH for linux-arm-kernel@lists.infradead.org; Tue, 09 Mar 2021 12:41:53 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id DA3016525D for ; Tue, 9 Mar 2021 12:39:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1615293588; bh=pwMguO9Q1vd5NbKDPpSQnYbWyabGZ1kPQE2NN5ezZGQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=WeKxuO6yVrmWja4085fcv0wYsLWN6sDohVC3sZEvDxsNsbjH/taYp2JWxiRnaJRff +/zEfm8J47P2WmJN6+YBo9fV4vQVGXS8xe6+aszk/m6v7nK7bKKCv5EdxQuBV2X1HO GJfcz7SU8+uKNmj4lbGJwVZMLms4+YTjCeo+UyxKJX/2GQM9EmNxkTd31G9b1Dpi0W gkSDvN6qLSmhD+oDHBbmVS1kxHvHNtWIb5N+MVVhKQlkAoWFQ8hXJap8/YkK3qfwBS Zrfr6GJE1ESjVjGFtCYfxzLjIvmHrP28Xyu22Ar8SbCfxV3q2jbUVEsoiZFxgdrF/T EW0mS8l+e/P5g== Received: by mail-oi1-f174.google.com with SMTP id o22so5001239oic.3 for ; Tue, 09 Mar 2021 04:39:47 -0800 (PST) X-Gm-Message-State: AOAM531uKQzp+vofvlKKun2Eujo+9CskuOMSdosA54Ds0jXzlULHUZzd j8SUmQClUhbTx+vwXPBn+xzm6P/v+bAqXkWhTKQ= X-Google-Smtp-Source: ABdhPJyMOElJotc+ybmUr9uW1bQxFpuMOrYGhV+eh1ttdw9hq91bQxmDGkKQsgSDU8aBdYCTfJZisbpilekU65evJAM= X-Received: by 2002:aca:538c:: with SMTP id h134mr2802823oib.174.1615293587253; Tue, 09 Mar 2021 04:39:47 -0800 (PST) MIME-Version: 1.0 References: <20210309123544.14040-1-msuchanek@suse.de> In-Reply-To: <20210309123544.14040-1-msuchanek@suse.de> From: Ard Biesheuvel Date: Tue, 9 Mar 2021 13:39:36 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable. To: Michal Suchanek Cc: Linux ARM , Catalin Marinas , Will Deacon , Linux Kernel Mailing List , Masahiro Yamada X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210309_124149_734186_B94244C5 X-CRM114-Status: GOOD ( 22.70 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, 9 Mar 2021 at 13:37, Michal Suchanek wrote: > > When using dummy-tools STACKPROTECTOR_PER_TASK is unconditionally > selected. This defeats the purpose of the all-enabled tool. > What is dummy-tools and why should we care about it? > Description copied from arm > > Cc: Masahiro Yamada > Signed-off-by: Michal Suchanek > --- > arch/arm64/Kconfig | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a8ff7cd5f096..f59d391e31a4 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1549,9 +1549,20 @@ config RANDOMIZE_MODULE_REGION_FULL > config CC_HAVE_STACKPROTECTOR_SYSREG > def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) > > + > config STACKPROTECTOR_PER_TASK > - def_bool y > + bool "Use a unique stack canary value for each task" > depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG > + default y > + help > + Due to the fact that GCC uses an ordinary symbol reference from > + which to load the value of the stack canary, this value can only > + change at reboot time on SMP systems, and all tasks running in the > + kernel's address space are forced to use the same canary value for > + the entire duration that the system is up. > + > + Enable this option to switch to a different method that uses a > + different canary value for each task. > > endmenu > > -- > 2.26.2 > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel