lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c2d0bfc9-364e-a2a8-e786-7a5102e34ddc@linux.alibaba.com>
Date:   Thu, 14 Oct 2021 05:40:08 +0800
From:   Dan Li <ashimida@...ux.alibaba.com>
To:     Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     masahiroy@...nel.org, michal.lkml@...kovi.net,
        catalin.marinas@....com, will@...nel.org, keescook@...omium.org,
        nathan@...nel.org, tglx@...utronix.de, akpm@...ux-foundation.org,
        samitolvanen@...gle.com, frederic@...nel.org, rppt@...nel.org,
        mark.rutland@....com, yifeifz2@...inois.edu, rostedt@...dmis.org,
        viresh.kumar@...aro.org, andreyknvl@...il.com,
        colin.king@...onical.com, ojeda@...nel.org,
        luc.vanoostenryck@...il.com, elver@...gle.com,
        nivedita@...m.mit.edu, ardb@...nel.org,
        linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org,
        linux-hardening@...r.kernel.org, clang-built-linux@...glegroups.com
Subject: Re: [PATCH] [PATCH V3]ARM64: SCS: Add gcc plugin to support Shadow
 Call Stack



On 10/14/21 2:50 AM, Nick Desaulniers wrote:
> On Wed, Oct 13, 2021 at 11:03 AM Dan Li <ashimida@...ux.alibaba.com> wrote:
>>
>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index 62c3c1d..da2da8c 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -81,7 +81,7 @@ config ARM64
>>          select ARCH_SUPPORTS_DEBUG_PAGEALLOC
>>          select ARCH_SUPPORTS_HUGETLBFS
>>          select ARCH_SUPPORTS_MEMORY_FAILURE
>> -       select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK
>> +       select ARCH_SUPPORTS_SHADOW_CALL_STACK if (CC_HAVE_SHADOW_CALL_STACK || GCC_PLUGIN_SHADOW_CALL_STACK)
>>          select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN
>>          select ARCH_SUPPORTS_LTO_CLANG_THIN
>>          select ARCH_SUPPORTS_CFI_CLANG
>> @@ -1062,7 +1062,7 @@ config ARCH_HAS_FILTER_PGPROT
>>
>>   # Supported by clang >= 7.0
>>   config CC_HAVE_SHADOW_CALL_STACK
>> -       def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
>> +       def_bool (CC_IS_CLANG && $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18))
> 
> I guess since clang supported SCS since clang-7, but the minimally
> supported version of clang according to
> Documentation/process/changes.rst is 10.0.1, then this could be:
> 
> def_boot CC_IS_CLANG || $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
> 
> Then we won't have to touch it again once SCS lands in upstream GCC,
> as the cc-option test will start to pass?
> 
Thanks Nick,

That sounds reasonable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ