lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 3 Nov 2021 00:03:24 +0800
From:   Dan Li <ashimida@...ux.alibaba.com>
To:     Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Sami Tolvanen <samitolvanen@...gle.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Mike Rapoport <rppt@...nel.org>,
        Mark Rutland <mark.rutland@....com>, frederic@...nel.org,
        yifeifz2@...inois.edu, Steven Rostedt <rostedt@...dmis.org>,
        Viresh Kumar <viresh.kumar@...aro.org>, andreyknvl@...il.com,
        Colin King <colin.king@...onical.com>,
        Miguel Ojeda <ojeda@...nel.org>, Arnd Bergmann <arnd@...db.de>,
        Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Marco Elver <elver@...gle.com>, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] [RFC/RFT] AARCH64: Add gcc Shadow Call Stack support



On 11/2/21 5:51 PM, Miguel Ojeda wrote:
> On Tue, Nov 2, 2021 at 8:58 AM Dan Li <ashimida@...ux.alibaba.com> wrote:
>>
>> I tried to submit a patch[1] to add compiler's SCS support on gcc-11.1.0.
> 
> This would go into GCC 12, right?
>
Oh, yes, gcc-11.1.0 is the version I used to test this patch.

>> [1] https://gcc.gnu.org/pipermail/gcc-patches/2021-November/583062.html
> 
> Nit: you can use the `Link: ` tag for this.
>
Thanks, Miguel :)

>>   # Supported by clang >= 7.0
> 
> We should add a comment here saying the minimum version too, e.g. GCC
>> = 12 (assuming it will be merged)
> 
Ok, I will add a comment in the next version, if this patch will be merged.

>>   config CC_HAVE_SHADOW_CALL_STACK
>> -       def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
>> +       def_bool CC_IS_CLANG || $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
> 
> This is changing the default for Clang (which looks fine due to our
> minimum Clang version), but if the test for GCC works the same way,
> why not just keep the line as it was since it covers both?
>
That sounds reasonable, keep this line unchanged is fine.

>> +#if __has_attribute(__no_sanitize_shadow_call_stack__)
>> +#define __noscs __attribute__((no_sanitize_shadow_call_stack))
>> +#else
>> +#define __noscs
>> +#endif
> 
> No need for the `else` branch here, it is done in `compiler_types.h`
> (to be consistent with Clang).
> 
Oh, I see, thanks.

> Also, I hope one day GCC and Clang doing the same for these
> sanitize-related bits...
> 
> Cheers,
> Miguel
>

Powered by blists - more mailing lists