lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 2 Nov 2021 11:41:58 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc:     Dan Li <ashimida@...ux.alibaba.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Sami Tolvanen <samitolvanen@...gle.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Mike Rapoport <rppt@...nel.org>,
        Mark Rutland <mark.rutland@....com>, frederic@...nel.org,
        yifeifz2@...inois.edu, Steven Rostedt <rostedt@...dmis.org>,
        Viresh Kumar <viresh.kumar@...aro.org>, andreyknvl@...il.com,
        Colin King <colin.king@...onical.com>,
        Miguel Ojeda <ojeda@...nel.org>, Arnd Bergmann <arnd@...db.de>,
        Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Marco Elver <elver@...gle.com>, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] [RFC/RFT] AARCH64: Add gcc Shadow Call Stack support

On Tue, Nov 2, 2021 at 2:52 AM Miguel Ojeda
<miguel.ojeda.sandonis@...il.com> wrote:
>
> On Tue, Nov 2, 2021 at 8:58 AM Dan Li <ashimida@...ux.alibaba.com> wrote:
> >
> > I tried to submit a patch[1] to add compiler's SCS support on gcc-11.1.0.
>
> This would go into GCC 12, right?
>
> > [1] https://gcc.gnu.org/pipermail/gcc-patches/2021-November/583062.html
>
> Nit: you can use the `Link: ` tag for this.
>
> >  # Supported by clang >= 7.0
>
> We should add a comment here saying the minimum version too, e.g. GCC
> >= 12 (assuming it will be merged)
>
> >  config CC_HAVE_SHADOW_CALL_STACK
> > -       def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
> > +       def_bool CC_IS_CLANG || $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
>
> This is changing the default for Clang (which looks fine due to our
> minimum Clang version), but if the test for GCC works the same way,
> why not just keep the line as it was since it covers both?

Yeah, let's just have the cc-option check used for both toolchains.

> > +#if __has_attribute(__no_sanitize_shadow_call_stack__)
> > +#define __noscs __attribute__((no_sanitize_shadow_call_stack))
> > +#else
> > +#define __noscs
> > +#endif
>
> No need for the `else` branch here, it is done in `compiler_types.h`
> (to be consistent with Clang).

Do we want to move this to include/linux/compiler_attributes.h?
Respecifying these repeatedly in each include/linux/compiler-*.h feels
excessively redundant.

> Also, I hope one day GCC and Clang doing the same for these
> sanitize-related bits...

...
-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists