lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Nov 2021 11:41:58 -0700 From: Nick Desaulniers <ndesaulniers@...gle.com> To: Miguel Ojeda <miguel.ojeda.sandonis@...il.com> Cc: Dan Li <ashimida@...ux.alibaba.com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Kees Cook <keescook@...omium.org>, Thomas Gleixner <tglx@...utronix.de>, Andrew Morton <akpm@...ux-foundation.org>, Peter Zijlstra <peterz@...radead.org>, Sami Tolvanen <samitolvanen@...gle.com>, Masahiro Yamada <masahiroy@...nel.org>, Mike Rapoport <rppt@...nel.org>, Mark Rutland <mark.rutland@....com>, frederic@...nel.org, yifeifz2@...inois.edu, Steven Rostedt <rostedt@...dmis.org>, Viresh Kumar <viresh.kumar@...aro.org>, andreyknvl@...il.com, Colin King <colin.king@...onical.com>, Miguel Ojeda <ojeda@...nel.org>, Arnd Bergmann <arnd@...db.de>, Luc Van Oostenryck <luc.vanoostenryck@...il.com>, Arvind Sankar <nivedita@...m.mit.edu>, Marco Elver <elver@...gle.com>, linux-hardening@...r.kernel.org Subject: Re: [PATCH] [RFC/RFT] AARCH64: Add gcc Shadow Call Stack support On Tue, Nov 2, 2021 at 2:52 AM Miguel Ojeda <miguel.ojeda.sandonis@...il.com> wrote: > > On Tue, Nov 2, 2021 at 8:58 AM Dan Li <ashimida@...ux.alibaba.com> wrote: > > > > I tried to submit a patch[1] to add compiler's SCS support on gcc-11.1.0. > > This would go into GCC 12, right? > > > [1] https://gcc.gnu.org/pipermail/gcc-patches/2021-November/583062.html > > Nit: you can use the `Link: ` tag for this. > > > # Supported by clang >= 7.0 > > We should add a comment here saying the minimum version too, e.g. GCC > >= 12 (assuming it will be merged) > > > config CC_HAVE_SHADOW_CALL_STACK > > - def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18) > > + def_bool CC_IS_CLANG || $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18) > > This is changing the default for Clang (which looks fine due to our > minimum Clang version), but if the test for GCC works the same way, > why not just keep the line as it was since it covers both? Yeah, let's just have the cc-option check used for both toolchains. > > +#if __has_attribute(__no_sanitize_shadow_call_stack__) > > +#define __noscs __attribute__((no_sanitize_shadow_call_stack)) > > +#else > > +#define __noscs > > +#endif > > No need for the `else` branch here, it is done in `compiler_types.h` > (to be consistent with Clang). Do we want to move this to include/linux/compiler_attributes.h? Respecifying these repeatedly in each include/linux/compiler-*.h feels excessively redundant. > Also, I hope one day GCC and Clang doing the same for these > sanitize-related bits... ... -- Thanks, ~Nick Desaulniers
Powered by blists - more mailing lists