| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Jan 2022 18:02:29 +0100
From: Ard Biesheuvel <ardb@...nel.org>
To: Kyrylo Tkachov <Kyrylo.Tkachov@....com>
Cc: "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>,
Richard Sandiford <Richard.Sandiford@....com>,
"thomas.preudhomme@...est.fr" <thomas.preudhomme@...est.fr>,
Keith Packard <keithpac@...zon.com>,
Kyrylo Tkachov <kyryo.tkachov@....com>,
Richard Earnshaw <Richard.Earnshaw@....com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>,
"gcc-patches@....gnu.org" <gcc-patches@....gnu.org>
Subject: Re: [PATCH v5 1/1] [ARM] Add support for TLS register based stack
protector canary access
On Wed, 19 Jan 2022 at 17:54, Kyrylo Tkachov <Kyrylo.Tkachov@....com> wrote:
>
> Hi Ard,
>
> > -----Original Message-----
> > From: Gcc-patches <gcc-patches-
> > bounces+kyrylo.tkachov=arm.com@....gnu.org> On Behalf Of Ard
> > Biesheuvel via Gcc-patches
> > Sent: Monday, November 15, 2021 6:04 PM
> > To: linux-hardening@...r.kernel.org
> > Cc: Richard Sandiford <Richard.Sandiford@....com>;
> > thomas.preudhomme@...est.fr; Keith Packard <keithpac@...zon.com>;
> > gcc-patches@....gnu.org; Kyrylo Tkachov <kyryo.tkachov@....com>; Ard
> > Biesheuvel <ardb@...nel.org>
> > Subject: [PATCH v5 1/1] [ARM] Add support for TLS register based stack
> > protector canary access
> >
> > Add support for accessing the stack canary value via the TLS register,
> > so that multiple threads running in the same address space can use
> > distinct canary values. This is intended for the Linux kernel running in
> > SMP mode, where processes entering the kernel are essentially threads
> > running the same program concurrently: using a global variable for the
> > canary in that context is problematic because it can never be rotated,
> > and so the OS is forced to use the same value as long as it remains up.
> >
> > Using the TLS register to index the stack canary helps with this, as it
> > allows each CPU to context switch the TLS register along with the rest
> > of the process, permitting each process to use its own value for the
> > stack canary.
>
> I've tested this patch on an arm-none-linux-gnueabihf target and the results look clean.
> Have you tested this patch with a kernel build as well? (since the functionality is intended for that use).
Of course.
> If so, the patch is okay but please rebase it and repost so that we can commit it taking into account....
>
Will do.
Powered by blists - more mailing lists