lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Jan 2022 18:02:29 +0100 From: Ard Biesheuvel <ardb@...nel.org> To: Kyrylo Tkachov <Kyrylo.Tkachov@....com> Cc: "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>, Richard Sandiford <Richard.Sandiford@....com>, "thomas.preudhomme@...est.fr" <thomas.preudhomme@...est.fr>, Keith Packard <keithpac@...zon.com>, Kyrylo Tkachov <kyryo.tkachov@....com>, Richard Earnshaw <Richard.Earnshaw@....com>, Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>, "gcc-patches@....gnu.org" <gcc-patches@....gnu.org> Subject: Re: [PATCH v5 1/1] [ARM] Add support for TLS register based stack protector canary access On Wed, 19 Jan 2022 at 17:54, Kyrylo Tkachov <Kyrylo.Tkachov@....com> wrote: > > Hi Ard, > > > -----Original Message----- > > From: Gcc-patches <gcc-patches- > > bounces+kyrylo.tkachov=arm.com@....gnu.org> On Behalf Of Ard > > Biesheuvel via Gcc-patches > > Sent: Monday, November 15, 2021 6:04 PM > > To: linux-hardening@...r.kernel.org > > Cc: Richard Sandiford <Richard.Sandiford@....com>; > > thomas.preudhomme@...est.fr; Keith Packard <keithpac@...zon.com>; > > gcc-patches@....gnu.org; Kyrylo Tkachov <kyryo.tkachov@....com>; Ard > > Biesheuvel <ardb@...nel.org> > > Subject: [PATCH v5 1/1] [ARM] Add support for TLS register based stack > > protector canary access > > > > Add support for accessing the stack canary value via the TLS register, > > so that multiple threads running in the same address space can use > > distinct canary values. This is intended for the Linux kernel running in > > SMP mode, where processes entering the kernel are essentially threads > > running the same program concurrently: using a global variable for the > > canary in that context is problematic because it can never be rotated, > > and so the OS is forced to use the same value as long as it remains up. > > > > Using the TLS register to index the stack canary helps with this, as it > > allows each CPU to context switch the TLS register along with the rest > > of the process, permitting each process to use its own value for the > > stack canary. > > I've tested this patch on an arm-none-linux-gnueabihf target and the results look clean. > Have you tested this patch with a kernel build as well? (since the functionality is intended for that use). Of course. > If so, the patch is okay but please rebase it and repost so that we can commit it taking into account.... > Will do.
Powered by blists - more mailing lists