lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 23 Feb 2022 01:06:01 -0800
From:   Dan Li <ashimida@...ux.alibaba.com>
To:     Mark Rutland <mark.rutland@....com>
Cc:     catalin.marinas@....com, will@...nel.org, nathan@...nel.org,
        ndesaulniers@...gle.com, keescook@...omium.org,
        masahiroy@...nel.org, tglx@...utronix.de,
        akpm@...ux-foundation.org, samitolvanen@...gle.com,
        npiggin@...il.com, linux@...ck-us.net, mhiramat@...nel.org,
        ojeda@...nel.org, luc.vanoostenryck@...il.com, elver@...gle.com,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        llvm@...ts.linux.dev, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support



On 2/22/22 10:47, Mark Rutland wrote:
> Hi,
> 
> On Tue, Feb 22, 2022 at 01:57:36AM -0800, Dan Li wrote:
>> Shadow call stack is available in GCC > 11.2.0, this patch makes
>> the corresponding kernel configuration available when compiling
>> the kernel with gcc.
> 
> Neat!
> 
> My local GCC devs told me that means GCC 12.x.x rather than 11.2.x or
> 11.3.x, so as others have said it'd be clearer to say `GCC >= 12.0.0`.
> 

Ah, yes, I just saw this flag in gcc/BASE-VER.

> I'd like to try this with a GCC binary before I provide an Ack or R-b;
> but in the mean time I have a few comments below.
> 

Thanks for your test, Mark.
Please let me know if there is any issues :)

>> ---
>> FYI:
>> This function can be used to test if the shadow call stack works:
>> //noinline void __noscs scs_test(void)
>> noinline void scs_test(void)
>> {
>>      register unsigned long *sp asm("sp");
>>      unsigned long * lr = sp + 1;
>>
>>      asm volatile("":::"x30");
>>      *lr = 0;
>> }
> 
> It's probably be better to use __builtin_frame_address(0) to get the
> address of the frame record rather than assuming that fp==sp in the
> middle of the function.
> 

Got it.

>>   config SHADOW_CALL_STACK
>> -	bool "Clang Shadow Call Stack"
>> -	depends on CC_IS_CLANG && ARCH_SUPPORTS_SHADOW_CALL_STACK
>> +	bool "Shadow Call Stack"
>> +	depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
>>   	depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
>>   	help
>> -	  This option enables Clang's Shadow Call Stack, which uses a
>> +	  This option enables Clang/GCC's Shadow Call Stack, which uses a
>>   	  shadow stack to protect function return addresses from being
>>   	  overwritten by an attacker. More information can be found in
>>   	  Clang's documentation:
> 
> Is there any additional GCC documentation that we can refer to?
> 

Currently there is only a brief description of
-fsanitize=shadow-call-stack in the user manual.

Since the description of the clang documentation is more detailed, should
I add this gcc link to the configuration description?

Link: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options

>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index 09b885cc4db5..a48a604301aa 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -1255,7 +1255,7 @@ config HW_PERF_EVENTS
>>   config ARCH_HAS_FILTER_PGPROT
>>   	def_bool y
>>   
>> -# Supported by clang >= 7.0
>> +# Supported by clang >= 7.0 or GCC > 11.2.0
> 
> As above, I beleive that should be `GCC >= 12.0.0`.
> 

Yeah.

Thanks,
Dan.

Powered by blists - more mailing lists