lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Feb 2022 01:06:01 -0800 From: Dan Li <ashimida@...ux.alibaba.com> To: Mark Rutland <mark.rutland@....com> Cc: catalin.marinas@....com, will@...nel.org, nathan@...nel.org, ndesaulniers@...gle.com, keescook@...omium.org, masahiroy@...nel.org, tglx@...utronix.de, akpm@...ux-foundation.org, samitolvanen@...gle.com, npiggin@...il.com, linux@...ck-us.net, mhiramat@...nel.org, ojeda@...nel.org, luc.vanoostenryck@...il.com, elver@...gle.com, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, llvm@...ts.linux.dev, linux-hardening@...r.kernel.org Subject: Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support On 2/22/22 10:47, Mark Rutland wrote: > Hi, > > On Tue, Feb 22, 2022 at 01:57:36AM -0800, Dan Li wrote: >> Shadow call stack is available in GCC > 11.2.0, this patch makes >> the corresponding kernel configuration available when compiling >> the kernel with gcc. > > Neat! > > My local GCC devs told me that means GCC 12.x.x rather than 11.2.x or > 11.3.x, so as others have said it'd be clearer to say `GCC >= 12.0.0`. > Ah, yes, I just saw this flag in gcc/BASE-VER. > I'd like to try this with a GCC binary before I provide an Ack or R-b; > but in the mean time I have a few comments below. > Thanks for your test, Mark. Please let me know if there is any issues :) >> --- >> FYI: >> This function can be used to test if the shadow call stack works: >> //noinline void __noscs scs_test(void) >> noinline void scs_test(void) >> { >> register unsigned long *sp asm("sp"); >> unsigned long * lr = sp + 1; >> >> asm volatile("":::"x30"); >> *lr = 0; >> } > > It's probably be better to use __builtin_frame_address(0) to get the > address of the frame record rather than assuming that fp==sp in the > middle of the function. > Got it. >> config SHADOW_CALL_STACK >> - bool "Clang Shadow Call Stack" >> - depends on CC_IS_CLANG && ARCH_SUPPORTS_SHADOW_CALL_STACK >> + bool "Shadow Call Stack" >> + depends on ARCH_SUPPORTS_SHADOW_CALL_STACK >> depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER >> help >> - This option enables Clang's Shadow Call Stack, which uses a >> + This option enables Clang/GCC's Shadow Call Stack, which uses a >> shadow stack to protect function return addresses from being >> overwritten by an attacker. More information can be found in >> Clang's documentation: > > Is there any additional GCC documentation that we can refer to? > Currently there is only a brief description of -fsanitize=shadow-call-stack in the user manual. Since the description of the clang documentation is more detailed, should I add this gcc link to the configuration description? Link: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options >> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig >> index 09b885cc4db5..a48a604301aa 100644 >> --- a/arch/arm64/Kconfig >> +++ b/arch/arm64/Kconfig >> @@ -1255,7 +1255,7 @@ config HW_PERF_EVENTS >> config ARCH_HAS_FILTER_PGPROT >> def_bool y >> >> -# Supported by clang >= 7.0 >> +# Supported by clang >= 7.0 or GCC > 11.2.0 > > As above, I beleive that should be `GCC >= 12.0.0`. > Yeah. Thanks, Dan.
Powered by blists - more mailing lists