lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jLecg2HJqmEHoQr20ZNtgqvcD6b9s9_OsJ42a=7C0+egg@mail.gmail.com>
Date:	Wed, 9 Mar 2016 12:50:26 -0800
From:	Kees Cook <keescook@...omium.org>
To:	David Brown <david.brown@...aro.org>
Cc:	Emese Revfy <re.emese@...il.com>,
	"kernel-hardening@...ts.openwall.com" 
	<kernel-hardening@...ts.openwall.com>,
	linux-kbuild <linux-kbuild@...r.kernel.org>,
	PaX Team <pageexec@...email.hu>,
	Brad Spengler <spender@...ecurity.net>,
	Michal Marek <mmarek@...e.com>,
	Rasmus Villemoes <linux@...musvillemoes.dk>,
	Fengguang Wu <fengguang.wu@...el.com>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [kernel-hardening] [PATCH v5 2/5] GCC plugin infrastructure

On Wed, Mar 9, 2016 at 1:01 AM, David Brown <david.brown@...aro.org> wrote:
> On Mon, Mar 07, 2016 at 12:04:27AM +0100, Emese Revfy wrote:
>
>> This patch allows to build the whole kernel with GCC plugins. It was
>> ported from
>> grsecurity/PaX. The infrastructure supports building out-of-tree modules
>> and
>> building in a separate directory. Cross-compilation is supported too but
>> currently only the x86 architecture enables plugins.
>
>
> I've tested this with both ARM and ARM64.  There are some missing
> headers in the arm64 gcc, reported here:
> https://bugs.linaro.org/show_bug.cgi?id=2123 (also upstream), but this
> should work once that is fixed.
>
> Feel free to fold these into your patch, or, if you prefer, I can send
> out separate patches for them.

Ah-ha, great! Thanks for testing!

Emese, if you're not interested in carrying this, I can add it to my tree.

-Kees

>
> Signed-off-by: David Brown <david.brown@...aro.org>
>
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index 4f799e5..67ee8e3 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -54,6 +54,7 @@ config ARM
>         select HAVE_FUNCTION_GRAPH_TRACER if (!THUMB2_KERNEL)
>         select HAVE_FUNCTION_TRACER if (!XIP_KERNEL)
>         select HAVE_GENERIC_DMA_COHERENT
> +       select HAVE_GCC_PLUGINS
>         select HAVE_HW_BREAKPOINT if (PERF_EVENTS && (CPU_V6 || CPU_V6K ||
> CPU_V7))
>         select HAVE_IDE if PCI || ISA || PCMCIA
>         select HAVE_IRQ_TIME_ACCOUNTING
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 8cc6228..6d6e4f8 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -70,6 +70,7 @@ config ARM64
>         select HAVE_FTRACE_MCOUNT_RECORD
>         select HAVE_FUNCTION_TRACER
>         select HAVE_FUNCTION_GRAPH_TRACER
> +       select HAVE_GCC_PLUGINS
>         select HAVE_GENERIC_DMA_COHERENT
>         select HAVE_HW_BREAKPOINT if PERF_EVENTS
>         select HAVE_IRQ_TIME_ACCOUNTING
> --



-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ