| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171116164101.GE94341@samitolvanen.mtv.corp.google.com>
Date: Thu, 16 Nov 2017 08:41:01 -0800
From: Sami Tolvanen <samitolvanen@...gle.com>
To: Will Deacon <will.deacon@....com>
Cc: Alex Matveev <alxmtvv@...il.com>, Andi Kleen <ak@...ux.intel.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Greg Hackmann <ghackmann@...gle.com>,
Kees Cook <keescook@...omium.org>,
linux-arm-kernel@...ts.infradead.org, linux-kbuild@...r.kernel.org,
linux-kernel@...r.kernel.org, Mark Rutland <mark.rutland@....com>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
Maxim Kuvyrkov <maxim.kuvyrkov@...aro.org>,
Michal Marek <michal.lkml@...kovi.net>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Yury Norov <ynorov@...iumnetworks.com>,
Matthias Kaehlcke <mka@...omium.org>
Subject: Re: [PATCH v2 10/18] arm64: add a workaround for GNU gold with
ARM64_MODULE_PLTS
On Thu, Nov 16, 2017 at 11:50:12AM +0000, Will Deacon wrote:
> Why don't we just not do LTO if the toolchain is busted?
Because LTO can not only potentially improve performance, especially
when combined with PGO (Profile Guided Optimization), but it also
makes it possible to enable features like Control Flow Integrity that
can make kernel vulnerabilities more difficult to exploit:
https://clang.llvm.org/docs/ControlFlowIntegrity.html
> This feels like it will end up being a game of whack-a-mole as code
> could be introduced that tickles known bugs on older toolchains.
I'm not sure this is much different from dealing with older versions
of the existing toolchain. Otherwise, we wouldn't need cc-version or
other similar macros, for example.
Sami
Powered by blists - more mailing lists