lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 1 Feb 2018 12:55:47 +0100
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Herbert Xu <herbert@...dor.apana.org.au>,
        "David S . Miller" <davem@...emloft.net>,
        Christopher Li <sparse@...isli.org>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@...r.kernel.org>, linux-sparse@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/3] compiler-gcc.h: __nostackprotector needs gcc-4.4 and up

Hi Arnd,

On Thu, Feb 1, 2018 at 12:46 PM, Arnd Bergmann <arnd@...db.de> wrote:
> On Thu, Feb 1, 2018 at 11:21 AM, Geert Uytterhoeven
> <geert@...ux-m68k.org> wrote:
>> Gcc versions before 4.4 do not recognize the __optimize__ compiler
>> attribute:
>>
>>     warning: ‘__optimize__’ attribute directive ignored
>>
>> Fixes: 7375ae3a0b79ea07 ("compiler-gcc.h: Introduce __nostackprotector function attribute")
>> Signed-off-by: Geert Uytterhoeven <geert@...ux-m68k.org>
>> ---
>> Can anyone please verify this?
>> Apparently __nostackprotector is used on x86 only, which is usually
>> served by modern compilers.
>
> I've checked that __optimize("no-stack-protector") is accepted by exactly those
> compilers that your 40400 version check tests for, across all architectures, so
> that's fine.

Thanks!

> However,  looking at commit 91cfc88c66bf ("x86: Use __nostackprotect for
> sme_encrypt_kernel"), I suspect that gcc-4.1 through 4.3 will now cause
> a runtime failure in sme_encrypt_kernel() without a compile-time warning.

So having this functionality is a hard requirement. Oops...

> I would leave __nostackprotector unchanged here, so we at least get
> a warning for functions that need to disable the stack protector to work
> correctly.

Agreed.

> We might want to add an #ifdef CONFIG_CC_STACKPROTECTOR around
> the __nostackprotector definition, so that we only warn if stackprotector
> is globally enabled.

And we might want to remove the dummy in include/linux/compiler_types.h:

#ifndef __nostackprotector
# define __nostackprotector
#endif

BTW, how does this work with non-gcc compilers?

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ