lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKwvOd=qxHU41HFEWLAz6DOvSMPdW863E9SKVe0PFK0ePDvizQ@mail.gmail.com>
Date:   Wed, 13 Oct 2021 11:50:03 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Dan Li <ashimida@...ux.alibaba.com>
Cc:     masahiroy@...nel.org, michal.lkml@...kovi.net,
        catalin.marinas@....com, will@...nel.org, keescook@...omium.org,
        nathan@...nel.org, tglx@...utronix.de, akpm@...ux-foundation.org,
        samitolvanen@...gle.com, frederic@...nel.org, rppt@...nel.org,
        mark.rutland@....com, yifeifz2@...inois.edu, rostedt@...dmis.org,
        viresh.kumar@...aro.org, andreyknvl@...il.com,
        colin.king@...onical.com, ojeda@...nel.org,
        luc.vanoostenryck@...il.com, elver@...gle.com,
        nivedita@...m.mit.edu, ardb@...nel.org,
        linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org,
        linux-hardening@...r.kernel.org, clang-built-linux@...glegroups.com
Subject: Re: [PATCH] [PATCH V3]ARM64: SCS: Add gcc plugin to support Shadow
 Call Stack

On Wed, Oct 13, 2021 at 11:03 AM Dan Li <ashimida@...ux.alibaba.com> wrote:
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 62c3c1d..da2da8c 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -81,7 +81,7 @@ config ARM64
>         select ARCH_SUPPORTS_DEBUG_PAGEALLOC
>         select ARCH_SUPPORTS_HUGETLBFS
>         select ARCH_SUPPORTS_MEMORY_FAILURE
> -       select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK
> +       select ARCH_SUPPORTS_SHADOW_CALL_STACK if (CC_HAVE_SHADOW_CALL_STACK || GCC_PLUGIN_SHADOW_CALL_STACK)
>         select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN
>         select ARCH_SUPPORTS_LTO_CLANG_THIN
>         select ARCH_SUPPORTS_CFI_CLANG
> @@ -1062,7 +1062,7 @@ config ARCH_HAS_FILTER_PGPROT
>
>  # Supported by clang >= 7.0
>  config CC_HAVE_SHADOW_CALL_STACK
> -       def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
> +       def_bool (CC_IS_CLANG && $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18))

I guess since clang supported SCS since clang-7, but the minimally
supported version of clang according to
Documentation/process/changes.rst is 10.0.1, then this could be:

def_boot CC_IS_CLANG || $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)

Then we won't have to touch it again once SCS lands in upstream GCC,
as the cc-option test will start to pass?
-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ