lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Dec 2022 12:27:31 +0900 From: Masami Hiramatsu (Google) <mhiramat@...nel.org> To: Ard Biesheuvel <ardb@...nel.org> Cc: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, mark.rutland@....com, will@...nel.org, rostedt@...dmis.org, samitolvanen@...gle.com, keescook@...omium.org, mhiramat@...nel.org Subject: Re: [PATCH] ftrace: Allow WITH_ARGS flavour of graph tracer with shadow call stack On Fri, 9 Dec 2022 15:34:02 +0100 Ard Biesheuvel <ardb@...nel.org> wrote: > The recent switch on arm64 from DYNAMIC_FTRACE_WITH_REGS to > DYNAMIC_FTRACE_WITH_ARGS failed to take into account that we currently > require the former in order to allow the function graph tracer to be > enabled in combination with shadow call stacks. This means that this is > no longer permitted at all, in spite of the fact that either flavour of > ftrace works perfectly fine in this combination. > > Given that arm64 is the only arch that implements shadow call stacks in > the first place, let's update the condition to just reflect the arm64 > change. When other architectures adopt shadow call stack support, this > can be revisited if needed. This brings a question. Is the SCS safe if kretprobe(rethook) is enabled? it also changes the stack entry after a calling function. Thank you, > > Signed-off-by: Ard Biesheuvel <ardb@...nel.org> > --- > arch/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/Kconfig b/arch/Kconfig > index 072a1b39e3afd0d1..683f365b5e31c856 100644 > --- a/arch/Kconfig > +++ b/arch/Kconfig > @@ -635,7 +635,7 @@ config ARCH_SUPPORTS_SHADOW_CALL_STACK > config SHADOW_CALL_STACK > bool "Shadow Call Stack" > depends on ARCH_SUPPORTS_SHADOW_CALL_STACK > - depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER > + depends on DYNAMIC_FTRACE_WITH_ARGS || !FUNCTION_GRAPH_TRACER > help > This option enables the compiler's Shadow Call Stack, which > uses a shadow stack to protect function return addresses from > -- > 2.35.1 > -- Masami Hiramatsu (Google) <mhiramat@...nel.org>
Powered by blists - more mailing lists