| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zsha_58Y2nkOC35v@arm.com> Date: Fri, 23 Aug 2024 10:48:47 +0100 From: Catalin Marinas <catalin.marinas@....com> To: Mark Brown <broonie@...nel.org> Cc: Will Deacon <will@...nel.org>, Jonathan Corbet <corbet@....net>, Andrew Morton <akpm@...ux-foundation.org>, Marc Zyngier <maz@...nel.org>, Oliver Upton <oliver.upton@...ux.dev>, James Morse <james.morse@....com>, Suzuki K Poulose <suzuki.poulose@....com>, Arnd Bergmann <arnd@...db.de>, Oleg Nesterov <oleg@...hat.com>, Eric Biederman <ebiederm@...ssion.com>, Shuah Khan <shuah@...nel.org>, "Rick P. Edgecombe" <rick.p.edgecombe@...el.com>, Deepak Gupta <debug@...osinc.com>, Ard Biesheuvel <ardb@...nel.org>, Szabolcs Nagy <Szabolcs.Nagy@....com>, Kees Cook <kees@...nel.org>, "H.J. Lu" <hjl.tools@...il.com>, Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, Florian Weimer <fweimer@...hat.com>, Christian Brauner <brauner@...nel.org>, Thiago Jung Bauermann <thiago.bauermann@...aro.org>, Ross Burton <ross.burton@....com>, Yury Khrustalev <yury.khrustalev@....com>, Wilco Dijkstra <wilco.dijkstra@....com>, linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org, kvmarm@...ts.linux.dev, linux-fsdevel@...r.kernel.org, linux-arch@...r.kernel.org, linux-mm@...ck.org, linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org Subject: Re: [PATCH v11 27/39] arm64: Add Kconfig for Guarded Control Stack (GCS) On Thu, Aug 22, 2024 at 02:15:30AM +0100, Mark Brown wrote: > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a2f8ff354ca6..772f9ba99fe8 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -2137,6 +2137,26 @@ config ARM64_EPAN > if the cpu does not implement the feature. > endmenu # "ARMv8.7 architectural features" > > +menu "v9.4 architectural features" > + > +config ARM64_GCS > + bool "Enable support for Guarded Control Stack (GCS)" > + default y > + select ARCH_HAS_USER_SHADOW_STACK > + select ARCH_USES_HIGH_VMA_FLAGS > + help > + Guarded Control Stack (GCS) provides support for a separate > + stack with restricted access which contains only return > + addresses. This can be used to harden against some attacks > + by comparing return address used by the program with what is > + stored in the GCS, and may also be used to efficiently obtain > + the call stack for applications such as profiling. > + > + The feature is detected at runtime, and will remain disabled > + if the system does not implement the feature. > + > +endmenu # "v9.4 architectural features" BTW, as Mark R spotted we'd also need to handle uprobes. Since that's off in defconfig, I think it can be done separately on top of this series. In the meantime, we could make this dependent on !UPROBES. -- Catalin
Powered by blists - more mailing lists