lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5b42962e05754c15977a102ccd5cc7aa@AcuMS.aculab.com>
Date: Sat, 9 Nov 2024 09:31:19 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Brian Gerst' <brgerst@...il.com>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "x86@...nel.org" <x86@...nel.org>
CC: Ingo Molnar <mingo@...nel.org>, "H . Peter Anvin" <hpa@...or.com>, "Thomas
 Gleixner" <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Ard
 Biesheuvel <ardb@...nel.org>, Uros Bizjak <ubizjak@...il.com>
Subject: RE: [PATCH v5 00/16] x86-64: Stack protector and percpu improvements

From: Brian Gerst
> Sent: 05 November 2024 15:58
> 
> Currently, x86-64 uses an unusual percpu layout, where the percpu section
> is linked at absolute address 0.  The reason behind this is that older GCC
> versions placed the stack protector (if enabled) at a fixed offset from the
> GS segment base.  Since the GS segement is also used for percpu variables,
> this forced the current layout.
> 
> GCC since version 8.1 supports a configurable location for the stack
> protector value, which allows removal of the restriction on how the percpu
> section is linked.  This allows the percpu section to be linked normally,
> like other architectures.  In turn, this allows removal of code that was
> needed to support the zero-based percpu section.
> 
> v5:
> - Added two patches from Ard Biesheuvel to make stack protector work
>   properly when compiling with clang.
> - Raise minimum GCC version to 8.1 for x86.
> - Drop objtool conversion code.

Is there any actual need to raise the GCC level?
Isn't it enough just to disable stack protection with older compilers?
The percpu layout can then always be the new (sane) one.

Is there even a selectable CONFIG_STACK_PROTECTOR?
Can than depend on gcc >= 8.1 for x86-64?

I've a slight vested interest in that the system I test kernels on
has gcc 7.5.0 installed :-)

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ