lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 2 Nov 2021 10:51:55 +0100
From:   Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To:     Dan Li <ashimida@...ux.alibaba.com>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Sami Tolvanen <samitolvanen@...gle.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Mike Rapoport <rppt@...nel.org>,
        Mark Rutland <mark.rutland@....com>, frederic@...nel.org,
        yifeifz2@...inois.edu, Steven Rostedt <rostedt@...dmis.org>,
        Viresh Kumar <viresh.kumar@...aro.org>, andreyknvl@...il.com,
        Colin King <colin.king@...onical.com>,
        Miguel Ojeda <ojeda@...nel.org>, Arnd Bergmann <arnd@...db.de>,
        Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Marco Elver <elver@...gle.com>, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] [RFC/RFT] AARCH64: Add gcc Shadow Call Stack support

On Tue, Nov 2, 2021 at 8:58 AM Dan Li <ashimida@...ux.alibaba.com> wrote:
>
> I tried to submit a patch[1] to add compiler's SCS support on gcc-11.1.0.

This would go into GCC 12, right?

> [1] https://gcc.gnu.org/pipermail/gcc-patches/2021-November/583062.html

Nit: you can use the `Link: ` tag for this.

>  # Supported by clang >= 7.0

We should add a comment here saying the minimum version too, e.g. GCC
>= 12 (assuming it will be merged)

>  config CC_HAVE_SHADOW_CALL_STACK
> -       def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
> +       def_bool CC_IS_CLANG || $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)

This is changing the default for Clang (which looks fine due to our
minimum Clang version), but if the test for GCC works the same way,
why not just keep the line as it was since it covers both?

> +#if __has_attribute(__no_sanitize_shadow_call_stack__)
> +#define __noscs __attribute__((no_sanitize_shadow_call_stack))
> +#else
> +#define __noscs
> +#endif

No need for the `else` branch here, it is done in `compiler_types.h`
(to be consistent with Clang).

Also, I hope one day GCC and Clang doing the same for these
sanitize-related bits...

Cheers,
Miguel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ