per-task stack canaries for arm64
Kees Cook
keescook at chromium.org
Wed Jan 17 12:45:39 PST 2018
On Wed, Jan 17, 2018 at 12:32 PM, Ard Biesheuvel
<ard.biesheuvel at linaro.org> wrote:
> On 17 January 2018 at 19:10, Kees Cook <keescook at chromium.org> wrote:
>> On Wed, Jan 17, 2018 at 10:24 AM, Ard Biesheuvel
>> <ard.biesheuvel at linaro.org> wrote:
> [...]
>> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81708
>> which was done for x86 only, and provides both:
>> -mstack-protector-guard-symbol=...
>> -mstack-protector-guard-reg=...
>>
>> If this could be extended to arm64, I think we'd be in good shape (and
>> it could be trivially detected at build time).
>>
>
> I'm not entirely sure what the point is of specifying the name of the
> symbol on the command line. It is ultimately up to the GCC developers
> to decide how much point there is to maintaining parity with x86 here.
>
> [...]
>>> Ramana indicated at the time that he would be up for adding, e.g.,
>>> -fstack-protector-linux-kernel as a command line option, and add the
>>> contents of tpidr_el1 to every reference of __stack_chk_guard when
>>> set.
>>
>> I think we want to reuse the command-line names from the x86 options
>> above, unless there's a good reason not to?
>
> I'm perfectly happy to settle for whatever the GCC developers manage
> to agree on, as long as it gives us the ability to use tpidr_el1 as
> the offset.
Ramana, Uroš, what's the best next step? Should we open a GCC bug
specifically for arm64 here?
-Kees
--
Kees Cook
Pixel Security
More information about the linux-arm-kernel
mailing list