[PATCH] ARM: stackprotector: prefer compiler for TLS based per-task protector
Kees Cook
keescook at chromium.org
Tue Jan 25 12:58:20 PST 2022
On Tue, Jan 25, 2022 at 07:55:37PM +0100, Ard Biesheuvel wrote:
> On Tue, 25 Jan 2022 at 19:50, Nathan Chancellor <nathan at kernel.org> wrote:
> >
> > On Thu, Oct 21, 2021 at 04:25:16PM +0200, Ard Biesheuvel wrote:
> > > Currently, we implement the per-task stack protector for ARM using a GCC
> > > plugin, due to lack of native compiler support. However, work is
> > > underway to get this implemented in the compiler, which means we will be
> > > able to deprecate the GCC plugin at some point.
> > >
> > > In the meantime, we will need to support both, where the native compiler
> > > implementation is obviously preferred. So let's wire this up in Kconfig
> > > and the Makefile.
> > >
> > > Cc: Kees Cook <keescook at chromium.org>
> > > Cc: Nick Desaulniers <ndesaulniers at google.com>
> > > Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> >
> > I see this patch in the KSPP tree as commit 151bbc8be85e ("ARM:
> > stackprotector: prefer compiler for TLS based per-task protector"),
> > which breaks booting aspeed_g5_defconfig in QEMU with clang-14. It seems
> > like this patch depends on Ard's patch "ARM: decompressor: disable stack
> > protector" [1]; applying that on top of next-20220125 allows me to boot
> > again.
> >
> > This patch is still queued up in Russell's devel-stable branch as
> > commit f05eb1d24eb5 ("ARM: stackprotector: prefer compiler for TLS based
> > per-task protector") so perhaps this patch should be dropped from the
> > KSPP tree? I assume once Ard's recent fixes series [2] is applied to
> > devel-stable, it will be added back to for-next?
> >
> > [1]: https://lore.kernel.org/r/20220124174744.1054712-9-ardb@kernel.org/
> > [2]: https://lore.kernel.org/r/20220125091453.1475246-1-ardb@kernel.org/
> >
>
> Yeah. better drop it from KSPP.
>
> The problem is that the compiler version of the per-task
> stackprotector feature does not get disabled when building the
> decompressor, which means it ends up dereferencing bogus TLS register
> values.
Ooh! Whoops, sorry. Dropping.
--
Kees Cook
More information about the linux-arm-kernel
mailing list