Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2516871pxb; Tue, 9 Mar 2021 04:43:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJx6gP3oaKblAAEdBKQP42po6EgXcVl1DOodszs0cCl02XYiS9xOmSx/DiHo6IrRLhmiRHUa X-Received: by 2002:aa7:db01:: with SMTP id t1mr3875866eds.77.1615293780673; Tue, 09 Mar 2021 04:43:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615293780; cv=none; d=google.com; s=arc-20160816; b=IyvLC399W56RggBHJQdjN8JdVObWNVQzAjFzhXsmYcgdvY4Zkpf7OIbharqq379Hxa JX1uKfB2O2jk59uvlt3xPPZ7YNc2WDQSu9zqzFcaE3nyr2HGd7FQ7lKIfNK7nPWIdWgX Fo1tFjtWKoQ7Z9IBOqLQm0vOW1g1So5dG88myX3D+4kbXwldah90aY3gpNC8WlU/qYBj jkK1k3HM30Xkt9/xYGFbLFhW87nnt9TCieGlvgWTPwjvMLDmhIfaSPUKNAPhI7i3ZN9r BwXJI+0VsKpeRryDI8D91Mmm2eyqKf5b+t1bQaA4f+0uIn6b1V1+FY4jMOyB8l8Lrufs Y0fQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=BxdKvyVpI92EhAysNS8M1PZzUNRe/6TNHR1ISis9qGU=; b=A2AxHfpzTsiOlGLwDziyrje+jZfAjm5HBh5uZ+31zP6dOMXKhNnRboJRUkv8bd0Rei 9h/i8qsl+V0SbRn1gFWRy7jWD9YP6x4XI18yH9Nkm3RYPQWCxlW9X6zk478i6nUOhveT 8fH3y3UVlBFl/t+jqfxAUAWXWyURktWfSyZOgio2tKXJTlmQ3FX0YX2KQsumTKIRxyUC dDE9uGAa1TO9lKz9TtsqLZYzqkuti6r7kV2GNNDSTqDTIpkZz7OoX4iS099TjCGSRLpT 2/N0kLBHXWBo+X7BrlcUfU9MBlHaTFO045WXoDJUmq8O00EUs7TYcEO2GblwnO608NIx dOnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WeKxuO6y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k1si8968949ejp.193.2021.03.09.04.42.37; Tue, 09 Mar 2021 04:43:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WeKxuO6y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229916AbhCIMkM (ORCPT + 99 others); Tue, 9 Mar 2021 07:40:12 -0500 Received: from mail.kernel.org ([198.145.29.99]:37172 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229544AbhCIMjs (ORCPT ); Tue, 9 Mar 2021 07:39:48 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id E0F5165274 for ; Tue, 9 Mar 2021 12:39:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1615293588; bh=pwMguO9Q1vd5NbKDPpSQnYbWyabGZ1kPQE2NN5ezZGQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=WeKxuO6yVrmWja4085fcv0wYsLWN6sDohVC3sZEvDxsNsbjH/taYp2JWxiRnaJRff +/zEfm8J47P2WmJN6+YBo9fV4vQVGXS8xe6+aszk/m6v7nK7bKKCv5EdxQuBV2X1HO GJfcz7SU8+uKNmj4lbGJwVZMLms4+YTjCeo+UyxKJX/2GQM9EmNxkTd31G9b1Dpi0W gkSDvN6qLSmhD+oDHBbmVS1kxHvHNtWIb5N+MVVhKQlkAoWFQ8hXJap8/YkK3qfwBS Zrfr6GJE1ESjVjGFtCYfxzLjIvmHrP28Xyu22Ar8SbCfxV3q2jbUVEsoiZFxgdrF/T EW0mS8l+e/P5g== Received: by mail-oi1-f180.google.com with SMTP id z126so14743736oiz.6 for ; Tue, 09 Mar 2021 04:39:47 -0800 (PST) X-Gm-Message-State: AOAM533Awqg10Qojy9cbODxvnPF4nihqxiQOjKhKsVUcM+mlN1xmEHg0 SPdM4o+GGXxvPrWdbevK3KxW4lInwzK17zUM/UM= X-Received: by 2002:aca:538c:: with SMTP id h134mr2802823oib.174.1615293587253; Tue, 09 Mar 2021 04:39:47 -0800 (PST) MIME-Version: 1.0 References: <20210309123544.14040-1-msuchanek@suse.de> In-Reply-To: <20210309123544.14040-1-msuchanek@suse.de> From: Ard Biesheuvel Date: Tue, 9 Mar 2021 13:39:36 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] arm64: make STACKPROTECTOR_PER_TASK configurable. To: Michal Suchanek Cc: Linux ARM , Catalin Marinas , Will Deacon , Linux Kernel Mailing List , Masahiro Yamada Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 9 Mar 2021 at 13:37, Michal Suchanek wrote: > > When using dummy-tools STACKPROTECTOR_PER_TASK is unconditionally > selected. This defeats the purpose of the all-enabled tool. > What is dummy-tools and why should we care about it? > Description copied from arm > > Cc: Masahiro Yamada > Signed-off-by: Michal Suchanek > --- > arch/arm64/Kconfig | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a8ff7cd5f096..f59d391e31a4 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1549,9 +1549,20 @@ config RANDOMIZE_MODULE_REGION_FULL > config CC_HAVE_STACKPROTECTOR_SYSREG > def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) > > + > config STACKPROTECTOR_PER_TASK > - def_bool y > + bool "Use a unique stack canary value for each task" > depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG > + default y > + help > + Due to the fact that GCC uses an ordinary symbol reference from > + which to load the value of the stack canary, this value can only > + change at reboot time on SMP systems, and all tasks running in the > + kernel's address space are forced to use the same canary value for > + the entire duration that the system is up. > + > + Enable this option to switch to a different method that uses a > + different canary value for each task. > > endmenu > > -- > 2.26.2 > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel