Re: [PATCH v3 16/17] arm64: disable SCS for hypervisor code

From: Kees Cook
Date: Thu Oct 31 2019 - 23:46:19 EST

Next message: Kees Cook: "Re: [PATCH v3 04/17] arm64: kernel: avoid x18 __cpu_soft_restart"
Previous message: Kees Cook: "Re: [PATCH v3 17/17] arm64: implement Shadow Call Stack"
In reply to: samitolvanen: "[PATCH v3 16/17] arm64: disable SCS for hypervisor code"
Next in thread: samitolvanen: "[PATCH v3 17/17] arm64: implement Shadow Call Stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 31, 2019 at 09:46:36AM -0700, samitolvanen@xxxxxxxxxx wrote:
> Filter out CC_FLAGS_SCS for code that runs at a different exception
> level.
>
> Suggested-by: Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx>
> Signed-off-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

> ---
> arch/arm64/kvm/hyp/Makefile | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/arm64/kvm/hyp/Makefile b/arch/arm64/kvm/hyp/Makefile
> index ea710f674cb6..17ea3da325e9 100644
> --- a/arch/arm64/kvm/hyp/Makefile
> +++ b/arch/arm64/kvm/hyp/Makefile
> @@ -28,3 +28,6 @@ GCOV_PROFILE := n
> KASAN_SANITIZE := n
> UBSAN_SANITIZE := n
> KCOV_INSTRUMENT := n
> +
> +# remove the SCS flags from all objects in this directory
> +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
> --
> 2.24.0.rc0.303.g954a862665-goog
>

--
Kees Cook

Next message: Kees Cook: "Re: [PATCH v3 04/17] arm64: kernel: avoid x18 __cpu_soft_restart"
Previous message: Kees Cook: "Re: [PATCH v3 17/17] arm64: implement Shadow Call Stack"
In reply to: samitolvanen: "[PATCH v3 16/17] arm64: disable SCS for hypervisor code"
Next in thread: samitolvanen: "[PATCH v3 17/17] arm64: implement Shadow Call Stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]