Re: [PATCH v3 2/2] riscv: Enable per-task stack canaries

[cooper]

On 2020/7/15 äå5:37, Palmer Dabbelt wrote:
> On Fri, 10 Jul 2020 09:19:58 PDT (-0700), guoren@xxxxxxxxxx wrote:
> > From: Guo Ren <guoren@xxxxxxxxxxxxxxxxx>
> >
> > This enables the use of per-task stack canary values if GCC has
> > support for emitting the stack canary reference relative to the
> > value of tp, which holds the task struct pointer in the riscv
> > kernel.
> >
> > After compare arm64 and x86 implementations, seems arm64's is more
> > flexible and readable. The key point is how gcc get the offset of
> > stack_canary from gs/el0_sp.
> >
> > x86: Use a fix offset from gs, not flexible.
> >
> > struct fixed_percpu_data {
> > ÂÂÂÂ/*
> >  * GCC hardcodes the stack canary as %gs:40. Since the
> > ÂÂÂÂ * irq_stack is the object at %gs:0, we reserve the bottom
> > ÂÂÂÂ * 48 bytes of the irq stack for the canary.
> > ÂÂÂÂ */
> > ÂÂÂÂcharÂÂÂÂÂÂÂÂÂÂÂ gs_base[40]; // :(
> > ÂÂÂÂunsigned longÂÂ stack_canary;
> > };
> >
> > arm64: Use -mstack-protector-guard-offset & guard-reg
> > ÂÂÂÂgcc options:
> > ÂÂÂÂ-mstack-protector-guard=sysreg
> > ÂÂÂÂ-mstack-protector-guard-reg=sp_el0
> > ÂÂÂÂ-mstack-protector-guard-offset=xxx
> >
> > riscv: Use -mstack-protector-guard-offset & guard-reg
> > ÂÂÂÂgcc options:
> > ÂÂÂÂ-mstack-protector-guard=tls
> > ÂÂÂÂ-mstack-protector-guard-reg=tp
> > ÂÂÂÂ-mstack-protector-guard-offset=xxx
> >
> > Here is riscv gcc's work [1].
> >
> > [1] https://gcc.gnu.org/pipermail/gcc-patches/2020-July/549583.html
> >
> > In the end, these codes are inserted by gcc before return:
> >
> > *Â 0xffffffe00020b396 <+120>:ÂÂ ldÂÂÂÂÂ a5,1008(tp) # 0x3f0
> > *Â 0xffffffe00020b39a <+124>:ÂÂ xorÂÂÂÂ a5,a5,a4
> > *Â 0xffffffe00020b39c <+126>:ÂÂ mvÂÂÂÂÂ a0,s5
> > *Â 0xffffffe00020b39e <+128>:ÂÂ bnez a5,0xffffffe00020b61c 
> > <_do_fork+766>
> > ÂÂ 0xffffffe00020b3a2 <+132>:ÂÂ ldÂÂÂÂÂ ra,136(sp)
> > ÂÂ 0xffffffe00020b3a4 <+134>:ÂÂ ldÂÂÂÂÂ s0,128(sp)
> > ÂÂ 0xffffffe00020b3a6 <+136>:ÂÂ ldÂÂÂÂÂ s1,120(sp)
> > ÂÂ 0xffffffe00020b3a8 <+138>:ÂÂ ldÂÂÂÂÂ s2,112(sp)
> > ÂÂ 0xffffffe00020b3aa <+140>:ÂÂ ldÂÂÂÂÂ s3,104(sp)
> > ÂÂ 0xffffffe00020b3ac <+142>:ÂÂ ldÂÂÂÂÂ s4,96(sp)
> > ÂÂ 0xffffffe00020b3ae <+144>:ÂÂ ldÂÂÂÂÂ s5,88(sp)
> > ÂÂ 0xffffffe00020b3b0 <+146>:ÂÂ ldÂÂÂÂÂ s6,80(sp)
> > ÂÂ 0xffffffe00020b3b2 <+148>:ÂÂ ldÂÂÂÂÂ s7,72(sp)
> > ÂÂ 0xffffffe00020b3b4 <+150>:ÂÂ addiÂÂÂ sp,sp,144
> > ÂÂ 0xffffffe00020b3b6 <+152>:ÂÂ ret
> > ÂÂ ...
> > *Â 0xffffffe00020b61c <+766>:ÂÂ auipcÂÂ ra,0x7f8
> > *Â 0xffffffe00020b620 <+770>:ÂÂ jalrÂÂÂ -1764(ra) # 
> > 0xffffffe000a02f38 <__stack_chk_fail>
> >
> > Signed-off-by: Guo Ren <guoren@xxxxxxxxxxxxxxxxx>
> > Signed-off-by: cooper <cooper.qu@xxxxxxxxxxxxxxxxx>
>
> IIRC we're required to use full names here. I'm assuming that's meant 
> to be
> "Signed-off-by: Cooper Qu ...", and I know it's a bit procedural but I 
> can't
> make that change.
>
> Otherwise these two look good, the first one is on for-next. I can 
> boot with a
> defconfig ammended with CONFIG_STACKPROTECTOR=y,
> Thanks!
Hi Palmer,

That's ok to change it to full names as follows.

Signed-off-by: Cooper Qu <cooper.qu@xxxxxxxxxxxxxxxxx>


Best Regards,

Cooper