Re: [patch V4 02/15] entry: Provide generic syscall entry functionality

From: peterz
Date: Wed Jul 22 2020 - 03:55:06 EST

Next message: Joerg Roedel: "Re: [PATCH v4 51/75] x86/sev-es: Handle MMIO events"
Previous message: Naresh Kamboju: "WARNING: fs/kernfs/dir.c:1508 kernfs_remove_by_name_ns"
In reply to: Thomas Gleixner: "Re: [patch V4 02/15] entry: Provide generic syscall entry functionality"
Next in thread: Thomas Gleixner: "[patch V4 03/15] entry: Provide generic syscall exit function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 21, 2020 at 02:38:16PM -0700, Kees Cook wrote:
> One thing I noticed while doing syscall entry timings for the kernel
> stack base offset randomization was that the stack protector was being
> needlessly enabled in certain paths (seccomp, audit) due to seeing a
> register array being declared on the stack. As part of that series I
> suggested down-grading the stack protector. Since then, Peter's changes
> entirely disabled the stack protector on the entry code, which I
> grudgingly accept (I'd rather have a way to mark a variable as "ignore
> this for stack protector detection", but ... there isn't, so fine.)

I don't think I'd like to have that per variable, but a function
attribute to disable stack protector would be awesome, except our
GCC-besties forgot to create that function attribute :-(

If/when we get such a function attribute, we can add it to noinstr.

Also see this here:

https://lkml.kernel.org/r/20200314164451.346497-1-slyfox@xxxxxxxxxx

Next message: Joerg Roedel: "Re: [PATCH v4 51/75] x86/sev-es: Handle MMIO events"
Previous message: Naresh Kamboju: "WARNING: fs/kernfs/dir.c:1508 kernfs_remove_by_name_ns"
In reply to: Thomas Gleixner: "Re: [patch V4 02/15] entry: Provide generic syscall entry functionality"
Next in thread: Thomas Gleixner: "[patch V4 03/15] entry: Provide generic syscall exit function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]