Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 1 Feb 2019 12:21:44 -0800
From: Thomas Garnier <>
To: Andy Lutomirski <>
Cc: Kernel Hardening <>, 
	Kristen Carlson Accardi <>, Thomas Gleixner <>, 
	Ingo Molnar <>, Borislav Petkov <>, "H. Peter Anvin" <>, 
	X86 ML <>, Masahiro Yamada <>, 
	Juergen Gross <>, Joerg Roedel <>, 
	Jia Zhang <>, Konrad Rzeszutek Wilk <>, 
	Tim Chen <>, LKML <>
Subject: Re: [PATCH v6 20/27] x86: Support global stack cookie

On Fri, Feb 1, 2019 at 11:27 AM Andy Lutomirski <> wrote:
> On Thu, Jan 31, 2019 at 11:29 AM Thomas Garnier <> wrote:
> >
> > Add an off-by-default configuration option to use a global stack cookie
> > instead of the default TLS. This configuration option will only be used
> > with PIE binaries.
> >
> > For kernel stack cookie, the compiler uses the mcmodel=kernel to switch
> > between the fs segment to gs segment. A PIE binary does not use
> > mcmodel=kernel because it can be relocated anywhere, therefore the
> > compiler will default to the fs segment register. This is fixed on the
> > latest version of gcc.
> I hate all these gcc-sucks-so-we-hack-it-and-change-nasty-semantics
> options.  How about just preventing use of both stack protector and
> PIE unless the version of gcc in use is new enough.

So fail the build in this scenario?

> Also, does -mstack-protector-guard-reg not solve this?  See
>  Or is there
> another bug?  Or are you worried about gcc versions that don't have
> that feature yet?

I am worried about gcc versions that don't have this feature, yes.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.