On Tue, Dec 4, 2018 at 12:58 PM Florian Weimer <fwei...@redhat.com> wrote: > > * Wilco Dijkstra: > > >> For userland, I would like to eventually copy the OpenBSD approach for > >> architectures which have some form of PC-relative addressing: we can > >> have multiple random canaries in (RELRO) .rodata in sufficiently close > >> to the code that needs them (assuming that we have split .rodata).
On AArch64 as well we've split .rodata. I think I did this with GCC 5. All the addressing of global data is through PC relative access and in the small model which is the default in Linux userland, I think we'll just be fine. > At > >> least for x86-64, I expect this to be a small win. It's also a slight > >> hardening improvement if the reference canary is not stored in writable > >> memory. > > > > On AArch64 hardware pointer signing already provides a free and more robust > > implementation of stack canaries, so we could change -fstack-protector to > > use that when pointer signing is enabled. > > I expected to use both because not all AArch64 implementations support > pointer signing, and we'd use the stack protector to get some coverage > for the legacy implementations. Indeed. until the default goes up to Armv8.3-A it's going to be default to this. regards Ramana > > Thanks, > Florian
