On Tue, Jul 21, 2020 at 02:38:16PM -0700, Kees Cook wrote: > One thing I noticed while doing syscall entry timings for the kernel > stack base offset randomization was that the stack protector was being > needlessly enabled in certain paths (seccomp, audit) due to seeing a > register array being declared on the stack. As part of that series I > suggested down-grading the stack protector. Since then, Peter's changes > entirely disabled the stack protector on the entry code, which I > grudgingly accept (I'd rather have a way to mark a variable as "ignore > this for stack protector detection", but ... there isn't, so fine.) I don't think I'd like to have that per variable, but a function attribute to disable stack protector would be awesome, except our GCC-besties forgot to create that function attribute :-( If/when we get such a function attribute, we can add it to noinstr. Also see this here: https://lkml.kernel.org/r/20200314164451.346497-1-slyfox@xxxxxxxxxx
