Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Jan 2025 08:42:28 -0500
From:      Ed Maste <emaste@freebsd.org>
To:        Alexander Leidinger <netchild@freebsd.org>
Cc:        Jessica Clarke <jrtc27@freebsd.org>, src-committers@freebsd.org,  dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org
Subject:   Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag
Message-ID:  <CAPyFy2CDwzhNS6Bt6x6gi4QXj9JNu8On5X%2BYQhGGCEqNz%2BYrMw@mail.gmail.com>
In-Reply-To: <3e0e88c0031d9c3e1f6232f2949f8909@FreeBSD.org>
References:  <202501251308.50PD8Qsg042260@gitrepo.freebsd.org> <81A8E695-5034-4945-8D07-DF95E76904D0@freebsd.org> <9fec6bfae287dfc123a359c3e1164ae2@FreeBSD.org> <6C70A3E0-CC6D-4B0B-96A8-70636F08AC6B@freebsd.org> <3e0e88c0031d9c3e1f6232f2949f8909@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 26 Jan 2025 at 07:38, Alexander Leidinger <netchild@freebsd.org> wr=
ote:
>
> Am 2025-01-25 20:21, schrieb Jessica Clarke:
>
> > It looks like with Clang we end up using -Qunused-arguments so the
> > warning/error is suppressed. That at least means the build doesn=E2=80=
=99t
> > fail, which I suppose is good, but I=E2=80=99m not sure we should be pr=
omising
> > that WITH_SSP will protect against stack clash then having the compiler
> > silently emit unprotected code (for which we=E2=80=99re to blame, by te=
lling it
> > to ignore the fact it=E2=80=99s not supported). This at least needs to =
be
> > documented that the protection will only be provided if supported by
> > the compiler.

I suppose we should add support for stack clash to COMPILER_FEATURES
in bsd.compiler.mk and add the flag only if supported.

> function correctly.
>   supports stack overflow protection using the Stack Smashing Protector
>   .Pq SSP
>   compiler feature,
> -and stack clash protection.
> +and stack clash protection (if supported by the compiler for the given
> architecture).

To make it explicitly clear that the "if supported" applies only to
stack clash protection, maybe make it a separate sentence.

... SSP compiler feature. Stack clash protection is also enabled, if
supported by the compiler for the given architecture.

Looks good to me either way.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2CDwzhNS6Bt6x6gi4QXj9JNu8On5X%2BYQhGGCEqNz%2BYrMw>