From owner-freebsd-arch@FreeBSD.ORG Fri Apr 18 23:36:07 2008 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A5227106564A for ; Fri, 18 Apr 2008 23:36:07 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by mx1.freebsd.org (Postfix) with ESMTP id 40F118FC16 for ; Fri, 18 Apr 2008 23:36:07 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id 6B33C381A8B; Sat, 19 Apr 2008 00:13:41 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 5947839A1A1; Fri, 18 Apr 2008 22:49:51 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 4AA599BF12; Fri, 18 Apr 2008 20:47:38 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 3C67E405B; Fri, 18 Apr 2008 22:47:38 +0200 (CEST) Date: Fri, 18 Apr 2008 22:47:38 +0200 From: Jeremie Le Hen To: Max Laier Message-ID: <20080418204738.GE4840@obiwan.tataz.chchile.org> References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <200804181945.59189.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200804181945.59189.max@love2party.net> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-arch@freebsd.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 23:36:07 -0000 On Fri, Apr 18, 2008 at 07:45:58PM +0200, Max Laier wrote: > > First, should we build world and/or kernel with SSP by default? I've > > scamped a trivial benchmark back in 2006: timing buildworld with and > > without SSP. You can found the result on my webpage: > > http://tataz.chchile.org/~tataz/FreeSBD/SSP/#section1 > > 404 :-\ Oops, sorry I made a typo. http://tataz.chchile.org/~tataz/FreeBSD/SSP/#section1 > So I'd suggest something along the lines of: > > 1) Add the needed support symbols to libc (they don't hurt anyone, right?) Actually, they are already in libc :-). See src/sys/lib/libc/sys/stack_protector.c . > 2) Add support to build kernel/world with SSP enabled - default OFF. > 3) Solicit testing! > 4) After some time has passed (and people have had to reinstall libc anyways) > and enough feedback has been received flip the switch to default ON. I will change my patch to make SSP opt-out. This will address Marcel's concern too. > In light of the the recent "let's save stack space in the kernel", I'd like to > point out that SSP adds one word to every call. Not much, but still. Certainly. I would like to hear opinion from other committers if SSP should be enabled by default. > Finally, what happens if SSP triggers in the kernel? Do we get a useable > panic message? Can we get a kdb_traceback() (if compiled in)? Where is the > patch, btw? Yes, the panic message is explicit. But since a stack overflow occured, the backtrace may be corrupted. BTW the panic message warns about this. See src/sys/kern/stack_protector.c in the patch. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >