Date: Sat, 25 Jan 2025 20:09:14 +0100 From: Alexander Leidinger <netchild@FreeBSD.org> To: Jessica Clarke <jrtc27@freebsd.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag Message-ID: <9fec6bfae287dfc123a359c3e1164ae2@FreeBSD.org> In-Reply-To: <81A8E695-5034-4945-8D07-DF95E76904D0@freebsd.org> References: <202501251308.50PD8Qsg042260@gitrepo.freebsd.org> <81A8E695-5034-4945-8D07-DF95E76904D0@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --=_dfebb1064ab7e7467e9facd0bf4792ce Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8; format=flowed Am 2025-01-25 19:32, schrieb Jessica Clarke: > On 25 Jan 2025, at 13:08, Alexander Leidinger <netchild@FreeBSD.org> > wrote: >> >> The branch main has been updated by netchild: >> >> URL: >> https://cgit.FreeBSD.org/src/commit/?id=f934e629dc22b859efabd3cdebc23b63b04fa2bb >> >> commit f934e629dc22b859efabd3cdebc23b63b04fa2bb >> Author: Alexander Leidinger <netchild@FreeBSD.org> >> AuthorDate: 2025-01-25 12:43:39 +0000 >> Commit: Alexander Leidinger <netchild@FreeBSD.org> >> CommitDate: 2025-01-25 12:45:53 +0000 >> >> Add stack clash protection to the WITH_SSP flag >> >> Some background info availabe in: >> >> https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html >> >> https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3 >> https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/ >> >> Reviewed by: emaste >> Differential Revision: https://reviews.freebsd.org/D48651 > > Uh, it does require architecture-specific compiler support, which isn’t > implemented for all architectures in LLVM at least. RISC-V has only > recently (as in 1.5 months ago so not even released yet) gained > support, for example. So this is just going to spew out > -Wunused-command-line-argument warnings, and errors with -Werror, no? The online docs for gcc (https://gcc.gnu.org/onlinedocs/gcc//Instrumentation-Options.html) tell this: ---snip--- Most targets do not fully support stack clash protection. However, on those targets -fstack-clash-protection will protect dynamic stack allocations. -fstack-clash-protection may also provide limited protection for static stack allocations if the target supports -fstack-check=specific. ---snip--- I read this as it should not spill such warnings. Additionally other options there are listed as limited to some architectures, but this one is not listed as such. The online docs of clang (https://clang.llvm.org/docs/ClangCommandLineReference.html) do not limit this option for some architectures while for other options (e.g. -fzero-call-used-regs) it tells about architecture limits. In a discussion on -current in November there was the opinion it may depend on run time support, as I've searched but I've read only that this option depends on stack guard pages in the kernel. I have not found info about any required run-time support in e.g. libc or such (like for -fstack-protector(-strong)). If those docs are missing listing limits for this option, we can off course enable this with a little bit of code in bsd.compiler.mk only for those architectures where we do not get such warnings. Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_dfebb1064ab7e7467e9facd0bf4792ce Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc; size=833 Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmeVNusACgkQEg2wmwP4 2Ib1Lg/+NG5tAoqBMw2gnKjEMAV7P9lIgTE4k7M0aK019rJykVPiqdGS9VZpUMWD geO6jpocQ5E2yiLzoRJyBmwHpIdiz4Ic+GTgHS9U2MqdPUa+JDh9owbM/1UHNBHD t9cGBXtcFjowP05iNJ7xnidH1ey0o99aVWvv0ymm4yCCu538EBW5Ra2ZA7Z1qEZd buSLxGE+A6UT+/lA6LGmkLLtZXwDm5IkWbr01JxrGCv19vh9QyNZ9zNj45TuPhcd xc0jtiUmNu0ReFw8oXklwcR5wVtcN7CUTzH4Ua+GuyGvmEHn6cM7fRBsHH8eNSqY kLZqit4iyt2sBA3zBGAhFNhhxIoRLuKG8oVf+1qbDyYe97tAPwPqiGyYaZ45gwvS CcTCy+jVzcyWawlJdiO5dvxzANRwKRAeMHLQJ2i+NtO0+qPx4M5mCYP4nm6zYYOE Qf1WcLeqZPXqx+F66ziKT9kUSm6vzZjIiKSIHkVdDfd+ZPebgEdAxO62Bc+vr6rb fWje0SAytOOQmDXxvKQRuCUBc0eSTThspNL+RisKYp/XHAuAK5ULO4eKoLC37ket Oi4ZfD+7FYEDe/+jK6xV5PN1PIUMsjPa8vU9zxhboHzXuAbpogFyv4STJdAF3ijG 1bFmT3YCirr8NG9K8kpqtxQuxjGLHGoScjw5zk5zQQFZpgjtOqo= =aYvF -----END PGP SIGNATURE----- --=_dfebb1064ab7e7467e9facd0bf4792ce--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9fec6bfae287dfc123a359c3e1164ae2>