Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Jan 2025 08:42:28 -0500
From:      Ed Maste <emaste@freebsd.org>
To:        Alexander Leidinger <netchild@freebsd.org>
Cc:        Jessica Clarke <jrtc27@freebsd.org>, src-committers@freebsd.org,  dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org
Subject:   Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag
Message-ID:  <CAPyFy2CDwzhNS6Bt6x6gi4QXj9JNu8On5X%2BYQhGGCEqNz%2BYrMw@mail.gmail.com>
In-Reply-To: <3e0e88c0031d9c3e1f6232f2949f8909@FreeBSD.org>
References:  <202501251308.50PD8Qsg042260@gitrepo.freebsd.org> <81A8E695-5034-4945-8D07-DF95E76904D0@freebsd.org> <9fec6bfae287dfc123a359c3e1164ae2@FreeBSD.org> <6C70A3E0-CC6D-4B0B-96A8-70636F08AC6B@freebsd.org> <3e0e88c0031d9c3e1f6232f2949f8909@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail 

On Sun, 26 Jan 2025 at 07:38, Alexander Leidinger <netchild@freebsd.org> wrote:
>
> Am 2025-01-25 20:21, schrieb Jessica Clarke:
>
> > It looks like with Clang we end up using -Qunused-arguments so the
> > warning/error is suppressed. That at least means the build doesn’t
> > fail, which I suppose is good, but I’m not sure we should be promising
> > that WITH_SSP will protect against stack clash then having the compiler
> > silently emit unprotected code (for which we’re to blame, by telling it
> > to ignore the fact it’s not supported). This at least needs to be
> > documented that the protection will only be provided if supported by
> > the compiler.

I suppose we should add support for stack clash to COMPILER_FEATURES
in bsd.compiler.mk and add the flag only if supported.

> function correctly.
>   supports stack overflow protection using the Stack Smashing Protector
>   .Pq SSP
>   compiler feature,
> -and stack clash protection.
> +and stack clash protection (if supported by the compiler for the given
> architecture).

To make it explicitly clear that the "if supported" applies only to
stack clash protection, maybe make it a separate sentence.

... SSP compiler feature. Stack clash protection is also enabled, if
supported by the compiler for the given architecture.

Looks good to me either way.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2CDwzhNS6Bt6x6gi4QXj9JNu8On5X%2BYQhGGCEqNz%2BYrMw>