From owner-freebsd-current@freebsd.org Thu Jul 28 08:05:31 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18387BA5AA8 for ; Thu, 28 Jul 2016 08:05:31 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D48191EF5 for ; Thu, 28 Jul 2016 08:05:30 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: by mail-yw0-x22f.google.com with SMTP id u134so79834339ywg.3 for ; Thu, 28 Jul 2016 01:05:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuxi-nl.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hc5ZjgD/cgDxHaKjv6AU6K++rL5zrGCOgnWSZcyhPOM=; b=IQKGSHhPhjPjuDsUnz++25BKaMUuxz3vbV+M6z4SJ3R5DI8Fd2E6050i87c/DsCdus oAo7VTc2/8lmReYmYXudszWYHP9TB/0kI/t3TPYWVpNjInXlWMgmitUbFIW/wl+AmYYA Ac3mzbVkfXQPdDCPGxfrpX4Cy/LpEeVL9cddeCyOSvfu1S8xxgYn1f+KRlOOnj3my//P UBwdq+M2t3ee65PcJuHJ9awhRAf8YDD2SYOtDGsjh80zo7EcjBjCcmVDOqJicweTSe8y CzxMs7S1gWPfyTrtL7k/Odry7GlV7Y7G9QRBGNPJeKXfzuV7oR3f84iw7jaKiMrdTJrw YQRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hc5ZjgD/cgDxHaKjv6AU6K++rL5zrGCOgnWSZcyhPOM=; b=V8bI56CNMcy7Azy6BqHOj3EKR1v/YPvAhyahHcL0AVO1Xbmnx+BOQrpQpyl3Hd0H6T VbhXYlb8F1YhKd4WWnx7lLI64DrLGjKXMLu+hX631CUpihaXkCxHjzRf9RftYdzWAxJ5 sWz5+TdKEXY6hH8wYCQDal+TFb7G8p0Ywd6oKpOH2/rjFJ+AHv+KxKx8bZHT7VyalG5v TU19EAQYB3PHvVQ4j5fQemDBPrlrYClnAmPMkWIH75+uBedmsDFNHRzwwpPGnDfAIRxI W63bvPEoDuECnkcujUeatWe5eRp8zdJDlL6SLKu/t1vb245xrZparTlu2G7y1xZ6yXSi PmKg== X-Gm-Message-State: AEkoousG+jEkTh5x/Q2a2sSEAFeKKgJ/N39iraqtQzl1+/mLETf9sBqrlNj8KNUDY0Dxihsfuek5ihNJvQaSUg== X-Received: by 10.129.122.7 with SMTP id v7mr27862335ywc.219.1469693129736; Thu, 28 Jul 2016 01:05:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.13.201.71 with HTTP; Thu, 28 Jul 2016 01:05:29 -0700 (PDT) In-Reply-To: References: <20160727225527.GG13428@mutt-hardenedbsd> From: Ed Schouten Date: Thu, 28 Jul 2016 10:05:29 +0200 Message-ID: Subject: Re: SafeStack in base To: "Conrad E. Meyer" Cc: Shawn Webb , freebsd-current , Ed Maste Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2016 08:05:31 -0000 Hi Conrad, 2016-07-28 2:02 GMT+02:00 Conrad Meyer : > The problem appears to be an upstream limitation of > -fsanitize=3Dsafe-stack: "Most programs, static libraries, or individual > files can be compiled with SafeStack as is. =E2=80=A6 Linking a DSO with > SafeStack is not currently supported." [0] I'm not sure, but I thought the reason for this is due to the fact that SafeStack uses some kind of additional library to wrap around pthread_create() to create threads that have SafeStack properly set up. If we were to actually integrate this functionality into our C runtime/pthread library to create threads with two stacks by default, then I couldn't think of a reason why it shouldn't work with DSOs. SafeStack merely depends on an additional TLS variable -- nothing else. --=20 Ed Schouten Nuxi, 's-Hertogenbosch, the Netherlands KvK-nr.: 62051717