From owner-freebsd-arch@FreeBSD.ORG Wed Apr 23 19:54:30 2008 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F234106566B; Wed, 23 Apr 2008 19:54:30 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 6C0AE8FC15; Wed, 23 Apr 2008 19:54:30 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (unknown [208.65.91.234]) by elvis.mu.org (Postfix) with ESMTP id 02D7E1A4D7E; Wed, 23 Apr 2008 12:54:29 -0700 (PDT) Received: from localhost.corp.yahoo.com (john@localhost [127.0.0.1]) (authenticated bits=0) by server.baldwin.cx (8.14.2/8.14.2) with ESMTP id m3NJs87S031322; Wed, 23 Apr 2008 15:54:08 -0400 (EDT) (envelope-from jhb@freebsd.org) From: John Baldwin To: Jeremie Le Hen Date: Wed, 23 Apr 2008 11:49:17 -0400 User-Agent: KMail/1.9.7 References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <200804230934.42497.jhb@freebsd.org> <20080423143356.GQ92168@obiwan.tataz.chchile.org> In-Reply-To: <20080423143356.GQ92168@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200804231149.17560.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [127.0.0.1]); Wed, 23 Apr 2008 15:54:09 -0400 (EDT) X-Virus-Scanned: ClamAV 0.91.2/6905/Wed Apr 23 11:20:18 2008 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-4.2 required=4.2 tests=ALL_TRUSTED,AWL,BAYES_00, DATE_IN_PAST_03_06 autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on server.baldwin.cx Cc: Antoine Brodin , freebsd-arch@freebsd.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2008 19:54:30 -0000 On Wednesday 23 April 2008 10:33:56 am Jeremie Le Hen wrote: > > Does GCC provide an attribute that can be applied to a function to disable > > stack protection? We could explicitly disable it for the few functions > > (mi_startup(), initi386(), etc.) on the call path to mi_startup(). > > Sorry, I should have mentionned that I've already skimmed over gcc info > page and then asked on #gcc on FreeNode for such an atttribute, but > there isn't: > > % 22:16 < Guilt> there are a lot of problems in enabling/disabling > % fstack-protector in the mid of the program > % 22:16 < Guilt> one is that specs for libssp are taken from the driver > % program > % 22:17 < Guilt> not the compiler (cc1) and it's not possible to > % arbitrarily enable/disable those > > Ultimately those functions should be moved into separate compilation > units. Maybe the current layout is sufficient, I don't know. Would you > please give me some hint about the functions that must not be protected? > Maybe all the MD stuff? Well, we never return from mi_startup() (the last SYSINIT() calls scheduler() where thread0 runs for the rest of its life). I'm not sure how the ssp stuff works, but if it happens on return from the function, then given that you are probably just fine as it is? -- John Baldwin