Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag

Reply: Alexander Leidinger : "Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag"
In reply to: Alexander Leidinger : "git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Jessica Clarke <jrtc27_at_freebsd.org>
Date: Sat, 25 Jan 2025 18:32:15 UTC

On 25 Jan 2025, at 13:08, Alexander Leidinger <netchild@FreeBSD.org> wrote:
> 
> The branch main has been updated by netchild:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=f934e629dc22b859efabd3cdebc23b63b04fa2bb
> 
> commit f934e629dc22b859efabd3cdebc23b63b04fa2bb
> Author:     Alexander Leidinger <netchild@FreeBSD.org>
> AuthorDate: 2025-01-25 12:43:39 +0000
> Commit:     Alexander Leidinger <netchild@FreeBSD.org>
> CommitDate: 2025-01-25 12:45:53 +0000
> 
>    Add stack clash protection to the WITH_SSP flag
> 
>    Some background info availabe in:
>    https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
>    https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3
>    https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/
> 
>    Reviewed by:    emaste
>    Differential Revision:  https://reviews.freebsd.org/D48651

Uh, it does require architecture-specific compiler support, which isn’t
implemented for all architectures in LLVM at least. RISC-V has only
recently (as in 1.5 months ago so not even released yet) gained
support, for example. So this is just going to spew out
-Wunused-command-line-argument warnings, and errors with -Werror, no?

Jess

> ---
> share/man/man7/mitigations.7 | 14 ++++++++++----
> share/mk/bsd.sys.mk          |  2 +-
> 2 files changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
> index c487e4e1000b..4db6589cdcf1 100644
> --- a/share/man/man7/mitigations.7
> +++ b/share/man/man7/mitigations.7
> @@ -28,7 +28,7 @@
> .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> .\" SUCH DAMAGE.
> .\"
> -.Dd July 23, 2024
> +.Dd January 25, 2025
> .Dt MITIGATIONS 7
> .Os
> .Sh NAME
> @@ -244,9 +244,13 @@ and it is possible that some applications may not function correctly.
> .Fx
> supports stack overflow protection using the Stack Smashing Protector
> .Pq SSP
> -compiler feature.
> +compiler feature,
> +and stack clash protection.
> In userland, SSP adds a per-process randomized canary at the end of every stack
> -frame which is checked for corruption upon return from the function.
> +frame which is checked for corruption upon return from the function,
> +and stack probing in
> +.Dv PAGE_SIZE
> +chunks.
> In the kernel, a single randomized canary is used globally except on aarch64,
> which has a
> .Dv PERTHREAD_SSP
> @@ -264,7 +268,9 @@ When
> .Va WITH_SSP
> is enabled, which is the default, world is built with the
> .Fl fstack-protector-strong
> -compiler option.
> +and
> +.Fl fstack-clash-protection
> +compiler options.
> The kernel is built with the
> .Fl fstack-protector
> option.
> diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk
> index 63774e857167..06f8e6e9fe78 100644
> --- a/share/mk/bsd.sys.mk
> +++ b/share/mk/bsd.sys.mk
> @@ -304,7 +304,7 @@ CXXFLAGS.clang+= -Wno-c++11-extensions
> FORTIFY_SOURCE?= 0
> .if ${MK_SSP} != "no"
> # Don't use -Wstack-protector as it breaks world with -Werror.
> -SSP_CFLAGS?= -fstack-protector-strong
> +SSP_CFLAGS?= -fstack-protector-strong -fstack-clash-protection
> CFLAGS+= ${SSP_CFLAGS}
> .endif # SSP
> .if ${FORTIFY_SOURCE} > 0