Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag

Reply: Jessica Clarke : "Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag"
In reply to: Jessica Clarke : "Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alexander Leidinger <netchild_at_FreeBSD.org>
Date: Sat, 25 Jan 2025 19:09:14 UTC

Am 2025-01-25 19:32, schrieb Jessica Clarke:
> On 25 Jan 2025, at 13:08, Alexander Leidinger <netchild@FreeBSD.org> 
> wrote:
>> 
>> The branch main has been updated by netchild:
>> 
>> URL: 
>> https://cgit.FreeBSD.org/src/commit/?id=f934e629dc22b859efabd3cdebc23b63b04fa2bb
>> 
>> commit f934e629dc22b859efabd3cdebc23b63b04fa2bb
>> Author:     Alexander Leidinger <netchild@FreeBSD.org>
>> AuthorDate: 2025-01-25 12:43:39 +0000
>> Commit:     Alexander Leidinger <netchild@FreeBSD.org>
>> CommitDate: 2025-01-25 12:45:53 +0000
>> 
>>    Add stack clash protection to the WITH_SSP flag
>> 
>>    Some background info availabe in:
>>    
>> https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
>>    
>> https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3
>>    https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/
>> 
>>    Reviewed by:    emaste
>>    Differential Revision:  https://reviews.freebsd.org/D48651
> 
> Uh, it does require architecture-specific compiler support, which isn’t
> implemented for all architectures in LLVM at least. RISC-V has only
> recently (as in 1.5 months ago so not even released yet) gained
> support, for example. So this is just going to spew out
> -Wunused-command-line-argument warnings, and errors with -Werror, no?

The online docs for gcc 
(https://gcc.gnu.org/onlinedocs/gcc//Instrumentation-Options.html) tell 
this:
---snip---
Most targets do not fully support stack clash protection. However, on 
those targets -fstack-clash-protection will protect dynamic stack 
allocations. -fstack-clash-protection may also provide limited 
protection for static stack allocations if the target supports 
-fstack-check=specific.
---snip---

I read this as it should not spill such warnings. Additionally other 
options there are listed as limited to some architectures, but this one 
is not listed as such.

The online docs of clang 
(https://clang.llvm.org/docs/ClangCommandLineReference.html) do not 
limit this option for some architectures while for other options (e.g. 
-fzero-call-used-regs) it tells about architecture limits.

In a discussion on -current in November there was the opinion it may 
depend on run time support, as I've searched but I've read only that 
this option depends on stack guard pages in the kernel. I have not found 
info about any required run-time support in e.g. libc or such (like for 
-fstack-protector(-strong)).

If those docs are missing listing limits for this option, we can off 
course enable this with a little bit of code in bsd.compiler.mk only for 
those architectures where we do not get such warnings.

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF