Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag
- In reply to: Ed Maste : "Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 Jan 2025 13:42:45 UTC
Am 2025-01-28 14:42, schrieb Ed Maste: > On Sun, 26 Jan 2025 at 07:38, Alexander Leidinger > <netchild@freebsd.org> wrote: >> >> Am 2025-01-25 20:21, schrieb Jessica Clarke: >> >> > It looks like with Clang we end up using -Qunused-arguments so the >> > warning/error is suppressed. That at least means the build doesn’t >> > fail, which I suppose is good, but I’m not sure we should be promising >> > that WITH_SSP will protect against stack clash then having the compiler >> > silently emit unprotected code (for which we’re to blame, by telling it >> > to ignore the fact it’s not supported). This at least needs to be >> > documented that the protection will only be provided if supported by >> > the compiler. > > I suppose we should add support for stack clash to COMPILER_FEATURES > in bsd.compiler.mk and add the flag only if supported. I will submit a review for this later (testing some arch limits for zeroregs at the same time, seems it has similar restrictions). >> function correctly. >> supports stack overflow protection using the Stack Smashing >> Protector >> .Pq SSP >> compiler feature, >> -and stack clash protection. >> +and stack clash protection (if supported by the compiler for the >> given >> architecture). > > To make it explicitly clear that the "if supported" applies only to > stack clash protection, maybe make it a separate sentence. > > ... SSP compiler feature. Stack clash protection is also enabled, if > supported by the compiler for the given architecture. > > Looks good to me either way. Committed. Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF