git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag

Reply: Jessica Clarke : "Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alexander Leidinger <netchild_at_FreeBSD.org>
Date: Sat, 25 Jan 2025 13:08:26 UTC

The branch main has been updated by netchild:

URL: https://cgit.FreeBSD.org/src/commit/?id=f934e629dc22b859efabd3cdebc23b63b04fa2bb

commit f934e629dc22b859efabd3cdebc23b63b04fa2bb
Author:     Alexander Leidinger <netchild@FreeBSD.org>
AuthorDate: 2025-01-25 12:43:39 +0000
Commit:     Alexander Leidinger <netchild@FreeBSD.org>
CommitDate: 2025-01-25 12:45:53 +0000

    Add stack clash protection to the WITH_SSP flag
    
    Some background info availabe in:
    https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
    https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3
    https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/
    
    Reviewed by:    emaste
    Differential Revision:  https://reviews.freebsd.org/D48651
---
 share/man/man7/mitigations.7 | 14 ++++++++++----
 share/mk/bsd.sys.mk          |  2 +-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
index c487e4e1000b..4db6589cdcf1 100644
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 23, 2024
+.Dd January 25, 2025
 .Dt MITIGATIONS 7
 .Os
 .Sh NAME
@@ -244,9 +244,13 @@ and it is possible that some applications may not function correctly.
 .Fx
 supports stack overflow protection using the Stack Smashing Protector
 .Pq SSP
-compiler feature.
+compiler feature,
+and stack clash protection.
 In userland, SSP adds a per-process randomized canary at the end of every stack
-frame which is checked for corruption upon return from the function.
+frame which is checked for corruption upon return from the function,
+and stack probing in
+.Dv PAGE_SIZE
+chunks.
 In the kernel, a single randomized canary is used globally except on aarch64,
 which has a
 .Dv PERTHREAD_SSP
@@ -264,7 +268,9 @@ When
 .Va WITH_SSP
 is enabled, which is the default, world is built with the
 .Fl fstack-protector-strong
-compiler option.
+and
+.Fl fstack-clash-protection
+compiler options.
 The kernel is built with the
 .Fl fstack-protector
 option.
diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk
index 63774e857167..06f8e6e9fe78 100644
--- a/share/mk/bsd.sys.mk
+++ b/share/mk/bsd.sys.mk
@@ -304,7 +304,7 @@ CXXFLAGS.clang+=	 -Wno-c++11-extensions
 FORTIFY_SOURCE?=	0
 .if ${MK_SSP} != "no"
 # Don't use -Wstack-protector as it breaks world with -Werror.
-SSP_CFLAGS?=	-fstack-protector-strong
+SSP_CFLAGS?=	-fstack-protector-strong -fstack-clash-protection
 CFLAGS+=	${SSP_CFLAGS}
 .endif # SSP
 .if ${FORTIFY_SOURCE} > 0