From: Mike Frysinger <vapier@gentoo.org>
To: linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support
Date: Thu, 09 Dec 2010 17:32:29 +0000 [thread overview]
Message-ID: <201012091232.31577.vapier@gentoo.org> (raw)
In-Reply-To: <4D0107AA.2020909@st.com>
[-- Attachment #1: Type: Text/Plain, Size: 2058 bytes --]
On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
> On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> > On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> >> I agree with you that the Kconfig and Makefile changes are not arch
> >> specific, so these changes can be moved to a common code (even if I
> >> don't know if other archs do support SSP).
> >> In the current kernel, only x86 and ARM added this support, so I'm
> >> wondering if, moving SSP to the common Makefile, it needs to depend on
> >> x86, ARM, SH being configured ?
> >
> > i'm not sure it does. ssp is designed to be arch independent, so really
> > you only need a new enough gcc version. which means i dont think it
> > needs to depend on any arch code and you can simply add to the Makefile
> > a compiler check.
>
> agreed, but if arch wants to implement the per-task canary feature, some
> change into arch specific code is required.
yes, but that doesnt mean the common symbol definition needs to be duplicated
> >> Regarding the __stack_chk_guard symbol defined in process[_32].c, I
> >> don't know if all archs need to define this global variable to implement
> >> SSP. For sure x86 does not need it. It depends on how the gcc implements
> >> this feature. This was mainly the reason for which we defined it
> >> specifically in an arch specific code.
> >
> > the common gcc code too outputs __stack_chk_guard references. none of
> > that is in arch-specific places.
>
> a simple test on x86 just prints reference to __stack_chk_fail only (not
> reference to the global variable guard)
>
> gcc is 4.3.0-8 (Fedora C9)
gcc will reference both __stack_chk_fail and __stack_chk_guard depending on
the code. i think you only need to test that gcc accepts -fstack-protector
and then assume the rest ... i dont think you need to come up with random
pieces of code and cajole the symbol references out of gcc.
along those lines, i see your patch adding __stack_chk_guard, but where is
__stack_chk_fail ?
-mike
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: vapier@gentoo.org (Mike Frysinger)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support
Date: Thu, 9 Dec 2010 12:32:29 -0500 [thread overview]
Message-ID: <201012091232.31577.vapier@gentoo.org> (raw)
In-Reply-To: <4D0107AA.2020909@st.com>
On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
> On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> > On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> >> I agree with you that the Kconfig and Makefile changes are not arch
> >> specific, so these changes can be moved to a common code (even if I
> >> don't know if other archs do support SSP).
> >> In the current kernel, only x86 and ARM added this support, so I'm
> >> wondering if, moving SSP to the common Makefile, it needs to depend on
> >> x86, ARM, SH being configured ?
> >
> > i'm not sure it does. ssp is designed to be arch independent, so really
> > you only need a new enough gcc version. which means i dont think it
> > needs to depend on any arch code and you can simply add to the Makefile
> > a compiler check.
>
> agreed, but if arch wants to implement the per-task canary feature, some
> change into arch specific code is required.
yes, but that doesnt mean the common symbol definition needs to be duplicated
> >> Regarding the __stack_chk_guard symbol defined in process[_32].c, I
> >> don't know if all archs need to define this global variable to implement
> >> SSP. For sure x86 does not need it. It depends on how the gcc implements
> >> this feature. This was mainly the reason for which we defined it
> >> specifically in an arch specific code.
> >
> > the common gcc code too outputs __stack_chk_guard references. none of
> > that is in arch-specific places.
>
> a simple test on x86 just prints reference to __stack_chk_fail only (not
> reference to the global variable guard)
>
> gcc is 4.3.0-8 (Fedora C9)
gcc will reference both __stack_chk_fail and __stack_chk_guard depending on
the code. i think you only need to test that gcc accepts -fstack-protector
and then assume the rest ... i dont think you need to come up with random
pieces of code and cajole the symbol references out of gcc.
along those lines, i see your patch adding __stack_chk_guard, but where is
__stack_chk_fail ?
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20101209/b39fab0d/attachment-0001.sig>
next prev parent reply other threads:[~2010-12-09 17:32 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-07 10:20 [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support Filippo ARCIDIACONO
2010-12-07 10:20 ` Filippo ARCIDIACONO
2010-12-07 10:20 ` [PATCH (sh-2.6) 2/2] arm: use generic implementation of Filippo ARCIDIACONO
2010-12-07 10:20 ` [PATCH (sh-2.6) 2/2] arm: use generic implementation of boot_init_stack_canary Filippo ARCIDIACONO
2010-12-07 18:29 ` [PATCH (sh-2.6) 2/2] arm: use generic implementation of Nicolas Pitre
2010-12-07 18:29 ` [PATCH (sh-2.6) 2/2] arm: use generic implementation of boot_init_stack_canary Nicolas Pitre
2010-12-07 13:43 ` [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support
2010-12-07 13:43 ` Uwe Kleine-König
2010-12-07 18:28 ` Nicolas Pitre
2010-12-07 18:28 ` Nicolas Pitre
2010-12-07 20:15 ` Mike Frysinger
2010-12-07 20:15 ` Mike Frysinger
2010-12-08 4:40 ` Paul Mundt
2010-12-08 4:40 ` Paul Mundt
2010-12-09 15:56 ` Carmelo AMOROSO
2010-12-09 15:56 ` Carmelo AMOROSO
2010-12-09 16:07 ` Mike Frysinger
2010-12-09 16:07 ` Mike Frysinger
2010-12-09 16:45 ` Carmelo AMOROSO
2010-12-09 16:45 ` Carmelo AMOROSO
2010-12-09 17:32 ` Mike Frysinger [this message]
2010-12-09 17:32 ` Mike Frysinger
2010-12-09 18:23 ` Nicolas Pitre
2010-12-09 18:23 ` Nicolas Pitre
2010-12-09 18:52 ` Carmelo Amoroso
2010-12-09 18:52 ` Carmelo Amoroso
2010-12-09 21:14 ` Mike Frysinger
2010-12-09 21:14 ` Mike Frysinger
2010-12-10 5:56 ` Carmelo AMOROSO
2010-12-10 5:56 ` Carmelo AMOROSO
2010-12-10 6:38 ` Mike Frysinger
2010-12-10 6:38 ` Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201012091232.31577.vapier@gentoo.org \
--to=vapier@gentoo.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.