why no stack protector for vdso

why no stack protector for vdso

[linfeilong]

Dear Frascino,

Can you help me to know why there is -fno-stack-protector in the Makefile of vdso?
I wonder if we can delete it, as for safety requirements. 

Thank you

Best regards

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: why no stack protector for vdso

[Marc Gonzalez]

On 13/11/2019 10:21, linfeilong wrote:

> Dear Frascino,

[ Cultural note: full names are written in a different order in the "West"
and in the "East". FWIW, his first name is Vincenzo ;-)
cf. https://en.wikipedia.org/wiki/Personal_name#Name_order ]

> Can you help me to know why there is -fno-stack-protector in the Makefile of vdso?
> I wonder if we can delete it, as for safety requirements. 

There appear to be 3 files you might be referring to:

arch/arm/vdso/Makefile:ccflags-y := -fPIC -fno-common -fno-builtin -fno-stack-protector
arch/arm64/kernel/vdso/Makefile:ccflags-y := -fno-common -fno-builtin -fno-stack-protector -ffixed-x18
arch/arm64/kernel/vdso32/Makefile:VDSO_CAFLAGS += -fPIC -fno-builtin -fno-stack-protector

arch/arm/vdso/Makefile : 8512287a8165592466cb9cb347ba94892e9c56a5

Maybe related:
https://lore.kernel.org/patchwork/patch/143610/
https://lwn.net/Articles/318565/

> With -fstack-protector, gcc copies pt_regs into the callee's stack
> frame to put it after the stack canary.  Of course it doesn't copy
> back (as the callee owns the argument) and any change made to pt_regs
> is lost on return.  This is currently worked around by adding
> -fno-stack-protector to any file containing such functions.  We
> really need to teach gcc about the calling convention.

Maybe this is still true? (Although this was on x86_32)

AFAICT, the option was added at this point:

https://lore.kernel.org/linux-arm-kernel/CAASgrz0QfSfnggAf2C0bS7wXbdoPYtVHRhK0UfvT8pykjCowMA@mail.gmail.com/

Regards.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: why no stack protector for vdso

[Vincenzo Frascino]

[-- Attachment #1: Type: text/plain, Size: 844 bytes --]

Hi Linfeilong,

sorry for the late reply.

[...]

> 
> Sorry, I can't well understand. As I know, with -fstack-protect a canary is pushed , 
> and then  checked before return.   __stack_chk_fail will be called if failed.
> Maybe the reason is that vdso can not link to __stack_chk_fail of glibc as it is 
> compiled fully in kernel , so we should keep -fno-stack-protector?
>

The vdso library is self-contained and does not link against any other library.
-fstack-protector as you correctly pointed out would require external symbols.

>>
>> Maybe this is still true? (Although this was on x86_32)
>>
>> AFAICT, the option was added at this point:
>>
>> https://lore.kernel.org/linux-arm-
>> kernel/CAASgrz0QfSfnggAf2C0bS7wXbdoPYtVHRhK0UfvT8pykjCowMA@mai
>> l.gmail.com/
>>
>> Regards.
> 

-- 
Regards,
Vincenzo

[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 14291 bytes --]

[-- Attachment #3: Type: text/plain, Size: 176 bytes --]

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel