* why no stack protector for vdso
@ 2019-11-13 9:21 linfeilong
2019-11-13 10:09 ` Marc Gonzalez
0 siblings, 1 reply; 3+ messages in thread
From: linfeilong @ 2019-11-13 9:21 UTC (permalink / raw)
To: vincenzo.frascino; +Cc: Hushiyuan, linux-arm-kernel
Dear Frascino,
Can you help me to know why there is -fno-stack-protector in the Makefile of vdso?
I wonder if we can delete it, as for safety requirements.
Thank you
Best regards
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: why no stack protector for vdso
2019-11-13 9:21 why no stack protector for vdso linfeilong
@ 2019-11-13 10:09 ` Marc Gonzalez
0 siblings, 0 replies; 3+ messages in thread
From: Marc Gonzalez @ 2019-11-13 10:09 UTC (permalink / raw)
To: Linfeilong, Vincenzo Frascino
Cc: Hushiyuan, Nathan Lynch, Russell King, Nathan Lynch, Linux ARM
On 13/11/2019 10:21, linfeilong wrote:
> Dear Frascino,
[ Cultural note: full names are written in a different order in the "West"
and in the "East". FWIW, his first name is Vincenzo ;-)
cf. https://en.wikipedia.org/wiki/Personal_name#Name_order ]
> Can you help me to know why there is -fno-stack-protector in the Makefile of vdso?
> I wonder if we can delete it, as for safety requirements.
There appear to be 3 files you might be referring to:
arch/arm/vdso/Makefile:ccflags-y := -fPIC -fno-common -fno-builtin -fno-stack-protector
arch/arm64/kernel/vdso/Makefile:ccflags-y := -fno-common -fno-builtin -fno-stack-protector -ffixed-x18
arch/arm64/kernel/vdso32/Makefile:VDSO_CAFLAGS += -fPIC -fno-builtin -fno-stack-protector
arch/arm/vdso/Makefile : 8512287a8165592466cb9cb347ba94892e9c56a5
Maybe related:
https://lore.kernel.org/patchwork/patch/143610/
https://lwn.net/Articles/318565/
> With -fstack-protector, gcc copies pt_regs into the callee's stack
> frame to put it after the stack canary. Of course it doesn't copy
> back (as the callee owns the argument) and any change made to pt_regs
> is lost on return. This is currently worked around by adding
> -fno-stack-protector to any file containing such functions. We
> really need to teach gcc about the calling convention.
Maybe this is still true? (Although this was on x86_32)
AFAICT, the option was added at this point:
https://lore.kernel.org/linux-arm-kernel/CAASgrz0QfSfnggAf2C0bS7wXbdoPYtVHRhK0UfvT8pykjCowMA@mail.gmail.com/
Regards.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: why no stack protector for vdso
[not found] <82a77dfebc9649bd90b0ad6b8a47ffdd@huawei.com>
@ 2019-11-26 11:09 ` Vincenzo Frascino
0 siblings, 0 replies; 3+ messages in thread
From: Vincenzo Frascino @ 2019-11-26 11:09 UTC (permalink / raw)
To: linfeilong, Marc Gonzalez; +Cc: Hushiyuan, Linux ARM
[-- Attachment #1: Type: text/plain, Size: 844 bytes --]
Hi Linfeilong,
sorry for the late reply.
[...]
>
> Sorry, I can't well understand. As I know, with -fstack-protect a canary is pushed ,
> and then checked before return. __stack_chk_fail will be called if failed.
> Maybe the reason is that vdso can not link to __stack_chk_fail of glibc as it is
> compiled fully in kernel , so we should keep -fno-stack-protector?
>
The vdso library is self-contained and does not link against any other library.
-fstack-protector as you correctly pointed out would require external symbols.
>>
>> Maybe this is still true? (Although this was on x86_32)
>>
>> AFAICT, the option was added at this point:
>>
>> https://lore.kernel.org/linux-arm-
>> kernel/CAASgrz0QfSfnggAf2C0bS7wXbdoPYtVHRhK0UfvT8pykjCowMA@mai
>> l.gmail.com/
>>
>> Regards.
>
--
Regards,
Vincenzo
[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 14291 bytes --]
[-- Attachment #3: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-26 11:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-13 9:21 why no stack protector for vdso linfeilong
2019-11-13 10:09 ` Marc Gonzalez
[not found] <82a77dfebc9649bd90b0ad6b8a47ffdd@huawei.com>
2019-11-26 11:09 ` Vincenzo Frascino
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.