[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Filippo ARCIDIACONO]

Add stack smashing suppurt for SH architecture. This is based on work
from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
Use the ARM boot_init_stack_canary function to initialize the guard
canary. It has been placed under asm-generic to allow archtectures
based on __stack_chk_guard to use a common implementation.
Update the __stack_chk_guard global variable with the value stored in
the task struct whenever a task switch occurs to allow for different
canary values per task. This cannot work on SMP where the initial
canary value is always used.

Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>
---
 arch/sh/Kconfig                      |   13 +++++++++++
 arch/sh/Makefile                     |    4 +++
 arch/sh/include/asm/stackprotector.h |   10 ++++++++
 arch/sh/kernel/process_32.c          |    9 +++++++
 include/asm-generic/stackprotector.h |   39 ++++++++++++++++++++++++++++++++++
 5 files changed, 75 insertions(+), 0 deletions(-)
 create mode 100644 arch/sh/include/asm/stackprotector.h
 create mode 100644 include/asm-generic/stackprotector.h

diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index 1e905a6..2c82c98 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -742,6 +742,19 @@ config HW_PERF_EVENTS
 	  Enable hardware performance counter support for perf events. If
 	  disabled, perf events will use software events only.
 
+config CC_STACKPROTECTOR
+	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
+	depends on EXPERIMENTAL
+	help
+	  This option turns on the -fstack-protector GCC feature. This
+	  feature puts, at the beginning of functions, a canary value on
+	  the stack just before the return address, and validates
+	  the value just before actually returning.  Stack based buffer
+	  overflows (that need to overwrite this return address) now also
+	  overwrite the canary, which gets detected and the attack is then
+	  neutralized via a kernel panic.
+	  This feature requires gcc version 4.2 or above.
+
 source "drivers/sh/Kconfig"
 
 endmenu
diff --git a/arch/sh/Makefile b/arch/sh/Makefile
index 9c8c6e1..3cef435 100644
--- a/arch/sh/Makefile
+++ b/arch/sh/Makefile
@@ -197,6 +197,10 @@ ifeq ($(CONFIG_DWARF_UNWINDER),y)
   KBUILD_CFLAGS += -fasynchronous-unwind-tables
 endif
 
+ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
+  KBUILD_CFLAGS += -fstack-protector
+endif
+
 libs-$(CONFIG_SUPERH32)		:= arch/sh/lib/	$(libs-y)
 libs-$(CONFIG_SUPERH64)		:= arch/sh/lib64/ $(libs-y)
 
diff --git a/arch/sh/include/asm/stackprotector.h b/arch/sh/include/asm/stackprotector.h
new file mode 100644
index 0000000..f777dbd
--- /dev/null
+++ b/arch/sh/include/asm/stackprotector.h
@@ -0,0 +1,10 @@
+/*
+ * SH specific GCC stack protector support.
+ */
+
+#ifndef _ASM_STACKPROTECTOR_H
+#define _ASM_STACKPROTECTOR_H 1
+
+#include <asm-generic/stackprotector.h>
+
+#endif	/* _ASM_STACKPROTECTOR_H */
diff --git a/arch/sh/kernel/process_32.c b/arch/sh/kernel/process_32.c
index 762a139..97535d8 100644
--- a/arch/sh/kernel/process_32.c
+++ b/arch/sh/kernel/process_32.c
@@ -27,6 +27,11 @@
 #include <asm/fpu.h>
 #include <asm/syscalls.h>
 
+#ifdef CONFIG_CC_STACKPROTECTOR
+unsigned long __stack_chk_guard __read_mostly;
+EXPORT_SYMBOL(__stack_chk_guard);
+#endif
+
 void show_regs(struct pt_regs * regs)
 {
 	printk("\n");
@@ -221,6 +226,10 @@ __switch_to(struct task_struct *prev, struct task_struct *next)
 {
 	struct thread_struct *next_t = &next->thread;
 
+#if defined CONFIG_CC_STACKPROTECTOR && !defined CONFIG_SMP
+	__stack_chk_guard = next->stack_canary;
+#endif
+
 	unlazy_fpu(prev, task_pt_regs(prev));
 
 	/* we're going to use this soon, after a few expensive things */
diff --git a/include/asm-generic/stackprotector.h b/include/asm-generic/stackprotector.h
new file mode 100644
index 0000000..2d33c83
--- /dev/null
+++ b/include/asm-generic/stackprotector.h
@@ -0,0 +1,39 @@
+/*
+ * GCC stack protector support.
+ * (Generic implementation based on __stack_chk_guard)
+ *
+ * Stack protector works by putting predefined pattern at the start of
+ * the stack frame and verifying that it hasn't been overwritten when
+ * returning from the function.  The pattern is called stack canary
+ * and gcc expects it to be defined by a global variable called
+ * "__stack_chk_guard". This unfortunately means that on SMP
+ * we cannot have a different canary value per task.
+ */
+
+#ifndef _ASM_STACKPROTECTOR_H
+#error "Never use <asm-generic/stackprotector.h> directly; \
+include <asm/stackprotector.h> instead."
+#endif
+
+#include <linux/random.h>
+#include <linux/version.h>
+
+extern unsigned long __stack_chk_guard;
+
+/*
+ * Initialize the stackprotector canary value.
+ *
+ * NOTE: this must only be called from functions that never return,
+ * and it must always be inlined.
+ */
+static __always_inline void boot_init_stack_canary(void)
+{
+	unsigned long canary;
+
+	/* Try to get a semi random initial value. */
+	get_random_bytes(&canary, sizeof(canary));
+	canary ^= LINUX_VERSION_CODE;
+
+	current->stack_canary = canary;
+	__stack_chk_guard = current->stack_canary;
+}
-- 
1.5.5.6

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Filippo ARCIDIACONO]

Add stack smashing suppurt for SH architecture. This is based on work
from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
Use the ARM boot_init_stack_canary function to initialize the guard
canary. It has been placed under asm-generic to allow archtectures
based on __stack_chk_guard to use a common implementation.
Update the __stack_chk_guard global variable with the value stored in
the task struct whenever a task switch occurs to allow for different
canary values per task. This cannot work on SMP where the initial
canary value is always used.

Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>
---
 arch/sh/Kconfig                      |   13 +++++++++++
 arch/sh/Makefile                     |    4 +++
 arch/sh/include/asm/stackprotector.h |   10 ++++++++
 arch/sh/kernel/process_32.c          |    9 +++++++
 include/asm-generic/stackprotector.h |   39 ++++++++++++++++++++++++++++++++++
 5 files changed, 75 insertions(+), 0 deletions(-)
 create mode 100644 arch/sh/include/asm/stackprotector.h
 create mode 100644 include/asm-generic/stackprotector.h

diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index 1e905a6..2c82c98 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -742,6 +742,19 @@ config HW_PERF_EVENTS
 	  Enable hardware performance counter support for perf events. If
 	  disabled, perf events will use software events only.
 
+config CC_STACKPROTECTOR
+	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
+	depends on EXPERIMENTAL
+	help
+	  This option turns on the -fstack-protector GCC feature. This
+	  feature puts, at the beginning of functions, a canary value on
+	  the stack just before the return address, and validates
+	  the value just before actually returning.  Stack based buffer
+	  overflows (that need to overwrite this return address) now also
+	  overwrite the canary, which gets detected and the attack is then
+	  neutralized via a kernel panic.
+	  This feature requires gcc version 4.2 or above.
+
 source "drivers/sh/Kconfig"
 
 endmenu
diff --git a/arch/sh/Makefile b/arch/sh/Makefile
index 9c8c6e1..3cef435 100644
--- a/arch/sh/Makefile
+++ b/arch/sh/Makefile
@@ -197,6 +197,10 @@ ifeq ($(CONFIG_DWARF_UNWINDER),y)
   KBUILD_CFLAGS += -fasynchronous-unwind-tables
 endif
 
+ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
+  KBUILD_CFLAGS += -fstack-protector
+endif
+
 libs-$(CONFIG_SUPERH32)		:= arch/sh/lib/	$(libs-y)
 libs-$(CONFIG_SUPERH64)		:= arch/sh/lib64/ $(libs-y)
 
diff --git a/arch/sh/include/asm/stackprotector.h b/arch/sh/include/asm/stackprotector.h
new file mode 100644
index 0000000..f777dbd
--- /dev/null
+++ b/arch/sh/include/asm/stackprotector.h
@@ -0,0 +1,10 @@
+/*
+ * SH specific GCC stack protector support.
+ */
+
+#ifndef _ASM_STACKPROTECTOR_H
+#define _ASM_STACKPROTECTOR_H 1
+
+#include <asm-generic/stackprotector.h>
+
+#endif	/* _ASM_STACKPROTECTOR_H */
diff --git a/arch/sh/kernel/process_32.c b/arch/sh/kernel/process_32.c
index 762a139..97535d8 100644
--- a/arch/sh/kernel/process_32.c
+++ b/arch/sh/kernel/process_32.c
@@ -27,6 +27,11 @@
 #include <asm/fpu.h>
 #include <asm/syscalls.h>
 
+#ifdef CONFIG_CC_STACKPROTECTOR
+unsigned long __stack_chk_guard __read_mostly;
+EXPORT_SYMBOL(__stack_chk_guard);
+#endif
+
 void show_regs(struct pt_regs * regs)
 {
 	printk("\n");
@@ -221,6 +226,10 @@ __switch_to(struct task_struct *prev, struct task_struct *next)
 {
 	struct thread_struct *next_t = &next->thread;
 
+#if defined CONFIG_CC_STACKPROTECTOR && !defined CONFIG_SMP
+	__stack_chk_guard = next->stack_canary;
+#endif
+
 	unlazy_fpu(prev, task_pt_regs(prev));
 
 	/* we're going to use this soon, after a few expensive things */
diff --git a/include/asm-generic/stackprotector.h b/include/asm-generic/stackprotector.h
new file mode 100644
index 0000000..2d33c83
--- /dev/null
+++ b/include/asm-generic/stackprotector.h
@@ -0,0 +1,39 @@
+/*
+ * GCC stack protector support.
+ * (Generic implementation based on __stack_chk_guard)
+ *
+ * Stack protector works by putting predefined pattern at the start of
+ * the stack frame and verifying that it hasn't been overwritten when
+ * returning from the function.  The pattern is called stack canary
+ * and gcc expects it to be defined by a global variable called
+ * "__stack_chk_guard". This unfortunately means that on SMP
+ * we cannot have a different canary value per task.
+ */
+
+#ifndef _ASM_STACKPROTECTOR_H
+#error "Never use <asm-generic/stackprotector.h> directly; \
+include <asm/stackprotector.h> instead."
+#endif
+
+#include <linux/random.h>
+#include <linux/version.h>
+
+extern unsigned long __stack_chk_guard;
+
+/*
+ * Initialize the stackprotector canary value.
+ *
+ * NOTE: this must only be called from functions that never return,
+ * and it must always be inlined.
+ */
+static __always_inline void boot_init_stack_canary(void)
+{
+	unsigned long canary;
+
+	/* Try to get a semi random initial value. */
+	get_random_bytes(&canary, sizeof(canary));
+	canary ^= LINUX_VERSION_CODE;
+
+	current->stack_canary = canary;
+	__stack_chk_guard = current->stack_canary;
+}
-- 
1.5.5.6

[PATCH (sh-2.6) 2/2] arm: use generic implementation of

[Filippo ARCIDIACONO]

All architectures using __stack_chk_guard global variable as canary
could use a generic implementation of boot_init_stack_canary.

Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>
---
 arch/arm/include/asm/stackprotector.h |   32 ++------------------------------
 1 files changed, 2 insertions(+), 30 deletions(-)

diff --git a/arch/arm/include/asm/stackprotector.h b/arch/arm/include/asm/stackprotector.h
index de00332..1ae30bc 100644
--- a/arch/arm/include/asm/stackprotector.h
+++ b/arch/arm/include/asm/stackprotector.h
@@ -1,38 +1,10 @@
 /*
- * GCC stack protector support.
- *
- * Stack protector works by putting predefined pattern at the start of
- * the stack frame and verifying that it hasn't been overwritten when
- * returning from the function.  The pattern is called stack canary
- * and gcc expects it to be defined by a global variable called
- * "__stack_chk_guard" on ARM.  This unfortunately means that on SMP
- * we cannot have a different canary value per task.
+ * ARM specific GCC stack protector support.
  */
 
 #ifndef _ASM_STACKPROTECTOR_H
 #define _ASM_STACKPROTECTOR_H 1
 
-#include <linux/random.h>
-#include <linux/version.h>
-
-extern unsigned long __stack_chk_guard;
-
-/*
- * Initialize the stackprotector canary value.
- *
- * NOTE: this must only be called from functions that never return,
- * and it must always be inlined.
- */
-static __always_inline void boot_init_stack_canary(void)
-{
-	unsigned long canary;
-
-	/* Try to get a semi random initial value. */
-	get_random_bytes(&canary, sizeof(canary));
-	canary ^= LINUX_VERSION_CODE;
-
-	current->stack_canary = canary;
-	__stack_chk_guard = current->stack_canary;
-}
+#include <asm-generic/stackprotector.h>
 
 #endif	/* _ASM_STACKPROTECTOR_H */
-- 
1.5.5.6

[PATCH (sh-2.6) 2/2] arm: use generic implementation of boot_init_stack_canary

[Filippo ARCIDIACONO]

All architectures using __stack_chk_guard global variable as canary
could use a generic implementation of boot_init_stack_canary.

Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>
---
 arch/arm/include/asm/stackprotector.h |   32 ++------------------------------
 1 files changed, 2 insertions(+), 30 deletions(-)

diff --git a/arch/arm/include/asm/stackprotector.h b/arch/arm/include/asm/stackprotector.h
index de00332..1ae30bc 100644
--- a/arch/arm/include/asm/stackprotector.h
+++ b/arch/arm/include/asm/stackprotector.h
@@ -1,38 +1,10 @@
 /*
- * GCC stack protector support.
- *
- * Stack protector works by putting predefined pattern at the start of
- * the stack frame and verifying that it hasn't been overwritten when
- * returning from the function.  The pattern is called stack canary
- * and gcc expects it to be defined by a global variable called
- * "__stack_chk_guard" on ARM.  This unfortunately means that on SMP
- * we cannot have a different canary value per task.
+ * ARM specific GCC stack protector support.
  */
 
 #ifndef _ASM_STACKPROTECTOR_H
 #define _ASM_STACKPROTECTOR_H 1
 
-#include <linux/random.h>
-#include <linux/version.h>
-
-extern unsigned long __stack_chk_guard;
-
-/*
- * Initialize the stackprotector canary value.
- *
- * NOTE: this must only be called from functions that never return,
- * and it must always be inlined.
- */
-static __always_inline void boot_init_stack_canary(void)
-{
-	unsigned long canary;
-
-	/* Try to get a semi random initial value. */
-	get_random_bytes(&canary, sizeof(canary));
-	canary ^= LINUX_VERSION_CODE;
-
-	current->stack_canary = canary;
-	__stack_chk_guard = current->stack_canary;
-}
+#include <asm-generic/stackprotector.h>
 
 #endif	/* _ASM_STACKPROTECTOR_H */
-- 
1.5.5.6

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[@ 2010-12-07 13:43 UTC (permalink / raw)]

On Tue, Dec 07, 2010 at 11:20:53AM +0100, Filippo ARCIDIACONO wrote:
> Add stack smashing suppurt for SH architecture. This is based on work
s/suppurt/support/

> from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
> Use the ARM boot_init_stack_canary function to initialize the guard
> canary. It has been placed under asm-generic to allow archtectures
s/archtectures/architectures/

Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Uwe Kleine-König]

On Tue, Dec 07, 2010 at 11:20:53AM +0100, Filippo ARCIDIACONO wrote:
> Add stack smashing suppurt for SH architecture. This is based on work
s/suppurt/support/

> from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
> Use the ARM boot_init_stack_canary function to initialize the guard
> canary. It has been placed under asm-generic to allow archtectures
s/archtectures/architectures/

Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-K?nig            |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Nicolas Pitre]

On Tue, 7 Dec 2010, Filippo ARCIDIACONO wrote:

> Add stack smashing suppurt for SH architecture. This is based on work
> from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
> Use the ARM boot_init_stack_canary function to initialize the guard
> canary. It has been placed under asm-generic to allow archtectures
> based on __stack_chk_guard to use a common implementation.
> Update the __stack_chk_guard global variable with the value stored in
> the task struct whenever a task switch occurs to allow for different
> canary values per task. This cannot work on SMP where the initial
> canary value is always used.

Uwe already pointed out some typos in the above.

> Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
> Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>

Acked-by: Nicolas Pitre <nicolas.pitre@linaro.org>



> ---
>  arch/sh/Kconfig                      |   13 +++++++++++
>  arch/sh/Makefile                     |    4 +++
>  arch/sh/include/asm/stackprotector.h |   10 ++++++++
>  arch/sh/kernel/process_32.c          |    9 +++++++
>  include/asm-generic/stackprotector.h |   39 ++++++++++++++++++++++++++++++++++
>  5 files changed, 75 insertions(+), 0 deletions(-)
>  create mode 100644 arch/sh/include/asm/stackprotector.h
>  create mode 100644 include/asm-generic/stackprotector.h
> 
> diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
> index 1e905a6..2c82c98 100644
> --- a/arch/sh/Kconfig
> +++ b/arch/sh/Kconfig
> @@ -742,6 +742,19 @@ config HW_PERF_EVENTS
>  	  Enable hardware performance counter support for perf events. If
>  	  disabled, perf events will use software events only.
>  
> +config CC_STACKPROTECTOR
> +	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
> +	depends on EXPERIMENTAL
> +	help
> +	  This option turns on the -fstack-protector GCC feature. This
> +	  feature puts, at the beginning of functions, a canary value on
> +	  the stack just before the return address, and validates
> +	  the value just before actually returning.  Stack based buffer
> +	  overflows (that need to overwrite this return address) now also
> +	  overwrite the canary, which gets detected and the attack is then
> +	  neutralized via a kernel panic.
> +	  This feature requires gcc version 4.2 or above.
> +
>  source "drivers/sh/Kconfig"
>  
>  endmenu
> diff --git a/arch/sh/Makefile b/arch/sh/Makefile
> index 9c8c6e1..3cef435 100644
> --- a/arch/sh/Makefile
> +++ b/arch/sh/Makefile
> @@ -197,6 +197,10 @@ ifeq ($(CONFIG_DWARF_UNWINDER),y)
>    KBUILD_CFLAGS += -fasynchronous-unwind-tables
>  endif
>  
> +ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
> +  KBUILD_CFLAGS += -fstack-protector
> +endif
> +
>  libs-$(CONFIG_SUPERH32)		:= arch/sh/lib/	$(libs-y)
>  libs-$(CONFIG_SUPERH64)		:= arch/sh/lib64/ $(libs-y)
>  
> diff --git a/arch/sh/include/asm/stackprotector.h b/arch/sh/include/asm/stackprotector.h
> new file mode 100644
> index 0000000..f777dbd
> --- /dev/null
> +++ b/arch/sh/include/asm/stackprotector.h
> @@ -0,0 +1,10 @@
> +/*
> + * SH specific GCC stack protector support.
> + */
> +
> +#ifndef _ASM_STACKPROTECTOR_H
> +#define _ASM_STACKPROTECTOR_H 1
> +
> +#include <asm-generic/stackprotector.h>
> +
> +#endif	/* _ASM_STACKPROTECTOR_H */
> diff --git a/arch/sh/kernel/process_32.c b/arch/sh/kernel/process_32.c
> index 762a139..97535d8 100644
> --- a/arch/sh/kernel/process_32.c
> +++ b/arch/sh/kernel/process_32.c
> @@ -27,6 +27,11 @@
>  #include <asm/fpu.h>
>  #include <asm/syscalls.h>
>  
> +#ifdef CONFIG_CC_STACKPROTECTOR
> +unsigned long __stack_chk_guard __read_mostly;
> +EXPORT_SYMBOL(__stack_chk_guard);
> +#endif
> +
>  void show_regs(struct pt_regs * regs)
>  {
>  	printk("\n");
> @@ -221,6 +226,10 @@ __switch_to(struct task_struct *prev, struct task_struct *next)
>  {
>  	struct thread_struct *next_t = &next->thread;
>  
> +#if defined CONFIG_CC_STACKPROTECTOR && !defined CONFIG_SMP
> +	__stack_chk_guard = next->stack_canary;
> +#endif
> +
>  	unlazy_fpu(prev, task_pt_regs(prev));
>  
>  	/* we're going to use this soon, after a few expensive things */
> diff --git a/include/asm-generic/stackprotector.h b/include/asm-generic/stackprotector.h
> new file mode 100644
> index 0000000..2d33c83
> --- /dev/null
> +++ b/include/asm-generic/stackprotector.h
> @@ -0,0 +1,39 @@
> +/*
> + * GCC stack protector support.
> + * (Generic implementation based on __stack_chk_guard)
> + *
> + * Stack protector works by putting predefined pattern at the start of
> + * the stack frame and verifying that it hasn't been overwritten when
> + * returning from the function.  The pattern is called stack canary
> + * and gcc expects it to be defined by a global variable called
> + * "__stack_chk_guard". This unfortunately means that on SMP
> + * we cannot have a different canary value per task.
> + */
> +
> +#ifndef _ASM_STACKPROTECTOR_H
> +#error "Never use <asm-generic/stackprotector.h> directly; \
> +include <asm/stackprotector.h> instead."
> +#endif
> +
> +#include <linux/random.h>
> +#include <linux/version.h>
> +
> +extern unsigned long __stack_chk_guard;
> +
> +/*
> + * Initialize the stackprotector canary value.
> + *
> + * NOTE: this must only be called from functions that never return,
> + * and it must always be inlined.
> + */
> +static __always_inline void boot_init_stack_canary(void)
> +{
> +	unsigned long canary;
> +
> +	/* Try to get a semi random initial value. */
> +	get_random_bytes(&canary, sizeof(canary));
> +	canary ^= LINUX_VERSION_CODE;
> +
> +	current->stack_canary = canary;
> +	__stack_chk_guard = current->stack_canary;
> +}
> -- 
> 1.5.5.6
> 

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Nicolas Pitre]

On Tue, 7 Dec 2010, Filippo ARCIDIACONO wrote:

> Add stack smashing suppurt for SH architecture. This is based on work
> from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
> Use the ARM boot_init_stack_canary function to initialize the guard
> canary. It has been placed under asm-generic to allow archtectures
> based on __stack_chk_guard to use a common implementation.
> Update the __stack_chk_guard global variable with the value stored in
> the task struct whenever a task switch occurs to allow for different
> canary values per task. This cannot work on SMP where the initial
> canary value is always used.

Uwe already pointed out some typos in the above.

> Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
> Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>

Acked-by: Nicolas Pitre <nicolas.pitre@linaro.org>



> ---
>  arch/sh/Kconfig                      |   13 +++++++++++
>  arch/sh/Makefile                     |    4 +++
>  arch/sh/include/asm/stackprotector.h |   10 ++++++++
>  arch/sh/kernel/process_32.c          |    9 +++++++
>  include/asm-generic/stackprotector.h |   39 ++++++++++++++++++++++++++++++++++
>  5 files changed, 75 insertions(+), 0 deletions(-)
>  create mode 100644 arch/sh/include/asm/stackprotector.h
>  create mode 100644 include/asm-generic/stackprotector.h
> 
> diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
> index 1e905a6..2c82c98 100644
> --- a/arch/sh/Kconfig
> +++ b/arch/sh/Kconfig
> @@ -742,6 +742,19 @@ config HW_PERF_EVENTS
>  	  Enable hardware performance counter support for perf events. If
>  	  disabled, perf events will use software events only.
>  
> +config CC_STACKPROTECTOR
> +	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
> +	depends on EXPERIMENTAL
> +	help
> +	  This option turns on the -fstack-protector GCC feature. This
> +	  feature puts, at the beginning of functions, a canary value on
> +	  the stack just before the return address, and validates
> +	  the value just before actually returning.  Stack based buffer
> +	  overflows (that need to overwrite this return address) now also
> +	  overwrite the canary, which gets detected and the attack is then
> +	  neutralized via a kernel panic.
> +	  This feature requires gcc version 4.2 or above.
> +
>  source "drivers/sh/Kconfig"
>  
>  endmenu
> diff --git a/arch/sh/Makefile b/arch/sh/Makefile
> index 9c8c6e1..3cef435 100644
> --- a/arch/sh/Makefile
> +++ b/arch/sh/Makefile
> @@ -197,6 +197,10 @@ ifeq ($(CONFIG_DWARF_UNWINDER),y)
>    KBUILD_CFLAGS += -fasynchronous-unwind-tables
>  endif
>  
> +ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
> +  KBUILD_CFLAGS += -fstack-protector
> +endif
> +
>  libs-$(CONFIG_SUPERH32)		:= arch/sh/lib/	$(libs-y)
>  libs-$(CONFIG_SUPERH64)		:= arch/sh/lib64/ $(libs-y)
>  
> diff --git a/arch/sh/include/asm/stackprotector.h b/arch/sh/include/asm/stackprotector.h
> new file mode 100644
> index 0000000..f777dbd
> --- /dev/null
> +++ b/arch/sh/include/asm/stackprotector.h
> @@ -0,0 +1,10 @@
> +/*
> + * SH specific GCC stack protector support.
> + */
> +
> +#ifndef _ASM_STACKPROTECTOR_H
> +#define _ASM_STACKPROTECTOR_H 1
> +
> +#include <asm-generic/stackprotector.h>
> +
> +#endif	/* _ASM_STACKPROTECTOR_H */
> diff --git a/arch/sh/kernel/process_32.c b/arch/sh/kernel/process_32.c
> index 762a139..97535d8 100644
> --- a/arch/sh/kernel/process_32.c
> +++ b/arch/sh/kernel/process_32.c
> @@ -27,6 +27,11 @@
>  #include <asm/fpu.h>
>  #include <asm/syscalls.h>
>  
> +#ifdef CONFIG_CC_STACKPROTECTOR
> +unsigned long __stack_chk_guard __read_mostly;
> +EXPORT_SYMBOL(__stack_chk_guard);
> +#endif
> +
>  void show_regs(struct pt_regs * regs)
>  {
>  	printk("\n");
> @@ -221,6 +226,10 @@ __switch_to(struct task_struct *prev, struct task_struct *next)
>  {
>  	struct thread_struct *next_t = &next->thread;
>  
> +#if defined CONFIG_CC_STACKPROTECTOR && !defined CONFIG_SMP
> +	__stack_chk_guard = next->stack_canary;
> +#endif
> +
>  	unlazy_fpu(prev, task_pt_regs(prev));
>  
>  	/* we're going to use this soon, after a few expensive things */
> diff --git a/include/asm-generic/stackprotector.h b/include/asm-generic/stackprotector.h
> new file mode 100644
> index 0000000..2d33c83
> --- /dev/null
> +++ b/include/asm-generic/stackprotector.h
> @@ -0,0 +1,39 @@
> +/*
> + * GCC stack protector support.
> + * (Generic implementation based on __stack_chk_guard)
> + *
> + * Stack protector works by putting predefined pattern at the start of
> + * the stack frame and verifying that it hasn't been overwritten when
> + * returning from the function.  The pattern is called stack canary
> + * and gcc expects it to be defined by a global variable called
> + * "__stack_chk_guard". This unfortunately means that on SMP
> + * we cannot have a different canary value per task.
> + */
> +
> +#ifndef _ASM_STACKPROTECTOR_H
> +#error "Never use <asm-generic/stackprotector.h> directly; \
> +include <asm/stackprotector.h> instead."
> +#endif
> +
> +#include <linux/random.h>
> +#include <linux/version.h>
> +
> +extern unsigned long __stack_chk_guard;
> +
> +/*
> + * Initialize the stackprotector canary value.
> + *
> + * NOTE: this must only be called from functions that never return,
> + * and it must always be inlined.
> + */
> +static __always_inline void boot_init_stack_canary(void)
> +{
> +	unsigned long canary;
> +
> +	/* Try to get a semi random initial value. */
> +	get_random_bytes(&canary, sizeof(canary));
> +	canary ^= LINUX_VERSION_CODE;
> +
> +	current->stack_canary = canary;
> +	__stack_chk_guard = current->stack_canary;
> +}
> -- 
> 1.5.5.6
> 

Re: [PATCH (sh-2.6) 2/2] arm: use generic implementation of

[Nicolas Pitre]

On Tue, 7 Dec 2010, Filippo ARCIDIACONO wrote:

> All architectures using __stack_chk_guard global variable as canary
> could use a generic implementation of boot_init_stack_canary.
> 
> Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
> Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>

Acked-by: Nicolas Pitre <nicolas.pitre@linaro.org>

> ---
>  arch/arm/include/asm/stackprotector.h |   32 ++------------------------------
>  1 files changed, 2 insertions(+), 30 deletions(-)
> 
> diff --git a/arch/arm/include/asm/stackprotector.h b/arch/arm/include/asm/stackprotector.h
> index de00332..1ae30bc 100644
> --- a/arch/arm/include/asm/stackprotector.h
> +++ b/arch/arm/include/asm/stackprotector.h
> @@ -1,38 +1,10 @@
>  /*
> - * GCC stack protector support.
> - *
> - * Stack protector works by putting predefined pattern at the start of
> - * the stack frame and verifying that it hasn't been overwritten when
> - * returning from the function.  The pattern is called stack canary
> - * and gcc expects it to be defined by a global variable called
> - * "__stack_chk_guard" on ARM.  This unfortunately means that on SMP
> - * we cannot have a different canary value per task.
> + * ARM specific GCC stack protector support.
>   */
>  
>  #ifndef _ASM_STACKPROTECTOR_H
>  #define _ASM_STACKPROTECTOR_H 1
>  
> -#include <linux/random.h>
> -#include <linux/version.h>
> -
> -extern unsigned long __stack_chk_guard;
> -
> -/*
> - * Initialize the stackprotector canary value.
> - *
> - * NOTE: this must only be called from functions that never return,
> - * and it must always be inlined.
> - */
> -static __always_inline void boot_init_stack_canary(void)
> -{
> -	unsigned long canary;
> -
> -	/* Try to get a semi random initial value. */
> -	get_random_bytes(&canary, sizeof(canary));
> -	canary ^= LINUX_VERSION_CODE;
> -
> -	current->stack_canary = canary;
> -	__stack_chk_guard = current->stack_canary;
> -}
> +#include <asm-generic/stackprotector.h>
>  
>  #endif	/* _ASM_STACKPROTECTOR_H */
> -- 
> 1.5.5.6
> 

[PATCH (sh-2.6) 2/2] arm: use generic implementation of boot_init_stack_canary

[Nicolas Pitre]

On Tue, 7 Dec 2010, Filippo ARCIDIACONO wrote:

> All architectures using __stack_chk_guard global variable as canary
> could use a generic implementation of boot_init_stack_canary.
> 
> Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
> Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>

Acked-by: Nicolas Pitre <nicolas.pitre@linaro.org>

> ---
>  arch/arm/include/asm/stackprotector.h |   32 ++------------------------------
>  1 files changed, 2 insertions(+), 30 deletions(-)
> 
> diff --git a/arch/arm/include/asm/stackprotector.h b/arch/arm/include/asm/stackprotector.h
> index de00332..1ae30bc 100644
> --- a/arch/arm/include/asm/stackprotector.h
> +++ b/arch/arm/include/asm/stackprotector.h
> @@ -1,38 +1,10 @@
>  /*
> - * GCC stack protector support.
> - *
> - * Stack protector works by putting predefined pattern at the start of
> - * the stack frame and verifying that it hasn't been overwritten when
> - * returning from the function.  The pattern is called stack canary
> - * and gcc expects it to be defined by a global variable called
> - * "__stack_chk_guard" on ARM.  This unfortunately means that on SMP
> - * we cannot have a different canary value per task.
> + * ARM specific GCC stack protector support.
>   */
>  
>  #ifndef _ASM_STACKPROTECTOR_H
>  #define _ASM_STACKPROTECTOR_H 1
>  
> -#include <linux/random.h>
> -#include <linux/version.h>
> -
> -extern unsigned long __stack_chk_guard;
> -
> -/*
> - * Initialize the stackprotector canary value.
> - *
> - * NOTE: this must only be called from functions that never return,
> - * and it must always be inlined.
> - */
> -static __always_inline void boot_init_stack_canary(void)
> -{
> -	unsigned long canary;
> -
> -	/* Try to get a semi random initial value. */
> -	get_random_bytes(&canary, sizeof(canary));
> -	canary ^= LINUX_VERSION_CODE;
> -
> -	current->stack_canary = canary;
> -	__stack_chk_guard = current->stack_canary;
> -}
> +#include <asm-generic/stackprotector.h>
>  
>  #endif	/* _ASM_STACKPROTECTOR_H */
> -- 
> 1.5.5.6
> 

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 1149 bytes --]

On Tuesday, December 07, 2010 05:20:53 Filippo ARCIDIACONO wrote:
> Add stack smashing suppurt for SH architecture. This is based on work
> from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
> Use the ARM boot_init_stack_canary function to initialize the guard
> canary. It has been placed under asm-generic to allow archtectures
> based on __stack_chk_guard to use a common implementation.
> Update the __stack_chk_guard global variable with the value stored in
> the task struct whenever a task switch occurs to allow for different
> canary values per task. This cannot work on SMP where the initial
> canary value is always used.
> 
>  arch/sh/Kconfig                      |   13 +++++++++++
>  arch/sh/Makefile                     |    4 +++
>  arch/sh/include/asm/stackprotector.h |   10 ++++++++
>  arch/sh/kernel/process_32.c          |    9 +++++++
>  include/asm-generic/stackprotector.h |   39

if you're starting asm-generic stuff, why not go the distance and do it all in 
common code ?  your sh/Kconfig and sh/Makefile changes arent specific to 
SuperH, nor is the symbol in process_32.c.
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

On Tuesday, December 07, 2010 05:20:53 Filippo ARCIDIACONO wrote:
> Add stack smashing suppurt for SH architecture. This is based on work
> from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
> Use the ARM boot_init_stack_canary function to initialize the guard
> canary. It has been placed under asm-generic to allow archtectures
> based on __stack_chk_guard to use a common implementation.
> Update the __stack_chk_guard global variable with the value stored in
> the task struct whenever a task switch occurs to allow for different
> canary values per task. This cannot work on SMP where the initial
> canary value is always used.
> 
>  arch/sh/Kconfig                      |   13 +++++++++++
>  arch/sh/Makefile                     |    4 +++
>  arch/sh/include/asm/stackprotector.h |   10 ++++++++
>  arch/sh/kernel/process_32.c          |    9 +++++++
>  include/asm-generic/stackprotector.h |   39

if you're starting asm-generic stuff, why not go the distance and do it all in 
common code ?  your sh/Kconfig and sh/Makefile changes arent specific to 
SuperH, nor is the symbol in process_32.c.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20101207/93831eda/attachment.sig>

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Paul Mundt]

On Tue, Dec 07, 2010 at 03:15:23PM -0500, Mike Frysinger wrote:
> On Tuesday, December 07, 2010 05:20:53 Filippo ARCIDIACONO wrote:
> > Add stack smashing suppurt for SH architecture. This is based on work
> > from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
> > Use the ARM boot_init_stack_canary function to initialize the guard
> > canary. It has been placed under asm-generic to allow archtectures
> > based on __stack_chk_guard to use a common implementation.
> > Update the __stack_chk_guard global variable with the value stored in
> > the task struct whenever a task switch occurs to allow for different
> > canary values per task. This cannot work on SMP where the initial
> > canary value is always used.
> > 
> >  arch/sh/Kconfig                      |   13 +++++++++++
> >  arch/sh/Makefile                     |    4 +++
> >  arch/sh/include/asm/stackprotector.h |   10 ++++++++
> >  arch/sh/kernel/process_32.c          |    9 +++++++
> >  include/asm-generic/stackprotector.h |   39
> 
> if you're starting asm-generic stuff, why not go the distance and do it all in 
> common code ?  your sh/Kconfig and sh/Makefile changes arent specific to 
> SuperH, nor is the symbol in process_32.c.

Indeed. It would be nice to simply shove this in to lib/ with the
Makefile bits in the top-level Makefile. 

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Paul Mundt]

On Tue, Dec 07, 2010 at 03:15:23PM -0500, Mike Frysinger wrote:
> On Tuesday, December 07, 2010 05:20:53 Filippo ARCIDIACONO wrote:
> > Add stack smashing suppurt for SH architecture. This is based on work
> > from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
> > Use the ARM boot_init_stack_canary function to initialize the guard
> > canary. It has been placed under asm-generic to allow archtectures
> > based on __stack_chk_guard to use a common implementation.
> > Update the __stack_chk_guard global variable with the value stored in
> > the task struct whenever a task switch occurs to allow for different
> > canary values per task. This cannot work on SMP where the initial
> > canary value is always used.
> > 
> >  arch/sh/Kconfig                      |   13 +++++++++++
> >  arch/sh/Makefile                     |    4 +++
> >  arch/sh/include/asm/stackprotector.h |   10 ++++++++
> >  arch/sh/kernel/process_32.c          |    9 +++++++
> >  include/asm-generic/stackprotector.h |   39
> 
> if you're starting asm-generic stuff, why not go the distance and do it all in 
> common code ?  your sh/Kconfig and sh/Makefile changes arent specific to 
> SuperH, nor is the symbol in process_32.c.

Indeed. It would be nice to simply shove this in to lib/ with the
Makefile bits in the top-level Makefile. 

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Carmelo AMOROSO]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/8/2010 5:40 AM, Paul Mundt wrote:
> On Tue, Dec 07, 2010 at 03:15:23PM -0500, Mike Frysinger wrote:
>  > On Tuesday, December 07, 2010 05:20:53 Filippo ARCIDIACONO wrote:
>  > > Add stack smashing suppurt for SH architecture. This is based on work
>  > > from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
>  > > Use the ARM boot_init_stack_canary function to initialize the guard
>  > > canary. It has been placed under asm-generic to allow archtectures
>  > > based on __stack_chk_guard to use a common implementation.
>  > > Update the __stack_chk_guard global variable with the value stored in
>  > > the task struct whenever a task switch occurs to allow for different
>  > > canary values per task. This cannot work on SMP where the initial
>  > > canary value is always used.
>  > >
>  > > arch/sh/Kconfig | 13 +++++++++++
>  > > arch/sh/Makefile | 4 +++
>  > > arch/sh/include/asm/stackprotector.h | 10 ++++++++
>  > > arch/sh/kernel/process_32.c | 9 +++++++
>  > > include/asm-generic/stackprotector.h | 39
>  >
>  > if you're starting asm-generic stuff, why not go the distance and do it all in
>  > common code ? your sh/Kconfig and sh/Makefile changes arent specific to
>  > SuperH, nor is the symbol in process_32.c.
> 
> Indeed. It would be nice to simply shove this in to lib/ with the
> Makefile bits in the top-level Makefile.
> 

Hi Paul, Mike
thanks for your feedback.

I agree with you that the Kconfig and Makefile changes are not arch
specific, so these changes can be moved to a common code (even if I
don't know if other archs do support SSP).
In the current kernel, only x86 and ARM added this support, so I'm
wondering if, moving SSP to the common Makefile, it needs to depend on
x86, ARM, SH being configured ?

Regarding the __stack_chk_guard symbol defined in process[_32].c, I
don't know if all archs need to define this global variable to implement
SSP. For sure x86 does not need it. It depends on how the gcc implements
this feature. This was mainly the reason for which we defined it
specifically in an arch specific code.

What is your opinion ?

Thanks,
Carmelo & Filippo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0A/CoACgkQoRq/3BrK1s/slgCg2GVWo/uuURyvmu1401rQWP74
L3UAoNwppj1eZFpReEe0wCIbalZ7ksMs
=kDGH
-----END PGP SIGNATURE-----

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Carmelo AMOROSO]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/8/2010 5:40 AM, Paul Mundt wrote:
> On Tue, Dec 07, 2010 at 03:15:23PM -0500, Mike Frysinger wrote:
>  > On Tuesday, December 07, 2010 05:20:53 Filippo ARCIDIACONO wrote:
>  > > Add stack smashing suppurt for SH architecture. This is based on work
>  > > from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633).
>  > > Use the ARM boot_init_stack_canary function to initialize the guard
>  > > canary. It has been placed under asm-generic to allow archtectures
>  > > based on __stack_chk_guard to use a common implementation.
>  > > Update the __stack_chk_guard global variable with the value stored in
>  > > the task struct whenever a task switch occurs to allow for different
>  > > canary values per task. This cannot work on SMP where the initial
>  > > canary value is always used.
>  > >
>  > > arch/sh/Kconfig | 13 +++++++++++
>  > > arch/sh/Makefile | 4 +++
>  > > arch/sh/include/asm/stackprotector.h | 10 ++++++++
>  > > arch/sh/kernel/process_32.c | 9 +++++++
>  > > include/asm-generic/stackprotector.h | 39
>  >
>  > if you're starting asm-generic stuff, why not go the distance and do it all in
>  > common code ? your sh/Kconfig and sh/Makefile changes arent specific to
>  > SuperH, nor is the symbol in process_32.c.
> 
> Indeed. It would be nice to simply shove this in to lib/ with the
> Makefile bits in the top-level Makefile.
> 

Hi Paul, Mike
thanks for your feedback.

I agree with you that the Kconfig and Makefile changes are not arch
specific, so these changes can be moved to a common code (even if I
don't know if other archs do support SSP).
In the current kernel, only x86 and ARM added this support, so I'm
wondering if, moving SSP to the common Makefile, it needs to depend on
x86, ARM, SH being configured ?

Regarding the __stack_chk_guard symbol defined in process[_32].c, I
don't know if all archs need to define this global variable to implement
SSP. For sure x86 does not need it. It depends on how the gcc implements
this feature. This was mainly the reason for which we defined it
specifically in an arch specific code.

What is your opinion ?

Thanks,
Carmelo & Filippo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0A/CoACgkQoRq/3BrK1s/slgCg2GVWo/uuURyvmu1401rQWP74
L3UAoNwppj1eZFpReEe0wCIbalZ7ksMs
=kDGH
-----END PGP SIGNATURE-----

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 1123 bytes --]

On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> I agree with you that the Kconfig and Makefile changes are not arch
> specific, so these changes can be moved to a common code (even if I
> don't know if other archs do support SSP).
> In the current kernel, only x86 and ARM added this support, so I'm
> wondering if, moving SSP to the common Makefile, it needs to depend on
> x86, ARM, SH being configured ?

i'm not sure it does.  ssp is designed to be arch independent, so really you 
only need a new enough gcc version.  which means i dont think it needs to 
depend on any arch code and you can simply add to the Makefile a compiler 
check.

> Regarding the __stack_chk_guard symbol defined in process[_32].c, I
> don't know if all archs need to define this global variable to implement
> SSP. For sure x86 does not need it. It depends on how the gcc implements
> this feature. This was mainly the reason for which we defined it
> specifically in an arch specific code.

the common gcc code too outputs __stack_chk_guard references.  none of that is 
in arch-specific places.
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> I agree with you that the Kconfig and Makefile changes are not arch
> specific, so these changes can be moved to a common code (even if I
> don't know if other archs do support SSP).
> In the current kernel, only x86 and ARM added this support, so I'm
> wondering if, moving SSP to the common Makefile, it needs to depend on
> x86, ARM, SH being configured ?

i'm not sure it does.  ssp is designed to be arch independent, so really you 
only need a new enough gcc version.  which means i dont think it needs to 
depend on any arch code and you can simply add to the Makefile a compiler 
check.

> Regarding the __stack_chk_guard symbol defined in process[_32].c, I
> don't know if all archs need to define this global variable to implement
> SSP. For sure x86 does not need it. It depends on how the gcc implements
> this feature. This was mainly the reason for which we defined it
> specifically in an arch specific code.

the common gcc code too outputs __stack_chk_guard references.  none of that is 
in arch-specific places.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20101209/18ba3db9/attachment-0001.sig>

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Carmelo AMOROSO]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
>> I agree with you that the Kconfig and Makefile changes are not arch
>> specific, so these changes can be moved to a common code (even if I
>> don't know if other archs do support SSP).
>> In the current kernel, only x86 and ARM added this support, so I'm
>> wondering if, moving SSP to the common Makefile, it needs to depend on
>> x86, ARM, SH being configured ?
> 
> i'm not sure it does.  ssp is designed to be arch independent, so really you 
> only need a new enough gcc version.  which means i dont think it needs to 
> depend on any arch code and you can simply add to the Makefile a compiler 
> check.
> 
agreed, but if arch wants to implement the per-task canary feature, some
change into arch specific code is required.

>> Regarding the __stack_chk_guard symbol defined in process[_32].c, I
>> don't know if all archs need to define this global variable to implement
>> SSP. For sure x86 does not need it. It depends on how the gcc implements
>> this feature. This was mainly the reason for which we defined it
>> specifically in an arch specific code.
> 
> the common gcc code too outputs __stack_chk_guard references.  none of that is 
> in arch-specific places.

a simple test on x86 just prints reference to __stack_chk_fail only (not
reference to the global variable guard)

gcc is 4.3.0-8 (Fedora C9)

> -mike

carmelo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0BB6oACgkQoRq/3BrK1s8UCwCgwZWzH68RsmMiwWYn13f0+g30
+QAAn10EkbDLYZY1qmkTKd/OLF68+rlL
=Xq83
-----END PGP SIGNATURE-----

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Carmelo AMOROSO]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
>> I agree with you that the Kconfig and Makefile changes are not arch
>> specific, so these changes can be moved to a common code (even if I
>> don't know if other archs do support SSP).
>> In the current kernel, only x86 and ARM added this support, so I'm
>> wondering if, moving SSP to the common Makefile, it needs to depend on
>> x86, ARM, SH being configured ?
> 
> i'm not sure it does.  ssp is designed to be arch independent, so really you 
> only need a new enough gcc version.  which means i dont think it needs to 
> depend on any arch code and you can simply add to the Makefile a compiler 
> check.
> 
agreed, but if arch wants to implement the per-task canary feature, some
change into arch specific code is required.

>> Regarding the __stack_chk_guard symbol defined in process[_32].c, I
>> don't know if all archs need to define this global variable to implement
>> SSP. For sure x86 does not need it. It depends on how the gcc implements
>> this feature. This was mainly the reason for which we defined it
>> specifically in an arch specific code.
> 
> the common gcc code too outputs __stack_chk_guard references.  none of that is 
> in arch-specific places.

a simple test on x86 just prints reference to __stack_chk_fail only (not
reference to the global variable guard)

gcc is 4.3.0-8 (Fedora C9)

> -mike

carmelo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0BB6oACgkQoRq/3BrK1s8UCwCgwZWzH68RsmMiwWYn13f0+g30
+QAAn10EkbDLYZY1qmkTKd/OLF68+rlL
=Xq83
-----END PGP SIGNATURE-----

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 2058 bytes --]

On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
> On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> > On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> >> I agree with you that the Kconfig and Makefile changes are not arch
> >> specific, so these changes can be moved to a common code (even if I
> >> don't know if other archs do support SSP).
> >> In the current kernel, only x86 and ARM added this support, so I'm
> >> wondering if, moving SSP to the common Makefile, it needs to depend on
> >> x86, ARM, SH being configured ?
> > 
> > i'm not sure it does.  ssp is designed to be arch independent, so really
> > you only need a new enough gcc version.  which means i dont think it
> > needs to depend on any arch code and you can simply add to the Makefile
> > a compiler check.
> 
> agreed, but if arch wants to implement the per-task canary feature, some
> change into arch specific code is required.

yes, but that doesnt mean the common symbol definition needs to be duplicated

> >> Regarding the __stack_chk_guard symbol defined in process[_32].c, I
> >> don't know if all archs need to define this global variable to implement
> >> SSP. For sure x86 does not need it. It depends on how the gcc implements
> >> this feature. This was mainly the reason for which we defined it
> >> specifically in an arch specific code.
> > 
> > the common gcc code too outputs __stack_chk_guard references.  none of
> > that is in arch-specific places.
> 
> a simple test on x86 just prints reference to __stack_chk_fail only (not
> reference to the global variable guard)
> 
> gcc is 4.3.0-8 (Fedora C9)

gcc will reference both __stack_chk_fail and __stack_chk_guard depending on 
the code.  i think you only need to test that gcc accepts -fstack-protector 
and then assume the rest ... i dont think you need to come up with random 
pieces of code and cajole the symbol references out of gcc.

along those lines, i see your patch adding __stack_chk_guard, but where is 
__stack_chk_fail ?
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
> On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> > On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> >> I agree with you that the Kconfig and Makefile changes are not arch
> >> specific, so these changes can be moved to a common code (even if I
> >> don't know if other archs do support SSP).
> >> In the current kernel, only x86 and ARM added this support, so I'm
> >> wondering if, moving SSP to the common Makefile, it needs to depend on
> >> x86, ARM, SH being configured ?
> > 
> > i'm not sure it does.  ssp is designed to be arch independent, so really
> > you only need a new enough gcc version.  which means i dont think it
> > needs to depend on any arch code and you can simply add to the Makefile
> > a compiler check.
> 
> agreed, but if arch wants to implement the per-task canary feature, some
> change into arch specific code is required.

yes, but that doesnt mean the common symbol definition needs to be duplicated

> >> Regarding the __stack_chk_guard symbol defined in process[_32].c, I
> >> don't know if all archs need to define this global variable to implement
> >> SSP. For sure x86 does not need it. It depends on how the gcc implements
> >> this feature. This was mainly the reason for which we defined it
> >> specifically in an arch specific code.
> > 
> > the common gcc code too outputs __stack_chk_guard references.  none of
> > that is in arch-specific places.
> 
> a simple test on x86 just prints reference to __stack_chk_fail only (not
> reference to the global variable guard)
> 
> gcc is 4.3.0-8 (Fedora C9)

gcc will reference both __stack_chk_fail and __stack_chk_guard depending on 
the code.  i think you only need to test that gcc accepts -fstack-protector 
and then assume the rest ... i dont think you need to come up with random 
pieces of code and cajole the symbol references out of gcc.

along those lines, i see your patch adding __stack_chk_guard, but where is 
__stack_chk_fail ?
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20101209/b39fab0d/attachment-0001.sig>

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Nicolas Pitre]

On Thu, 9 Dec 2010, Mike Frysinger wrote:

> On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
> > On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> > > On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> > >> I agree with you that the Kconfig and Makefile changes are not arch
> > >> specific, so these changes can be moved to a common code (even if I
> > >> don't know if other archs do support SSP).
> > >> In the current kernel, only x86 and ARM added this support, so I'm
> > >> wondering if, moving SSP to the common Makefile, it needs to depend on
> > >> x86, ARM, SH being configured ?
> > > 
> > > i'm not sure it does.  ssp is designed to be arch independent, so really
> > > you only need a new enough gcc version.  which means i dont think it
> > > needs to depend on any arch code and you can simply add to the Makefile
> > > a compiler check.
> > 
> > agreed, but if arch wants to implement the per-task canary feature, some
> > change into arch specific code is required.
> 
> yes, but that doesnt mean the common symbol definition needs to be duplicated

We are talking about only one symbol here, which symbol is also 
dependent on the way this feature is implemented in gcc (e.g. on x86 the 
implementation is totally different and this symbol isn't used).  So I 
don't see a huge gain by defining this symbol in generic code, given the 
number of lines involved in the addition of a new file, just for a 
single symbol.

> gcc will reference both __stack_chk_fail and __stack_chk_guard depending on 
> the code. 

Not exactly.  gcc will reference __stack_chk_fail which incidentally is 
already defined in kernel/panic.c for everyone to use.  But 
__stack_chk_guard is not universally used on all architectures.

> i think you only need to test that gcc accepts -fstack-protector 
> and then assume the rest ... i dont think you need to come up with random 
> pieces of code and cajole the symbol references out of gcc.

Would you care to elaborate?

> along those lines, i see your patch adding __stack_chk_guard, but where is 
> __stack_chk_fail ?

See above.


Nicolas

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Nicolas Pitre]

On Thu, 9 Dec 2010, Mike Frysinger wrote:

> On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
> > On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> > > On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> > >> I agree with you that the Kconfig and Makefile changes are not arch
> > >> specific, so these changes can be moved to a common code (even if I
> > >> don't know if other archs do support SSP).
> > >> In the current kernel, only x86 and ARM added this support, so I'm
> > >> wondering if, moving SSP to the common Makefile, it needs to depend on
> > >> x86, ARM, SH being configured ?
> > > 
> > > i'm not sure it does.  ssp is designed to be arch independent, so really
> > > you only need a new enough gcc version.  which means i dont think it
> > > needs to depend on any arch code and you can simply add to the Makefile
> > > a compiler check.
> > 
> > agreed, but if arch wants to implement the per-task canary feature, some
> > change into arch specific code is required.
> 
> yes, but that doesnt mean the common symbol definition needs to be duplicated

We are talking about only one symbol here, which symbol is also 
dependent on the way this feature is implemented in gcc (e.g. on x86 the 
implementation is totally different and this symbol isn't used).  So I 
don't see a huge gain by defining this symbol in generic code, given the 
number of lines involved in the addition of a new file, just for a 
single symbol.

> gcc will reference both __stack_chk_fail and __stack_chk_guard depending on 
> the code. 

Not exactly.  gcc will reference __stack_chk_fail which incidentally is 
already defined in kernel/panic.c for everyone to use.  But 
__stack_chk_guard is not universally used on all architectures.

> i think you only need to test that gcc accepts -fstack-protector 
> and then assume the rest ... i dont think you need to come up with random 
> pieces of code and cajole the symbol references out of gcc.

Would you care to elaborate?

> along those lines, i see your patch adding __stack_chk_guard, but where is 
> __stack_chk_fail ?

See above.


Nicolas

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Carmelo Amoroso]

On 09/12/10 19:23, Nicolas Pitre wrote:
> On Thu, 9 Dec 2010, Mike Frysinger wrote:
> 
>> On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
>>> On 12/9/2010 5:07 PM, Mike Frysinger wrote:
>>>> On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
>>>>> I agree with you that the Kconfig and Makefile changes are not arch
>>>>> specific, so these changes can be moved to a common code (even if I
>>>>> don't know if other archs do support SSP).
>>>>> In the current kernel, only x86 and ARM added this support, so I'm
>>>>> wondering if, moving SSP to the common Makefile, it needs to depend on
>>>>> x86, ARM, SH being configured ?
>>>>
>>>> i'm not sure it does.  ssp is designed to be arch independent, so really
>>>> you only need a new enough gcc version.  which means i dont think it
>>>> needs to depend on any arch code and you can simply add to the Makefile
>>>> a compiler check.
>>>
>>> agreed, but if arch wants to implement the per-task canary feature, some
>>> change into arch specific code is required.
>>
>> yes, but that doesnt mean the common symbol definition needs to be duplicated
> 
> We are talking about only one symbol here, which symbol is also 
> dependent on the way this feature is implemented in gcc (e.g. on x86 the 
> implementation is totally different and this symbol isn't used).  So I 
> don't see a huge gain by defining this symbol in generic code, given the 
> number of lines involved in the addition of a new file, just for a 
> single symbol.
> 
>> gcc will reference both __stack_chk_fail and __stack_chk_guard depending on 
>> the code. 
> 
> Not exactly.  gcc will reference __stack_chk_fail which incidentally is 
> already defined in kernel/panic.c for everyone to use.  But 
> __stack_chk_guard is not universally used on all architectures.
> 

yes, exactly. this is my same understanding. Now, if we are sure that on all archs (but x86) the gcc
requires to have the global __stack_chk_guard defined, we can think to have a CONFIG_SSP_CHK_GUARD
(or something similar) that can be used to determine if the guard needs to be defined.
In this way it could make sense to have a common file to define the guard and we will have
the SSP feature for all archs easily (x86 is only an exception to this)... but I don't know
how all other archs behave.
(Frankly instead of adding a new file for the guard, we could think to define it on a common file like init/main.c for
example, using the proosed CONFIG_SSP_CHK_GUARD so that it will not be pointlessly defined for x86 and
all other archs (if any) that do not need the global)

Carmelo

>> i think you only need to test that gcc accepts -fstack-protector 
>> and then assume the rest ... i dont think you need to come up with random 
>> pieces of code and cajole the symbol references out of gcc.
> 
> Would you care to elaborate?
> 
>> along those lines, i see your patch adding __stack_chk_guard, but where is 
>> __stack_chk_fail ?
> 
> See above.
> 
> 
> Nicolas
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sh" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Carmelo Amoroso]

On 09/12/10 19:23, Nicolas Pitre wrote:
> On Thu, 9 Dec 2010, Mike Frysinger wrote:
> 
>> On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
>>> On 12/9/2010 5:07 PM, Mike Frysinger wrote:
>>>> On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
>>>>> I agree with you that the Kconfig and Makefile changes are not arch
>>>>> specific, so these changes can be moved to a common code (even if I
>>>>> don't know if other archs do support SSP).
>>>>> In the current kernel, only x86 and ARM added this support, so I'm
>>>>> wondering if, moving SSP to the common Makefile, it needs to depend on
>>>>> x86, ARM, SH being configured ?
>>>>
>>>> i'm not sure it does.  ssp is designed to be arch independent, so really
>>>> you only need a new enough gcc version.  which means i dont think it
>>>> needs to depend on any arch code and you can simply add to the Makefile
>>>> a compiler check.
>>>
>>> agreed, but if arch wants to implement the per-task canary feature, some
>>> change into arch specific code is required.
>>
>> yes, but that doesnt mean the common symbol definition needs to be duplicated
> 
> We are talking about only one symbol here, which symbol is also 
> dependent on the way this feature is implemented in gcc (e.g. on x86 the 
> implementation is totally different and this symbol isn't used).  So I 
> don't see a huge gain by defining this symbol in generic code, given the 
> number of lines involved in the addition of a new file, just for a 
> single symbol.
> 
>> gcc will reference both __stack_chk_fail and __stack_chk_guard depending on 
>> the code. 
> 
> Not exactly.  gcc will reference __stack_chk_fail which incidentally is 
> already defined in kernel/panic.c for everyone to use.  But 
> __stack_chk_guard is not universally used on all architectures.
> 

yes, exactly. this is my same understanding. Now, if we are sure that on all archs (but x86) the gcc
requires to have the global __stack_chk_guard defined, we can think to have a CONFIG_SSP_CHK_GUARD
(or something similar) that can be used to determine if the guard needs to be defined.
In this way it could make sense to have a common file to define the guard and we will have
the SSP feature for all archs easily (x86 is only an exception to this)... but I don't know
how all other archs behave.
(Frankly instead of adding a new file for the guard, we could think to define it on a common file like init/main.c for
example, using the proosed CONFIG_SSP_CHK_GUARD so that it will not be pointlessly defined for x86 and
all other archs (if any) that do not need the global)

Carmelo

>> i think you only need to test that gcc accepts -fstack-protector 
>> and then assume the rest ... i dont think you need to come up with random 
>> pieces of code and cajole the symbol references out of gcc.
> 
> Would you care to elaborate?
> 
>> along those lines, i see your patch adding __stack_chk_guard, but where is 
>> __stack_chk_fail ?
> 
> See above.
> 
> 
> Nicolas
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sh" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 2543 bytes --]

On Thursday, December 09, 2010 13:23:55 Nicolas Pitre wrote:
> On Thu, 9 Dec 2010, Mike Frysinger wrote:
> > On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
> > > On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> > > > On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> > > >> I agree with you that the Kconfig and Makefile changes are not arch
> > > >> specific, so these changes can be moved to a common code (even if I
> > > >> don't know if other archs do support SSP).
> > > >> In the current kernel, only x86 and ARM added this support, so I'm
> > > >> wondering if, moving SSP to the common Makefile, it needs to depend
> > > >> on x86, ARM, SH being configured ?
> > > > 
> > > > i'm not sure it does.  ssp is designed to be arch independent, so
> > > > really you only need a new enough gcc version.  which means i dont
> > > > think it needs to depend on any arch code and you can simply add to
> > > > the Makefile a compiler check.
> > > 
> > > agreed, but if arch wants to implement the per-task canary feature,
> > > some change into arch specific code is required.
> > 
> > yes, but that doesnt mean the common symbol definition needs to be
> > duplicated
> 
> We are talking about only one symbol here, which symbol is also
> dependent on the way this feature is implemented in gcc (e.g. on x86 the
> implementation is totally different and this symbol isn't used).  So I
> don't see a huge gain by defining this symbol in generic code, given the
> number of lines involved in the addition of a new file, just for a
> single symbol.

you're right, a few targets dont have any symbol at all and do it through TLS.  
although that is more of an exception than a rule, so i'd still like to see 
the symbol in a common file.  perhaps reverse selected by the arch Kconfig 
like "select ARCH_WANT_STACK_CHK_GUARD".  or perhaps invert the logic so only 
the funky arches get punished.

i might highlight that the way gcc/i386 manages its canary is dependent upon 
the C library it was compiled against, but i dont want to poke that nest as 
i'm not interested in making it work on that arch ;).

> > i think you only need to test that gcc accepts -fstack-protector
> > and then assume the rest ... i dont think you need to come up with random
> > pieces of code and cajole the symbol references out of gcc.
> 
> Would you care to elaborate?

i simply mean that any makefile code checking for support need only look for 
gcc supporting -fstack-protector.
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

On Thursday, December 09, 2010 13:23:55 Nicolas Pitre wrote:
> On Thu, 9 Dec 2010, Mike Frysinger wrote:
> > On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
> > > On 12/9/2010 5:07 PM, Mike Frysinger wrote:
> > > > On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
> > > >> I agree with you that the Kconfig and Makefile changes are not arch
> > > >> specific, so these changes can be moved to a common code (even if I
> > > >> don't know if other archs do support SSP).
> > > >> In the current kernel, only x86 and ARM added this support, so I'm
> > > >> wondering if, moving SSP to the common Makefile, it needs to depend
> > > >> on x86, ARM, SH being configured ?
> > > > 
> > > > i'm not sure it does.  ssp is designed to be arch independent, so
> > > > really you only need a new enough gcc version.  which means i dont
> > > > think it needs to depend on any arch code and you can simply add to
> > > > the Makefile a compiler check.
> > > 
> > > agreed, but if arch wants to implement the per-task canary feature,
> > > some change into arch specific code is required.
> > 
> > yes, but that doesnt mean the common symbol definition needs to be
> > duplicated
> 
> We are talking about only one symbol here, which symbol is also
> dependent on the way this feature is implemented in gcc (e.g. on x86 the
> implementation is totally different and this symbol isn't used).  So I
> don't see a huge gain by defining this symbol in generic code, given the
> number of lines involved in the addition of a new file, just for a
> single symbol.

you're right, a few targets dont have any symbol at all and do it through TLS.  
although that is more of an exception than a rule, so i'd still like to see 
the symbol in a common file.  perhaps reverse selected by the arch Kconfig 
like "select ARCH_WANT_STACK_CHK_GUARD".  or perhaps invert the logic so only 
the funky arches get punished.

i might highlight that the way gcc/i386 manages its canary is dependent upon 
the C library it was compiled against, but i dont want to poke that nest as 
i'm not interested in making it work on that arch ;).

> > i think you only need to test that gcc accepts -fstack-protector
> > and then assume the rest ... i dont think you need to come up with random
> > pieces of code and cajole the symbol references out of gcc.
> 
> Would you care to elaborate?

i simply mean that any makefile code checking for support need only look for 
gcc supporting -fstack-protector.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20101209/057b6444/attachment.sig>

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Carmelo AMOROSO]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/9/2010 10:14 PM, Mike Frysinger wrote:
> On Thursday, December 09, 2010 13:23:55 Nicolas Pitre wrote:
>> On Thu, 9 Dec 2010, Mike Frysinger wrote:
>>> On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
>>>> On 12/9/2010 5:07 PM, Mike Frysinger wrote:
>>>>> On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
>>>>>> I agree with you that the Kconfig and Makefile changes are not arch
>>>>>> specific, so these changes can be moved to a common code (even if I
>>>>>> don't know if other archs do support SSP).
>>>>>> In the current kernel, only x86 and ARM added this support, so I'm
>>>>>> wondering if, moving SSP to the common Makefile, it needs to depend
>>>>>> on x86, ARM, SH being configured ?
>>>>>
>>>>> i'm not sure it does.  ssp is designed to be arch independent, so
>>>>> really you only need a new enough gcc version.  which means i dont
>>>>> think it needs to depend on any arch code and you can simply add to
>>>>> the Makefile a compiler check.
>>>>
>>>> agreed, but if arch wants to implement the per-task canary feature,
>>>> some change into arch specific code is required.
>>>
>>> yes, but that doesnt mean the common symbol definition needs to be
>>> duplicated
>>
>> We are talking about only one symbol here, which symbol is also
>> dependent on the way this feature is implemented in gcc (e.g. on x86 the
>> implementation is totally different and this symbol isn't used).  So I
>> don't see a huge gain by defining this symbol in generic code, given the
>> number of lines involved in the addition of a new file, just for a
>> single symbol.
> 
> you're right, a few targets dont have any symbol at all and do it through TLS.  
> although that is more of an exception than a rule, so i'd still like to see 
> the symbol in a common file.  perhaps reverse selected by the arch Kconfig 
> like "select ARCH_WANT_STACK_CHK_GUARD".  or perhaps invert the logic so only 
> the funky arches get punished.
> 

Mike,
we will post a n update version of the patch.

> i might highlight that the way gcc/i386 manages its canary is dependent upon 
> the C library it was compiled against, but i dont want to poke that nest as 
> i'm not interested in making it work on that arch ;).
> 

interesting... but x86 is out of scope for me too ;)

>>> i think you only need to test that gcc accepts -fstack-protector
>>> and then assume the rest ... i dont think you need to come up with random
>>> pieces of code and cajole the symbol references out of gcc.
>>
>> Would you care to elaborate?
> 
> i simply mean that any makefile code checking for support need only look for 
> gcc supporting -fstack-protector.

yes, sure

> -mike

cheers,
carmelo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0BwRIACgkQoRq/3BrK1s9gRwCeKMQ2xsGNrVEqo4gbL6NSXM8A
LeoAoNZgsIpvNxHSULHXZaPf3i6i4u/d
=kqky
-----END PGP SIGNATURE-----

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Carmelo AMOROSO]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/9/2010 10:14 PM, Mike Frysinger wrote:
> On Thursday, December 09, 2010 13:23:55 Nicolas Pitre wrote:
>> On Thu, 9 Dec 2010, Mike Frysinger wrote:
>>> On Thursday, December 09, 2010 11:45:30 Carmelo AMOROSO wrote:
>>>> On 12/9/2010 5:07 PM, Mike Frysinger wrote:
>>>>> On Thursday, December 09, 2010 10:56:26 Carmelo AMOROSO wrote:
>>>>>> I agree with you that the Kconfig and Makefile changes are not arch
>>>>>> specific, so these changes can be moved to a common code (even if I
>>>>>> don't know if other archs do support SSP).
>>>>>> In the current kernel, only x86 and ARM added this support, so I'm
>>>>>> wondering if, moving SSP to the common Makefile, it needs to depend
>>>>>> on x86, ARM, SH being configured ?
>>>>>
>>>>> i'm not sure it does.  ssp is designed to be arch independent, so
>>>>> really you only need a new enough gcc version.  which means i dont
>>>>> think it needs to depend on any arch code and you can simply add to
>>>>> the Makefile a compiler check.
>>>>
>>>> agreed, but if arch wants to implement the per-task canary feature,
>>>> some change into arch specific code is required.
>>>
>>> yes, but that doesnt mean the common symbol definition needs to be
>>> duplicated
>>
>> We are talking about only one symbol here, which symbol is also
>> dependent on the way this feature is implemented in gcc (e.g. on x86 the
>> implementation is totally different and this symbol isn't used).  So I
>> don't see a huge gain by defining this symbol in generic code, given the
>> number of lines involved in the addition of a new file, just for a
>> single symbol.
> 
> you're right, a few targets dont have any symbol at all and do it through TLS.  
> although that is more of an exception than a rule, so i'd still like to see 
> the symbol in a common file.  perhaps reverse selected by the arch Kconfig 
> like "select ARCH_WANT_STACK_CHK_GUARD".  or perhaps invert the logic so only 
> the funky arches get punished.
> 

Mike,
we will post a n update version of the patch.

> i might highlight that the way gcc/i386 manages its canary is dependent upon 
> the C library it was compiled against, but i dont want to poke that nest as 
> i'm not interested in making it work on that arch ;).
> 

interesting... but x86 is out of scope for me too ;)

>>> i think you only need to test that gcc accepts -fstack-protector
>>> and then assume the rest ... i dont think you need to come up with random
>>> pieces of code and cajole the symbol references out of gcc.
>>
>> Would you care to elaborate?
> 
> i simply mean that any makefile code checking for support need only look for 
> gcc supporting -fstack-protector.

yes, sure

> -mike

cheers,
carmelo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0BwRIACgkQoRq/3BrK1s9gRwCeKMQ2xsGNrVEqo4gbL6NSXM8A
LeoAoNZgsIpvNxHSULHXZaPf3i6i4u/d
=kqky
-----END PGP SIGNATURE-----

Re: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 214 bytes --]

On Friday, December 10, 2010 00:56:34 Carmelo AMOROSO wrote:
> we will post a n update version of the patch.

thanks !  i'll give it a test on Blackfin as i think i should be able to 
support this too.
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[PATCH (sh-2.6) 1/2] sh: add stack smashing protection support

[Mike Frysinger]

On Friday, December 10, 2010 00:56:34 Carmelo AMOROSO wrote:
> we will post a n update version of the patch.

thanks !  i'll give it a test on Blackfin as i think i should be able to 
support this too.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20101210/42f7a220/attachment.sig>