[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5j+Otsyy3g6BotjzAR3Ek1cTd8uspCqcR7-EpqPJ5xHawA@mail.gmail.com>
Date: Mon, 12 Nov 2018 02:28:18 -0600
From: Kees Cook <keescook@...omium.org>
To: Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc: Ingo Molnar <mingo@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>, X86 ML <x86@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
"H. Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...en8.de>,
LKML <linux-kernel@...r.kernel.org>,
Sven Joachim <svenjoac@....de>
Subject: Re: [PATCH] x86: remove gcc-x86_*-has-stack-protector.sh checks
On Sun, Nov 11, 2018 at 9:06 PM, Masahiro Yamada
<yamada.masahiro@...ionext.com> wrote:
> gcc-x86_64-has-stack-protector.sh was introduced by commit 4f7fd4d7a791
> ("[PATCH] Add the -fstack-protector option to the CFLAGS") in 2006
> to work around buggy compilers.
>
> gcc-x86_32-has-stack-protector.sh was introduced by commit 60a5317ff0f4
> ("x86: implement x86_32 stack protector"), which did not clearly state
> whether compilers were still producing broken code at that time.
>
> Now, the minimum reuquired GCC version is 4.6, which was released in
> 2011. Probably, we can dump these old compiler checks.
NAK. We need to keep this because we've seen recent regressions with
stack protection (e.g. gcc briefly used global instead of tls for the
canary, which silently broke the use of stack protectors). Since the
gcc/kernel "API" for the canary is so fragile we need to keep these
tests to make sure things end up where they're expected.
-Kees
>
> Signed-off-by: Masahiro Yamada <yamada.masahiro@...ionext.com>
> ---
>
> arch/x86/Kconfig | 10 +---------
> scripts/gcc-x86_32-has-stack-protector.sh | 4 ----
> scripts/gcc-x86_64-has-stack-protector.sh | 4 ----
> 3 files changed, 1 insertion(+), 17 deletions(-)
> delete mode 100755 scripts/gcc-x86_32-has-stack-protector.sh
> delete mode 100755 scripts/gcc-x86_64-has-stack-protector.sh
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 9d734f3..7240d50 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -187,7 +187,7 @@ config X86
> select HAVE_REGS_AND_STACK_ACCESS_API
> select HAVE_RELIABLE_STACKTRACE if X86_64 && (UNWINDER_FRAME_POINTER || UNWINDER_ORC) && STACK_VALIDATION
> select HAVE_FUNCTION_ARG_ACCESS_API
> - select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR
> + select HAVE_STACKPROTECTOR
> select HAVE_STACK_VALIDATION if X86_64
> select HAVE_RSEQ
> select HAVE_SYSCALL_TRACEPOINTS
> @@ -352,14 +352,6 @@ config PGTABLE_LEVELS
> default 3 if X86_PAE
> default 2
>
> -config CC_HAS_SANE_STACKPROTECTOR
> - bool
> - default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC)) if 64BIT
> - default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC))
> - help
> - We have to make sure stack protector is unconditionally disabled if
> - the compiler produces broken code.
> -
> menu "Processor type and features"
>
> config ZONE_DMA
> diff --git a/scripts/gcc-x86_32-has-stack-protector.sh b/scripts/gcc-x86_32-has-stack-protector.sh
> deleted file mode 100755
> index f5c1194..0000000
> --- a/scripts/gcc-x86_32-has-stack-protector.sh
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -#!/bin/sh
> -# SPDX-License-Identifier: GPL-2.0
> -
> -echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -m32 -O0 -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
> diff --git a/scripts/gcc-x86_64-has-stack-protector.sh b/scripts/gcc-x86_64-has-stack-protector.sh
> deleted file mode 100755
> index 75e4e22..0000000
> --- a/scripts/gcc-x86_64-has-stack-protector.sh
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -#!/bin/sh
> -# SPDX-License-Identifier: GPL-2.0
> -
> -echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -m64 -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
> --
> 2.7.4
>
--
Kees Cook
Powered by blists - more mailing lists