This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH][RFA/RFC] Stack clash mitigation patch 02/08 - V3
- From: Jeff Law <law at redhat dot com>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: gcc-patches <gcc-patches at gcc dot gnu dot org>
- Date: Mon, 18 Sep 2017 08:47:36 -0600
- Subject: Re: [PATCH][RFA/RFC] Stack clash mitigation patch 02/08 - V3
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=law at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E28503E6
- References: <7fdbaa2a-1fba-1c71-3f72-e58042feead3@redhat.com> <mvmd16o8ie2.fsf@suse.de>
On 09/18/2017 03:29 AM, Andreas Schwab wrote:
> On Jul 30 2017, Jeff Law <law@redhat.com> wrote:
>
>> This patch introduces generic mechanisms to protect the dynamically
>> allocated stack space against stack-clash attacks.
>>
>> Changes since V2:
>>
>> Dynamic allocations can be emitted as unrolled inlined probes or with a
>> rotated loop. Blockage insns are also properly emitted for the dynamic
>> area probes and the dynamic area probing now supports targets that may
>> make optimistic assumptions in their prologues. Finally it uses the new
>> param to control the probing interval.
>>
>> Tests were updated to explicitly specify the guard and probing interval.
>> New test to check inline/unrolled probes as well as rotated loop.
>
> Does that work correctly when the VLA is smaller than the probe size
> (word_mode by default)? I see a failure in glibc on armv7 where
> ldconfig is using a zero-size VLA, which is invalid in C, but it could
> also end up using a VLA of size 1.
I don't have a test for that, but can probably create one.
ISTM that if the size is variable and zero at runtime, then we need to
either allocate a small chunk and probe or avoid probing.
jeff