This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: RFC: stack/heap collision vulnerability and mitigation with GCC
- From: Florian Weimer <fweimer at redhat dot com>
- To: Joseph Myers <joseph at codesourcery dot com>, Jeff Law <law at redhat dot com>
- Cc: gcc-patches <gcc-patches at gcc dot gnu dot org>
- Date: Mon, 19 Jun 2017 20:21:42 +0200
- Subject: Re: RFC: stack/heap collision vulnerability and mitigation with GCC
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 53EA280F6B
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 53EA280F6B
- References: <bef46e40-8004-0f80-4928-ad0795eb76ba@redhat.com> <alpine.DEB.2.20.1706191744230.27712@digraph.polyomino.org.uk>
On 06/19/2017 07:50 PM, Joseph Myers wrote:
> There's a platform ABI issue here. At least some kernel fixes for these
> stack issues, as I understand it, increase the size of the stack guard to
> more than a single page. It would be possible to define the ABI to
> require such a larger guard for protection and so reduce the number of
> (non-alloca/VLA-using) functions that need probes generated, depending on
> whether a goal is to achieve security on kernels without such a fix.
> (Thinking in terms of how to get to enabling such probes by default.)
I think architectures such as aarch64 without implied stack probing as
part of the function call sequence would benefit most from an ABI
agreement (splitting the probing responsibility in some way between
caller and callee). For architectures with some form of implied
probing, the complications from negotiating a guard region size between
GCC, kernel, glibc, and perhaps even applications (see Jakub's comment
about thread stacks) outweigh the performance gains.
Thanks,
Florian