Add stack clash protection to the WITH_SSP flag
Some background info availabe in: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3 https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/ Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D48651
This commit is contained in:
@@ -28,7 +28,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd July 23, 2024
|
.Dd January 25, 2025
|
||||||
.Dt MITIGATIONS 7
|
.Dt MITIGATIONS 7
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@@ -244,9 +244,13 @@ and it is possible that some applications may not function correctly.
|
|||||||
.Fx
|
.Fx
|
||||||
supports stack overflow protection using the Stack Smashing Protector
|
supports stack overflow protection using the Stack Smashing Protector
|
||||||
.Pq SSP
|
.Pq SSP
|
||||||
compiler feature.
|
compiler feature,
|
||||||
|
and stack clash protection.
|
||||||
In userland, SSP adds a per-process randomized canary at the end of every stack
|
In userland, SSP adds a per-process randomized canary at the end of every stack
|
||||||
frame which is checked for corruption upon return from the function.
|
frame which is checked for corruption upon return from the function,
|
||||||
|
and stack probing in
|
||||||
|
.Dv PAGE_SIZE
|
||||||
|
chunks.
|
||||||
In the kernel, a single randomized canary is used globally except on aarch64,
|
In the kernel, a single randomized canary is used globally except on aarch64,
|
||||||
which has a
|
which has a
|
||||||
.Dv PERTHREAD_SSP
|
.Dv PERTHREAD_SSP
|
||||||
@@ -264,7 +268,9 @@ When
|
|||||||
.Va WITH_SSP
|
.Va WITH_SSP
|
||||||
is enabled, which is the default, world is built with the
|
is enabled, which is the default, world is built with the
|
||||||
.Fl fstack-protector-strong
|
.Fl fstack-protector-strong
|
||||||
compiler option.
|
and
|
||||||
|
.Fl fstack-clash-protection
|
||||||
|
compiler options.
|
||||||
The kernel is built with the
|
The kernel is built with the
|
||||||
.Fl fstack-protector
|
.Fl fstack-protector
|
||||||
option.
|
option.
|
||||||
|
|||||||
+1
-1
@@ -304,7 +304,7 @@ CXXFLAGS.clang+= -Wno-c++11-extensions
|
|||||||
FORTIFY_SOURCE?= 0
|
FORTIFY_SOURCE?= 0
|
||||||
.if ${MK_SSP} != "no"
|
.if ${MK_SSP} != "no"
|
||||||
# Don't use -Wstack-protector as it breaks world with -Werror.
|
# Don't use -Wstack-protector as it breaks world with -Werror.
|
||||||
SSP_CFLAGS?= -fstack-protector-strong
|
SSP_CFLAGS?= -fstack-protector-strong -fstack-clash-protection
|
||||||
CFLAGS+= ${SSP_CFLAGS}
|
CFLAGS+= ${SSP_CFLAGS}
|
||||||
.endif # SSP
|
.endif # SSP
|
||||||
.if ${FORTIFY_SOURCE} > 0
|
.if ${FORTIFY_SOURCE} > 0
|
||||||
|
|||||||
Reference in New Issue
Block a user