Re: [PATCH] tools: bpf: Disable stack protector

From: Yonghong Song
Date: Tue Jan 17 2023 - 12:14:07 EST

Next message: Arnd Bergmann: "[PATCH] [v2] drm/amd/display: fix dp_retrieve_lttpr_cap return code"
Previous message: Arnd Bergmann: "[PATCH] media: pvrusb2: fix DVB_CORE dependency"
In reply to: Yonghong Song: "Re: [PATCH] tools: bpf: Disable stack protector"
Next in thread: Eduard Zingerman: "Re: [PATCH] tools: bpf: Disable stack protector"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/17/23 5:23 AM, Jose E. Marchesi wrote:

On 1/16/23 2:49 PM, Peter Foley wrote:

On Mon, Jan 16, 2023 at 4:59 AM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:

A bit tangential, but since BPF LLVM backend does not support the
stack protector (should it?) there is also an option to adjust LLVM
to avoid this instrumentation, WDYT?

That would probably be worth doing, yes.
But given that won't help already released versions of clang, it
should probably happen in addition to this patch.

Peter,

If I understand correctly (by inspecting clang code), the stack
protector is off by default. Do you have link to Gentoo build
page to show how they enable stack protector? cmake config or
a private patch?

Jose,

How gcc-bpf handle stack protector? The compiler just disables
stack protector for bpf target?

It doesn't. -fstack-protector is disabled by default in GCC. When you
use it you get something like:

$ echo 'int foo() { char s[256]; return s[3]; }' | bpf-unknown-none-gcc \
-fstack-protector -S -o foo.s -O2 -xc -
$ cat foo.s
.file "<stdin>"
.text
.align 3
.global foo
.type foo, @function
foo:
lddw %r1,__stack_chk_guard
ldxdw %r0,[%r1+0]
stxdw [%fp+-8],%r0
ldxb %r0,[%fp+-261]
lsh %r0,56
arsh %r0,56
ldxdw %r2,[%fp+-8]
ldxdw %r3,[%r1+0]
jne %r2,%r3,.L4
exit
.L4:
call __stack_chk_fail
.size foo, .-foo
.ident "GCC: (GNU) 12.0.0 20211206 (experimental)"

i.e. it pushes a stack canary and checks it upon function exit, calling
__stack_chk_fail.

If clang has -fstack-protector ON by default and you change the BPF
backend in order to ignore the flag, I think we should do the same in
GCC.

clang itself does not have -fstack-protector on by default. It is
hardened gentoo distribution unconditionally added -fstack-protector
to its clang distribution.

In clang/lib/Driver/ToolChains/Clang.cpp, we have
...
// NVPTX doesn't support stack protectors; from the compiler's perspective, it
// doesn't even have a stack!
if (EffectiveTriple.isNVPTX())
return;

and -fstack-protector is not effective for NVPTX. I guess we
could make it noop for BPF target as well.

Next message: Arnd Bergmann: "[PATCH] [v2] drm/amd/display: fix dp_retrieve_lttpr_cap return code"
Previous message: Arnd Bergmann: "[PATCH] media: pvrusb2: fix DVB_CORE dependency"
In reply to: Yonghong Song: "Re: [PATCH] tools: bpf: Disable stack protector"
Next in thread: Eduard Zingerman: "Re: [PATCH] tools: bpf: Disable stack protector"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]