Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp663697rwl; Sat, 25 Mar 2023 08:46:13 -0700 (PDT) X-Google-Smtp-Source: AKy350YmEnLCphu0L4ePMTlJSmEGR6jrf6O6YcYfqI1HsewvrMDET5lkht9jkwPoV3Jm55uZzIkx X-Received: by 2002:aa7:9485:0:b0:625:70a5:7817 with SMTP id z5-20020aa79485000000b0062570a57817mr6097110pfk.34.1679759173242; Sat, 25 Mar 2023 08:46:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679759173; cv=none; d=google.com; s=arc-20160816; b=fxnzg3FyFiPZYs7oLnsQ9CGkrXa1pd6VMhtFMZMEgXBGg0CYqFMBWnXZXc7/Pjqz1b N8FBaQ30HN82RRe5I9po8t97DwfelMzKB8pQ1JOp7sDW/2tqVJ7FI7arZH7v7CgEyie7 sfyhazekgEDoaH57CI+vF2Swt9iEe8h6/u7ZZCeX5svpiXmoa2z+edRyYm0Xx80pJbwT 2a4yiOGDb14tV/tW+WlxJOInSAED2fVi2OajY7cmCXAaMXyDfbaDQcRt7MXIAtbWMJCO veEeEAcbkQfTlhc1VXslhLiUbStEXNw7NBK5FeZb86zMCw44PcL64FukOBEaHMHGV94p cVwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=k4+oW9X1Pm1m6TfSFAoNQSByUq6B6FtL/nexlRcGJwU=; b=c8sfv0rwjz/sWgUAFJsfV9CD9QddXrUJqpVHwL4CxDXk9FZyj0Vid6hopdg4fGTeDr 0h4H41L90Zrg5JK9oO6zxiHNHHXbGv06u0xsnc6XyHbRvtGyFfxi5UhrV0UPEVDneXKF vGMbxSNbCrrCREIcICmJgHvl24R7gvibO/mFPlRFCXt7DQOFSPb46nZ6AF+DiN/Xw7LA jDdRx1ws66JPvtxWbztIyxYF877Mdw3LVIhX0wpwsNM3OGdGgeLmRox21Nk2CFeTzJEx pJ6xxXjE/ad7BsQHS5ic0evyieQrHAW0FP+DEQAEtxhhLVvGXecOAV36U05gj/HlpHRT P8Ow== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l70-20020a639149000000b004fa0cf58e12si24247438pge.630.2023.03.25.08.45.57; Sat, 25 Mar 2023 08:46:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230223AbjCYPpm (ORCPT + 99 others); Sat, 25 Mar 2023 11:45:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35876 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229925AbjCYPpl (ORCPT ); Sat, 25 Mar 2023 11:45:41 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 360816194 for ; Sat, 25 Mar 2023 08:45:39 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjQ7c008045; Sat, 25 Mar 2023 16:45:26 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 0/8] tools/nolibc: add support for stack protector Date: Sat, 25 Mar 2023 16:45:08 +0100 Message-Id: <20230325154516.7995-1-w@1wt.eu> X-Mailer: git-send-email 2.17.5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Paul, This is essentially Thomas' work so instead of paraphrasing his work, I'm pasting his description below. I've tested his changes on all supported archs, applied a tiny modification with his permission to continue to support passing CFLAGS, and for me this is all fine. In a short summary this adds support for stack protector to i386 and x86_64 in nolibc, and the accompanying test to the selftest program. A new test category was added, "protection", which currently has a single test. Archs that support it will report "OK" there and those that do not will report "SKIPPED", as is already the case for tests that cannot be run. This was applied on top of your dev.2023.03.20a branch. I'm reasonably confident with the nature of the changes, so if your queue for 6.4 is not closed yet, it can be a good target, otherwise 6.5 will be fine as well. Thanks in advance! Willy Thomas' description below: This is useful when using nolibc for security-critical tools. Using nolibc has the advantage that the code is easily auditable and sandboxable with seccomp as no unexpected syscalls are used. Using compiler-assistent stack protection provides another security mechanism. For this to work the compiler and libc have to collaborate. This patch adds the following parts to nolibc that are required by the compiler: * __stack_chk_guard: random sentinel value * __stack_chk_fail: handler for detected stack smashes In addition an initialization function is added that randomizes the sentinel value. Only support for global guards is implemented. Register guards are useful in multi-threaded context which nolibc does not provide support for. Link: https://lwn.net/Articles/584225/ Thomas Weißschuh (8): tools/nolibc: add definitions for standard fds tools/nolibc: add helpers for wait() signal exits tools/nolibc: tests: constify test_names tools/nolibc: add support for stack protector tools/nolibc: tests: fold in no-stack-protector cflags tools/nolibc: tests: add test for -fstack-protector tools/nolibc: i386: add stackprotector support tools/nolibc: x86_64: add stackprotector support tools/include/nolibc/Makefile | 4 +- tools/include/nolibc/arch-i386.h | 7 ++- tools/include/nolibc/arch-x86_64.h | 5 ++ tools/include/nolibc/nolibc.h | 1 + tools/include/nolibc/stackprotector.h | 53 ++++++++++++++++ tools/include/nolibc/types.h | 2 + tools/include/nolibc/unistd.h | 5 ++ tools/testing/selftests/nolibc/Makefile | 11 +++- tools/testing/selftests/nolibc/nolibc-test.c | 64 +++++++++++++++++++- 9 files changed, 144 insertions(+), 8 deletions(-) create mode 100644 tools/include/nolibc/stackprotector.h -- 2.17.5