From: "H.J. Lu" <hjl.tools@gmail.com>
To: Jeff Law <jeffreyalaw@gmail.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH] stack-protector: Check stack canary for noreturn function
Date: Tue, 2 Aug 2022 10:43:57 -0700 [thread overview]
Message-ID: <CAMe9rOpgpKsB8XMJwO3V_t_kCnq+xQ6DgCZ9rDH+KsRRGte-LA@mail.gmail.com> (raw)
In-Reply-To: <8088866d-2dd2-35ff-587b-567cb60db84e@gmail.com>
On Sat, Jul 30, 2022 at 1:30 PM Jeff Law via Gcc-patches
<gcc-patches@gcc.gnu.org> wrote:
>
>
>
> On 7/14/2022 3:55 PM, H.J. Lu via Gcc-patches wrote:
> > Check stack canary for noreturn function to catch stack corruption
> > before calling noreturn function. For C++, check stack canary when
> > throwing exception or resuming stack unwind to avoid corrupted stack.
> >
> > gcc/
> >
> > PR middle-end/58245
> > * calls.cc (expand_call): Check stack canary for noreturn
> > function.
> >
> > gcc/testsuite/
> >
> > PR middle-end/58245
> > * c-c++-common/pr58245-1.c: New test.
> > * g++.dg/pr58245-1.C: Likewise.
> > * g++.dg/fstack-protector-strong.C: Adjusted.
> But is this really something we want? I'd actually lean towards
> eliminating the useless load -- I don't necessarily think we should be
> treating non-returning paths specially here.
>
> The whole point of the stack protector is to prevent the *return* path
> from going to an attacker controlled location. I'm not sure checking
> the protector at this point actually does anything particularly useful.
throw is marked no return. Since the unwind library may read
the stack contents to unwind stack, it the stack is corrupted, the
exception handling may go wrong. Should we handle this case?
--
H.J.
next prev parent reply other threads:[~2022-08-02 17:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 21:55 H.J. Lu
2022-07-30 20:30 ` Jeff Law
2022-08-02 17:43 ` H.J. Lu [this message]
2022-08-02 23:34 ` Jeff Law
2022-08-03 17:27 ` H.J. Lu
2022-08-17 22:19 ` H.J. Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMe9rOpgpKsB8XMJwO3V_t_kCnq+xQ6DgCZ9rDH+KsRRGte-LA@mail.gmail.com \
--to=hjl.tools@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=jeffreyalaw@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).