public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
From: "H.J. Lu" <hjl.tools@gmail.com>
To: Ilya Enkovich <enkovich.gnu@gmail.com>
Cc: Jakub Jelinek <jakub@redhat.com>,
	Richard Biener <richard.guenther@gmail.com>,
		GCC Patches <gcc-patches@gcc.gnu.org>,
	Uros Bizjak <ubizjak@gmail.com>
Subject: Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
Date: Wed, 18 Mar 2015 16:45:00 -0000	[thread overview]
Message-ID: <CAMe9rOq0fw+b+UGvRs-Fr3+43ud7jy9xe_EKsP0oXftB+0UdiA@mail.gmail.com> (raw)
In-Reply-To: <CAMbmDYbqxdBMs2XjDAL2ia5rwTwRfqSPDoBPS+=oJEBcJ1FJuw@mail.gmail.com>

On Wed, Mar 18, 2015 at 9:14 AM, Ilya Enkovich <enkovich.gnu@gmail.com> wrote:
> 2015-03-18 17:42 GMT+03:00 H.J. Lu <hjl.tools@gmail.com>:
>> On Wed, Mar 18, 2015 at 7:31 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>>> On Wed, Mar 18, 2015 at 7:02 AM, Jakub Jelinek <jakub@redhat.com> wrote:
>>>>
>>>> Yeah, I agree, the configure check is a reasonable thing to do.
>>>>
>>>
>>> We should either always pass -z bndplt to linker or disable
>>> MPX.
>>>
>>
>> MPX is a security feature.  Knowing leaving a door open is a
>> bad idea.
>
> Instrumented binary used with legacy libraries is a supported usage
> model. Each user determines his own level of security.
>

It doesn't mean we should leave a door open.  Are we supposed to
detect this with MPX:

[hjl@skylakeclient bug-1]$ cat x.c
#include <string.h>

int
main ()
{
  char buf[10];
  memset(buf, 'a', 11);
  return 0;
}
[hjl@skylakeclient bug-1]$

I believe we should, not maybe.  We shouldn't silent fail it
when linker doesn't support -z bndplt.

-- 
H.J.

  reply	other threads:[~2015-03-18 16:45 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-18 11:56 Ilya Enkovich
2015-03-18 12:03 ` H.J. Lu
2015-03-18 12:05   ` Ilya Enkovich
2015-03-18 12:08     ` H.J. Lu
2015-03-18 12:13       ` Ilya Enkovich
2015-03-18 12:25         ` H.J. Lu
2015-03-18 12:42           ` Richard Biener
2015-03-18 13:24             ` Ilya Enkovich
2015-03-18 13:32               ` H.J. Lu
2015-03-18 13:41                 ` Ilya Enkovich
2015-03-18 13:52                   ` H.J. Lu
2015-03-18 13:59                     ` Ilya Enkovich
2015-03-18 14:02                       ` Jakub Jelinek
2015-03-18 14:31                         ` H.J. Lu
2015-03-18 14:42                           ` H.J. Lu
2015-03-18 16:14                             ` Ilya Enkovich
2015-03-18 16:45                               ` H.J. Lu [this message]
2015-03-18 17:13                                 ` Ilya Enkovich
2015-03-18 17:14                                   ` H.J. Lu
2015-03-18 17:34                                     ` Ilya Enkovich
2015-03-18 17:39                                       ` H.J. Lu
2015-03-18 18:13                                         ` Ilya Enkovich
2015-03-18 14:03                       ` Robert Dewar
2015-03-18 14:33                         ` Markus Trippelsdorf
2015-03-23 10:19 ` Ilya Enkovich
2015-03-31  9:47   ` Ilya Enkovich
2015-04-02  4:34     ` Jeff Law
2015-04-02 11:01       ` H.J. Lu
2015-04-03 19:34     ` Joseph Myers
2015-04-06  1:45       ` Sandra Loosemore
2015-04-06  2:35         ` H.J. Lu
2015-04-06  3:08           ` Sandra Loosemore
2015-04-06 15:18         ` Ilya Enkovich
2015-04-06 15:28           ` Jeff Law
2015-04-06 15:54             ` Ilya Enkovich
2015-05-26  9:26             ` Ilya Enkovich
2015-05-27 15:35               ` Jeff Law
2015-06-03  9:04                 ` Ilya Enkovich
2015-06-03 15:29                   ` Joseph Myers
2015-06-03 15:59                     ` Ilya Enkovich
2015-06-03 16:03                       ` Joseph Myers
2015-06-04 14:14                         ` Ilya Enkovich
2015-06-04 15:55                           ` Joseph Myers
2015-06-05 14:44                             ` Ilya Enkovich
2015-06-25 19:00                               ` Jeff Law
2015-04-06 17:15           ` Sandra Loosemore
2015-04-07 19:01             ` Jeff Law
2015-04-07 19:29               ` H.J. Lu
2015-04-07 20:12                 ` Markus Trippelsdorf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMe9rOq0fw+b+UGvRs-Fr3+43ud7jy9xe_EKsP0oXftB+0UdiA@mail.gmail.com \
    --to=hjl.tools@gmail.com \
    --cc=enkovich.gnu@gmail.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=jakub@redhat.com \
    --cc=richard.guenther@gmail.com \
    --cc=ubizjak@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).