From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12781 invoked by alias); 23 Oct 2014 02:53:24 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 12772 invoked by uid 89); 23 Oct 2014 02:53:23 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-HELO: relay1.mentorg.com Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 23 Oct 2014 02:53:21 +0000 Received: from svr-orw-fem-02x.mgc.mentorg.com ([147.34.96.206] helo=SVR-ORW-FEM-02.mgc.mentorg.com) by relay1.mentorg.com with esmtp id 1Xh8Wb-0006WN-JF from Yao_Qi@mentor.com ; Wed, 22 Oct 2014 19:53:17 -0700 Received: from GreenOnly (147.34.91.1) by svr-orw-fem-02.mgc.mentorg.com (147.34.96.168) with Microsoft SMTP Server id 14.3.181.6; Wed, 22 Oct 2014 19:53:16 -0700 From: Yao Qi To: Joel Brobecker CC: Subject: Re: over-permissive stack_chk_guard on ARM References: <20141022142231.GF4786@adacore.com> Date: Thu, 23 Oct 2014 02:53:00 -0000 In-Reply-To: <20141022142231.GF4786@adacore.com> (Joel Brobecker's message of "Wed, 22 Oct 2014 07:22:31 -0700") Message-ID: <87y4s7h553.fsf@codesourcery.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2014-10/txt/msg00594.txt.bz2 Joel Brobecker writes: > But the implementation seems to be going further than that. > If the location of the first ldr points to data that's not > the address of __stack_chk_guard, then it looks at the next > two instructions, to see if they might following another > pattern: > > /* Step 2: ldr Rd, [Rn, #immed], encoding T1. */ > /* Step 3: str Rd, [Rn, #immed], encoding T1. */ > > Looking at the code and the function description, it seems to me > that the normal situation would be what the comment alluded to, > and that if it was the entire story, we wouldn't have needed > the code doing steps 2 & 3. But, looking at the email archives Sorry, I don't understand why do you think steps 2 & 3 are not needed? Do you mean we don't have to go to step 2 & 3 if we can't find symbol __stack_chk_guard in step 1? > as well as the bug report initially referenced, I can't find > really any explanation for what prompted you to add that code. > I would need that in order to adjust the heuristics without > breaking your situation. Currently, we do so in order to handle the case symbol __stack_chk_guard is removed, as the comments said: /* If name of symbol doesn't start with '__stack_chk_guard', this instruction sequence is not for stack protector. If symbol is removed, we conservatively think this sequence is for stack protector. */ However, I don't recall under what circumstance symbol '__stack_chk_guard' can be removed. __stack_chk_guard is in .dynsym section, so it can't be removed. (I presume symbols in .dynsym can't be removed, correct me if I am wrong). If I am correct, we can restrict the condition in step 1 that return early if the symbol name doesn't start with '__stack_chk_guard'. Then, step 2 & 3 is not needed, or we can keep them as a sanity check? --=20 Yao (=E9=BD=90=E5=B0=A7)