Re: [PATCH 1/3] Add inhibit_stack_protector to ifuncmain9 [BZ #25680]

[Adhemerval Zanella <adhemerval.zanella@linaro.org>]

On 10/03/2021 07:13, Siddhesh Poyarekar via Libc-alpha wrote:
> From: David Hughes <davidhughes205@gmail.com>
> 
> Enabling --enable-stack-protector=all causes the following tests to fail:
> 
>     FAIL: elf/ifuncmain9picstatic
>     FAIL: elf/ifuncmain9static
> 
> Nick Alcock (who committed the stack protector code) marked the IFUNC
> resolvers with inhibit_stack_protector when he done the original work and
> suggested doing so again @ BZ #25680. This patch adds
> inhibit_stack_protector to ifuncmain9.
> 
> After patch is applied, --enable-stack-protector=all does not fail the
> above tests.

The BZ#25680 report makes me wonder if would be better to just disable
--enable-stack-protector=all on architecture with IFUNC for now.
This fix the issue on glibc testsuite, but it might still trigger
by users if this same trick is not used (as noted by Sergei).

Florian stated on comment #2 that “all” is very unlikely to add 
additional protection and this basically adds *another* undocumented 
ifunc restriction. And it seems likely that distributions like Gentoo 
will just use 'strong' instead of 'all'.

So, what would be the implications of limiting stack protection to
'strong' instead of 'all' for ABIs with ifunc? Is this issue only
redistricted to some ABIs (the reported indicates that only x86_64
is affected)?

> ---
>  elf/ifuncmain9.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/elf/ifuncmain9.c b/elf/ifuncmain9.c
> index 2c4e95a051..e775c5cfa9 100644
> --- a/elf/ifuncmain9.c
> +++ b/elf/ifuncmain9.c
> @@ -43,6 +43,7 @@ implementation (void)
>  }
>  
>  static __typeof__ (implementation) *
> +inhibit_stack_protector
>  resolver (void)
>  {
>    ++resolver_called;
>