On Tue, Oct 17, 2017 at 11:47 AM, Arnd Bergmann <arnd@xxxxxxxx> wrote:
> On Tue, Oct 17, 2017 at 8:41 PM, Arnd Bergmann <arnd@xxxxxxxx> wrote:
>> On Tue, Oct 17, 2017 at 8:26 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>>> On Tue, Oct 17, 2017 at 8:52 AM, Arnd Bergmann <arnd@xxxxxxxx> wrote:
>>>> On Tue, Oct 17, 2017 at 5:34 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>>
>>>> index dbfb978..d5bc694 100755
>>>> --- a/config.guess
>>>> +++ b/config.guess
>>>> @@ -1021,7 +1021,7 @@ EOF
>>>> echo ${UNAME_MACHINE}-dec-linux-${LIBC}
>>>> exit ;;
>>>> x86_64:Linux:*:*)
>>>> - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
>>>> + echo ${UNAME_MACHINE}-pc-linux-${LIBC}
>>>> exit ;;
>>>> xtensa*:Linux:*:*)
>>>> echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
>>>>
>>>> I still don't know why that makes a difference, but all versions
>>>> prior to gcc-6.1 have the problem for me.
>>>
>>> What happens if you add -mstack-protector-guard=tls ?
>>
>> With gcc-4.8 an earlier, I get build failure:
>>
>> cc1: error: unrecognized command line option "-mstack-protector-guard=tls"
>>
>> With gcc-4.9 and gcc-5, I get this output:
>>
>
> To clarify: with my gcc-4.9/gcc-5 build, -mstack-protector-guard=tls
> has no effect,
> the output is the same as with -mstack-protector-guard=global using the Ubuntu
> compilers of the same version.
Er, okay. So, if -mstack-protector-guard=tls is recognized and
produces references to __stack_chk_guard, something is extremely
wrong.
Stack protector works correctly for me on all the gccs I have, include
the stock builds.
$ gcc --version
gcc (Ubuntu 6.3.0-12ubuntu2) 6.3.0 20170406
...
$ echo "int foo(void) { char X[200]; return 3; }" | gcc -S -x c -c -O0
-mcmodel=kernel -fno-PIE -fstack-protector - -o -
...
movq %gs:40, %rax
...
$ echo "int foo(void) { char X[200]; return 3; }" | gcc
-mstack-protector-guard=tls -S -x c -c -O0 -mcmodel=kernel -fno-PIE
-fstack-protector - -o -
...
movq %gs:40, %rax
...
$ echo "int foo(void) { char X[200]; return 3; }" | gcc
-mstack-protector-guard=global -S -x c -c -O0 -mcmodel=kernel -fno-PIE
-fstack-protector - -o -
...
movq __stack_chk_guard(%rip), %rax
...
$ ~/bin/gcc-4.8/gcc --version
gcc (GCC) 4.8.5
...
$ echo "int foo(void) { char X[200]; return 3; }" | ~/bin/gcc-4.8/gcc
-S -x c -c -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o -
...
movq %gs:40, %rax
...
$ ~/bin/gcc-4.7/gcc --version
gcc (GCC) 4.7.4
...
$ echo "int foo(void) { char X[200]; return 3; }" | ~/bin/gcc-4.7/gcc
-S -x c -c -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o -
...
movq %gs:40, %rax
...
$ ~/bin/gcc-4.4/gcc --version
gcc (GCC) 4.4.4
...
$ echo "int foo(void) { char X[200]; return 3; }" | ~/bin/gcc-4.4/gcc
-S -x c -c -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o -
...
movq %gs:40, %rax
...
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
