Please enable GCC's -fstack-clash-protection for all profiles (not just hardened) in Gentoo by default.
So far we don have a way to only enable stack-clash by default. USE=hardened (which is -DEXTRA_OPTIONS) controls both default of -z now and -fstack-clash-protection: https://gitweb.gentoo.org/proj/gcc-patches.git/tree/8.2.0/gentoo/55_all_extra-options.patch I'd like to see a few things first before enabling by default: - split the patch in two: handle '-z now' and '-fstack-clash-protection' separately - an equivalent of this patch upstreamed first in a way the default could be changed with a gcc's ./configure option (similar to --enable-default-ssp). That way we could report all found breakages upstream in some way. - expose it as an use flag so users/targets could disable it for tests, code size or bare metal support. Should not be hard to follow default-ssp: https://github.com/gcc-mirror/gcc/commit/6957b94eb5a2e5d5a908aa28b8b8dd8b709dc1f1
It will probably have to be architecture-conditional. As seen in GCC's gcc/toplev.c, using -fstack-clash-protection on some architectures would cause warning: /* -fstack-clash-protection is not currently supported on targets where the stack grows up. */ if (flag_stack_clash_protection && !STACK_GROWS_DOWNWARD) { warning_at (UNKNOWN_LOCATION, 0, "%<-fstack-clash-protection%> is not supported on targets " "where the stack grows from lower to higher addresses"); flag_stack_clash_protection = 0; } According to tc-stack-grows-down() function from toolchain-funcs.eclass, the only such architecture supported in Gentoo is hppa. -fstack-clash-protection provides supposedly full protection against stack clash on: arm64, ppc32, ppc64, rs6000, s390, x86, x86_64 (amd64) -fstack-clash-protection provides partial protection against stack clash (re-using code of -fstack-check) on: alpha, arm, ia64, mips, sparc, spu -fstack-clash-protection is probably silently ignored on other architectures where stack grows down. There might be architecture-specific bugs in implementation of -fstack-clash-protection. It will be probably useful to backport this fix for ICE on s390: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e7ac5daa971b8209175b18428327d3f7302fbe5d My suggestion is to introduce "default-stack-clash-protection" USE flag, force it in profiles/arch/base/package.use.force and mask it in profiles of architectures not supporting it (hppa, m68k, sh).
Gcc 9.X is closed for new options. A patch upstream will get in next version if it get accepted. Is okay for me to split the extra options patch.
Actually, I tried to check for default status of the flag and found out it's enabled by default on vanilla 8.2.0: $ LANG=C gcc-8.2.0 -Q --help=common | fgrep stack-clash -fstack-clash-protection [enabled] Having reread the patch it enables -fstack-clash-protection along with USE=ssp, which is default on profiles that define it: +/* Default value for flag_clash_protector when flag_clash_protector is + initialized to -1. */ +#ifdef ENABLE_ESP +#define DEFAULT_FLAG_SCP 1 +#endif +#ifndef DEFAULT_FLAG_SCP +#define DEFAULT_FLAG_SCP 0 +#endif Was it intentional?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=1fe872f729f1361ee45fb0792ca4194cf9c1caeb commit 1fe872f729f1361ee45fb0792ca4194cf9c1caeb Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-02-10 12:08:21 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-02-10 12:08:21 +0000 8.2.0: don't enable -fstack-clach-protection by default In bug #675050 I noticed that -fstack-clash-protection is enabled not just for hardened users but for USE=ssp users as well. That was not an intention of the patch. The change enables -fstack-clach-protection only for -DEXTRA_OPTIONS (hardened users). See https://bugs.gentoo.org/675050 for longer-term plans to enable -fstack-clach-protection for more users. Bug: https://bugs.gentoo.org/675050 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> 8.2.0/gentoo/55_all_extra-options.patch | 2 +- 8.2.0/gentoo/README.history | 1 + 2 files changed, 2 insertions(+), 1 deletion(-)
Maybe?
It would be nice to have a gcc useflag that controls default -fstack-clash-protection (only) (similar to ssp). Then we could easily force that feature on in the upcoming 23.0 profiles.
commit b8f85ec040954e05143e83c1495021bfd340cad7 (HEAD -> master, origin/master, origin/HEAD) Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: Tue Nov 29 00:58:59 2022 +0100 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: Tue Nov 29 01:00:11 2022 +0100 profiles, 23.0: force new gcc useflags default-znow and default-stack-clash-protection Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/releases/23.0/package.use.force | 2 ++ 1 file changed, 2 insertions(+) commit 718448f923ae9302df1290f46ffea4d9198edd73 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: Tue Nov 29 00:57:10 2022 +0100 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: Tue Nov 29 01:00:08 2022 +0100 toolchain.eclass: Split -z now and -fstack-clash-protection out for gcc13 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> eclass/toolchain.eclass | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adf44514cf590a860b3140efae31187854cf8cea commit adf44514cf590a860b3140efae31187854cf8cea Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-05 00:25:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-05 00:26:35 +0000 toolchain.eclass: allow default-znow, default-stack-clash-protection for 12.2.1_p20221203 Bug: https://bugs.gentoo.org/675050 Bug: https://bugs.gentoo.org/876923 Signed-off-by: Sam James <sam@gentoo.org> eclass/toolchain.eclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=975678507aa3cebb0d1d1919d4b684c64d50ffe7 commit 975678507aa3cebb0d1d1919d4b684c64d50ffe7 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-05 00:25:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-05 00:26:34 +0000 sys-devel/gcc: use patchset 3 for 12.2.1_p20221203 Includes the default-* hardening bits. Bug: https://bugs.gentoo.org/675050 Bug: https://bugs.gentoo.org/876923 Signed-off-by: Sam James <sam@gentoo.org> sys-devel/gcc/Manifest | 1 + sys-devel/gcc/gcc-12.2.1_p20221203.ebuild | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-)
Just for completeness: * This is planned for regular Gentoo w/ 23.0 profiles (upcoming) * This has been enabled by default for Hardened since commit b5ebd8b62efaa84a3259bcbada98f0ce7a2c5f39 Author: Magnus Granberg <zorry@gentoo.org> Date: Wed May 2 22:52:30 2018 +0000 Add more patches for gcc 8.1.0 patchset 1.1
This is fixed in the 23.0 profiles (available and stable now). Closing.
