[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Minios-devel] [UNIKRAFT PATCH v3 2/3] build: Add option to toggle the stack protection

Hey Vlad,
since you are introducing a library for handling stack protectors I would also move the configuration options to your library. This means that the compile flags could be set together with the library, too. The actual problem is that `-fno-stack-protector` is set globally within `/Makefile.uk`. We need to get it depending on a condition but we also don't want to tie it to a particular library name here. My idea would be to add a feature flag called HAVE_STACKPROTECTOR in `lib/Config.uk`. As long as it is not set, you set 
`-fno-stack-protector` with `/Makefile.uk`:

   ifneq ($(HAVE_STACKPROTECTOR),y)
   CFLAGS   += -fno-stack-protector
   CXXFLAGS += -fno-stack-protector
   GOFLAGS  += -fno-stack-protector
   endif
Within your library, you can then disable the stack protector disable flags by doing a `select` to the feature flag as soon as your library is enabled: 

   menuconfig LIBUKSP
       bool "uksp: stack protector"
       select HAVE_STACKPROTECTOR
       select LIBUKSWRAND
       default n
Having this, you can place your options (regular/strong/all) in your library and set the flags accordingly globally within the library `Makefile.uk`. Please do not forget to include Go flags, too. 

What do you think?

Thanks,

Simon

On 04.12.19 16:14, Vlad-Andrei BĂDOIU (78692) wrote:

From: Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>

This patch adds build option to select different stack protection
levels.

Signed-off-by: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
---
  Config.uk   | 30 ++++++++++++++++++++++++++++++
  Makefile.uk | 13 +++++++++++--
  2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/Config.uk b/Config.uk
index 3235b914..daa76c53 100644
--- a/Config.uk
+++ b/Config.uk
@@ -64,6 +64,36 @@ config OPTIMIZE_SIZE
                Optimize code for size.
  endchoice
+choice 
+       prompt "Stack protector level"
+       default STACKPROTECTOR_NONE
+       help
+         Set the stack protector level
+
+config STACKPROTECTOR_NONE
+       bool "None"
+       help
+               Do not use stack protector, use -fno-stack-protector.
+
+config STACKPROTECTOR_REGULAR
+       bool "Regular"
+       select LIBUKSP
+       help
+               Regulat stack protector, use -fstack-protector.


I guess `Regulat` is a typo... ;-)


+
+config STACKPROTECTOR_STRONG
+       bool "Strong"
+       select LIBUKSP
+       help
+               Strong stack protector, use -fstack-protector-strong.
+
+config STACKPROTECTOR_ALL
+       bool "All"
+       select LIBUKSP
+       help
+               Protect all functions, use -fstack-protector-all.
+endchoice
+
  comment "Hint: Specify a CPU type to get most benefits from performance 
optimization"
        depends on OPTIMIZE_PERF && (MARCH_X86_64_GENERIC || 
MARCH_ARM64_GENERIC)
diff --git a/Makefile.uk b/Makefile.uk 
index 67c372e5..d8138d4c 100644
--- a/Makefile.uk
+++ b/Makefile.uk
@@ -8,12 +8,12 @@ ASFLAGS     += -U __linux__ -U __FreeBSD__ -U __sun__ 
-D__ASSEMBLY__
  ASINCLUDES  += -nostdinc -nostdlib -I$(CONFIG_UK_BASE)/include
CFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ 
-CFLAGS      += -fno-stack-protector -fno-omit-frame-pointer -fno-tree-sra
+CFLAGS      += -fno-omit-frame-pointer -fno-tree-sra
  CFLAGS      += -Wall -Wextra
  CINCLUDES   += -nostdinc -nostdlib -I$(CONFIG_UK_BASE)/include
CXXFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ 
-CXXFLAGS    += -fno-stack-protector -fno-omit-frame-pointer -fno-tree-sra
+CXXFLAGS    += -fno-omit-frame-pointer -fno-tree-sra
  CXXFLAGS    += -Wall -Wextra
  CXXINCLUDES += -nostdinc -nostdlib -I$(CONFIG_UK_BASE)/include
@@ -28,6 +28,15 @@ GOCINCLUDES += -nostdinc -nostdlib -I$(CONFIG_UK_BASE)/include 
  LIBLDFLAGS  += -nostdinc -nostdlib -Wl,--omagic -Wl,-r -Wl,-d 
-Wl,--build-id=none
  LDFLAGS     += -nostdinc -nostdlib -Wl,--omagic -Wl,--build-id=none
+CFLAGS-$(CONFIG_STACKPROTECTOR_NONE) += -fno-stack-protector 
+CXXFLAGS-$(CONFIG_STACKPROTECTOR_NONE)    += -fno-stack-protector
+CFLAGS-$(CONFIG_STACKPROTECTOR_REGULAR)   += -fstack-protector 
-mstack-protector-guard=global
+CXXFLAGS-$(CONFIG_STACKPROTECTOR_REGULAR) += -fstack-protector 
-mstack-protector-guard=global
+CFLAGS-$(CONFIG_STACKPROTECTOR_STRONG)    += -fstack-protector-strong 
-mstack-protector-guard=global
+CXXFLAGS-$(CONFIG_STACKPROTECTOR_STRONG)  += -fstack-protector-strong 
-mstack-protector-guard=global
+CFLAGS-$(CONFIG_STACKPROTECTOR_ALL)       += -fstack-protector-all 
-mstack-protector-guard=global
+CXXFLAGS-$(CONFIG_STACKPROTECTOR_ALL)     += -fstack-protector-all 
-mstack-protector-guard=global
+
  CFLAGS-$(CONFIG_OPTIMIZE_NONE)            += -O0 -fno-optimize-sibling-calls 
-fno-tree-vectorize
  CXXFLAGS-$(CONFIG_OPTIMIZE_NONE)          += -O0 -fno-optimize-sibling-calls 
-fno-tree-vectorize
  GOCFLAGS-$(CONFIG_OPTIMIZE_NONE)          += -O0 -fno-optimize-sibling-calls 
-fno-tree-vectorize



_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.