-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tracking Issue for stabilizing stack smashing protection (i.e., -Z stack-protector) #114903
Comments
Concern: The heuristics for I believe the only option that has well-defined semantics for rust is |
Hey @nikic! Thanks for bringing this up! Do you have any examples of this? Are you referring to any of the cases listed at https://github.com/rust-lang/rust/blob/master/tests/assembly/stack-protector/stack-protector-heuristics-effect.rs (e.g., array_char, local_string_addr_taken, or the alloca cases)? |
@rcvalle If you look at the history of the file, you will see that the behavior changes occasionally. This is an artifact of exposing compiler implementation details and should not happen. You can find the implementation of these heuristics here: https://github.com/llvm/llvm-project/blob/52db7e27458f774fa0c6c6a864ce197fa071a230/llvm/lib/CodeGen/StackProtector.cpp#L125 The type argument is the alloca type, which should generally only be inspected for size and alignment. There are at least two ways in which this can go wrong:
There are long-term plans to always emit |
Sorry for the late reply. I'm planning to resume working on this soon. In the meantime, @davidtwco is working on stabilizing |
I just saw in the stabilization PR that people are asking for use cases and I wonder if the issue I am facing is a good one. I am running rust code as a shared library in a (big) C process with lots of other deps etc but it happens that I get crashes in a "pure" rust thread from time to time and I haven't been able to find a root cause for now. At least that's something I would have wanted to try to see if it helps at all and that's how I ended up here :) cc @nikic @davidtwco |
Is there any cases showing |
@marmeladema So ... did you actually try it, using a nightly compiler or |
Doesn't this require -Zbuild-std anyway to get full coverage? |
This is a tracking issue for stabilizing stack smashing protection (i.e., -Z stack-protector). The was added in #84197 without a tracking issue. There is also no feature gate for it.
As part of the work on reviewing previously-added support for exploit mitigations to the Rust compiler (see https://hackmd.io/@rcvalle/H1epy5Xqn), @luismerino and I, and also @wesleywiser reviewed the stack smashing protection option (i.e., -Z stack-protector) implementation and it looked good for stabilization, so we'd like to propose stabilizing it.
Steps
TBD.
Unresolved Questions
Is there any concern or anything that the community would like to see implemented before its stabilization?
Implementation history
-Zstack-protector
test for Windows targets #116037The text was updated successfully, but these errors were encountered: