Integration of ProPolice in FreeBSD
Jeremie Le Hen
jeremie at le-hen.org
Fri Apr 18 23:36:07 UTC 2008
On Fri, Apr 18, 2008 at 07:45:58PM +0200, Max Laier wrote:
> > First, should we build world and/or kernel with SSP by default? I've
> > scamped a trivial benchmark back in 2006: timing buildworld with and
> > without SSP. You can found the result on my webpage:
> > http://tataz.chchile.org/~tataz/FreeSBD/SSP/#section1
>
> 404 :-\
Oops, sorry I made a typo.
http://tataz.chchile.org/~tataz/FreeBSD/SSP/#section1
> So I'd suggest something along the lines of:
>
> 1) Add the needed support symbols to libc (they don't hurt anyone, right?)
Actually, they are already in libc :-).
See src/sys/lib/libc/sys/stack_protector.c .
> 2) Add support to build kernel/world with SSP enabled - default OFF.
> 3) Solicit testing!
> 4) After some time has passed (and people have had to reinstall libc anyways)
> and enough feedback has been received flip the switch to default ON.
I will change my patch to make SSP opt-out. This will address Marcel's
concern too.
> In light of the the recent "let's save stack space in the kernel", I'd like to
> point out that SSP adds one word to every call. Not much, but still.
Certainly. I would like to hear opinion from other committers if SSP
should be enabled by default.
> Finally, what happens if SSP triggers in the kernel? Do we get a useable
> panic message? Can we get a kdb_traceback() (if compiled in)? Where is the
> patch, btw?
Yes, the panic message is explicit. But since a stack overflow occured,
the backtrace may be corrupted. BTW the panic message warns about this.
See src/sys/kern/stack_protector.c in the patch.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-arch
mailing list