On Sun, 26 Jan 2025 at 07:38, Alexander Leidinger <netch...@freebsd.org> wrote: > > Am 2025-01-25 20:21, schrieb Jessica Clarke: > > > It looks like with Clang we end up using -Qunused-arguments so the > > warning/error is suppressed. That at least means the build doesn’t > > fail, which I suppose is good, but I’m not sure we should be promising > > that WITH_SSP will protect against stack clash then having the compiler > > silently emit unprotected code (for which we’re to blame, by telling it > > to ignore the fact it’s not supported). This at least needs to be > > documented that the protection will only be provided if supported by > > the compiler.
I suppose we should add support for stack clash to COMPILER_FEATURES in bsd.compiler.mk and add the flag only if supported. > function correctly. > supports stack overflow protection using the Stack Smashing Protector > .Pq SSP > compiler feature, > -and stack clash protection. > +and stack clash protection (if supported by the compiler for the given > architecture). To make it explicitly clear that the "if supported" applies only to stack clash protection, maybe make it a separate sentence. ... SSP compiler feature. Stack clash protection is also enabled, if supported by the compiler for the given architecture. Looks good to me either way.
