Am 2025-01-28 14:42, schrieb Ed Maste:
On Sun, 26 Jan 2025 at 07:38, Alexander Leidinger <netch...@freebsd.org> wrote:Am 2025-01-25 20:21, schrieb Jessica Clarke: > It looks like with Clang we end up using -Qunused-arguments so the > warning/error is suppressed. That at least means the build doesn’t > fail, which I suppose is good, but I’m not sure we should be promising > that WITH_SSP will protect against stack clash then having the compiler > silently emit unprotected code (for which we’re to blame, by telling it > to ignore the fact it’s not supported). This at least needs to be > documented that the protection will only be provided if supported by > the compiler.I suppose we should add support for stack clash to COMPILER_FEATURES in bsd.compiler.mk and add the flag only if supported.
I will submit a review for this later (testing some arch limits for zeroregs at the same time, seems it has similar restrictions).
function correctly.supports stack overflow protection using the Stack Smashing Protector.Pq SSP compiler feature, -and stack clash protection.+and stack clash protection (if supported by the compiler for the givenarchitecture).To make it explicitly clear that the "if supported" applies only to stack clash protection, maybe make it a separate sentence. ... SSP compiler feature. Stack clash protection is also enabled, if supported by the compiler for the given architecture. Looks good to me either way.
Committed. Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
signature.asc
Description: OpenPGP digital signature
