Re: [RFC PATCH liburing v1 3/3] src/Makefile: Allow using stack protector with libc

[Ammar Faizi <ammarfaizi2@gnuweeb.org>]

On Thu, Jun 22, 2023 at 07:57:38PM +0200, Thomas Weißschuh wrote:
> There are patches in the pipeline that enable stackprotector support for
> nolibc [0]. They should land in 6.5.

That's interesting. I haven't been following Willy's tree for a while.
Hope 6.4 stable goes well by the end of this week.

> It only supports "global" mode and not per-thread-data.
> But as nolibc does not support threads anyways that should not matter.
> A compiler flag has to be passed though, but that can be automated [1].
> 
> So the -fno-stack-protector can probably be removed completely.
> 
> [0] https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git/tree/tools/include/nolibc/stackprotector.h?h=dev.2023.06.16a
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git/tree/tools/testing/selftests/nolibc/Makefile?h=dev.2023.06.16a#n81

This is a bit problematic because liburing.so and liburing.a must also
be compatible with apps that use libc. Note that liburing nolibc is also
used by apps that use libc.

The problem when an app uses libc.so and liburing.a:

Stack-protector functions from liburing nolibc will override the
stack-protector functions from libc because statically linked functions
will take precedence. The end result, the app will always use the
"global" mode stack protector even if it's multithreaded. There may be a
way to make those functions private to liburing only, but I don't know.

We had a similar problem with memset() in liburing:

https://git.kernel.org/pub/scm/linux/kernel/git/axboe/liburing.git/commit/?id=db5403e58083bef48d72656d7dea53a9f7affef4

Also, the app has to be compiled with those specific flags, which is out
of our control. Plus, I wonder if there is a chance to call
__stack_chk_init() from a static library point of view where we don't
control the entry point (__start).

Therefore, I won't implement the stack protector for liburing under
CONFIG_NOLIBC enabled. So far, I see that using the stack protector for
liburing nolibc is more trouble than it's worth.

But anyway, it's nice to see your stack protector work.

Regards,
-- 
Ammar Faizi