On Thu, Jul 11, 2013 at 11:21:30AM -0700, Brendan Conoboy wrote:
> On 07/11/2013 08:46 AM, Till Maas wrote:
> >On Thu, Jul 11, 2013 at 07:48:50AM -0400, Jonathan Masters wrote:
> >>And following the legitimate concerns about stack-protector this was raised
> >>by ARM into core Linaro as an urgent action for which engineering resource
> >>is being assigned to correct this deficiency ASAP. Thus within a day an
> >>issue has been noted that we were unaware of and is being worked through a
> >>process to correct it, as would be the case with any deficiency on x86. The
> >>stack protection stuff will be fixed. Let's bike shed over the next nitpick
> >>nuance that the anti-ARM crowd want to throw in the way ;)
> >
> >Was the flag ignored previously or why was this missing feature not
> >announced?
>
> Please see:
>
> https://lists.fedoraproject.org/pipermail/devel/2013-July/185106.html
>
> Per Carlos's email, the flag is not ignored, the feature is there,
> but it isn't as fully featured. Specifically stack guards are
> present but pointer guards are not. This was news to all of us.
Stack guards are present, but using libssp, which is the fallback way,
second class citizen and most likely slower than the standard way.
E.g. the libssp stack guard setup always uses /dev/urandom, while I guess
even on ARM kernel provides AT_RANDOM that can be just used.
And I'd bet that even on ARM reading the stack guard via TLS (well,
static only always, i.e. hardcoded offset from TLS register), especially for
PIC, is faster than doing GOT read and two memory references.
Jakub
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
