Support both -mstack-protector-guard={global,tls}
Fangrui Song
i@maskray.me
Tue Nov 24 22:08:35 GMT 2020
Thanks for the reply!
On 2020-11-24, Carlos O'Donell wrote:
>On 11/24/20 4:23 PM, Fangrui Song wrote:
>> Hi, I filed https://sourceware.org/bugzilla/show_bug.cgi?id=26817 about
>> supporting both -mstack-protector-guard={global,tls} (I believe musl
>> supports both). The feature request has a bit more context why
>> -mstack-protector-guard=global may be appealing in terms of performance
>> and security.
>
>In theory glibc supports both also... but only one at a time for a given
>architecture with the architecture making the choice of the implemented
>solution.
>
>I don't see a reason you couldn't support both, setting up a global and
>a TLS variable at the same time.
>We are already somewhat limited to having a single global process value.
>Some arches use a global so this limit is already applied.
>
>If glibc supported both, then the target application could choose to use
>TP+offset access or global access, whichever was faster?
Sounds good. The global __stack_chk_guard should probably be always available.
The TLS variable should be available as long as the target supports TLS (I
assume that some targets don't support TLS).
More information about the Libc-alpha
mailing list