From nobody Mon Feb 9 10:26:18 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8BAA7C761AF for ; Sat, 25 Mar 2023 15:45:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230405AbjCYPpq (ORCPT ); Sat, 25 Mar 2023 11:45:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229460AbjCYPpl (ORCPT ); Sat, 25 Mar 2023 11:45:41 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 38B60DBE2 for ; Sat, 25 Mar 2023 08:45:39 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjQbH008046; Sat, 25 Mar 2023 16:45:26 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 1/8] tools/nolibc: add definitions for standard fds Date: Sat, 25 Mar 2023 16:45:09 +0100 Message-Id: <20230325154516.7995-2-w@1wt.eu> X-Mailer: git-send-email 2.17.5 In-Reply-To: <20230325154516.7995-1-w@1wt.eu> References: <20230325154516.7995-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Wei=C3=9Fschuh These are useful for users and will also be used in an upcoming testcase. Signed-off-by: Thomas Wei=C3=9Fschuh Signed-off-by: Willy Tarreau --- tools/include/nolibc/unistd.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/include/nolibc/unistd.h b/tools/include/nolibc/unistd.h index 1cfcd52106a4..ac7d53d986cd 100644 --- a/tools/include/nolibc/unistd.h +++ b/tools/include/nolibc/unistd.h @@ -13,6 +13,11 @@ #include "sys.h" =20 =20 +#define STDIN_FILENO 0 +#define STDOUT_FILENO 1 +#define STDERR_FILENO 2 + + static __attribute__((unused)) int msleep(unsigned int msecs) { --=20 2.17.5 From nobody Mon Feb 9 10:26:18 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BFEFAC76196 for ; Sat, 25 Mar 2023 15:45:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231248AbjCYPps (ORCPT ); Sat, 25 Mar 2023 11:45:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35884 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229977AbjCYPpl (ORCPT ); Sat, 25 Mar 2023 11:45:41 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B2743EC6E for ; Sat, 25 Mar 2023 08:45:39 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjQQQ008047; Sat, 25 Mar 2023 16:45:26 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 2/8] tools/nolibc: add helpers for wait() signal exits Date: Sat, 25 Mar 2023 16:45:10 +0100 Message-Id: <20230325154516.7995-3-w@1wt.eu> X-Mailer: git-send-email 2.17.5 In-Reply-To: <20230325154516.7995-1-w@1wt.eu> References: <20230325154516.7995-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Wei=C3=9Fschuh These are useful for users and will also be used in an upcoming testcase. Signed-off-by: Thomas Wei=C3=9Fschuh Signed-off-by: Willy Tarreau --- tools/include/nolibc/types.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/include/nolibc/types.h b/tools/include/nolibc/types.h index 10823e5ac44b..aedd7d9e3f64 100644 --- a/tools/include/nolibc/types.h +++ b/tools/include/nolibc/types.h @@ -97,6 +97,8 @@ /* Macros used on waitpid()'s return status */ #define WEXITSTATUS(status) (((status) & 0xff00) >> 8) #define WIFEXITED(status) (((status) & 0x7f) =3D=3D 0) +#define WTERMSIG(status) ((status) & 0x7f) +#define WIFSIGNALED(status) ((status) - 1 < 0xff) =20 /* waitpid() flags */ #define WNOHANG 1 --=20 2.17.5 From nobody Mon Feb 9 10:26:18 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDA91C77B62 for ; Sat, 25 Mar 2023 15:45:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231370AbjCYPpv (ORCPT ); Sat, 25 Mar 2023 11:45:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230038AbjCYPpm (ORCPT ); Sat, 25 Mar 2023 11:45:42 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id DA7FBEFBF for ; Sat, 25 Mar 2023 08:45:39 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjQno008048; Sat, 25 Mar 2023 16:45:26 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 3/8] tools/nolibc: tests: constify test_names Date: Sat, 25 Mar 2023 16:45:11 +0100 Message-Id: <20230325154516.7995-4-w@1wt.eu> X-Mailer: git-send-email 2.17.5 In-Reply-To: <20230325154516.7995-1-w@1wt.eu> References: <20230325154516.7995-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Wei=C3=9Fschuh Nothing ever modifies this structure. Signed-off-by: Thomas Wei=C3=9Fschuh Signed-off-by: Willy Tarreau --- tools/testing/selftests/nolibc/nolibc-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/s= elftests/nolibc/nolibc-test.c index 6a7c13f0cd61..fb2d4872fac9 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -717,7 +717,7 @@ int prepare(void) } =20 /* This is the definition of known test names, with their functions */ -static struct test test_names[] =3D { +static const struct test test_names[] =3D { /* add new tests here */ { .name =3D "syscall", .func =3D run_syscall }, { .name =3D "stdlib", .func =3D run_stdlib }, --=20 2.17.5 From nobody Mon Feb 9 10:26:18 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77B42C6FD1C for ; Sat, 25 Mar 2023 15:45:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231211AbjCYPpw (ORCPT ); Sat, 25 Mar 2023 11:45:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231194AbjCYPps (ORCPT ); Sat, 25 Mar 2023 11:45:48 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8139312078 for ; Sat, 25 Mar 2023 08:45:46 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjQbw008049; Sat, 25 Mar 2023 16:45:26 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 4/8] tools/nolibc: add support for stack protector Date: Sat, 25 Mar 2023 16:45:12 +0100 Message-Id: <20230325154516.7995-5-w@1wt.eu> X-Mailer: git-send-email 2.17.5 In-Reply-To: <20230325154516.7995-1-w@1wt.eu> References: <20230325154516.7995-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Wei=C3=9Fschuh This is useful when using nolibc for security-critical tools. Using nolibc has the advantage that the code is easily auditable and sandboxable with seccomp as no unexpected syscalls are used. Using compiler-assistent stack protection provides another security mechanism. For this to work the compiler and libc have to collaborate. This patch adds the following parts to nolibc that are required by the compiler: * __stack_chk_guard: random sentinel value * __stack_chk_fail: handler for detected stack smashes In addition an initialization function is added that randomizes the sentinel value. Only support for global guards is implemented. Register guards are useful in multi-threaded context which nolibc does not provide support for. Link: https://lwn.net/Articles/584225/ Signed-off-by: Thomas Wei=C3=9Fschuh Signed-off-by: Willy Tarreau --- tools/include/nolibc/Makefile | 4 +- tools/include/nolibc/nolibc.h | 1 + tools/include/nolibc/stackprotector.h | 53 +++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 tools/include/nolibc/stackprotector.h diff --git a/tools/include/nolibc/Makefile b/tools/include/nolibc/Makefile index ec57d3932506..9839feafd38a 100644 --- a/tools/include/nolibc/Makefile +++ b/tools/include/nolibc/Makefile @@ -25,8 +25,8 @@ endif =20 nolibc_arch :=3D $(patsubst arm64,aarch64,$(ARCH)) arch_file :=3D arch-$(nolibc_arch).h -all_files :=3D ctype.h errno.h nolibc.h signal.h std.h stdint.h stdio.h st= dlib.h \ - string.h sys.h time.h types.h unistd.h +all_files :=3D ctype.h errno.h nolibc.h signal.h stackprotector.h std.h st= dint.h \ + stdio.h stdlib.h string.h sys.h time.h types.h unistd.h =20 # install all headers needed to support a bare-metal compiler all: headers diff --git a/tools/include/nolibc/nolibc.h b/tools/include/nolibc/nolibc.h index b2bc48d3cfe4..04739a6293c4 100644 --- a/tools/include/nolibc/nolibc.h +++ b/tools/include/nolibc/nolibc.h @@ -104,6 +104,7 @@ #include "string.h" #include "time.h" #include "unistd.h" +#include "stackprotector.h" =20 /* Used by programs to avoid std includes */ #define NOLIBC diff --git a/tools/include/nolibc/stackprotector.h b/tools/include/nolibc/s= tackprotector.h new file mode 100644 index 000000000000..d119cbbbc256 --- /dev/null +++ b/tools/include/nolibc/stackprotector.h @@ -0,0 +1,53 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Stack protector support for NOLIBC + * Copyright (C) 2023 Thomas Wei=C3=9Fschuh + */ + +#ifndef _NOLIBC_STACKPROTECTOR_H +#define _NOLIBC_STACKPROTECTOR_H + +#include "arch.h" + +#if defined(NOLIBC_STACKPROTECTOR) + +#if !defined(__ARCH_SUPPORTS_STACK_PROTECTOR) +#error "nolibc does not support stack protectors on this arch" +#endif + +#include "sys.h" +#include "stdlib.h" + +/* The functions in this header are using raw syscall macros to avoid + * triggering stack protector errors themselves + */ + +__attribute__((weak,noreturn,section(".text.nolibc_stack_chk"))) +void __stack_chk_fail(void) +{ + pid_t pid; + my_syscall3(__NR_write, STDERR_FILENO, "!!Stack smashing detected!!\n", 2= 8); + pid =3D my_syscall0(__NR_getpid); + my_syscall2(__NR_kill, pid, SIGABRT); + for (;;); +} + +__attribute__((weak,noreturn,section(".text.nolibc_stack_chk"))) +void __stack_chk_fail_local(void) +{ + __stack_chk_fail(); +} + +__attribute__((weak,section(".data.nolibc_stack_chk"))) +uintptr_t __stack_chk_guard; + +__attribute__((weak,no_stack_protector,section(".text.nolibc_stack_chk"))) +void __stack_chk_init(void) +{ + my_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_guard)= , 0); + /* a bit more randomness in case getrandom() fails */ + __stack_chk_guard ^=3D (uintptr_t) &__stack_chk_guard; +} +#endif // defined(NOLIBC_STACKPROTECTOR) + +#endif // _NOLIBC_STACKPROTECTOR_H --=20 2.17.5 From nobody Mon Feb 9 10:26:18 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9547C77B60 for ; Sat, 25 Mar 2023 15:45:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231520AbjCYPpz (ORCPT ); Sat, 25 Mar 2023 11:45:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231196AbjCYPps (ORCPT ); Sat, 25 Mar 2023 11:45:48 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 814C312079 for ; Sat, 25 Mar 2023 08:45:46 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjQRv008050; Sat, 25 Mar 2023 16:45:26 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 5/8] tools/nolibc: tests: fold in no-stack-protector cflags Date: Sat, 25 Mar 2023 16:45:13 +0100 Message-Id: <20230325154516.7995-6-w@1wt.eu> X-Mailer: git-send-email 2.17.5 In-Reply-To: <20230325154516.7995-1-w@1wt.eu> References: <20230325154516.7995-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Wei=C3=9Fschuh For the cflags to enable stack protectors to work properly they need to be specified after -fno-stack-protector. To do this fold all cflags into a single variable and move -fno-stack-protector before the arch-specific cflags and another one specific to stack protectors since we don't want to enable them on all archs. Signed-off-by: Thomas Wei=C3=9Fschuh Signed-off-by: Willy Tarreau --- tools/testing/selftests/nolibc/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selfte= sts/nolibc/Makefile index c99bbcda7495..4469dcb0c9d7 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -77,8 +77,9 @@ Q=3D@ endif =20 CFLAGS_s390 =3D -m64 -CFLAGS ?=3D -Os -fno-ident -fno-asynchronous-unwind-tables $(CFLAGS_$(ARC= H)) -CFLAGS +=3D $(call cc-option,-fno-stack-protector) +CFLAGS ?=3D -Os -fno-ident -fno-asynchronous-unwind-tables \ + $(call cc-option,-fno-stack-protector) \ + $(CFLAGS_STKP_$(ARCH)) $(CFLAGS_$(ARCH)) LDFLAGS :=3D -s =20 help: --=20 2.17.5 From nobody Mon Feb 9 10:26:18 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61539C6FD1F for ; Sat, 25 Mar 2023 15:46:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231623AbjCYPp6 (ORCPT ); Sat, 25 Mar 2023 11:45:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229977AbjCYPpt (ORCPT ); Sat, 25 Mar 2023 11:45:49 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8CFEA12589 for ; Sat, 25 Mar 2023 08:45:47 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjQOW008051; Sat, 25 Mar 2023 16:45:26 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 6/8] tools/nolibc: tests: add test for -fstack-protector Date: Sat, 25 Mar 2023 16:45:14 +0100 Message-Id: <20230325154516.7995-7-w@1wt.eu> X-Mailer: git-send-email 2.17.5 In-Reply-To: <20230325154516.7995-1-w@1wt.eu> References: <20230325154516.7995-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Wei=C3=9Fschuh Test the previously introduce stack protector functionality in nolibc. Signed-off-by: Thomas Wei=C3=9Fschuh Signed-off-by: Willy Tarreau --- tools/testing/selftests/nolibc/Makefile | 3 + tools/testing/selftests/nolibc/nolibc-test.c | 62 +++++++++++++++++++- 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selfte= sts/nolibc/Makefile index 4469dcb0c9d7..e516e53775d4 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -76,6 +76,9 @@ else Q=3D@ endif =20 +CFLAGS_STACKPROTECTOR =3D -DNOLIBC_STACKPROTECTOR \ + $(call cc-option,-mstack-protector-guard=3Dglobal) \ + $(call cc-option,-fstack-protector-all) CFLAGS_s390 =3D -m64 CFLAGS ?=3D -Os -fno-ident -fno-asynchronous-unwind-tables \ $(call cc-option,-fno-stack-protector) \ diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/s= elftests/nolibc/nolibc-test.c index fb2d4872fac9..21bacc928bf7 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -667,6 +667,63 @@ int run_stdlib(int min, int max) return ret; } =20 +#if defined(__clang__) +__attribute__((optnone)) +#elif defined(__GNUC__) +__attribute__((optimize("O0"))) +#endif +static int smash_stack(void) +{ + char buf[100]; + + for (size_t i =3D 0; i < 200; i++) + buf[i] =3D 'P'; + + return 1; +} + +static int run_protection(int min, int max) +{ + pid_t pid; + int llen =3D 0, status; + + llen +=3D printf("0 -fstackprotector "); + +#if !defined(NOLIBC_STACKPROTECTOR) + llen +=3D printf("not supported"); + pad_spc(llen, 64, "[SKIPPED]\n"); + return 0; +#endif + + pid =3D -1; + pid =3D fork(); + + switch (pid) { + case -1: + llen +=3D printf("fork()"); + pad_spc(llen, 64, "[FAIL]\n"); + return 1; + + case 0: + close(STDOUT_FILENO); + close(STDERR_FILENO); + + smash_stack(); + return 1; + + default: + pid =3D waitpid(pid, &status, 0); + + if (pid =3D=3D -1 || !WIFSIGNALED(status) || WTERMSIG(status) !=3D SIGAB= RT) { + llen +=3D printf("waitpid()"); + pad_spc(llen, 64, "[FAIL]\n"); + return 1; + } + pad_spc(llen, 64, " [OK]\n"); + return 0; + } +} + /* prepare what needs to be prepared for pid 1 (stdio, /dev, /proc, etc) */ int prepare(void) { @@ -719,8 +776,9 @@ int prepare(void) /* This is the definition of known test names, with their functions */ static const struct test test_names[] =3D { /* add new tests here */ - { .name =3D "syscall", .func =3D run_syscall }, - { .name =3D "stdlib", .func =3D run_stdlib }, + { .name =3D "syscall", .func =3D run_syscall }, + { .name =3D "stdlib", .func =3D run_stdlib }, + { .name =3D "protection", .func =3D run_protection }, { 0 } }; =20 --=20 2.17.5 From nobody Mon Feb 9 10:26:18 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F26C0C6FD1C for ; Sat, 25 Mar 2023 15:46:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231719AbjCYPqI (ORCPT ); Sat, 25 Mar 2023 11:46:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231667AbjCYPp7 (ORCPT ); Sat, 25 Mar 2023 11:45:59 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id ACAA7126D9 for ; Sat, 25 Mar 2023 08:45:54 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjR6D008052; Sat, 25 Mar 2023 16:45:27 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 7/8] tools/nolibc: i386: add stackprotector support Date: Sat, 25 Mar 2023 16:45:15 +0100 Message-Id: <20230325154516.7995-8-w@1wt.eu> X-Mailer: git-send-email 2.17.5 In-Reply-To: <20230325154516.7995-1-w@1wt.eu> References: <20230325154516.7995-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Wei=C3=9Fschuh Enable the new stackprotector support for i386. Signed-off-by: Thomas Wei=C3=9Fschuh Signed-off-by: Willy Tarreau --- tools/include/nolibc/arch-i386.h | 7 ++++++- tools/testing/selftests/nolibc/Makefile | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/include/nolibc/arch-i386.h b/tools/include/nolibc/arch-i= 386.h index e8d0cf545bf1..2d98d78fd3f3 100644 --- a/tools/include/nolibc/arch-i386.h +++ b/tools/include/nolibc/arch-i386.h @@ -181,6 +181,8 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); =20 +#define __ARCH_SUPPORTS_STACK_PROTECTOR + /* startup code */ /* * i386 System V ABI mandates: @@ -188,9 +190,12 @@ const unsigned long *_auxv __attribute__((weak)); * 2) The deepest stack frame should be set to zero * */ -void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) _start(= void) +void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_= protector)) _start(void) { __asm__ volatile ( +#ifdef NOLIBC_STACKPROTECTOR + "call __stack_chk_init\n" // initialize stack protector +#endif "pop %eax\n" // argc (first arg, %eax) "mov %esp, %ebx\n" // argv[] (second arg, %ebx) "lea 4(%ebx,%eax,4),%ecx\n" // then a NULL then envp (third arg, %ecx) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selfte= sts/nolibc/Makefile index e516e53775d4..ab99786c1e94 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -79,6 +79,7 @@ endif CFLAGS_STACKPROTECTOR =3D -DNOLIBC_STACKPROTECTOR \ $(call cc-option,-mstack-protector-guard=3Dglobal) \ $(call cc-option,-fstack-protector-all) +CFLAGS_STKP_i386 =3D $(CFLAGS_STACKPROTECTOR) CFLAGS_s390 =3D -m64 CFLAGS ?=3D -Os -fno-ident -fno-asynchronous-unwind-tables \ $(call cc-option,-fno-stack-protector) \ --=20 2.17.5 From nobody Mon Feb 9 10:26:18 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 641B7C6FD1F for ; Sat, 25 Mar 2023 15:46:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231194AbjCYPqL (ORCPT ); Sat, 25 Mar 2023 11:46:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231735AbjCYPqE (ORCPT ); Sat, 25 Mar 2023 11:46:04 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BBEAD1258E for ; Sat, 25 Mar 2023 08:45:55 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 32PFjRTo008053; Sat, 25 Mar 2023 16:45:27 +0100 From: Willy Tarreau To: "Paul E. McKenney" Cc: linux@weissschuh.net, linux-kernel@vger.kernel.org, Willy Tarreau Subject: [PATCH 8/8] tools/nolibc: x86_64: add stackprotector support Date: Sat, 25 Mar 2023 16:45:16 +0100 Message-Id: <20230325154516.7995-9-w@1wt.eu> X-Mailer: git-send-email 2.17.5 In-Reply-To: <20230325154516.7995-1-w@1wt.eu> References: <20230325154516.7995-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Wei=C3=9Fschuh Enable the new stackprotector support for x86_64. Signed-off-by: Thomas Wei=C3=9Fschuh Signed-off-by: Willy Tarreau --- tools/include/nolibc/arch-x86_64.h | 5 +++++ tools/testing/selftests/nolibc/Makefile | 2 ++ 2 files changed, 7 insertions(+) diff --git a/tools/include/nolibc/arch-x86_64.h b/tools/include/nolibc/arch= -x86_64.h index 17f6751208e7..f7f2a11d4c3b 100644 --- a/tools/include/nolibc/arch-x86_64.h +++ b/tools/include/nolibc/arch-x86_64.h @@ -181,6 +181,8 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); =20 +#define __ARCH_SUPPORTS_STACK_PROTECTOR + /* startup code */ /* * x86-64 System V ABI mandates: @@ -191,6 +193,9 @@ const unsigned long *_auxv __attribute__((weak)); void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) _start(= void) { __asm__ volatile ( +#ifdef NOLIBC_STACKPROTECTOR + "call __stack_chk_init\n" // initialize stack protector +#endif "pop %rdi\n" // argc (first arg, %rdi) "mov %rsp, %rsi\n" // argv[] (second arg, %rsi) "lea 8(%rsi,%rdi,8),%rdx\n" // then a NULL then envp (third arg, %rdx) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selfte= sts/nolibc/Makefile index ab99786c1e94..bbce57420465 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -80,6 +80,8 @@ CFLAGS_STACKPROTECTOR =3D -DNOLIBC_STACKPROTECTOR \ $(call cc-option,-mstack-protector-guard=3Dglobal) \ $(call cc-option,-fstack-protector-all) CFLAGS_STKP_i386 =3D $(CFLAGS_STACKPROTECTOR) +CFLAGS_STKP_x86_64 =3D $(CFLAGS_STACKPROTECTOR) +CFLAGS_STKP_x86 =3D $(CFLAGS_STACKPROTECTOR) CFLAGS_s390 =3D -m64 CFLAGS ?=3D -Os -fno-ident -fno-asynchronous-unwind-tables \ $(call cc-option,-fno-stack-protector) \ --=20 2.17.5