[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] pv-grub will cause page fault if build with flag -fstack-protector

On Tue, 2013-04-16 at 12:10 +0100, Samuel Thibault wrote:
> Ian Campbell, le Tue 16 Apr 2013 10:47:18 +0100, a Ãcrit :
> > On Tue, 2013-04-16 at 10:34 +0100, Chunyan Liu wrote:
> > > We asked for Jan's opinion whether we can remove the flag or there
> > > isn't a problem with stubdom overwriting something on the stack . Jan
> > > viewed it as a mistake use of flag:
> > > > I generally view it as a mistake enforce certain kinds of
> > > (intrusive) flags onto builds of code that may assume to have full
> > > control of everything (e.g. kernel like, which stubdom clearly is).
> > > 
> > > I wonder if there is other opinion?
> > 
> > I agree with Jan.
> mini-os, which stubdoms are based on, explicitly tries to disable
> stack-protector, see extras/mini-os/minios.mk

OK, so I guess that is just broken in the face of whatever the suse rpms
are doing.

> > > I checked the objdump of problem pv-grub, the page fault place is in
> > > xc_interface_open_common, the detail line is a line inserted by
> > > -fstack-protector (see 0x404bb in following):
> > 
> > If you wanted to get really advanced you could implement stack protector
> > support for mini-os. I've no idea how hard that would be though.
> Actually we can't really support it, because the code introduced by
> gcc, which typically uses fs: or gs: adressing, is host-dependent, i.e.
> depending on being built on linux, or on freebsd, etc. mini-os would
> have to behave differently because the code introduced by gcc behaves
> differently... 

I didn't know about this. Does this not affect the hypervisor itself
too? I don't see any stack protector disabling going on there. Maybe I'm
looking in the wrong places.

> The solution would be to use a separate host triplet, but
> we ended up avoiding doing it due to the introduced complexity.

Right. I've occasionally flirted with implementing the separate triplet
but it's a lot of pieces to get right (binutils etc etc).


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.