• Ard Biesheuvel's avatar
    gcc-plugins: arm_ssp_per_task_plugin: fix for GCC 9+ · 2c88c742
    Ard Biesheuvel authored
    GCC 9 reworks the way the references to the stack canary are
    emitted, to prevent the value from being spilled to the stack
    before the final comparison in the epilogue, defeating the
    purpose, given that the spill slot is under control of the
    attacker that we are protecting ourselves from.
    
    Since our canary value address is obtained without accessing
    memory (as opposed to pre-v7 code that will obtain it from a
    literal pool), it is unlikely (although not guaranteed) that
    the compiler will spill the canary value in the same way, so
    let's just disable this improvement when building with GCC9+.
    Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    2c88c742
arm_ssp_per_task_plugin.c 2.82 KB