Closed Bug 1374344 Opened 7 years ago Closed 2 years ago

Investigate Clang SafeStack

Categories

(Firefox Build System :: General, enhancement, P3)

Product:
Firefox Build System
Component:
General
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: sec-want)

Maybe this is something we could add to --enable-hardening https://clang.llvm.org/docs/SafeStack.html
Product: Core → Firefox Build System
"Certain code that relies on low-level stack manipulations requires adaption to work with SafeStack. One example is mark-and-sweep garbage collection implementations for C/C++ (e.g., Oilpan in chromium/blink), which must be changed to look for the live pointers on both safe and unsafe stacks." "At the moment, compiling dynamic libraries with SafeStack is not supported." The latter seems to make it mostly useless for our purposes?
Priority: -- → P3
Severity: normal → S3

The SafeStack documentation now states: "Linking a DSO with SafeStack is not currently supported." So building shared objects with SafeStack is supported, its just that the SafeStack runtime must be linked into the main firefox executable.
I first tried to build the js-shell only; with some minor changes all but one jit-tests succeed. Compiling the whole browser with SafeStack completes but there are some issues in the startup process (seems related to signal handlers or longjmps).
The chromium folks decided against shipping the mitigation: https://bugs.chromium.org/p/chromium/issues/detail?id=908597#c1
If you're still considering to deploy the mitigation I'd further investigate the startup problems.

Given the investigation done by Chrome; progress made with CET and that hardware starting to get into peoples hands, and the likelihood that clang will eventually drop this feature itself, seems like a No.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.