kernel/linux.git/tools/include/nolibc/stackprotector.h, branch v6.19.11

tools/nolibc: add option to disable runtime

2025-10-29T15:29:16+00:00

In principle, it is possible to use nolibc for only some object files in a program. In that case, the startup code in _start and _start_c is not going to be used. Add the NOLIBC_NO_RUNTIME compile time option to disable it entirely and also remove anything that depends on it. Doing this avoids warnings from modpost for UML as the _start_c code references the main function from the .init.text section while it is not inside .init itself. Signed-off-by: Benjamin Berg Signed-off-by: Thomas Weißschuh

tools/nolibc: add prototypes for non-static functions

2025-02-03T19:57:37+00:00

With -Wmissing-prototypes the compiler will warn about non-static functions which don't have a prototype defined. This warning doesn't make much sense for nolibc itself but for user code it is still useful. To pacify the compiler add prototypes next to the function definitions, similar to how it is handled elsewhere in the kernel. Acked-by: Willy Tarreau Link: https://lore.kernel.org/r/20250123-nolibc-prototype-v1-1-e1afc5c1999a@weissschuh.net Signed-off-by: Thomas Weißschuh

tools/nolibc: stackprotector: mark implicitly used symbols as used

2024-08-16T15:23:13+00:00

During LTO the references from the compiler-generated prologue and epilogues to the stack protector symbols are not visible and the symbols are removed. This will then lead to errors during linking. As those symbols are already #ifdeffed-out if unused mark them as "used" to prevent their removal. Acked-by: Willy Tarreau Link: https://lore.kernel.org/r/20240812-nolibc-lto-v2-2-736af7bbefa8@weissschuh.net Signed-off-by: Thomas Weißschuh

tools/nolibc: stackprotector.h: make __stack_chk_init static

2023-08-23T03:17:07+00:00

This allows to generate smaller text/data/dec size. As the _start_c() function added by crt.h, __stack_chk_init() is called from _start_c() instead of the assembly _start. So, it is able to mark it with static now. Reviewed-by: Thomas Weißschuh Signed-off-by: Zhangjin Wu Signed-off-by: Willy Tarreau

tools/nolibc: stackprotector.h: add empty __stack_chk_init for !_NOLIBC_STACKPROTECTOR

2023-08-23T02:40:22+00:00

Let's define an empty __stack_chk_init for the !_NOLIBC_STACKPROTECTOR branch. This allows to remove #ifdef around every call of __stack_chk_init(). Signed-off-by: Zhangjin Wu Signed-off-by: Willy Tarreau

tools/nolibc: fix segfaults on compilers without attribute no_stack_protector

2023-06-09T18:46:08+00:00

Not all compilers, notably GCC < 10, have support for __attribute__((no_stack_protector)). Fall back to a mechanism that also works there. Tested with GCC 9.5.0 from kernel.org crosstools. Signed-off-by: Thomas Weißschuh Signed-off-by: Willy Tarreau Signed-off-by: Paul E. McKenney

tools/nolibc: add autodetection for stackprotector support

2023-06-09T18:46:08+00:00

The stackprotector support in nolibc should be enabled iff it is also enabled in the compiler. Use the preprocessor defines added by gcc and clang if stackprotector support is enable to automatically do so in nolibc. This completely removes the need for any user-visible API. To avoid inlining the lengthy preprocessor check into every user introduce a new header compiler.h that abstracts the logic away. As the define NOLIBC_STACKPROTECTOR is now not user-relevant anymore prefix it with an underscore. Suggested-by: Willy Tarreau Link: https://lore.kernel.org/lkml/20230520133237.GA27501@1wt.eu/ Signed-off-by: Thomas Weißschuh Signed-off-by: Willy Tarreau Signed-off-by: Paul E. McKenney

tools/nolibc: ensure stack protector guard is never zero

2023-06-09T18:46:08+00:00

The all-zero pattern is one of the more probable out-of-bound writes so add a special case to not accidentally accept it. Also it enables the reliable detection of stack protector initialization during testing. Signed-off-by: Thomas Weißschuh Signed-off-by: Willy Tarreau Signed-off-by: Paul E. McKenney

tools/nolibc: use C89 comment syntax

2023-06-09T18:46:07+00:00

Most of nolibc is already using C89 comments. Signed-off-by: Thomas Weißschuh Signed-off-by: Willy Tarreau Signed-off-by: Paul E. McKenney

tools/nolibc: add support for stack protector

2023-03-27T23:26:10+00:00

This is useful when using nolibc for security-critical tools. Using nolibc has the advantage that the code is easily auditable and sandboxable with seccomp as no unexpected syscalls are used. Using compiler-assistent stack protection provides another security mechanism. For this to work the compiler and libc have to collaborate. This patch adds the following parts to nolibc that are required by the compiler: * __stack_chk_guard: random sentinel value * __stack_chk_fail: handler for detected stack smashes In addition an initialization function is added that randomizes the sentinel value. Only support for global guards is implemented. Register guards are useful in multi-threaded context which nolibc does not provide support for. Link: https://lwn.net/Articles/584225/ Signed-off-by: Thomas Weißschuh Signed-off-by: Willy Tarreau Signed-off-by: Paul E. McKenney