LLVM Finally Buttoning Up Its Stack-Clash Protection For x86 CPUs

Written by Michael Larabel in LLVM on 8 February 2020 at 12:09 AM EST. Add A Comment
LLVM
It's been nearly three years since the Stack Clash vulnerability was really tossed into the spotlight while such vulnerabilities have existed longer. Now finally in 2020, the LLVM compiler stack -- and years after GCC's mitigation -- is preparing its stack clash protection.

Since last autumn there has been stack clash protection under review for LLVM. This solution is similar to GCC's and exposes the same -fstack-clash-protection flag. When this stack clash protection feature is enabled on LLVM x86/x86_64, inline stack probing is used. "Probe stack allocation every PAGE_SIZE during frame lowering or dynamic allocation to make sure the page guard, if any, is touched when touching the stack, in a similar manner to GCC. This extends the existing `probe-stack' mechanism with a special value `inline-asm'. Technically the former uses function call before stack allocation while this patch provides inlined stack probes and chunk allocation."

Red Hat had engineered GCC's stack clash protection back during summer 2017.

The stack-clash protection code was finally merged today to the LLVM code-base, but quickly reverted thereafter for breaking macOS and Windows builds as well as separately breaking Arm builds. Hopefully the corrected code will land soon.

The LLVM stack-clash protection support can be tracked via this ticket.

UPDATE: The reworked stack clash protection has now landed in LLVM only to then be reverted yet again over test failures.
Add A Comment
Related News
Proposal Raised To Deprecate "-Ofast" For The LLVM/Clang Compiler
LLVM's BOLT Being Adapted To Analyze Security Hardening Of Binaries
LLVM/Clang 18.1 Released With Intel AVX10.1 Work, Adds Clearwater Forest & Panther Lake
Meta Continues Working On BOLT'ing The Linux Kernel For Greater Performance
LLVM/Clang Can Work Fine As A GCC Replacement For Linux Distributions
LLVM 18.1-rc1 Released For Enabling New Intel CPU Features, More C23 & C++23
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
systemd Rolling Out "run0" As sudo Alternative
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Ubuntu 24.04 LTS Downloads Now Available
Proton 9.0 RC2 Makes More Windows Games Playable On Linux, Other Fixes