LLVM "Stack Clash" Compiler Protection Is Under Review

Written by Michael Larabel in Linux Security on 14 October 2019 at 07:29 AM EDT. Add A Comment
LINUX SECURITY
Two years after the "Stack Clash" vulnerability came to light, the LLVM compiler is working on adding protection against it similar to the GCC compiler mitigation.

The Stack Clash vulnerability pertains to clashing/smashing another program's stack while circumventing existing stack protections at the time. Stack Clash opens up the door to memory corruption and arbitrary code execution. Linux x86/x86_64 wasn't the only one affected but also the BSDs and Solaris. Those unfamiliar with it or wanting to refresh your memory of it can do so via this Qualys blog post with the firm having discovered this vulnerability.

The GCC compiler promptly added -fstack-clash-protection as an option to protect the stack against stack clash attacks by having automatic probing of each page of allocated stacks. Besides the compiler-based protection, Stack Clash is also mitigated by a Glibc fix and also increasing the kernel's stack guard gap size to make the attack more difficult.

Given the increasing use of LLVM/Clang for compiling system software on multiple platforms, the LLVM Clang compiler is now finally on the heels of offering the same protection.

LLVM's stack clash protection is currently seeking code reviews and would be exposed through the same -fstack-clash-protection switch. Those interested in the addition can find more details under the current patch review. If all goes well hopefully this will make it into the LLVM 10 release due out early next year.
Add A Comment
Related News
Linux BHI Mitigation Being Tweaked Following 12% Database Performance Hit
Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations
Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Linux 6.9 Sees Further Security Hardening
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"