Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Stephen Fuld Newsgroups: comp.arch Subject: Re: Constant Stack Canaries Date: Mon, 31 Mar 2025 10:57:35 -0700 Organization: A noiseless patient Spider Lines: 67 Message-ID: References: <4cf60b5fd8b785feb07a67a823cc349d@www.novabbs.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Mon, 31 Mar 2025 19:57:36 +0200 (CEST) Injection-Info: dont-email.me; posting-host="c8648c9284880e9de4e5dd63c8ff0216"; logging-data="692817"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Yx5N1ZOV92sIyxNEHV9BXshRKuKeAz5U=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:bw8aEpoL3Fdhg9Bf1HCwXb8vgsU= Content-Language: en-US In-Reply-To: Bytes: 3924 On 3/31/2025 10:17 AM, BGB wrote: > On 3/31/2025 11:04 AM, Stephen Fuld wrote: >> On 3/30/2025 1:14 PM, MitchAlsup1 wrote: >>> On Sun, 30 Mar 2025 17:47:59 +0000, BGB wrote: >>> >>>> On 3/30/2025 7:16 AM, Robert Finch wrote: >>>>> Just got to thinking about stack canaries. I was going to have a >>>>> special >>>>> purpose register holding the canary value for testing while the >>>>> program >>>>> was running. But I just realized today that it may not be needed. >>>>> Canary >>>>> values could be handled by the program loader as constants, >>>>> eliminating >>>>> the need for a register. Since the value is not changing while the >>>>> program is running, it could easily be a constant. This may require a >>>>> fixup record handled by the assembler / linker to indicate to the >>>>> loader >>>>> to place a canary value. >>>>> >>>>> Prolog code would just store an immediate to the stack. On return a >>>>> TRAP >>>>> instruction could check for the immediate value and trap if not >>>>> present. >>>>> But the process seems to require assembler / linker support. >>>>> >>>> >>>> They are mostly just a normal compiler feature IME: >>>>    Prolog stores the value; >>>>    Epilog loads it and verifies that the value is intact. >>> >>> Agreed. >> >> I'm glad you, Mitch, chimed in here.  When I saw this, it occurred to >> me that this could be done automatically by the hardware (optionally, >> based on a bit in a control register).   The CALL instruction would >> store magic value, and the RET instruction would test it.  If there >> was not a match, an exception would be generated.  The value itself >> could be something like the clock value when the program was >> initiated, thus guaranteeing uniqueness. >> >> The advantage over the software approach, of course, is the >> elimination of several instructions in each prolog/epilog, reducing >> footprint, and perhaps even time as it might be possible to overlap >> some of the processing with the other things these instructions do. >> The downside is more hardware and perhaps extra overhead. >> >> Does this make sense?  What have I missed. >> > > This would seem to imply an ISA where CALL/RET push onto the stack or > similar, rather than the (more common for RISC's) strategy of copying PC > into a link register... Sorry, you're right. I should have said, in the context of Mitch's My 66000, the ENTER and EXIT instructions. > Another option being if it could be a feature of a Load/Store Multiple. The nice thing about the ENTER/EXIT is that they combine the store multiple (ENTER) and the load multiple and return control (EXIT). -- - Stephen Fuld (e-mail address disguised to prevent spam)