<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/61665>61665</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Support stack canaries in LLVM Libc
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          Maximus-
      </td>
    </tr>
</table>

<pre>
    LLVM Libc today doesn't support stack canaries (aka stack protectors, stack cookies, -fstack-protector).

I'm not sure of the full implementation details required, but the tl;dr is:
- On thread creation, fs:0x28 (TLS base + 0x28) should be set to a mostly randomized value.
- Generally this value has the least-significant byte set to 0, so that linear string functions like strlen stop before reading it (in the case where a string is missing a null terminator). This helps preventing leaking the cookie in some cases. 
- Implement `__stack_chk_fail` to handle aborting when the stack cookie is corrupted. The compiler expects this to be there afaiu. 
- Maybe provide a relocatable symbol to tell the linker/loader that nothing else should go at that offset, even though it's been somewhat fixed for ~10 years now. 

In addition, to improve where others are lacking, we should try and put guard pages around TLS, to prevent other regions from being mapped contiguously with TLS. This may be expensive for some consumers that create a lot of threads, so we may need an opt-out. But we can judge the performance characteristics once we get there. TLS should be randomized as well, but I think this is already the case. 




</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJxsVUFv4zgP_TXOhUjgKImTHnL4-g26GKCDPcxgrwVt0bYmsuQVqaTew_72Be2k0wX2EhcU9fTI98gis-sC0bk4PBeHLyvM0sd0_obvbsi8XtXRTufX1z--waurG5BocQIbiUNhjgKcxzEmARZsLtBgwOSIoTAnvOA9OqYo1EhMXJj_PzJjvDiaA-t2Dq0_0grztCnKL0X5v-X3a2GOA4SoryWC2IL0BG32HtwwehooCIqLASwJOs-Q6M_sElmFr7PM-eKL3bNN4LjY3YHX8HsA6ROhhSbRjKFXWk0p381J6_jx-h1qZILCPIMGC_ME3MfsLdQETAISAWGILH6ChMHGwf1FFq7oM20eT_1GgRJ6P4H0jpdD6JFncp6QZa1KuNY1GATqST7Ay7lvEaRHAe8CYQKW5EIHbQ6N0mbw7kIa9RSAJY5QUxsTgVanmU60Ghfm9xot6NZTIsAHlGMYHLP-iRC0u0JpcAHvksAP5d2THxnGRFcKorme8KLfGXZWFVwAjsPyCm_g0YGvD7GgqMq3t1n1t6a_vLXofFGVWmqPwXoCrGOa0W89LYw_20apNjGlPApZ5aUvD6PzlIDeR2qElyZLVIlkqbNFl3-R-YZTTWrNq7PahEQ-NihYewKehjp6vS2kbVCBXLhQKsyLj2gpLVKEKL2SJM_0sEQXAWU5jm3LJKqdNgukj7nrwUlhjgw10dKlm6a27p0stDHB39sSJsLEEOLtQfc-BwHQWvdwqUS1f4rXh5JRC2XAROCxUVE07fZBTdIEGCyMWaDLmCyM2JFeiDlY-PH6_Q57V3cBhETdbLA2xQFq0oIHHEey0MQgrssxs5_g5qRXjLtPBpy09ypHYHelubjFFTFwHpTp3KV58FQBH2WZbXUs3y1_oxkpEFnAAHGUdcyygecsetZggJ_ZdrPIMFJqYxowNARNjwkboeRYXMMQNXgj6EgWQ2yU7KdB_jS4yHAj7x_b46uaKVwWSzkG9Mpw-hikf6v0-Xdlzzv7tHvCFZ231fGpKne73XHVn7dmvzcttWZbnaqDqarmUG3rbXNo6uP2ZE4rdzal2ZU7szOlOR2Om2pXbvdP7b7d704tnY7FvqQBnd94fx02MXUrx5zpXG2r6rDyWJPneacbE-gG82FhjK74dNY76zp3XOxL71j4F4o48XT-_t9r3QX4-Fewysmfe5Fx3qfmpTAvnZM-15smDjoo_vr46Gr_SY0U5mXmwYV5mXn-EwAA__8iBDho">