Re: [edk2-devel] Problems building some Arm platforms (__stack_chk_guard/__stack_chk_fail, _GLOBAL_OFFSET_TABLE_)

["Ard Biesheuvel" <ardb@kernel.org>]

On Wed, 24 Aug 2022 at 13:05, Pedro Falcato <pedro.falcato@gmail.com> wrote:
>
> Hi,
>
> So, what's your suggestion? Do you want me to add that to my package as well?
>
> There is obviously a huge problem with EDK2 build tools not knowing what a damn runtime library is.

The real problem here is that someone decided that, instead of
implementing proper support for PE/COFF executables in binutils and
GCC [for certain architectures: most notably ARM and arm64 today, but
also Itanium], it is OK to use a toolchain that targets an entirely
different execution environment (ELF on Linux, for example), and hack
some scaffolding around its output looks like PE/COFF to the extent
required by EFI.

Of course, this entirely falls apart with any kind of runtime library:
this also affects memcpy() and memset(), for instance, and on ARM32, a
slew of __aeabi_xxx runtime routines that the architecture specifies
for ELF targets. And we cannot actually use the toolchain provided
versions either, as they may contain syscalls or other codegen that
depends on the toolchain's target ABI.

> I personally don't think it's appropriate for me to say "I want my package built with the stack protector", particularly because my package shouldn't know what a damn stack protector is, and whoever is building it knows best, and because of that this should be dealt with by the build system itself (and no, setting it up in a platform dsc isn't a correct approach, since my package should be buildable standalone). And what if someone doesn't want the stack protector? Do they just create a new AARCH64_GCC5_NOSSP toolchain and build it with that? Do they just sed AARCH64_GCC5 to use -fno-stack-protector? Do they just limit themselves to toolchains without default SSP? IMO the correct way to go about things is to have the build tools automatically insert dependencies on runtime libraries and have a way to tag a toolchain such that you can easily selectively enable instrumentation (such as the SSP, UBSAN, ASAN, etc) and build them in any combination.
>

In my opinion, adding stack protector support like this was a mistake.
What we need is a single intrinsics library, where every
arch/toolchain combo can provide all the stuff that might be needed.
If structured correctly (i.e., use separate objects and rely on LD
garbage collection), this will only pull in the code that is actually
needed at link time, and will get rid of these errors.

As for overriding the use of the stack protector: this can be done
from a DSC file, by appending -f[no]-stack-protector to the global CC
flags. In general, choice of compiler options is a DSC level choice,
so it is not something you typically need to worry about at the
package level.

Building the *SAN pieces like this requires extensive runtime support
anyway, and so I don't see those being supported soon - someone needs
to port the runtime library first.

> Anyway, </rant>. I'll defer to your experience with the EDK2 build system for a solution.
>

I propose adding the library class resolution to the DSC - it will
only take effect when the stack protector is actually enabled. Then,
if you feel generous, you can add a DEFINE that can be set from the
build command line to control stack protector support, but I
personally wouldn't bother.