Patchwork [1-2/12] New configure option --enable-espf=(all|ssp|pie|no)

login
register
mail settings
Submitter Magnus Granberg
Date Sept. 7, 2012, 2:03 p.m.
Message ID <1847698.P25PdQuT3z@laptop1.gw.ume.nu>
Download mbox | patch
Permalink /patch/182402/
State New
Headers show

Comments

Magnus Granberg - Sept. 7, 2012, 2:03 p.m.
Hi

This new configure option will add some preprocessor, compiler or link command 
options as default. The default options will be -D_FORTIFY_SOURCE, -Wformat, -
Wformat-security, -fPIE -pie and -fstack-protector. Depending on what is 
passed to --enable-espf=, ssp, pie, no, or all of them, will be turned on or 
off. Enable Stack protector, Position independent executable and Fortify_source 
is abbreviated as "espf". Gentoo (Hardened) uses all the options by default 
and Ubuntu use some of them as defaut. It have been testing on 86_64-unknown-
linux-gnu and 20120902 snapshot. I will add more target when tested.

Patch: configure.ac.patch
Add the new confiure options and add some new checks.

Patch: Makefile.in.patch
Will add -fno-stack-protector, -fno-PIE to needed flags and pass enable-espf to 
the testsuite.

Gentoo Hardened project
Magnus Granberg

Changelog
2012-08-24	Magnus Granberg <zorry@gentoo.org

		* configure.ac				Add new configure options espf.
		* Makefile.in				Add -fno-stack-protector when 
		  needed for espf.
	gcc/
		* configure.ac			Add new configure options espf.
		* Makefile.in			Add -fno-PIE  when needed for
		  espf.
		* config.in				Add ENABLE_ESPF, 
		  ENABLE_ESPF_FORTIFY, ENABLE_ESPF_PIE and
		  ENABLE_ESPF_SSP.
		* config/linux.h			Define ESPF_GCC_PIE_SPEC, 
		  ESPF_GCC_SSP_SPEC, ESPF_CPP_UNIQUE_OPTIONS_SPEC,
		  ESPF_DRIVER_SELF_SPECS and ESPF_EXTRA_SPECS.
		* config/i386/linux.h 		Define DRIVER_SELF_SPECS.
		* config/i386/linux64.h	Likewise.
		* config/i386/gnu-user.h	Add ESPF_EXTRA_SPECS to
		  SUBTARGET_EXTRA_SPECS when needed.
		* config/i386/i386.h		Likewise.
		* gcc.c				Add espf_cpp_unique_options
		  to cpp_unique_options when needed.
		* c-family/c-common.c	Enable warn_format when espf is 
		  enable.
		* c-family/c-format.c	Enable warn_format_security when
		  needed by espf.
	libgcc/
		* libgcc/Makefile.in		Add -fno-PIE  when needed for
		  espf.

2012-08-26	Magnus Granberg <zorry@gentoo.org>
			Kees Cook <kees@ubuntu.com>

	gcc/doc/
		* invoke.texi		Add notes to -Wformat,
		  -Wformat-security, -O2, -fstack-protector, -fPIE and
		  -pie for espf.
		* install.texi		Add new configure options

2012-08-26	Magnus Granberg <zorry@gentoo.org>
			Kees Cook <kees@ubuntu.com>

	gcc/testsuite
		* gcc.dg/charset/builtin2.c		Add 
		  -Wno-format when effective_target is espf.
		* gcc.dg/format/format.exp		Likewise.
		* gcc.dg/pr30473.c			Likewise.
		* gcc.dg/pr38902.c			Likewise.
		* gcc.dg/ipa/ipa-sra-1.c		Likewise.
		* gcc.dg/torture/tls/tls-test.c	Likewise.
		* g++.dg/abi/pragma-pack1.C	Likewise.
		* g++.dg/cpp0x/constexpr-tuple.C	Likewise.
		* lib/target-supports.exp	Add
		  check_effective_target_espf.
		* gcc.c-torture/execute/memset-1.x	New file
		* gcc.c-torture/execute/vprintf-chk-1.x		Likewise.
		* gcc.c-torture/execute/vfprintf-chk-1.x	Likewise.
		* gcc.dg/stack-usage-1.c		Add -fno-stack-protector
		  when effective_target is espf.
		* gcc.dg/superblock.c			Likewise.
		* gcc.dg/20021014-1.c		Add -fno-PIE when
		  effective_target is espf.
		* gcc.dg/nest.c				Likewise.
		* gcc.dg/nested-func-4.c		Likewise.
		* gcc.dg/pr32450.c			Likewise.
		* gcc.dg/pr43643.c			Likewise.
		* g++.dg/other/anon5.C		Likewise.
		* g++.old-deja/g++.law/profile1.C	Likewise.
		* gcc.dg/tree-ssa/ssa-store-ccp-3.c	Skip the test.

2012-08-27	Magnus Granberg <zorry@gentoo.org>
			Kees Cook <kees@ubuntu.com>

	gcc/testsuite/
		PR 39537
		* g++.dg/ext/align1.C		Remove printf
		* g++.old-deja/g++.law/operators28.C	Fix format-string/type.
		* gcc.dg/torture/matrix-2.c			Likewise.
		* gcc.dg/packed-vla.c				Likewise.
		* g++.dg/opt/alias2.C				Likewise.
		* g++.old-deja/g++.abi/vbase1.C		Likewise.
		* g++.old-deja/g++.brendan/template8.C	Likewise.
		* g++.old-deja/g++.eh/ptr1.C				Likewise.
		* g++.old-deja/g++.jason/access23.C		Likewise.
		* g++.old-deja/g++.law/cvt8.C			Likewise.
		* g++.old-deja/g++.mike/net35.C			Likewise.
		* g++.old-deja/g++.mike/offset1.C			Likewise.
		* g++.old-deja/g++.mike/p12306.C			Likewise.
		* g++.old-deja/g++.mike/p3579.C			Likewise.
		* g++.old-deja/g++.mike/p3708a.C			Likewise.
		* g++.old-deja/g++.mike/p3708b.C			Likewise.
		* g++.old-deja/g++.mike/p3708.C			Likewise.
		* g++.old-deja/g++.mike/p646.C			Likewise.
		* g++.old-deja/g++.mike/p710.C			Likewise.
		* g++.old-deja/g++.mike/p789a.C			Likewise.
		* g++.old-deja/g++.mike/pmf2.C			Likewise.
		* g++.old-deja/g++.mike/temp.C			Likewise.
		* g++.old-deja/g++.other/temporary1.C		Likewise.
		* g++.old-deja/g++.other/virtual8.C		Likewise.
		* g++.old-deja/g++.pt/memtemp23.C		Likewise.
		* g++.old-deja/g++.pt/memtemp24.C		Likewise.
		* g++.old-deja/g++.pt/memtemp25.C		Likewise.
		* g++.old-deja/g++.pt/memtemp26.C		Likewise.
		* g++.old-deja/g++.pt/t39.C				Likewise.
		* g++.old-deja/g++.robertl/eb17.C			Likewise.

---
Joseph S. Myers - Sept. 7, 2012, 6:52 p.m.
On Fri, 7 Sep 2012, Magnus Granberg wrote:

> 		* Makefile.in				Add -fno-stack-protector when 
> 		  needed for espf.

Toplevel Makefile.in is a generated file.  You need to patch Makefile.def 
or Makefile.tpl and regenerate Makefile.in.

I'm surprised this passes bootstrap, since I wouldn't expect bootstrap to 
avoid -Wformat-security warnings, and all the previous patch submissions I 
recall to avoid such warnings have been incorrect (you can't just change 
error (msg) to error ("%s", msg) when the reason the code is written how 
it is is that no-argument formats such as %< and %> may appear in msg and 
need interpreting).

Patch

--- a/Makefile.in	2012-01-02 11:59:04.000000000 +0100
+++ b/Makefile.in	2012-06-29 00:11:30.886010145 +0200
@@ -362,9 +362,17 @@  WINDRES_FOR_BUILD = @WINDRES_FOR_BUILD@
 BUILD_PREFIX = @BUILD_PREFIX@
 BUILD_PREFIX_1 = @BUILD_PREFIX_1@
 
+# Disable SSP on BOOT_CFLAGS, LIBCFLAGS and LIBCXXFLAGS
+enable_espf = @enable_espf@
+ifeq ($(enable_espf),yes)
+ESPF_NOSSP_CFLAGS = -fno-stack-protector
+else
+ESPF_NOSSP_CFLAGS=
+endif
+
 # Flags to pass to stage2 and later makes.  They are defined
 # here so that they can be overridden by Makefile fragments.
-BOOT_CFLAGS= -g -O2
+BOOT_CFLAGS= -g -O2 $(ESPF_NOSSP_CFLAGS)
 BOOT_LDFLAGS=
 BOOT_ADAFLAGS=-gnatpg -gnata
 
@@ -410,9 +418,9 @@  GNATMAKE = @GNATMAKE@
 
 CFLAGS = @CFLAGS@
 LDFLAGS = @LDFLAGS@
-LIBCFLAGS = $(CFLAGS)
+LIBCFLAGS = $(CFLAGS) $(ESPF_NOSSP_CFLAGS)
 CXXFLAGS = @CXXFLAGS@
-LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates
+LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates $(ESPF_NOSSP_CFLAGS)
 GOCFLAGS = $(CFLAGS)
 
 TFLAGS =
--- a/gcc/Makefile.in	2012-02-11 09:50:23.000000000 +0100
+++ b/gcc/Makefile.in	2012-06-29 00:07:45.230003420 +0200
@@ -973,14 +973,23 @@  LIBFUNCS_H = libfuncs.h $(HASHTAB_H)
 # cross compiler which does not use the native headers and libraries.
 INTERNAL_CFLAGS = -DIN_GCC @CROSS@
 
+# We don't want to compile the compiler with -fPIE, it make PCH fail.
+enable_espf = @enable_espf@
+ifeq ($(enable_espf),yes)
+ESPF_NOPIE_CFLAGS = -fno-PIE
+else
+ESPF_NOPIE_CFLAGS=
+endif
+
 # This is the variable actually used when we compile. If you change this,
 # you probably want to update BUILD_CFLAGS in configure.ac
-ALL_CFLAGS = $(T_CFLAGS) $(CFLAGS-$@) \
+ALL_CFLAGS = $(ESPF_NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \
   $(CFLAGS) $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(WARN_CFLAGS) @DEFS@
 
 # The C++ version.
-ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \
-  $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) $(WARN_CXXFLAGS) @DEFS@
+ALL_CXXFLAGS =$(ESPF_NOPIE_CFLAGS)  $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \
+  $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) \
+  $(WARN_CXXFLAGS) @DEFS@
 
 # Likewise.  Put INCLUDES at the beginning: this way, if some autoconf macro
 # puts -I options in CPPFLAGS, our include files in the srcdir will always
@@ -1815,6 +1824,7 @@  libgcc.mvars: config.status Makefile spe
 	echo GCC_CFLAGS = '$(GCC_CFLAGS)' >> tmp-libgcc.mvars
 	echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars
 	echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars
+	echo enable_espf = '$(enable_espf)' >> tmp-libgcc.mvars
 
 	mv tmp-libgcc.mvars libgcc.mvars
 
@@ -4893,6 +4903,9 @@  site.exp: ./config.status Makefile
 	@if test "@enable_lto@" = "yes" ; then \
 	  echo "set ENABLE_LTO 1" >> ./site.tmp; \
 	fi
+	@if test "@enable_espf@" = "yes" ; then \
+	  echo "set ENABLE_ESPF 1" >> ./site.tmp; \
+	fi
 # If newlib has been configured, we need to pass -B to gcc so it can find
 # newlib's crt0.o if it exists.  This will cause a "path prefix not used"
 # message if it doesn't, but the testsuite is supposed to ignore the message -
--- a/libgcc/Makefile.in	2011-11-22 04:01:02.000000000 +0100
+++ b/libgcc/Makefile.in	2012-06-29 00:15:04.534016511 +0200
@@ -275,11 +275,16 @@  override CFLAGS := $(filter-out -fprofil
 INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \
 		  $(INCLUDES) @set_have_cc_tls@ @set_use_emutls@
 
+ifeq ($(enable_espf),yes)
+ESPF_NOPIE_CFLAGS = -fno-PIE
+else
+ESPF_NOPIE_CFLAGS=
+endif
 # Options to use when compiling crtbegin/end.
 CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \
   -finhibit-size-directive -fno-inline -fno-exceptions \
   -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \
-  -fno-stack-protector \
+  -fno-stack-protector $(ESPF_NOPIE_CFLAGS) \
   $(INHIBIT_LIBC_CFLAGS)
 
 # Extra flags to use when compiling crt{begin,end}.o.