@@ -369,9 +369,22 @@ $(objpfx)dl-allobjs.os: $(all-rtld-routines:%=$(objpfx)%.os)
# are compiled with special flags, and puts these modules into rtld-libc.a
# for us. Then we do the real link using rtld-libc.a instead of libc_pic.a.
+# If the compiler can do SSP, build the mapfile with dummy __stack_chk_fail
+# and __stack_chk_fail_local symbols defined, to prevent the real things
+# being dragged into rtld even though rtld is never built with stack-
+# protection.
+
+ifeq ($(have-ssp),yes)
+dummy-stack-chk-fail := -Wl,--defsym='__stack_chk_fail=0' \
+ -Wl,--defsym='__stack_chk_fail_local=0'
+else
+dummy-stack-chk-fail :=
+endif
+
$(objpfx)librtld.map: $(objpfx)dl-allobjs.os $(common-objpfx)libc_pic.a
@-rm -f $@T
- $(reloc-link) -o $@.o '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T
+ $(reloc-link) -o $@.o $(dummy-stack-chk-fail) \
+ '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T
rm -f $@.o
mv -f $@T $@
From: Nick Alcock <nick.alcock@oracle.com> The previous commit prevented rtld itself from being built with -fstack-protector, but this is not quite enough. We identify which objects belong in rtld via a test link and analysis of the resulting mapfile. That link is necessarily done against objects that are stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail, and all the libc and libio code they use. To stop this happening, use --defsym in the test librtld.map-production link to force the linker to predefine these two symbols (to 0, but it could be to anything). (In a real link, this would of course be catastrophic, but these object files are never used for anything else.) v2: New. v6: Dummy out stack_chk_fail_local too. v7: Fix word-wrapping. * elf/Makefile (dummy-stack-chk-fail): New. ($(objpfx)librtld.map): Use it. --- elf/Makefile | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-)