From patchwork Thu Jul  2 23:01:51 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Magnus Granberg <zorry@gentoo.org>
X-Patchwork-Id: 490831
Return-Path: 
 <gcc-patches-return-401909-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4B2DB1402A3
	for <incoming@patchwork.ozlabs.org>;
	Fri,  3 Jul 2015 09:02:28 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b=JPMatcIt; dkim-atps=neutral
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:to:subject:date:message-id:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=X8zehS35azK6ricG
	0dOnCfkLA2xWwyGkWQHJBPmeyXP3DUb5WWCWoa2SHn2GsEG1PW5VowwxCWns2SSa
	LSuVQpFl0sZc7X8N49cnkeJ4zCOX3H0KfFyu/7PGQNSi7PJIqbwl3kNjqztqo9IS
	W9OJTuiKeRwyF5+tRRxgFs3M268=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:to:subject:date:message-id:mime-version:content-type
	:content-transfer-encoding; s=default; bh=gSz4sTcvD1lx1M5WW3SM9l
	XqKOo=; b=JPMatcIteIeCKQrp9egJdQGqxV9f52YZ19fzPL0OgIDMqSBqNX4/pN
	ZxReLZB6SokfPfgknWB0NARxtYkYbmHRqpGrkyWfNaDLpin2BNUE9NV/Bk0sgoAr
	0x4uaJOwqln50inGPZYAKLvrxyD7APkRvyltlopyVHRye0S8dSfRk=
Received: (qmail 112778 invoked by alias); 2 Jul 2015 23:02:21 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 112769 invoked by uid 89); 2 Jul 2015 23:02:20 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL, BAYES_50,
	RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2
X-HELO: smtp.gentoo.org
Received: from smtp.gentoo.org (HELO smtp.gentoo.org) (140.211.166.183) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with
	(AES256-GCM-SHA384 encrypted) ESMTPS;
	Thu, 02 Jul 2015 23:02:18 +0000
Received: from laptop1.gw.ume.nu (ip1-67.bon.riksnet.se
	[77.110.8.67])	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA
	(256/256 bits))	(No client certificate
	requested)	(Authenticated sender: zorry)	by smtp.gentoo.org
	(Postfix) with ESMTPSA id B9B5234092D	for
	<gcc-patches@gcc.gnu.org>; Thu,  2 Jul 2015 23:02:16 +0000 (UTC)
From: Magnus Granberg <zorry@gentoo.org>
To: gcc-patches@gcc.gnu.org
Subject: [PATCH] New configure option to default enable Smart Stack
	Protection
Date: Fri, 03 Jul 2015 01:01:51 +0200
Message-ID: <39898046.VMObuEqk0e@laptop1.gw.ume.nu>
X-KMail-Dictionary: sv
User-Agent: KMail/4.14.6 (Linux/3.17.7-hardened-r1; KDE/4.14.7; x86_64; ; )
MIME-Version: 1.0
X-IsSubscribed: yes

Hi
Working on a patch that enable Smart Stack Protection as default.
I still miss docs and testcase for the patch. I need you ides and help.

/Magnus G.

--- a/gcc/configure.ac	2014-12-05 00:53:24.000000000 +0100
+++ b/gcc/configure.ac	2015-06-08 23:27:11.744348211 +0200
@@ -5221,6 +5119,25 @@ if test x$gcc_cv_libc_provides_ssp = xye
 	    [Define if your target C library provides stack protector support])
 fi
 
+# Check whether --enable-default-ssp was given.
+AC_ARG_ENABLE(default-ssp,
+[AS_HELP_STRING([--enable-default-ssp],
+  [enable Smart Stack Protection as default])],
+if test x$gcc_cv_libc_provides_ssp = xyes; then
+  case "$target" in
+    ia64*-*-*) enable_default_ssp=no ;;
+    *) enable_default_ssp=$enableval ;;
+  esac
+else
+  enable_default_ssp=no
+fi,
+enable_default_ssp=no)
+if test x$enable_default_ssp == xyes ; then
+  AC_DEFINE(ENABLE_DEFAULT_SSP, 1,
+      [Define if your target supports default STACK-PROTECTOR and it is enabled.])
+fi
+AC_SUBST([enable_default_ssp])
+
 # Test for <sys/sdt.h> on the target.
 GCC_TARGET_TEMPLATE([HAVE_SYS_SDT_H])
 AC_MSG_CHECKING(sys/sdt.h in the target C library)
--- a/gcc/defaults.h	2014-11-01 09:13:09.000000000 +0100
+++ b/gcc/defaults.h	2015-06-08 22:43:18.764269749 +0200
@@ -1263,6 +1263,18 @@ see the files COPYING3 and COPYING.RUNTI
 #define STACK_SIZE_MODE word_mode
 #endif
 
+/* Default value for flag_stack_protect when flag_stack_protect is initialized to -1:
+   --enable-default-ssp: Default flag_stack_protect to -fstack-protector-strong.
+   --disable-default-ssp: Default flag_stack_protect to 0.
+ */
+#ifdef ENABLE_DEFAULT_SSP
+# ifndef DEFAULT_FLAG_SSP
+#  define DEFAULT_FLAG_SSP 3
+# endif
+#else
+# define DEFAULT_FLAG_SSP 0
+#endif
+
 /* Provide default values for the macros controlling stack checking.  */
 
 /* The default is neither full builtin stack checking...  */
--- a/gcc/common.opt	2014-10-28 11:33:04.000000000 +0100
+++ b/gcc/common.opt	2015-06-08 22:41:30.114266512 +0200
@@ -2054,15 +2054,15 @@ Common RejectNegative Joined Var(common_
 -fstack-limit-symbol=<name>	Trap if the stack goes past symbol <name>
 
 fstack-protector
-Common Report Var(flag_stack_protect, 1)
+Common Report Var(flag_stack_protect, 1) Init(-1)
 Use propolice as a stack protection method
 
 fstack-protector-all
-Common Report RejectNegative Var(flag_stack_protect, 2)
+Common Report RejectNegative Var(flag_stack_protect, 2) Init(-1)
 Use a stack protection method for every function
 
 fstack-protector-strong
-Common Report RejectNegative Var(flag_stack_protect, 3)
+Common Report RejectNegative Var(flag_stack_protect, 3) Init(-1)
 Use a smart stack protection method for certain functions
 
 fstack-protector-explicit
-Common Report RejectNegative Var(flag_stack_protect, 4)
+Common Report RejectNegative Var(flag_stack_protect, 4) Init(-1)
 Use stack protection method only for functions with the stack_protect attribute
 
 fstack-usage
--- a/gcc/opts.c	2014-10-28 11:33:04.000000000 +0100
+++ b/gcc/opts.c	2015-06-27 01:06:48.670870534 +0200
@@ -739,6 +740,1 @@ finish_options (struct gcc_options *opts
	   opts->x_flag_opts_finished = true;
	 }
 
+  /* We initialize opts->x_flag_stack_protect to -1 so that targets
+      can set a default value.  */
+  if (opts->x_flag_stack_protect == -1)
+    opts->x_flag_stack_protect = DEFAULT_FLAG_SSP;
+
   if (opts->x_optimize == 0)
     {
       /* Inlining does not work if not optimizing,