@@ -55,7 +55,9 @@ with-fp = @with_fp@
enable-timezone-tools = @enable_timezone_tools@
unwind-find-fde = @libc_cv_gcc_unwind_find_fde@
have-fpie = @libc_cv_fpie@
+have-ssp = @libc_cv_ssp@
stack-protector = @stack_protector@
+no-stack-protector = @no_stack_protector@
have-selinux = @have_selinux@
have-libaudit = @have_libaudit@
have-libcap = @have_libcap@
@@ -45,6 +45,11 @@ before-compile += $(objpfx)version-info.h
tests := tst-empty tst-atomic tst-atomic-long
tests-static := tst-empty
+CFLAGS-.o += $(no-stack-protector)
+CFLAGS-.og += $(no-stack-protector)
+CFLAGS-.op += $(no-stack-protector)
+CFLAGS-.os += $(no-stack-protector)
+
ifeq (yes,$(build-shared))
extra-objs += S$(start-installed-name) gmon-start.os
ifneq ($(start-installed-name),$(static-start-installed-name))
@@ -99,6 +99,10 @@ CFLAGS-getusershell.c = -fexceptions
CFLAGS-err.c = -fexceptions
CFLAGS-tst-tsearch.c = $(stack-align-test-flags)
+# Called during static library initialization.
+CFLAGS-sbrk.c = $(no-stack-protector)
+CFLAGS-brk.c = $(no-stack-protector)
+
include ../Rules
$(objpfx)libg.a: $(dep-dummy-lib); $(make-dummy-lib)
@@ -298,6 +298,7 @@ static bool __nptl_initial_report_events __attribute_used__;
#ifndef SHARED
void
+inhibit_stack_protector
__pthread_initialize_tcb_internal (void)
{
/* Unlike in the dynamically linked case the dynamic linker has not
From: Nick Alcock <nick.alcock@oracle.com> The startup code in csu/, brk() and sbrk(), and the __pthread_initialize_tcb_internal() function we just introduced are needed very early in initialization of a statically-linked program, before the stack guard is initialized. Mark all of these as -fno-stack-protector. We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both substituted by the configury changes made earlier, to detect the case when -fno-stack-protector is supported by the compiler, and unconditionally pass it in when this is the case, whether or not --enable-stack-protector is passed to configure. (This means that it'll even work when the compiler's been hacked to pass -fstack-protector by default, unless the hackage is so broken that it does so in a way that is impossible to override.) (At one point we marked __libc_fatal() as non-stack-protected too, but this was pointless: all it did was call other routines which *are* stack-protected. The earliest __libc_fatal() call is in the DL_SYSDEP_OSCHECK hook on some platforms, when statically linking: this is fine, since it is after TLS and stack-canary initialization. I have tested invocation of programs statically and dynamically linked against this glibc on older kernels on x86 and ARM, and they still "work", i.e. fail with the appropriate message.) v2: No longer mark memcpy() as -fno-stack-protector. v3: Use $(no-stack-protector). v4: use inhibit_stack_protector rather than de-protecting all of nptl-init.c. --- config.make.in | 2 ++ csu/Makefile | 5 +++++ misc/Makefile | 4 ++++ nptl/nptl-init.c | 1 + 4 files changed, 12 insertions(+)