From patchwork Tue Mar 8 13:50:54 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nix X-Patchwork-Id: 594221 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 55F5E140662 for ; Wed, 9 Mar 2016 00:54:32 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b=LVtt5WnE; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references; q=dns; s=default; b=K64dVw0wFW35RWdvrh0Wql5tcoh9mBh 8ACM9Bjix/kNyLQES5iMxg8UOtX4HawXw9IDBY8dqkqmIbztJ3d8HoyqO5UJmgoC xwxQFi6VGbf/nidwwSepSQT9amADWm3AjLFEVKOYEelI3d8hJfRbRdA2XvGzgW5r NAOpYYZlLt7o= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references; s=default; bh=xfXoQMqVGhoUG8/byyV0s2NeH1U=; b=LVtt5 WnEJfR4YGq4ohQlyGnMLhP7+F6oZsixyxfkxy5iUq4e5bE/567uhL2efSgUlV3+y 0QyWEPRFnb0iX5TJ3Kji5mMj/wCh+Ak2ptTpM3EG+KtEGtUA5GjuyRVvMXxwX1vU 8jgER8V5O3VVbomDSYcWv9tMKG4tNgjqX4m8P4= Received: (qmail 32655 invoked by alias); 8 Mar 2016 13:54:23 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 32592 invoked by uid 89); 8 Mar 2016 13:54:22 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.4 required=5.0 tests=AWL, BAYES_50, KAM_LAZY_DOMAIN_SECURITY, RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=mapfile, lgcc, rm, Hx-spam-relays-external:sk:mail.es X-HELO: mail.esperi.org.uk From: Nix To: libc-alpha@sourceware.org Subject: [PATCH 08/18] Prevent the rtld mapfile computation from dragging in __stack_chk_fail. Date: Tue, 8 Mar 2016 13:50:54 +0000 Message-Id: <1457445064-7107-9-git-send-email-nix@esperi.org.uk> In-Reply-To: <1457445064-7107-1-git-send-email-nix@esperi.org.uk> References: <1457445064-7107-1-git-send-email-nix@esperi.org.uk> X-DCC--Metrics: spindle 1282; Body=2 Fuz1=2 Fuz2=2 From: Nick Alcock The previous commit prevented rtld itself from being built with -fstack-protector, but this is not quite enough. We identify which objects belong in rtld via a test link and analysis of the resulting mapfile. That link is necessarily done against objects that are stack-protected, so drags in __stack_chk_fail and all the libc and libio code it uses. To stop this happening, use --defsym in the test librtld.map-production link to force the linker to predefine __stack_chk_fail (to 0, but it could be to anything). (In a real link, this would of course be catastrophic, but these object files are never used for anything else.) v2: New. * elf/Makefile (dummy-stack-chk-fail): New. ($(objpfx)librtld.map): Use it. --- elf/Makefile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/elf/Makefile b/elf/Makefile index 0037cca..8f0973d 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -349,9 +349,19 @@ $(objpfx)dl-allobjs.os: $(all-rtld-routines:%=$(objpfx)%.os) # are compiled with special flags, and puts these modules into rtld-libc.a # for us. Then we do the real link using rtld-libc.a instead of libc_pic.a. +# If the compiler can do SSP, build the mapfile with a dummy __stack_chk_fail +# symbol defined, to prevent the real thing being dragged into rtld +# even though rtld is never built with stack-protection. + +ifeq ($(have-ssp),yes) +dummy-stack-chk-fail := -Wl,--defsym='__stack_chk_fail=0' +else +dummy-stack-chk-fail := +endif + $(objpfx)librtld.map: $(objpfx)dl-allobjs.os $(common-objpfx)libc_pic.a @-rm -f $@T - $(reloc-link) -o $@.o '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T + $(reloc-link) -o $@.o $(dummy-stack-chk-fail) '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T rm -f $@.o mv -f $@T $@