Message ID | 1457882222-22599-5-git-send-email-nix@esperi.org.uk |
---|---|
State | New |
Headers | show |
On 13 Mar 2016 15:16, Nix wrote: > We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both @no_stack_protector@ > --- a/csu/Makefile > +++ b/csu/Makefile > > +CFLAGS-.o += $(no-stack-protector) > +CFLAGS-.og += $(no-stack-protector) > +CFLAGS-.op += $(no-stack-protector) > +CFLAGS-.os += $(no-stack-protector) is there a format you're trying to avoid ? *.oS ? could use a comment. > --- a/misc/Makefile > +++ b/misc/Makefile > > +# Called during static library initialization. > +CFLAGS-sbrk.o = $(no-stack-protector) > +CFLAGS-sbrk.op = $(no-stack-protector) > +CFLAGS-sbrk.og = $(no-stack-protector) > +CFLAGS-brk.o = $(no-stack-protector) > +CFLAGS-brk.op = $(no-stack-protector) > +CFLAGS-brk.og = $(no-stack-protector) same here -mike
On 10 Apr 2016, Mike Frysinger outgrape: > On 13 Mar 2016 15:16, Nix wrote: >> We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both > > @no_stack_protector@ > >> --- a/csu/Makefile >> +++ b/csu/Makefile >> >> +CFLAGS-.o += $(no-stack-protector) >> +CFLAGS-.og += $(no-stack-protector) >> +CFLAGS-.op += $(no-stack-protector) >> +CFLAGS-.os += $(no-stack-protector) > > is there a format you're trying to avoid ? *.oS ? Not particularly. If CFLAGS on its own works, I could use that. >> --- a/misc/Makefile >> +++ b/misc/Makefile >> >> +# Called during static library initialization. >> +CFLAGS-sbrk.o = $(no-stack-protector) >> +CFLAGS-sbrk.op = $(no-stack-protector) >> +CFLAGS-sbrk.og = $(no-stack-protector) >> +CFLAGS-brk.o = $(no-stack-protector) >> +CFLAGS-brk.op = $(no-stack-protector) >> +CFLAGS-brk.og = $(no-stack-protector) > > same here Now this is .os-avoidance. I assumed the mention of static library initialization was sufficient, but I could add ', so turn it off for non-.os' or something if you like.
On 10 Apr 2016, nix@esperi.org.uk said: > On 10 Apr 2016, Mike Frysinger outgrape: > >> On 13 Mar 2016 15:16, Nix wrote: >>> We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both >> >> @no_stack_protector@ >> >>> --- a/csu/Makefile >>> +++ b/csu/Makefile >>> >>> +CFLAGS-.o += $(no-stack-protector) >>> +CFLAGS-.og += $(no-stack-protector) >>> +CFLAGS-.op += $(no-stack-protector) >>> +CFLAGS-.os += $(no-stack-protector) >> >> is there a format you're trying to avoid ? *.oS ? > > Not particularly. If CFLAGS on its own works, I could use that. It doesn't. We have to explicitly name the lot. (*.oS is not affected by this, which is the only reason I'm not naming it...)
diff --git a/config.make.in b/config.make.in index 05ed6ec..9afd4ff 100644 --- a/config.make.in +++ b/config.make.in @@ -55,7 +55,9 @@ with-fp = @with_fp@ enable-timezone-tools = @enable_timezone_tools@ unwind-find-fde = @libc_cv_gcc_unwind_find_fde@ have-fpie = @libc_cv_fpie@ +have-ssp = @libc_cv_ssp@ stack-protector = @stack_protector@ +no-stack-protector = @no_stack_protector@ have-selinux = @have_selinux@ have-libaudit = @have_libaudit@ have-libcap = @have_libcap@ diff --git a/csu/Makefile b/csu/Makefile index 31e8bb9..22afe67 100644 --- a/csu/Makefile +++ b/csu/Makefile @@ -45,6 +45,11 @@ before-compile += $(objpfx)version-info.h tests := tst-empty tst-atomic tst-atomic-long tests-static := tst-empty +CFLAGS-.o += $(no-stack-protector) +CFLAGS-.og += $(no-stack-protector) +CFLAGS-.op += $(no-stack-protector) +CFLAGS-.os += $(no-stack-protector) + ifeq (yes,$(build-shared)) extra-objs += S$(start-installed-name) gmon-start.os ifneq ($(start-installed-name),$(static-start-installed-name)) diff --git a/misc/Makefile b/misc/Makefile index d7bbc85..e3062f8 100644 --- a/misc/Makefile +++ b/misc/Makefile @@ -99,6 +99,14 @@ CFLAGS-getusershell.c = -fexceptions CFLAGS-err.c = -fexceptions CFLAGS-tst-tsearch.c = $(stack-align-test-flags) +# Called during static library initialization. +CFLAGS-sbrk.o = $(no-stack-protector) +CFLAGS-sbrk.op = $(no-stack-protector) +CFLAGS-sbrk.og = $(no-stack-protector) +CFLAGS-brk.o = $(no-stack-protector) +CFLAGS-brk.op = $(no-stack-protector) +CFLAGS-brk.og = $(no-stack-protector) + include ../Rules $(objpfx)libg.a: $(dep-dummy-lib); $(make-dummy-lib) diff --git a/nptl/nptl-init.c b/nptl/nptl-init.c index a4626be..2775d14 100644 --- a/nptl/nptl-init.c +++ b/nptl/nptl-init.c @@ -298,6 +298,7 @@ static bool __nptl_initial_report_events __attribute_used__; #ifndef SHARED void +inhibit_stack_protector __pthread_initialize_tcb_internal (void) { /* Unlike in the dynamically linked case the dynamic linker has not
From: Nick Alcock <nick.alcock@oracle.com> The startup code in csu/, brk() and sbrk(), and the __pthread_initialize_tcb_internal() function we just introduced are needed very early in initialization of a statically-linked program, before the stack guard is initialized. Mark all of these as -fno-stack-protector. We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both substituted by the configury changes made earlier, to detect the case when -fno-stack-protector is supported by the compiler, and unconditionally pass it in when this is the case, whether or not --enable-stack-protector is passed to configure. (This means that it'll even work when the compiler's been hacked to pass -fstack-protector by default, unless the hackage is so broken that it does so in a way that is impossible to override.) (At one point we marked __libc_fatal() as non-stack-protected too, but this was pointless: all it did was call other routines which *are* stack-protected. The earliest __libc_fatal() call is in the DL_SYSDEP_OSCHECK hook on some platforms, when statically linking: this is fine, since it is after TLS and stack-canary initialization. I have tested invocation of programs statically and dynamically linked against this glibc on older kernels on x86 and ARM, and they still "work", i.e. fail with the appropriate message.) v2: No longer mark memcpy() as -fno-stack-protector. v3: Use $(no-stack-protector). v4: Use inhibit_stack_protector rather than de-protecting all of nptl-init.c. v5: Don't stack-protect brk() and sbrk() in the shared library. * config.make.in (have-ssp): New. (no-stack-protector): New. * csu/Makefile (CFLAGS-.o): Use it. (CFLAGS-.og): Likewise. (CFLAGS-.op): Likewise. (CFLAGS-.os): Likewise. * misc/Makefile (CFLAGS-sbrk.o): Likewise. (CFLAGS-sbrk.op): Likewise. (CFLAGS-sbrk.og): Likewise. (CFLAGS-brk.o): Likewise. (CFLAGS-brk.op): Likewise. (CFLAGS-brk.og): Likewise. * nptl/nptl-init.c [!SHARED] (__pthread_initialize_tcb_internal): Likewise. --- config.make.in | 2 ++ csu/Makefile | 5 +++++ misc/Makefile | 8 ++++++++ nptl/nptl-init.c | 1 + 4 files changed, 16 insertions(+)