@@ -55,7 +55,9 @@ with-fp = @with_fp@
enable-timezone-tools = @enable_timezone_tools@
unwind-find-fde = @libc_cv_gcc_unwind_find_fde@
have-fpie = @libc_cv_fpie@
+have-ssp = @libc_cv_ssp@
stack-protector = @stack_protector@
+no-stack-protector = @no_stack_protector@
have-selinux = @have_selinux@
have-libaudit = @have_libaudit@
have-libcap = @have_libcap@
@@ -45,6 +45,11 @@ before-compile += $(objpfx)version-info.h
tests := tst-empty tst-atomic tst-atomic-long
tests-static := tst-empty
+CFLAGS-.o += $(no-stack-protector)
+CFLAGS-.og += $(no-stack-protector)
+CFLAGS-.op += $(no-stack-protector)
+CFLAGS-.os += $(no-stack-protector)
+
ifeq (yes,$(build-shared))
extra-objs += S$(start-installed-name) gmon-start.os
ifneq ($(start-installed-name),$(static-start-installed-name))
@@ -99,6 +99,15 @@ CFLAGS-getusershell.c = -fexceptions
CFLAGS-err.c = -fexceptions
CFLAGS-tst-tsearch.c = $(stack-align-test-flags)
+# Called during static library initialization, so turn stack-protection
+# off for non-shared builds.
+CFLAGS-sbrk.o = $(no-stack-protector)
+CFLAGS-sbrk.op = $(no-stack-protector)
+CFLAGS-sbrk.og = $(no-stack-protector)
+CFLAGS-brk.o = $(no-stack-protector)
+CFLAGS-brk.op = $(no-stack-protector)
+CFLAGS-brk.og = $(no-stack-protector)
+
include ../Rules
$(objpfx)libg.a: $(dep-dummy-lib); $(make-dummy-lib)
@@ -298,6 +298,7 @@ static bool __nptl_initial_report_events __attribute_used__;
#ifndef SHARED
void
+inhibit_stack_protector
__pthread_initialize_tcb_internal (void)
{
/* Unlike in the dynamically linked case the dynamic linker has not
From: Nick Alcock <nick.alcock@oracle.com> The startup code in csu/, brk() and sbrk(), and the __pthread_initialize_tcb_internal() function we just introduced are needed very early in initialization of a statically-linked program, before the stack guard is initialized. Mark all of these as -fno-stack-protector. We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both substituted by the configury changes made earlier, to detect the case when -fno-stack-protector is supported by the compiler, and unconditionally pass it in when this is the case, whether or not --enable-stack-protector is passed to configure. (This means that it'll even work when the compiler's been hacked to pass -fstack-protector by default, unless the hackage is so broken that it does so in a way that is impossible to override.) (At one point we marked __libc_fatal() as non-stack-protected too, but this was pointless: all it did was call other routines which *are* stack-protected. The earliest __libc_fatal() call is in the DL_SYSDEP_OSCHECK hook on some platforms, when statically linking: this is fine, since it is after TLS and stack-canary initialization. I have tested invocation of programs statically and dynamically linked against this glibc on older kernels on x86 and ARM, and they still "work", i.e. fail with the appropriate message.) v2: No longer mark memcpy() as -fno-stack-protector. v3: Use $(no-stack-protector). v4: Use inhibit_stack_protector rather than de-protecting all of nptl-init.c. v5: Don't stack-protect brk() and sbrk() in the shared library. v7: Add comment in misc/Makefile. Commit message tweak. * config.make.in (have-ssp): New. (no-stack-protector): New. * csu/Makefile (CFLAGS-.o): Use it. (CFLAGS-.og): Likewise. (CFLAGS-.op): Likewise. (CFLAGS-.os): Likewise. * misc/Makefile (CFLAGS-sbrk.o): Likewise. (CFLAGS-sbrk.op): Likewise. (CFLAGS-sbrk.og): Likewise. (CFLAGS-brk.o): Likewise. (CFLAGS-brk.op): Likewise. (CFLAGS-brk.og): Likewise. * nptl/nptl-init.c [!SHARED] (__pthread_initialize_tcb_internal): Likewise. --- config.make.in | 2 ++ csu/Makefile | 5 +++++ misc/Makefile | 9 +++++++++ nptl/nptl-init.c | 1 + 4 files changed, 17 insertions(+)