[3/3] Build libc-start with stack protector for SHARED

Message ID	20210310101400.3904724-4-siddhesh@sourceware.org
State	New
Headers	show Return-Path: <libc-alpha-bounces@sourceware.org> DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 326ED3870850 sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 5BBFC642776; Wed, 10 Mar 2021 10:14:26 +0000 (UTC) sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a30.g.dreamhost.com (Postfix) with ESMTPSA id 769A67E6B7; Wed, 10 Mar 2021 02:14:24 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH 3/3] Build libc-start with stack protector for SHARED Date: Wed, 10 Mar 2021 15:44:00 +0530 Message-Id: <20210310101400.3904724-4-siddhesh@sourceware.org> In-Reply-To: <20210310101400.3904724-1-siddhesh@sourceware.org> References: <20210310101400.3904724-1-siddhesh@sourceware.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: list From: Siddhesh Poyarekar via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Siddhesh Poyarekar <siddhesh@sourceware.org> Cc: fweimer@redhat.com Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org>
Series	Clean up stack-protector-all build \| expand [v2,0/3] Clean up stack-protector-all build [1/3] Add inhibit_stack_protector to ifuncmain9 [BZ #25680] [2/3] Build get-cpuid-feature-leaf.c without stack-protector [BZ #27555] [3/3] Build libc-start with stack protector for SHARED

Message ID

20210310101400.3904724-4-siddhesh@sourceware.org

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 326ED3870850
To: libc-alpha@sourceware.org
Subject: [PATCH 3/3] Build libc-start with stack protector for SHARED
Date: Wed, 10 Mar 2021 15:44:00 +0530
Message-Id: <20210310101400.3904724-4-siddhesh@sourceware.org>
In-Reply-To: <20210310101400.3904724-1-siddhesh@sourceware.org>
References: <20210310101400.3904724-1-siddhesh@sourceware.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: list
From: Siddhesh Poyarekar via Libc-alpha <libc-alpha@sourceware.org>
Reply-To: Siddhesh Poyarekar <siddhesh@sourceware.org>
Cc: fweimer@redhat.com
Errors-To: libc-alpha-bounces@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org>

Series

Clean up stack-protector-all build | expand

Commit Message

Siddhesh Poyarekar March 10, 2021, 10:14 a.m. UTC

This does not change the emitted code since __libc_start_main does not
return, but is important for formal flags compliance.

This also cleans up the cosmetic inconsistency in the stack protector
flags in csu, especially the incorrect value of STACK_PROTECTOR_LEVEL.
---
 Makeconfig   |  8 ++++++++
 csu/Makefile | 22 ++++++++++++----------
 elf/Makefile |  4 ----
 3 files changed, 20 insertions(+), 14 deletions(-)

Comments

Adhemerval Zanella March 15, 2021, 2 p.m. UTC | #1

On 10/03/2021 07:14, Siddhesh Poyarekar via Libc-alpha wrote:
> This does not change the emitted code since __libc_start_main does not
> return, but is important for formal flags compliance.
> 
> This also cleans up the cosmetic inconsistency in the stack protector
> flags in csu, especially the incorrect value of STACK_PROTECTOR_LEVEL.

LGTM, thanks.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

> ---
>  Makeconfig   |  8 ++++++++
>  csu/Makefile | 22 ++++++++++++----------
>  elf/Makefile |  4 ----
>  3 files changed, 20 insertions(+), 14 deletions(-)
> 
> diff --git a/Makeconfig b/Makeconfig
> index 0a4811b5e5..01f8638c2e 100644
> --- a/Makeconfig
> +++ b/Makeconfig
> @@ -856,6 +856,14 @@ ifneq ($(stack-protector),)
>  +stack-protector=$(stack-protector)
>  endif
>  
> +# Some routines are unsafe to build with stack-protection since they're called
> +# before the stack check guard is set up.  Provide a way to disable stack
> +# protector.  The first argument is the extension (.o, .os, .oS) and the second
> +# is a list of routines that this path should be applied to.
> +define elide-stack-protector
> +$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
> +endef
> +
>  # This is the program that generates makefile dependencies from C source files.
>  # The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy
>  # targets for headers so that removed headers don't break the build.


Ok.

> diff --git a/csu/Makefile b/csu/Makefile
> index e587434be8..3054329cea 100644
> --- a/csu/Makefile
> +++ b/csu/Makefile
> @@ -45,18 +45,20 @@ install-lib = $(start-installed-name) g$(start-installed-name) $(csu-dummies)
>  # code is compiled with special flags.
>  tests =
>  
> -CFLAGS-.o += $(no-stack-protector)
> -CFLAGS-.op += $(no-stack-protector)
> -CFLAGS-.os += $(no-stack-protector)
> -
> -# Dummy object not actually used for anything.  It is linked into
> -# crt1.o nevertheless, which in turn is statically linked into
> +# static-reloc.os is a dummy object not actually used for anything.  It is
> +# linked into crt1.o nevertheless, which in turn is statically linked into
>  # applications, so that build flags matter.
>  # See <https://sourceware.org/ml/libc-alpha/2018-07/msg00101.html>.
> -# NB: Using $(stack-protector) in this way causes a wrong definition
> -# STACK_PROTECTOR_LEVEL due to the preceding $(no-stack-protector),
> -# but it does not matter for this source file.
> -CFLAGS-static-reloc.os += $(stack-protector)

Ok.

> +#
> +# libc-start.os is safe to be built with stack protector since
> +# __libc_start_main is called after stack canary setup is done.
> +ssp-safe.os = static-reloc libc-start
> +
> +CFLAGS-.o += $(call elide-stack-protector,.o,$(routines))
> +CFLAGS-.op += $(call elide-stack-protector,.op,$(routines))
> +CFLAGS-.oS += $(call elide-stack-protector,.oS,$(routines))
> +CFLAGS-.os += $(call elide-stack-protector,.os,$(filter-out \
> +						 $(ssp-safe.os),$(routines)))
>  
>  ifeq (yes,$(build-shared))
>  extra-objs += S$(start-installed-name) gmon-start.os

Ok.

> diff --git a/elf/Makefile b/elf/Makefile
> index b06bf6ca20..285d9f2f3c 100644
> --- a/elf/Makefile
> +++ b/elf/Makefile
> @@ -83,10 +83,6 @@ endif
>  # Also compile all routines in the static library that are elided from
>  # the shared libc because they are in libc.a in the same way.
>  
> -define elide-stack-protector
> -$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
> -endef
> -
>  CFLAGS-.o += $(call elide-stack-protector,.o,$(elide-routines.os))
>  CFLAGS-.op += $(call elide-stack-protector,.op,$(elide-routines.os))
>  CFLAGS-.os += $(call elide-stack-protector,.os,$(all-rtld-routines))
> 

Ok.

diff --git a/Makeconfig b/Makeconfig
index 0a4811b5e5..01f8638c2e 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -856,6 +856,14 @@  ifneq ($(stack-protector),)
 +stack-protector=$(stack-protector)
 endif
 
+# Some routines are unsafe to build with stack-protection since they're called
+# before the stack check guard is set up.  Provide a way to disable stack
+# protector.  The first argument is the extension (.o, .os, .oS) and the second
+# is a list of routines that this path should be applied to.
+define elide-stack-protector
+$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
+endef
+
 # This is the program that generates makefile dependencies from C source files.
 # The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy
 # targets for headers so that removed headers don't break the build.
diff --git a/csu/Makefile b/csu/Makefile
index e587434be8..3054329cea 100644
--- a/csu/Makefile
+++ b/csu/Makefile
@@ -45,18 +45,20 @@  install-lib = $(start-installed-name) g$(start-installed-name) $(csu-dummies)
 # code is compiled with special flags.
 tests =
 
-CFLAGS-.o += $(no-stack-protector)
-CFLAGS-.op += $(no-stack-protector)
-CFLAGS-.os += $(no-stack-protector)
-
-# Dummy object not actually used for anything.  It is linked into
-# crt1.o nevertheless, which in turn is statically linked into
+# static-reloc.os is a dummy object not actually used for anything.  It is
+# linked into crt1.o nevertheless, which in turn is statically linked into
 # applications, so that build flags matter.
 # See <https://sourceware.org/ml/libc-alpha/2018-07/msg00101.html>.
-# NB: Using $(stack-protector) in this way causes a wrong definition
-# STACK_PROTECTOR_LEVEL due to the preceding $(no-stack-protector),
-# but it does not matter for this source file.
-CFLAGS-static-reloc.os += $(stack-protector)
+#
+# libc-start.os is safe to be built with stack protector since
+# __libc_start_main is called after stack canary setup is done.
+ssp-safe.os = static-reloc libc-start
+
+CFLAGS-.o += $(call elide-stack-protector,.o,$(routines))
+CFLAGS-.op += $(call elide-stack-protector,.op,$(routines))
+CFLAGS-.oS += $(call elide-stack-protector,.oS,$(routines))
+CFLAGS-.os += $(call elide-stack-protector,.os,$(filter-out \
+						 $(ssp-safe.os),$(routines)))
 
 ifeq (yes,$(build-shared))
 extra-objs += S$(start-installed-name) gmon-start.os
diff --git a/elf/Makefile b/elf/Makefile
index b06bf6ca20..285d9f2f3c 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -83,10 +83,6 @@  endif
 # Also compile all routines in the static library that are elided from
 # the shared libc because they are in libc.a in the same way.
 
-define elide-stack-protector
-$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
-endef
-
 CFLAGS-.o += $(call elide-stack-protector,.o,$(elide-routines.os))
 CFLAGS-.op += $(call elide-stack-protector,.op,$(elide-routines.os))
 CFLAGS-.os += $(call elide-stack-protector,.os,$(all-rtld-routines))

[3/3] Build libc-start with stack protector for SHARED

Commit Message

Comments

Patch