From patchwork Sun Feb 21 22:31:37 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nix X-Patchwork-Id: 585890 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 73F5014032A for ; Mon, 22 Feb 2016 09:32:00 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b=tCEn6uhD; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:references:date:in-reply-to :message-id:mime-version:content-type; q=dns; s=default; b=egCAV gXdym2OAXnTZLrRCpynaVqYRmnqhqYuI03ClO9eWl7oIPptiqubg3Ezok1ZM7lam 9XpozAQbeGTCbYir8zLCHZpXyfDqwcVsWqBrfkrcAzidmFfV+Z6Ibrr+DbcNIDBD 0kL1QhpHRuZ3Ya76ikNHkLzGizLGmCuxgNTEuE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:references:date:in-reply-to :message-id:mime-version:content-type; s=default; bh=9+7DQtvnsem yvC1Z5ADeg11OUbc=; b=tCEn6uhDE5AfMHso6pI6ipaa5iWTytCtC8/lPcr6z0V XfHoziXELqFCGIt6ChKkFjzk5zZD+RkPAh67tsQsLgI+GqlFYFh62VcR0hDFkYb2 E/Dh8qcutbUvsXanBJoPP3wrlBz3aqyyKhxRZBD6ETKFq2zJ1MW+tK+rQdpN4sjw = Received: (qmail 118324 invoked by alias); 21 Feb 2016 22:31:53 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 118312 invoked by uid 89); 21 Feb 2016 22:31:52 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.8 required=5.0 tests=BAYES_50, KAM_LAZY_DOMAIN_SECURITY, UNPARSEABLE_RELAY autolearn=no version=3.3.2 spammy=overcome, differentiate, 6026, xno X-HELO: userp1040.oracle.com From: Nix To: Joseph Myers Cc: , Subject: Re: [PATCH 01/12] Configury support for --enable-stack-protector. References: <1455963826-21885-1-git-send-email-nix@esperi.org.uk> <1455963826-21885-2-git-send-email-nix@esperi.org.uk> Date: Sun, 21 Feb 2016 22:31:37 +0000 In-Reply-To: (Joseph Myers's message of "Sat, 20 Feb 2016 17:30:20 +0000") Message-ID: <8737sln19y.fsf@esperi.org.uk> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 On 20 Feb 2016, Joseph Myers spake thusly: > Any patch adding a new configure option should also document it in > install.texi and regenerate INSTALL. Like this? (Assuming that using multiple @items in succession like that is sensible. If there's a better way to delineate possible options in a way that the reader can match up with the -fstack-protector options described below, please susgest it.) (I haven't included the INSTALL regeneration here, because when I try to do it I end up with half of INSTALL getting re-word-wrapped, with massive numbers of spurious changes that have nothing to do with the stanza I've added. Is a particular version of texinfo required for this to work?) 8>---------------------------------------------------------------<8 From: Nick Alcock This adds =all and =strong, with obvious semantics, and with a rather arbitrarily-chosen default off, which we might well want to change to something stronger once this patch has been tested by people other than me. We don't validate the value of the option yet: that's in a later patch. Nor do we use it for anything at this stage. We differentiate between 'the compiler understands -fstack-protector' and 'the user wanted -fstack-protector' so that we can pass -fno-stack-protector in appropriate places even if the user didn't want to turn on -fstack-protector for other parts. (This helps us overcome another existing limitation, that glibc doesn't work with GCC's hacked to pass in -fstack-protector by default.) We might want to add another configuration option to turn on -fstack-protector for nscd and other network-facing operations by default, but for now I've stuck with one option to control everything. --- configure.ac | 61 +++++++++++++++++++++++++++++++++++------------------ manual/install.texi | 12 +++++++++++ 2 files changed, 53 insertions(+), 20 deletions(-) diff --git a/configure.ac b/configure.ac index 3c766b7..61bf882 100644 --- a/configure.ac +++ b/configure.ac @@ -232,6 +232,18 @@ AC_ARG_ENABLE([bind-now], [bindnow=no]) AC_SUBST(bindnow) +dnl Build glibc with -fstack-protector, -fstack-protector-all, or +dnl -fstack-protector-strong. +AC_ARG_ENABLE([stack-protector], + AC_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@], + [Detect stack overflows in glibc functions, either with local buffers (yes), or with those plus arrays (strong), or all functions (all)]), + [enable_stack_protector=$enableval], + [enable_stack_protector=no]) +case x"$enable_stack_protector" in + xall|xyes|xno|xstrong) ;; + *) AC_MSG_ERROR([Not a valid argument for --enable-stack-protector]);; +esac + dnl On some platforms we cannot use dynamic loading. We must provide dnl static NSS modules. AC_ARG_ENABLE([static-nss], @@ -602,6 +614,35 @@ fi test -n "$base_machine" || base_machine=$machine AC_SUBST(base_machine) +AC_CACHE_CHECK(for -fstack-protector, libc_cv_ssp, [dnl +LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector], + [libc_cv_ssp=yes], + [libc_cv_ssp=no]) +]) + +AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl +LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong], + [libc_cv_ssp_strong=yes], + [libc_cv_ssp_strong=no]) +]) + +AC_CACHE_CHECK(for -fstack-protector-all, libc_cv_ssp_all, [dnl +LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-all], + [libc_cv_ssp_all=yes], + [libc_cv_ssp_all=no]) +]) + +stack_protector= +if test x$enable_stack_protector = xyes && test $libc_cv_ssp = yes; then + stack_protector=-fstack-protector +elif test x$enable_stack_protector = xall && test $libc_cv_ssp_all = yes; then + stack_protector=-fstack-protector-all +elif test x$enable_stack_protector = xstrong && test $libc_cv_ssp_strong = yes; then + stack_protector=-fstack-protector-strong +fi +AC_SUBST(libc_cv_ssp) +AC_SUBST(stack_protector) + # For the multi-arch option we need support in the assembler & linker. AC_CACHE_CHECK([for assembler and linker STT_GNU_IFUNC support], libc_cv_ld_gnu_indirect_function, [dnl @@ -1389,26 +1430,6 @@ else fi AC_SUBST(fno_unit_at_a_time) -AC_CACHE_CHECK(for -fstack-protector, libc_cv_ssp, [dnl -LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector], - [libc_cv_ssp=yes], - [libc_cv_ssp=no]) -]) - -AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl -LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong], - [libc_cv_ssp_strong=yes], - [libc_cv_ssp_strong=no]) -]) - -stack_protector= -if test "$libc_cv_ssp_strong" = "yes"; then - stack_protector="-fstack-protector-strong" -elif test "$libc_cv_ssp" = "yes"; then - stack_protector="-fstack-protector" -fi -AC_SUBST(stack_protector) - AC_CACHE_CHECK(whether cc puts quotes around section names, libc_cv_have_section_quotes, [cat > conftest.c <