From: Nix <nix@esperi.org.uk>
To: libc-alpha@sourceware.org
Subject: [PATCH 11/14] Work even with compilers hacked to enable -fstack-protector by default.
Date: Wed, 24 Feb 2016 23:29:00 -0000 [thread overview]
Message-ID: <1456356500-25601-12-git-send-email-nix@esperi.org.uk> (raw)
In-Reply-To: <1456356500-25601-1-git-send-email-nix@esperi.org.uk>
From: Nick Alcock <nick.alcock@oracle.com>
With all the machinery we just added, we can easily arrange to work even
when the compiler passes in -fstack-protector automatically: all the
necessary bits of glibc are always compiled with -fno-stack-protector
now.
So tear out the check in configure, and add appropriate calls to
-fno-stack-protector in tests that need them (largely those that use
-nostdlib), since we don't yet have a __stack_chk_fail() that those
tests can rely upon. (GCC often provides one, but we cannot rely on
this, especially not when bootstrapping.)
v2: No longer pass in -lssp to anything.
---
aclocal.m4 | 6 ++---
configure.ac | 74 +++++++++++++++++++-----------------------------------------
2 files changed, 26 insertions(+), 54 deletions(-)
diff --git a/aclocal.m4 b/aclocal.m4
index 3d64f77..6902155 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -141,7 +141,7 @@ int _start (void) { return 0; }
int __start (void) { return 0; }
$1
EOF
-AS_IF([AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -o conftest
+AS_IF([AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -o conftest
conftest.c -static -nostartfiles -nostdlib
1>&AS_MESSAGE_LOG_FD])],
[$2], [$3])
@@ -226,7 +226,7 @@ if test x"$gnu_ld" = x"yes"; then
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
- if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
$2 -nostdlib -nostartfiles
-fPIC -shared -o conftest.so conftest.c
1>&AS_MESSAGE_LOG_FD])
@@ -268,7 +268,7 @@ libc_compiler_builtin_inlined=no
cat > conftest.c <<EOF
int _start (void) { $2 return 0; }
EOF
-if ! AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+if ! AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
$3 -nostdlib -nostartfiles
-S conftest.c -o - | fgrep "$1"
1>&AS_MESSAGE_LOG_FD])
diff --git a/configure.ac b/configure.ac
index 7b81049..63a5453 100644
--- a/configure.ac
+++ b/configure.ac
@@ -649,6 +649,18 @@ AC_SUBST(libc_cv_ssp)
AC_SUBST(stack_protector)
AC_SUBST(no_stack_protector)
+if test -n "$stack_protector"; then
+ dnl Don't run configure tests with stack-protection on, to avoid problems with
+ dnl bootstrapping.
+ no_ssp=-fno-stack-protector
+else
+ no_ssp=
+
+ if test x"$enable_stack_protector" != xno; then
+ AC_MSG_ERROR([--enable-stack-protector=$enable_stack_protector specified, but specified level of stack protection is not supported by the compiler.])
+ fi
+fi
+
# For the multi-arch option we need support in the assembler & linker.
AC_CACHE_CHECK([for assembler and linker STT_GNU_IFUNC support],
libc_cv_ld_gnu_indirect_function, [dnl
@@ -668,7 +680,7 @@ __start:
EOF
libc_cv_ld_gnu_indirect_function=no
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.S 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
# Do a link to see if the backend supports IFUNC relocs.
$READELF -r conftest 1>&AS_MESSAGE_LOG_FD
@@ -1137,8 +1149,8 @@ extern int glibc_conftest_frobozz;
void _start() { glibc_conftest_frobozz = 1; }
EOF
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
- -o conftest conftest.s conftest1.c 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
+ -nostartfiles -nostdlib $no_ssp \
+ -o conftest conftest.s conftest1.c $no_ssp 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
libc_cv_asm_set_directive=yes
else
libc_cv_asm_set_directive=no
@@ -1154,12 +1166,12 @@ AC_CACHE_CHECK(linker support for protected data symbol,
int bar __attribute__ ((visibility ("protected"))) = 1;
EOF
libc_cv_protected_data=no
- if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles -fPIC -shared conftest.c -o conftest.so); then
+ if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles $no_ssp -fPIC -shared conftest.c -o conftest.so); then
cat > conftest.c <<EOF
extern int bar;
int main (void) { return bar; }
EOF
- if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles conftest.c -o conftest conftest.so); then
+ if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles $no_ssp conftest.c -o conftest conftest.so); then
libc_cv_protected_data=yes
fi
fi
@@ -1281,7 +1293,7 @@ extern int mumble;
int foo (void) { return bar (mumble); }
EOF
if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
- -fPIC -shared -o conftest.so conftest.c
+ -fPIC -shared $no_ssp -o conftest.so conftest.c
-nostdlib -nostartfiles
-Wl,-z,combreloc 1>&AS_MESSAGE_LOG_FD])
then
@@ -1319,9 +1331,9 @@ AC_CACHE_CHECK(for --hash-style option,
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
-if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
-fPIC -shared -o conftest.so conftest.c
- -Wl,--hash-style=both -nostdlib 1>&AS_MESSAGE_LOG_FD])
+ -Wl,--hash-style=both -nostdlib $no_ssp 1>&AS_MESSAGE_LOG_FD])
then
libc_cv_hashstyle=yes
else
@@ -1391,7 +1403,7 @@ int foo (void) { return mumble; }
EOF
if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
-fPIC -shared -o conftest.so conftest.c
- -nostdlib -nostartfiles
+ -nostdlib -nostartfiles $no_ssp
1>&AS_MESSAGE_LOG_FD])
then
dnl look for GLOB_DAT relocation.
@@ -1408,7 +1420,7 @@ AC_SUBST(libc_cv_has_glob_dat)
AC_CACHE_CHECK(linker output format, libc_cv_output_format, [dnl
if libc_cv_output_format=`
-${CC-cc} -nostartfiles -nostdlib -Wl,--print-output-format 2>&AS_MESSAGE_LOG_FD`
+${CC-cc} -nostartfiles -nostdlib $no_ssp -Wl,--print-output-format 2>&AS_MESSAGE_LOG_FD`
then
:
else
@@ -1607,46 +1619,6 @@ if test $libc_cv_predef_fortify_source = yes; then
fi
AC_SUBST(CPPUNDEFS)
-dnl Check for silly hacked compilers inserting -fstack-protector.
-dnl This breaks badly for the early startup code we compile, since
-dnl the compiled code can refer to a magic machine-dependent location
-dnl for the canary value before we have sufficient setup for that to
-dnl work. It's also questionable to build all of libc with this flag
-dnl even when you're doing that for most applications you build, since
-dnl libc's code is so heavily-used and performance-sensitive. If we
-dnl ever really want to make that work, it should be enabled explicitly
-dnl in the libc build, not inherited from implicit compiler settings.
-AC_CACHE_CHECK([whether $CC implicitly enables -fstack-protector],
- libc_cv_predef_stack_protector, [
-AC_TRY_COMPILE([extern void foobar (char *);],
- [char large_array[2048]; foobar (large_array);], [
-libc_undefs=`$NM -u conftest.o |
- LC_ALL=C $AWK '$1 == "U" { print $2 | "sort -u"; next } { exit(1) }' \
- 2>&AS_MESSAGE_LOG_FD` || {
- AC_MSG_ERROR([confusing output from $NM -u])
-}
-echo >&AS_MESSAGE_LOG_FD "libc_undefs='$libc_undefs'"
-# On some architectures, there are architecture-specific undefined
-# symbols (resolved by the linker), so filter out unknown symbols.
-# This will fail to produce the correct result if the compiler
-# defaults to -fstack-protector but this produces an undefined symbol
-# other than __stack_chk_fail. However, compilers like that have not
-# been encountered in practice.
-libc_undefs=`echo "$libc_undefs" | egrep '^(foobar|__stack_chk_fail)$'`
-case "$libc_undefs" in
-foobar) libc_cv_predef_stack_protector=no ;;
-'__stack_chk_fail
-foobar') libc_cv_predef_stack_protector=yes ;;
-*) AC_MSG_ERROR([unexpected symbols in test: $libc_undefs]) ;;
-esac],
- [AC_MSG_ERROR([test compilation failed])])
-])
-libc_extra_cflags=
-if test $libc_cv_predef_stack_protector = yes; then
- libc_extra_cflags="$libc_extra_cflags -fno-stack-protector"
-fi
-libc_extra_cppflags=
-
# Some linkers on some architectures support __ehdr_start but with
# bugs. Make sure usage of it does not create relocations in the
# output (as the linker should resolve them all for us).
@@ -1656,7 +1628,7 @@ old_CFLAGS="$CFLAGS"
old_LDFLAGS="$LDFLAGS"
old_LIBS="$LIBS"
CFLAGS="$CFLAGS -fPIC"
-LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared"
+LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared $no_ssp"
LIBS=
AC_LINK_IFELSE([AC_LANG_SOURCE([
typedef struct {
--
2.7.0.198.g6dd47b6
next prev parent reply other threads:[~2016-02-24 23:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-24 23:28 --enable-stack-protector for glibc, v3 Nix
2016-02-24 23:28 ` [PATCH 14/14] sparc: do not stack-protect the sigreturn handler Nix
2016-02-24 23:28 ` [PATCH 13/14] Avoid stack-protecting certain functions called from assembly Nix
2016-02-24 23:28 ` [PATCH 01/14] Configury support for --enable-stack-protector Nix
2016-02-24 23:29 ` [PATCH 04/14] Open-code the memcpy() at static TLS initialization time Nix
2016-02-24 23:29 ` [PATCH 05/14] Allow overriding of CFLAGS as well as CPPFLAGS for rtld Nix
2016-02-24 23:29 ` Nix [this message]
2016-02-24 23:29 ` [PATCH 03/14] Mark all machinery needed in early static-link init as -fno-stack-protector Nix
2016-02-24 23:29 ` [PATCH 09/14] Link various tests with -fno-stack-protector Nix
2016-02-24 23:29 ` [PATCH 08/14] Link libc.so with libc_nonshared.a to pull in __stack_chk_fail Nix
2016-02-24 23:29 ` [PATCH 12/14] Drop explicit stack-protection of pieces of the system Nix
2016-02-24 23:29 ` [PATCH 02/14] Initialize the stack guard earlier when linking statically Nix
2016-02-24 23:29 ` [PATCH 10/14] Enable -fstack-protector=* when requested by configure Nix
2016-02-24 23:29 ` [PATCH 07/14] Prevent the rtld mapfile computation from dragging in __stack_chk_fail() Nix
2016-02-25 1:09 ` [PATCH 06/14] Compile the entire dynamic linker with -fno-stack-protector Nix
-- strict thread matches above, loose matches on Subject: below --
2016-02-23 23:39 --enable-stack-protector for glibc, v2, now with sparc Nix
2016-02-23 23:40 ` [PATCH 11/14] Work even with compilers hacked to enable -fstack-protector by default Nix
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1456356500-25601-12-git-send-email-nix@esperi.org.uk \
--to=nix@esperi.org.uk \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).