From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from eastern.birch.relay.mailchannels.net (eastern.birch.relay.mailchannels.net [23.83.209.55]) by sourceware.org (Postfix) with ESMTPS id F05EE384BC30 for ; Tue, 9 Mar 2021 18:13:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org F05EE384BC30 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 52513323A80; Tue, 9 Mar 2021 18:13:21 +0000 (UTC) Received: from pdx1-sub0-mail-a30.g.dreamhost.com (100-96-27-126.trex.outbound.svc.cluster.local [100.96.27.126]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id D4CF83238E2; Tue, 9 Mar 2021 18:13:20 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a30.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.27.126 (trex/6.0.2); Tue, 09 Mar 2021 18:13:21 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Bubble-Belong: 14eb936c7e71a060_1615313601171_2851946283 X-MC-Loop-Signature: 1615313601171:4140731261 X-MC-Ingress-Time: 1615313601171 Received: from pdx1-sub0-mail-a30.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a30.g.dreamhost.com (Postfix) with ESMTP id 654DA7E6B7; Tue, 9 Mar 2021 10:13:20 -0800 (PST) Received: from rhbox.redhat.com (unknown [1.186.101.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a30.g.dreamhost.com (Postfix) with ESMTPSA id 9A8757F04D; Tue, 9 Mar 2021 10:13:18 -0800 (PST) X-DH-BACKEND: pdx1-sub0-mail-a30 From: Siddhesh Poyarekar To: libc-alpha@sourceware.org Subject: [PATCH 3/3] Build libc-start with stack protector for SHARED Date: Tue, 9 Mar 2021 23:42:59 +0530 Message-Id: <20210309181259.2603144-4-siddhesh@sourceware.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309181259.2603144-1-siddhesh@sourceware.org> References: <20210309181259.2603144-1-siddhesh@sourceware.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-3495.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2021 18:13:28 -0000 This does not change the emitted code since __libc_start_main does not return, but is important for formal flags compliance. This also cleans up the cosmetic inconsistency in the stack protector flags in csu, especially the incorrect value of STACK_PROTECTOR_LEVEL. --- Makeconfig | 4 ++++ csu/Makefile | 22 ++++++++++++---------- elf/Makefile | 4 ---- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/Makeconfig b/Makeconfig index 0a4811b5e5..c99464fdfa 100644 --- a/Makeconfig +++ b/Makeconfig @@ -856,6 +856,10 @@ ifneq ($(stack-protector),) +stack-protector=3D$(stack-protector) endif =20 +define elide-stack-protector +$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector)) +endef + # This is the program that generates makefile dependencies from C source= files. # The -MP flag tells GCC >=3D 3.2 (which we now require) to produce dumm= y # targets for headers so that removed headers don't break the build. diff --git a/csu/Makefile b/csu/Makefile index e587434be8..3054329cea 100644 --- a/csu/Makefile +++ b/csu/Makefile @@ -45,18 +45,20 @@ install-lib =3D $(start-installed-name) g$(start-inst= alled-name) $(csu-dummies) # code is compiled with special flags. tests =3D =20 -CFLAGS-.o +=3D $(no-stack-protector) -CFLAGS-.op +=3D $(no-stack-protector) -CFLAGS-.os +=3D $(no-stack-protector) - -# Dummy object not actually used for anything. It is linked into -# crt1.o nevertheless, which in turn is statically linked into +# static-reloc.os is a dummy object not actually used for anything. It = is +# linked into crt1.o nevertheless, which in turn is statically linked in= to # applications, so that build flags matter. # See . -# NB: Using $(stack-protector) in this way causes a wrong definition -# STACK_PROTECTOR_LEVEL due to the preceding $(no-stack-protector), -# but it does not matter for this source file. -CFLAGS-static-reloc.os +=3D $(stack-protector) +# +# libc-start.os is safe to be built with stack protector since +# __libc_start_main is called after stack canary setup is done. +ssp-safe.os =3D static-reloc libc-start + +CFLAGS-.o +=3D $(call elide-stack-protector,.o,$(routines)) +CFLAGS-.op +=3D $(call elide-stack-protector,.op,$(routines)) +CFLAGS-.oS +=3D $(call elide-stack-protector,.oS,$(routines)) +CFLAGS-.os +=3D $(call elide-stack-protector,.os,$(filter-out \ + $(ssp-safe.os),$(routines))) =20 ifeq (yes,$(build-shared)) extra-objs +=3D S$(start-installed-name) gmon-start.os diff --git a/elf/Makefile b/elf/Makefile index b06bf6ca20..285d9f2f3c 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -83,10 +83,6 @@ endif # Also compile all routines in the static library that are elided from # the shared libc because they are in libc.a in the same way. =20 -define elide-stack-protector -$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector)) -endef - CFLAGS-.o +=3D $(call elide-stack-protector,.o,$(elide-routines.os)) CFLAGS-.op +=3D $(call elide-stack-protector,.op,$(elide-routines.os)) CFLAGS-.os +=3D $(call elide-stack-protector,.os,$(all-rtld-routines)) --=20 2.29.2