From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: Siddhesh Poyarekar <siddhesh@sourceware.org>, libc-alpha@sourceware.org
Cc: fweimer@redhat.com
Subject: Re: [PATCH 3/3] Build libc-start with stack protector for SHARED
Date: Mon, 15 Mar 2021 11:00:57 -0300 [thread overview]
Message-ID: <70178797-46b0-9fa5-89e6-bdcb44875eac@linaro.org> (raw)
In-Reply-To: <20210310101400.3904724-4-siddhesh@sourceware.org>
On 10/03/2021 07:14, Siddhesh Poyarekar via Libc-alpha wrote:
> This does not change the emitted code since __libc_start_main does not
> return, but is important for formal flags compliance.
>
> This also cleans up the cosmetic inconsistency in the stack protector
> flags in csu, especially the incorrect value of STACK_PROTECTOR_LEVEL.
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> Makeconfig | 8 ++++++++
> csu/Makefile | 22 ++++++++++++----------
> elf/Makefile | 4 ----
> 3 files changed, 20 insertions(+), 14 deletions(-)
>
> diff --git a/Makeconfig b/Makeconfig
> index 0a4811b5e5..01f8638c2e 100644
> --- a/Makeconfig
> +++ b/Makeconfig
> @@ -856,6 +856,14 @@ ifneq ($(stack-protector),)
> +stack-protector=$(stack-protector)
> endif
>
> +# Some routines are unsafe to build with stack-protection since they're called
> +# before the stack check guard is set up. Provide a way to disable stack
> +# protector. The first argument is the extension (.o, .os, .oS) and the second
> +# is a list of routines that this path should be applied to.
> +define elide-stack-protector
> +$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
> +endef
> +
> # This is the program that generates makefile dependencies from C source files.
> # The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy
> # targets for headers so that removed headers don't break the build.
Ok.
> diff --git a/csu/Makefile b/csu/Makefile
> index e587434be8..3054329cea 100644
> --- a/csu/Makefile
> +++ b/csu/Makefile
> @@ -45,18 +45,20 @@ install-lib = $(start-installed-name) g$(start-installed-name) $(csu-dummies)
> # code is compiled with special flags.
> tests =
>
> -CFLAGS-.o += $(no-stack-protector)
> -CFLAGS-.op += $(no-stack-protector)
> -CFLAGS-.os += $(no-stack-protector)
> -
> -# Dummy object not actually used for anything. It is linked into
> -# crt1.o nevertheless, which in turn is statically linked into
> +# static-reloc.os is a dummy object not actually used for anything. It is
> +# linked into crt1.o nevertheless, which in turn is statically linked into
> # applications, so that build flags matter.
> # See <https://sourceware.org/ml/libc-alpha/2018-07/msg00101.html>.
> -# NB: Using $(stack-protector) in this way causes a wrong definition
> -# STACK_PROTECTOR_LEVEL due to the preceding $(no-stack-protector),
> -# but it does not matter for this source file.
> -CFLAGS-static-reloc.os += $(stack-protector)
Ok.
> +#
> +# libc-start.os is safe to be built with stack protector since
> +# __libc_start_main is called after stack canary setup is done.
> +ssp-safe.os = static-reloc libc-start
> +
> +CFLAGS-.o += $(call elide-stack-protector,.o,$(routines))
> +CFLAGS-.op += $(call elide-stack-protector,.op,$(routines))
> +CFLAGS-.oS += $(call elide-stack-protector,.oS,$(routines))
> +CFLAGS-.os += $(call elide-stack-protector,.os,$(filter-out \
> + $(ssp-safe.os),$(routines)))
>
> ifeq (yes,$(build-shared))
> extra-objs += S$(start-installed-name) gmon-start.os
Ok.
> diff --git a/elf/Makefile b/elf/Makefile
> index b06bf6ca20..285d9f2f3c 100644
> --- a/elf/Makefile
> +++ b/elf/Makefile
> @@ -83,10 +83,6 @@ endif
> # Also compile all routines in the static library that are elided from
> # the shared libc because they are in libc.a in the same way.
>
> -define elide-stack-protector
> -$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
> -endef
> -
> CFLAGS-.o += $(call elide-stack-protector,.o,$(elide-routines.os))
> CFLAGS-.op += $(call elide-stack-protector,.op,$(elide-routines.os))
> CFLAGS-.os += $(call elide-stack-protector,.os,$(all-rtld-routines))
>
Ok.
next prev parent reply other threads:[~2021-03-15 14:01 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-10 10:13 [PATCH v2 0/3] Clean up stack-protector-all build Siddhesh Poyarekar
2021-03-10 10:13 ` [PATCH 1/3] Add inhibit_stack_protector to ifuncmain9 [BZ #25680] Siddhesh Poyarekar
2021-03-10 12:50 ` Adhemerval Zanella
2021-03-12 8:52 ` Siddhesh Poyarekar
2021-03-12 17:34 ` Adhemerval Zanella
2021-03-12 19:55 ` H.J. Lu
2021-03-13 6:01 ` Siddhesh Poyarekar
2021-03-13 13:44 ` H.J. Lu
2021-03-13 6:07 ` Siddhesh Poyarekar
2021-03-15 13:58 ` Adhemerval Zanella
2021-03-15 16:34 ` Siddhesh Poyarekar
2021-03-15 13:59 ` Adhemerval Zanella
2021-03-10 10:13 ` [PATCH 2/3] Build get-cpuid-feature-leaf.c without stack-protector [BZ #27555] Siddhesh Poyarekar
2021-03-15 13:59 ` Adhemerval Zanella
2021-03-10 10:14 ` [PATCH 3/3] Build libc-start with stack protector for SHARED Siddhesh Poyarekar
2021-03-15 14:00 ` Adhemerval Zanella [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-03-09 18:12 [PATCH 0/3] Clean up stack-protector-all build Siddhesh Poyarekar
2021-03-09 18:12 ` [PATCH 3/3] Build libc-start with stack protector for SHARED Siddhesh Poyarekar
2021-03-10 8:00 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=70178797-46b0-9fa5-89e6-bdcb44875eac@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).