This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH 07/14] Prevent the rtld mapfile computation from dragging in __stack_chk_fail().
- From: Nix <nix at esperi dot org dot uk>
- To: libc-alpha at sourceware dot org
- Date: Wed, 24 Feb 2016 23:28:13 +0000
- Subject: [PATCH 07/14] Prevent the rtld mapfile computation from dragging in __stack_chk_fail().
- Authentication-results: sourceware.org; auth=none
- References: <1456356500-25601-1-git-send-email-nix at esperi dot org dot uk>
From: Nick Alcock <nick.alcock@oracle.com>
The previous commit prevented rtld itself from being built with
-fstack-protector, but this is not quite enough. We identify which
objects belong in rtld via a test link and analysis of the resulting
mapfile. That link is necessarily done against objects that are
stack-protected, so drags in __stack_chk_fail() and all the libc
and libio code it uses.
To stop this happening, use --defsym in the test librtld.map-production
link to force the linker to predefine __stack_chk_fail() (to 0, but it
could be to anything). (In a real link, this would of course be
catastrophic, but these object files are never used for anything else.)
v2: New.
---
elf/Makefile | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/elf/Makefile b/elf/Makefile
index 0037cca..8f0973d 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -349,9 +349,19 @@ $(objpfx)dl-allobjs.os: $(all-rtld-routines:%=$(objpfx)%.os)
# are compiled with special flags, and puts these modules into rtld-libc.a
# for us. Then we do the real link using rtld-libc.a instead of libc_pic.a.
+# If the compiler can do SSP, build the mapfile with a dummy __stack_chk_fail
+# symbol defined, to prevent the real thing being dragged into rtld
+# even though rtld is never built with stack-protection.
+
+ifeq ($(have-ssp),yes)
+dummy-stack-chk-fail := -Wl,--defsym='__stack_chk_fail=0'
+else
+dummy-stack-chk-fail :=
+endif
+
$(objpfx)librtld.map: $(objpfx)dl-allobjs.os $(common-objpfx)libc_pic.a
@-rm -f $@T
- $(reloc-link) -o $@.o '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T
+ $(reloc-link) -o $@.o $(dummy-stack-chk-fail) '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T
rm -f $@.o
mv -f $@T $@
--
2.7.0.198.g6dd47b6