This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
--enable-stack-protector for glibc, v7
- From: Nix <nix at esperi dot org dot uk>
- To: libc-alpha at sourceware dot org
- Cc: fweimer at redhat dot com
- Date: Tue, 7 Jun 2016 12:06:02 +0100
- Subject: --enable-stack-protector for glibc, v7
- Authentication-results: sourceware.org; auth=none
This is version 7 of the stack-protected glibc patch, incorporating all review
comments to date (unless I missed some).
It's not rebased and is still against glibc head as of a few months ago,
a5df3210a641c17, though I have also tested it with HEAD as of last week. Patches
that have been merged upstream have been dropped, and cherry-picked back in when
testing. (However, after I tested, Florian's patch f06f3f05 was merged, which
clashes with patch 3, the ifunc resolver protection patch, because it drops
an ifunc resolver. Fixing this clash is trivial, but will obviously require
me to rebase the patch series, so perhaps the person doing the patch
application would rather do that.)
Tested with these flag combinations on {i686,x86_64)-pc-linux-gnu:
--enable-omitfp --enable-stack-protector=all
--enable-stack-protector
--enable-stack-protector=strong
--enable-stack-protector=all
--enable-stackguard-randomization --enable-stack-protector=all
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector=strong
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector=all
--disable-stack-protector
--enable-stack-protector=no
Tested with with these flag combinations on sparc{32,64}-pc-linux-gnu:
--enable-stack-protector
--enable-stack-protector=strong
--enable-stackguard-randomization --enable-stack-protector=strong
--enable-stackguard-randomization --enable-stack-protector=all
--disable-stack-protector
Tested with these flag combinations on armv7l-unknown-linux-gnueabihf (it
happened to have GCC 4.8, so -strong wasn't available):
--enable-stackguard-randomization --enable-stack-protector
--enable-stackguard-randomization --enable-stack-protector=all --enable-omitfp
--disable-stack-protector
No failures are observed that are not also observed on an unpatched glibc with
the same flag combinations.
On the copyright assignment front, I am informed that Oracle has a blanket
assignment on file for glibc work, so I don't need to do anything. (Patch 11 is
in Adhemerval's name, but obviously there's no assignment problem there either.)
Overview of changes in this posting:
- Dropped "Allow overriding of CFLAGS as well as CPPFLAGS for rtld." and
"x86, pthread_cond_*wait: Do not depend on %eax not being clobbered":
merged upstream.
- Report the argument value used in --enable-stack-protector on error; fix
quoting. [Review comment from Mike Frysinger.]
- Comment on the reason for some $(no-stack-protector)isms.
- Stack-protect sigreturn.c, and say why stack-protecting sigreturn handlers
stubs is necessary. [Review comment from David Miller.]