This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
--enable-stack-protector for glibc, v9
- From: Nix <nix at esperi dot org dot uk>
- To: libc-alpha at sourceware dot org
- Cc: fweimer at redhat dot com, Nix <nix at esperi dot org dot uk>
- Date: Mon, 28 Nov 2016 12:32:16 +0000
- Subject: --enable-stack-protector for glibc, v9
- Authentication-results: sourceware.org; auth=none
Here, as promised, is version 9 of the stack-protected glibc patch,
incorporating all review comments to date (unless I missed some). Sorry for the
delay: my ARM test box was acting unreliable and I spent way too long ruling out
obscure failure modes before I noticed that its swap device was throwing I/O
errors on all writes...
It's against glibc head as of Saturday 26th, bf469f0ce98.
Tested with these flag combinations on {i686,x86_64)-pc-linux-gnu (with GCC
6.2.1-20161118, binutils 2.27.0.20160920, and kernel headers for v4.7.4):
--enable-omitfp --enable-stack-protector=all
--enable-stack-protector
--enable-stack-protector=strong
--enable-stack-protector=all
--enable-stackguard-randomization --enable-stack-protector=all
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector=strong
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector=all
--disable-stack-protector
--enable-stack-protector=no
(The only skipped tests were the AVX math tests, since the test machine is not
AVX-capable.)
Tested with with these flag combinations on sparc{32,64}-pc-linux-gnu (with GCC
4.9.1-20140922 (a bit old, sorry), binutils 2.24, and kernel headers for
v4.1.12):
--enable-stack-protector
--enable-stack-protector=strong
--enable-stackguard-randomization --enable-stack-protector=strong
--enable-stackguard-randomization --enable-stack-protector=all
--disable-stack-protector
Tested with these flag combinations on armv7l-unknown-linux-gnueabihf (with GCC
4.8.5-2ubuntu1~14.04.1 (so -strong isn't available), binutils 2.24, and kernel
headers for v3.13.11):
--enable-stackguard-randomization --enable-stack-protector
--enable-stackguard-randomization --enable-stack-protector=all --enable-omitfp
--disable-stack-protector
No failures are observed that are not also observed on an unpatched glibc with
the same flag combinations (though there was one round of failures of the
localedata/wcs* tests with --enable-stack-protector on x86-32, and an
intermittent failure of the assertion in stdlib/tst-makecontext on sparc32,
these went away on retesting, so I regard them as likely spurious and unrelated
to the stack-protector patches. The makecontext assertion also seems likely to
depend on the behaviour of the installed libgcc_s.so...)
On the copyright assignment front, I am informed that Oracle has a blanket
assignment on file for glibc work, so I don't need to do anything. (Patch 8 is
in Adhemerval's name, but obviously there's no assignment problem there either.)
Overview of changes in this posting:
- Drop some more libc_cv_predef_stack_protector checks that landed since my
last series
- Adjust assignment of rtld-CFLAGS to allow for i386 adding -mno-sse etc to it
- Rebase atop the latest glibc and the ifunc_resolver work