This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.24-531-gcecbc79
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 26 Dec 2016 09:43:35 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.24-531-gcecbc79
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via cecbc7967f0bcac718b6f8f8942b58403c0e917c (commit)
via 2e6c45c59bcd40f1ae8466cbd32f4d263ff45619 (commit)
via 1ad4ba28e9335c288687d1757bce3221c522f576 (commit)
via 7cbb738d218fad3bc91deebfd8ce5f3918592b84 (commit)
via 524a8ef2ad76af8ac049293d993a1856b0d888fb (commit)
via 66a704c43cfec810fea67a6959f2d1c94f4d594f (commit)
via bc174f20b83d19167ecac14ce0762eddbe47cc64 (commit)
via 995635f95b707488c23bba07be8016c9682d4045 (commit)
via 10c85e76c09716e744b4a41006718400b1eb2e84 (commit)
via de6591238b478bc86b8cf5af01a484114e399213 (commit)
via 003a27e8195470f470f4d9384ca70d4e9fc8bd1b (commit)
via 03baef1c9cfb396d76cae20a00aee657871e79c4 (commit)
from 81e0662e5f2c342ffa413826b7b100d56677b613 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cecbc7967f0bcac718b6f8f8942b58403c0e917c
commit cecbc7967f0bcac718b6f8f8942b58403c0e917c
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:09:10 2016 +0100
Enable -fstack-protector=* when requested by configure [BZ #7065]
diff --git a/ChangeLog b/ChangeLog
index edf8523..f090910 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ Enable stack protectore if requested by ./configure.
+ * Makeconfig (+stack-protector): New variable.
+ (+cflags): Use it.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
* signal/Makefile (CFLAGS-sigreturn.c): Use $(no-stack-protector).
* sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c:
(__rt_sigreturn_stub): Use inhibit_stack_protector.
diff --git a/Makeconfig b/Makeconfig
index 2d316ac..0158eaa 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -807,6 +807,11 @@ endif
# disable any optimization that assume default rounding mode.
+math-flags = -frounding-math
+# We might want to compile with some stack-protection flag.
+ifneq ($(stack-protector),)
++stack-protector=$(stack-protector)
+endif
+
# This is the program that generates makefile dependencies from C source files.
# The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy
# targets for headers so that removed headers don't break the build.
@@ -866,7 +871,8 @@ ifeq "$(strip $(+cflags))" ""
+cflags := $(default_cflags)
endif # $(+cflags) == ""
-+cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags)
++cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) \
+ $(+stack-protector)
+gcc-nowarn := -w
# Don't duplicate options if we inherited variables from the parent.
diff --git a/NEWS b/NEWS
index 79cd288..77b1a0c 100644
--- a/NEWS
+++ b/NEWS
@@ -89,6 +89,10 @@ Version 2.25
* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
are added to libc. They convert a floating-point number into string.
+* Most of glibc can now be built with the stack smashing protector enabled.
+ It is recommended to build glibc with --enable-stack-protector=strong.
+ Implemented by Nick Alcock (Oracle).
+
* The function explicit_bzero, from OpenBSD, has been added to libc. It is
intended to be used instead of memset() to erase sensitive data after use;
the compiler will not optimize out calls to explicit_bzero even if they
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e6c45c59bcd40f1ae8466cbd32f4d263ff45619
commit 2e6c45c59bcd40f1ae8466cbd32f4d263ff45619
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:09:06 2016 +0100
Do not stack-protect sigreturn stubs [BZ #7065]
These are called from the kernel with the stack at a carefully-
chosen location so that the stack frame can be restored: they must not
move the stack pointer lest garbage be restored into the registers.
We explicitly inhibit protection for SPARC and for signal/sigreturn.c:
other arches either define their sigreturn stubs in .S files, or (i386,
x86_64, mips) use macros expanding to top-level asm blocks and explicit
labels in the text section to mock up a "function" without telling the
compiler that one is there at all.
diff --git a/ChangeLog b/ChangeLog
index 99749a5..edf8523 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,15 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ * signal/Makefile (CFLAGS-sigreturn.c): Use $(no-stack-protector).
+ * sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c:
+ (__rt_sigreturn_stub): Use inhibit_stack_protector.
+ * sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c
+ (__rt_sigreturn_stub, __sigreturn_stub): Likewise.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
* login/Makefile (pt_chown-cflags): Remove.
* nscd/Makefile (CFLAGS-nscd): Likewise.
* resolv/Makefile (CFLAGS-libresolv): Likewise.
diff --git a/signal/Makefile b/signal/Makefile
index 9d29ff4..ccd6f51 100644
--- a/signal/Makefile
+++ b/signal/Makefile
@@ -48,3 +48,5 @@ CFLAGS-sigsuspend.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-sigtimedwait.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-sigwait.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-sigwaitinfo.c = -fexceptions -fasynchronous-unwind-tables
+
+CFLAGS-sigreturn.c = $(no-stack-protector)
diff --git a/sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c b/sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c
index 5aa3c35..b75142f 100644
--- a/sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c
+++ b/sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c
@@ -65,7 +65,9 @@ libc_hidden_def (__libc_sigaction)
#include <nptl/sigaction.c>
-static void
+static
+inhibit_stack_protector
+void
__rt_sigreturn_stub (void)
{
__asm__ ("mov %0, %%g1\n\t"
@@ -74,7 +76,9 @@ __rt_sigreturn_stub (void)
: "i" (__NR_rt_sigreturn));
}
-static void
+static
+inhibit_stack_protector
+void
__sigreturn_stub (void)
{
__asm__ ("mov %0, %%g1\n\t"
diff --git a/sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c b/sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c
index 50c444c..058c011 100644
--- a/sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c
+++ b/sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c
@@ -66,7 +66,9 @@ libc_hidden_def (__libc_sigaction)
#include <nptl/sigaction.c>
-static void
+static
+inhibit_stack_protector
+void
__rt_sigreturn_stub (void)
{
__asm__ ("mov %0, %%g1\n\t"
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1ad4ba28e9335c288687d1757bce3221c522f576
commit 1ad4ba28e9335c288687d1757bce3221c522f576
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:09:03 2016 +0100
Drop explicit stack-protection of pieces of the system [BZ #7065]
diff --git a/ChangeLog b/ChangeLog
index 918c6f9..99749a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ * login/Makefile (pt_chown-cflags): Remove.
+ * nscd/Makefile (CFLAGS-nscd): Likewise.
+ * resolv/Makefile (CFLAGS-libresolv): Likewise.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
* elf/Makefile (CFLAGS-filtmod1.c): Use $(no-stack-protector) for
non-libc-linking testcase.
diff --git a/login/Makefile b/login/Makefile
index 9ff36d6..1a6161c 100644
--- a/login/Makefile
+++ b/login/Makefile
@@ -58,7 +58,6 @@ CFLAGS-getpt.c = -fexceptions
ifeq (yesyes,$(have-fpie)$(build-shared))
pt_chown-cflags += $(pie-ccflag)
endif
-pt_chown-cflags += $(stack-protector)
ifeq (yes,$(have-libcap))
libcap = -lcap
endif
diff --git a/nscd/Makefile b/nscd/Makefile
index 50bad32..bfd72d5 100644
--- a/nscd/Makefile
+++ b/nscd/Makefile
@@ -84,7 +84,6 @@ CPPFLAGS-nscd += -D_FORTIFY_SOURCE=2
ifeq (yesyes,$(have-fpie)$(build-shared))
CFLAGS-nscd += $(pie-ccflag)
endif
-CFLAGS-nscd += $(stack-protector)
ifeq (yesyes,$(have-fpie)$(build-shared))
LDFLAGS-nscd = -Wl,-z,now
diff --git a/resolv/Makefile b/resolv/Makefile
index be20368..06329e1 100644
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -90,7 +90,6 @@ CPPFLAGS += -Dgethostbyname=res_gethostbyname \
-Dgetnetbyname=res_getnetbyname \
-Dgetnetbyaddr=res_getnetbyaddr
-CFLAGS-libresolv += $(stack-protector)
CFLAGS-res_hconf.c = -fexceptions
# The DNS NSS modules needs the resolver.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7cbb738d218fad3bc91deebfd8ce5f3918592b84
commit 7cbb738d218fad3bc91deebfd8ce5f3918592b84
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:09:00 2016 +0100
Link a non-libc-using test with -fno-stack-protector [BZ #7065]
This test cannot reference __stack_chk_fail because it is not linked
with libc at all.
diff --git a/ChangeLog b/ChangeLog
index 10d5a37..918c6f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,10 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
+ * elf/Makefile (CFLAGS-filtmod1.c): Use $(no-stack-protector) for
+ non-libc-linking testcase.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
Adhemerval Zanella <adhemerval.zanella@linaro.org>
Florian Weimer <fweimer@redhat.com>
diff --git a/elf/Makefile b/elf/Makefile
index 04d5f07..8a2ce02 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -792,6 +792,9 @@ $(objpfx)filtmod1.so: $(objpfx)filtmod1.os $(objpfx)filtmod2.so
$< -Wl,-F,$(objpfx)filtmod2.so
$(objpfx)filter: $(objpfx)filtmod1.so
+# This does not link against libc.
+CFLAGS-filtmod1.c = $(no-stack-protector)
+
$(objpfx)unload: $(libdl)
$(objpfx)unload.out: $(objpfx)unloadmod.so
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=524a8ef2ad76af8ac049293d993a1856b0d888fb
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
diff --git a/ChangeLog b/ChangeLog
index 5e3e64a..10d5a37 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,18 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+ Adhemerval Zanella <adhemerval.zanella@linaro.org>
+ Florian Weimer <fweimer@redhat.com>
+
+ [BZ #7065]
+ PLT avoidance for __stack_chk_fail*.
+ * debug/Makefile (CFLAGS-stack_chk_fail.c)
+ (CFLAGS-stack_chk_fail_local.c): Build without stack protector.
+ * debug/stack_chk_fail.c (__stack_chk_fail): Add
+ __stack_chk_fail_local alias.
+ * sysdeps/generic/symbol-hacks.h [IS_IN (libc)]
+ (__stack_chk_fail): Turn into hidden reference to
+ __stack_chk_fail_local.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
* configure.ac: Add check for unsupported stack-protection level.
diff --git a/debug/Makefile b/debug/Makefile
index 84d3f92..ed7c397 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -53,6 +53,12 @@ routines = backtrace backtracesyms backtracesymsfd noophooks \
$(static-only-routines)
static-only-routines := warning-nop stack_chk_fail_local
+# Building the stack-protector failure routines with stack protection
+# makes no sense.
+
+CFLAGS-stack_chk_fail.c = $(no-stack-protector)
+CFLAGS-stack_chk_fail_local.c = $(no-stack-protector)
+
CFLAGS-backtrace.c = -fno-omit-frame-pointer
CFLAGS-sprintf_chk.c = $(libio-mtsafe)
CFLAGS-snprintf_chk.c = $(libio-mtsafe)
diff --git a/debug/stack_chk_fail.c b/debug/stack_chk_fail.c
index 4d0796f..5db0886 100644
--- a/debug/stack_chk_fail.c
+++ b/debug/stack_chk_fail.c
@@ -27,3 +27,5 @@ __stack_chk_fail (void)
{
__fortify_fail ("stack smashing detected");
}
+
+strong_alias (__stack_chk_fail, __stack_chk_fail_local)
diff --git a/sysdeps/generic/symbol-hacks.h b/sysdeps/generic/symbol-hacks.h
index ce576c9..d614c09 100644
--- a/sysdeps/generic/symbol-hacks.h
+++ b/sysdeps/generic/symbol-hacks.h
@@ -4,4 +4,16 @@
asm ("memmove = __GI_memmove");
asm ("memset = __GI_memset");
asm ("memcpy = __GI_memcpy");
+
+/* Some targets do not use __stack_chk_fail_local. In libc.so,
+ redirect __stack_chk_fail to a hidden reference
+ __stack_chk_fail_local, to avoid the PLT reference.
+ __stack_chk_fail itself is a global symbol, exported from libc.so,
+ and cannot be made hidden. */
+
+# if IS_IN (libc) && defined SHARED && \
+ defined STACK_PROTECTOR_LEVEL && STACK_PROTECTOR_LEVEL > 0
+asm (".hidden __stack_chk_fail_local\n"
+ "__stack_chk_fail = __stack_chk_fail_local");
+# endif
#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=66a704c43cfec810fea67a6959f2d1c94f4d594f
commit 66a704c43cfec810fea67a6959f2d1c94f4d594f
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:54 2016 +0100
Work even with compilers which enable -fstack-protector by default [BZ #7065]
With all the machinery we just added, we can easily arrange to work even
when the compiler passes in -fstack-protector automatically: all the
necessary bits of glibc are always compiled with -fno-stack-protector
now.
So tear out the check in configure, and add appropriate calls to
-fno-stack-protector in tests that need them (largely those that use
-nostdlib), since we don't yet have a __stack_chk_fail that those
tests can rely upon. (GCC often provides one, but we cannot rely on
this, especially not when bootstrapping.)
When stack protection is disabled, explicitly pass -fno-stack-protector
to everything, to stop a compiler hacked to enable it from inserting
calls to __stack_chk_fail via the PLT in every object file.
diff --git a/ChangeLog b/ChangeLog
index ae58d91..5e3e64a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,27 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ * configure.ac: Add check for unsupported stack-protection level.
+ (libc_cv_predef_stack_protector): Remove.
+ (no_ssp): New variable.
+ (STACK_PROTECTOR_LEVEL): Set to zero when --disable-stack-protector.
+ (stack_protector): Set to -fno-stack-protector similarly.
+ (libc_cv_ld_gnu_indirect_function): Use no_ssp.
+ (libc_cv_asm_set_directive): Likewise.
+ (libc_cv_protected_data): Likewise.
+ (libc_cv_z_combreloc): Likewise.
+ (libc_cv_hashstyle): Likewise.
+ (libc_cv_has_glob_dat): Likewise.
+ (libc_cv_output_format): Likewise.
+ (libc_cv_output_format): Likewise.
+ (libc_cv_ehdr_start): Likewise.
+ * aclocal.m4 (LIBC_TRY_LINK_STATIC): Likewise.
+ (LIBC_LINKER_FEATURE): Likewise.
+ (LIBC_COMPILER_BUILTIN_INLINED): Likewise.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
* elf/Makefile (dummy-stack-chk-fail): New.
(librtld.map): Use it.
diff --git a/aclocal.m4 b/aclocal.m4
index 3d64f77..6902155 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -141,7 +141,7 @@ int _start (void) { return 0; }
int __start (void) { return 0; }
$1
EOF
-AS_IF([AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -o conftest
+AS_IF([AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -o conftest
conftest.c -static -nostartfiles -nostdlib
1>&AS_MESSAGE_LOG_FD])],
[$2], [$3])
@@ -226,7 +226,7 @@ if test x"$gnu_ld" = x"yes"; then
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
- if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
$2 -nostdlib -nostartfiles
-fPIC -shared -o conftest.so conftest.c
1>&AS_MESSAGE_LOG_FD])
@@ -268,7 +268,7 @@ libc_compiler_builtin_inlined=no
cat > conftest.c <<EOF
int _start (void) { $2 return 0; }
EOF
-if ! AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+if ! AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
$3 -nostdlib -nostartfiles
-S conftest.c -o - | fgrep "$1"
1>&AS_MESSAGE_LOG_FD])
diff --git a/configure b/configure
index b300795..c88f6fe 100755
--- a/configure
+++ b/configure
@@ -4010,11 +4010,25 @@ elif test "$enable_stack_protector" = strong && test "$libc_cv_ssp_strong" = yes
stack_protector="-fstack-protector-strong"
$as_echo "#define STACK_PROTECTOR_LEVEL 3" >>confdefs.h
+else
+ stack_protector="-fno-stack-protector"
+ $as_echo "#define STACK_PROTECTOR_LEVEL 0" >>confdefs.h
+
fi
+if test -n "$stack_protector"; then
+ no_ssp=-fno-stack-protector
+else
+ no_ssp=
+
+ if test "$enable_stack_protector" != no; then
+ as_fn_error $? "--enable-stack-protector=$enable_stack_protector specified, but specified level of stack protection is not supported by the compiler." "$LINENO" 5
+ fi
+fi
+
# For the multi-arch option we need support in the assembler & linker.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for assembler and linker STT_GNU_IFUNC support" >&5
$as_echo_n "checking for assembler and linker STT_GNU_IFUNC support... " >&6; }
@@ -4037,7 +4051,7 @@ __start:
EOF
libc_cv_ld_gnu_indirect_function=no
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.S 1>&5 2>&5; then
# Do a link to see if the backend supports IFUNC relocs.
$READELF -r conftest 1>&5
@@ -5532,7 +5546,7 @@ extern int glibc_conftest_frobozz;
void _start() { glibc_conftest_frobozz = 1; }
EOF
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.s conftest1.c 1>&5 2>&5; then
libc_cv_asm_set_directive=yes
else
@@ -5556,7 +5570,7 @@ else
int bar __attribute__ ((visibility ("protected"))) = 1;
EOF
libc_cv_protected_data=no
- if { ac_try='${CC-cc} -nostdlib -nostartfiles -fPIC -shared conftest.c -o conftest.so'
+ if { ac_try='${CC-cc} -nostdlib -nostartfiles $no_ssp -fPIC -shared conftest.c -o conftest.so'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
(eval $ac_try) 2>&5
ac_status=$?
@@ -5566,7 +5580,7 @@ EOF
extern int bar;
int main (void) { return bar; }
EOF
- if { ac_try='${CC-cc} -nostdlib -nostartfiles conftest.c -o conftest conftest.so'
+ if { ac_try='${CC-cc} -nostdlib -nostartfiles $no_ssp conftest.c -o conftest conftest.so'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
(eval $ac_try) 2>&5
ac_status=$?
@@ -5651,7 +5665,7 @@ __attribute__ ((constructor)) void ctor (void) { asm (""); }
__attribute__ ((destructor)) void dtor (void) { asm (""); }
EOF
-if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -o conftest
+if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -o conftest
conftest.c -static -nostartfiles -nostdlib
1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
@@ -5764,7 +5778,7 @@ extern int mumble;
int foo (void) { return bar (mumble); }
EOF
if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
- -fPIC -shared -o conftest.so conftest.c
+ -fPIC -shared $no_ssp -o conftest.so conftest.c
-nostdlib -nostartfiles
-Wl,-z,combreloc 1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
@@ -5800,7 +5814,7 @@ if test x"$gnu_ld" = x"yes"; then
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
- if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
-Wl,-z,execstack -nostdlib -nostartfiles
-fPIC -shared -o conftest.so conftest.c
1>&5'
@@ -5854,7 +5868,7 @@ else
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
-if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
-fPIC -shared -o conftest.so conftest.c
-Wl,--hash-style=both -nostdlib 1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
@@ -5947,7 +5961,7 @@ int foo (void) { return mumble; }
EOF
if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
-fPIC -shared -o conftest.so conftest.c
- -nostdlib -nostartfiles
+ -nostdlib -nostartfiles $no_ssp
1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
(eval $ac_try) 2>&5
@@ -5975,7 +5989,7 @@ if ${libc_cv_output_format+:} false; then :
$as_echo_n "(cached) " >&6
else
if libc_cv_output_format=`
-${CC-cc} -nostartfiles -nostdlib -Wl,--print-output-format 2>&5`
+${CC-cc} -nostartfiles -nostdlib $no_ssp -Wl,--print-output-format 2>&5`
then
:
else
@@ -6453,60 +6467,6 @@ if test $libc_cv_predef_fortify_source = yes; then
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implicitly enables -fstack-protector" >&5
-$as_echo_n "checking whether $CC implicitly enables -fstack-protector... " >&6; }
-if ${libc_cv_predef_stack_protector+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-extern void foobar (char *);
-int
-main ()
-{
-char large_array[2048]; foobar (large_array);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-libc_undefs=`$NM -u conftest.o |
- LC_ALL=C $AWK '$1 == "U" { print $2 | "sort -u"; next } { exit(1) }' \
- 2>&5` || {
- as_fn_error $? "confusing output from $NM -u" "$LINENO" 5
-}
-echo >&5 "libc_undefs='$libc_undefs'"
-# On some architectures, there are architecture-specific undefined
-# symbols (resolved by the linker), so filter out unknown symbols.
-# This will fail to produce the correct result if the compiler
-# defaults to -fstack-protector but this produces an undefined symbol
-# other than __stack_chk_fail or __stack_chk_fail_local. However,
-# compilers like that have not been encountered in practice.
-libc_undefs=`echo "$libc_undefs" | \
- egrep '^(foobar|__stack_chk_fail|__stack_chk_fail_local)$'`
-case "$libc_undefs" in
-foobar) libc_cv_predef_stack_protector=no ;;
-'__stack_chk_fail
-foobar'|'__stack_chk_fail_local
-foobar') libc_cv_predef_stack_protector=yes ;;
-*) as_fn_error $? "unexpected symbols in test: $libc_undefs" "$LINENO" 5 ;;
-esac
-else
- as_fn_error $? "test compilation failed" "$LINENO" 5
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_predef_stack_protector" >&5
-$as_echo "$libc_cv_predef_stack_protector" >&6; }
-libc_extra_cflags=
-if test $libc_cv_predef_stack_protector = yes; then
- libc_extra_cflags="$libc_extra_cflags -fno-stack-protector"
-fi
-libc_extra_cppflags=
-
# Some linkers on some architectures support __ehdr_start but with
# bugs. Make sure usage of it does not create relocations in the
# output (as the linker should resolve them all for us).
@@ -6520,7 +6480,7 @@ old_CFLAGS="$CFLAGS"
old_LDFLAGS="$LDFLAGS"
old_LIBS="$LIBS"
CFLAGS="$CFLAGS -fPIC"
-LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared"
+LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared $no_ssp"
LIBS=
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
diff --git a/configure.ac b/configure.ac
index f5fa1aa..2782bfa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -665,11 +665,26 @@ elif test "$enable_stack_protector" = all && test "$libc_cv_ssp_all" = yes; then
elif test "$enable_stack_protector" = strong && test "$libc_cv_ssp_strong" = yes; then
stack_protector="-fstack-protector-strong"
AC_DEFINE(STACK_PROTECTOR_LEVEL, 3)
+else
+ stack_protector="-fno-stack-protector"
+ AC_DEFINE(STACK_PROTECTOR_LEVEL, 0)
fi
AC_SUBST(libc_cv_ssp)
AC_SUBST(stack_protector)
AC_SUBST(no_stack_protector)
+if test -n "$stack_protector"; then
+ dnl Don't run configure tests with stack-protection on, to avoid problems with
+ dnl bootstrapping.
+ no_ssp=-fno-stack-protector
+else
+ no_ssp=
+
+ if test "$enable_stack_protector" != no; then
+ AC_MSG_ERROR([--enable-stack-protector=$enable_stack_protector specified, but specified level of stack protection is not supported by the compiler.])
+ fi
+fi
+
# For the multi-arch option we need support in the assembler & linker.
AC_CACHE_CHECK([for assembler and linker STT_GNU_IFUNC support],
libc_cv_ld_gnu_indirect_function, [dnl
@@ -689,7 +704,7 @@ __start:
EOF
libc_cv_ld_gnu_indirect_function=no
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.S 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
# Do a link to see if the backend supports IFUNC relocs.
$READELF -r conftest 1>&AS_MESSAGE_LOG_FD
@@ -1213,7 +1228,7 @@ extern int glibc_conftest_frobozz;
void _start() { glibc_conftest_frobozz = 1; }
EOF
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.s conftest1.c 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
libc_cv_asm_set_directive=yes
else
@@ -1230,12 +1245,12 @@ AC_CACHE_CHECK(linker support for protected data symbol,
int bar __attribute__ ((visibility ("protected"))) = 1;
EOF
libc_cv_protected_data=no
- if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles -fPIC -shared conftest.c -o conftest.so); then
+ if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles $no_ssp -fPIC -shared conftest.c -o conftest.so); then
cat > conftest.c <<EOF
extern int bar;
int main (void) { return bar; }
EOF
- if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles conftest.c -o conftest conftest.so); then
+ if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles $no_ssp conftest.c -o conftest conftest.so); then
libc_cv_protected_data=yes
fi
fi
@@ -1357,7 +1372,7 @@ extern int mumble;
int foo (void) { return bar (mumble); }
EOF
if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
- -fPIC -shared -o conftest.so conftest.c
+ -fPIC -shared $no_ssp -o conftest.so conftest.c
-nostdlib -nostartfiles
-Wl,-z,combreloc 1>&AS_MESSAGE_LOG_FD])
then
@@ -1395,7 +1410,7 @@ AC_CACHE_CHECK(for --hash-style option,
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
-if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
-fPIC -shared -o conftest.so conftest.c
-Wl,--hash-style=both -nostdlib 1>&AS_MESSAGE_LOG_FD])
then
@@ -1467,7 +1482,7 @@ int foo (void) { return mumble; }
EOF
if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
-fPIC -shared -o conftest.so conftest.c
- -nostdlib -nostartfiles
+ -nostdlib -nostartfiles $no_ssp
1>&AS_MESSAGE_LOG_FD])
then
dnl look for GLOB_DAT relocation.
@@ -1484,7 +1499,7 @@ AC_SUBST(libc_cv_has_glob_dat)
AC_CACHE_CHECK(linker output format, libc_cv_output_format, [dnl
if libc_cv_output_format=`
-${CC-cc} -nostartfiles -nostdlib -Wl,--print-output-format 2>&AS_MESSAGE_LOG_FD`
+${CC-cc} -nostartfiles -nostdlib $no_ssp -Wl,--print-output-format 2>&AS_MESSAGE_LOG_FD`
then
:
else
@@ -1703,48 +1718,6 @@ if test $libc_cv_predef_fortify_source = yes; then
fi
AC_SUBST(CPPUNDEFS)
-dnl Check for silly hacked compilers inserting -fstack-protector.
-dnl This breaks badly for the early startup code we compile, since
-dnl the compiled code can refer to a magic machine-dependent location
-dnl for the canary value before we have sufficient setup for that to
-dnl work. It's also questionable to build all of libc with this flag
-dnl even when you're doing that for most applications you build, since
-dnl libc's code is so heavily-used and performance-sensitive. If we
-dnl ever really want to make that work, it should be enabled explicitly
-dnl in the libc build, not inherited from implicit compiler settings.
-AC_CACHE_CHECK([whether $CC implicitly enables -fstack-protector],
- libc_cv_predef_stack_protector, [
-AC_TRY_COMPILE([extern void foobar (char *);],
- [char large_array[2048]; foobar (large_array);], [
-libc_undefs=`$NM -u conftest.o |
- LC_ALL=C $AWK '$1 == "U" { print $2 | "sort -u"; next } { exit(1) }' \
- 2>&AS_MESSAGE_LOG_FD` || {
- AC_MSG_ERROR([confusing output from $NM -u])
-}
-echo >&AS_MESSAGE_LOG_FD "libc_undefs='$libc_undefs'"
-# On some architectures, there are architecture-specific undefined
-# symbols (resolved by the linker), so filter out unknown symbols.
-# This will fail to produce the correct result if the compiler
-# defaults to -fstack-protector but this produces an undefined symbol
-# other than __stack_chk_fail or __stack_chk_fail_local. However,
-# compilers like that have not been encountered in practice.
-libc_undefs=`echo "$libc_undefs" | \
- egrep '^(foobar|__stack_chk_fail|__stack_chk_fail_local)$'`
-case "$libc_undefs" in
-foobar) libc_cv_predef_stack_protector=no ;;
-'__stack_chk_fail
-foobar'|'__stack_chk_fail_local
-foobar') libc_cv_predef_stack_protector=yes ;;
-*) AC_MSG_ERROR([unexpected symbols in test: $libc_undefs]) ;;
-esac],
- [AC_MSG_ERROR([test compilation failed])])
-])
-libc_extra_cflags=
-if test $libc_cv_predef_stack_protector = yes; then
- libc_extra_cflags="$libc_extra_cflags -fno-stack-protector"
-fi
-libc_extra_cppflags=
-
# Some linkers on some architectures support __ehdr_start but with
# bugs. Make sure usage of it does not create relocations in the
# output (as the linker should resolve them all for us).
@@ -1754,7 +1727,7 @@ old_CFLAGS="$CFLAGS"
old_LDFLAGS="$LDFLAGS"
old_LIBS="$LIBS"
CFLAGS="$CFLAGS -fPIC"
-LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared"
+LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared $no_ssp"
LIBS=
AC_LINK_IFELSE([AC_LANG_SOURCE([
typedef struct {
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bc174f20b83d19167ecac14ce0762eddbe47cc64
commit bc174f20b83d19167ecac14ce0762eddbe47cc64
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:51 2016 +0100
Ignore __stack_chk_fail* in the rtld mapfile computation [BZ #7065]
The previous commit prevented rtld itself from being built with
-fstack-protector, but this is not quite enough. We identify which
objects belong in rtld via a test link and analysis of the resulting
mapfile. That link is necessarily done against objects that are
stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail,
and all the libc and libio code they use.
To stop this happening, use --defsym in the test librtld.map-production
link to force the linker to predefine these two symbols (to 0, but it
could be to anything). (In a real link, this would of course be
catastrophic, but these object files are never used for anything else.)
diff --git a/ChangeLog b/ChangeLog
index 82fc4e2..ae58d91 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,12 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ * elf/Makefile (dummy-stack-chk-fail): New.
+ (librtld.map): Use it.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
Compile the dynamic linker without stack protection.
* elf/Makefile (elide-stack-protector): New.
(CFLAGS-.os): Use it, eliding $(all-rtld-routines).
diff --git a/elf/Makefile b/elf/Makefile
index 1e7d724..04d5f07 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -386,9 +386,22 @@ $(objpfx)dl-allobjs.os: $(all-rtld-routines:%=$(objpfx)%.os)
# are compiled with special flags, and puts these modules into rtld-libc.a
# for us. Then we do the real link using rtld-libc.a instead of libc_pic.a.
+# If the compiler can do SSP, build the mapfile with dummy __stack_chk_fail
+# and __stack_chk_fail_local symbols defined, to prevent the real things
+# being dragged into rtld even though rtld is never built with stack-
+# protection.
+
+ifeq ($(have-ssp),yes)
+dummy-stack-chk-fail := -Wl,--defsym='__stack_chk_fail=0' \
+ -Wl,--defsym='__stack_chk_fail_local=0'
+else
+dummy-stack-chk-fail :=
+endif
+
$(objpfx)librtld.map: $(objpfx)dl-allobjs.os $(common-objpfx)libc_pic.a
@-rm -f $@T
- $(reloc-link) -o $@.o '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T
+ $(reloc-link) -o $@.o $(dummy-stack-chk-fail) \
+ '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T
rm -f $@.o
mv -f $@T $@
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=995635f95b707488c23bba07be8016c9682d4045
commit 995635f95b707488c23bba07be8016c9682d4045
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:48 2016 +0100
Compile the dynamic linker without stack protection [BZ #7065]
Also compile corresponding routines in the static libc.a with the same
flag.
diff --git a/ChangeLog b/ChangeLog
index 64ccdf7..82fc4e2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,16 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ Compile the dynamic linker without stack protection.
+ * elf/Makefile (elide-stack-protector): New.
+ (CFLAGS-.os): Use it, eliding $(all-rtld-routines).
+ (CFLAGS-.o, CFLAGS-.op): Likewise, but for $(elide-routines.os).
+ * elf/rtld-Rules (rtld-CFLAGS): Add $(no-stack-protector).
+ * sysdeps/i386/Makefile (rtld-CFLAGS): Use +=, not =.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
* config.make.in (have-ssp, no-stack-protector): New.
* csu/Makefile (CFLAGS-.o, CFLAGS-.op, CFLAGS-.os): Use it.
* misc/Makefile (CFLAGS-sbrk.o): Likewise.
diff --git a/elf/Makefile b/elf/Makefile
index cd26e16..1e7d724 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -51,6 +51,18 @@ CFLAGS-dl-runtime.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-dl-lookup.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-dl-iterate-phdr.c = $(uses-callbacks)
+# Compile rtld itself without stack protection.
+# Also compile all routines in the static library that are elided from
+# the shared libc because they are in libc.a in the same way.
+
+define elide-stack-protector
+$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
+endef
+
+CFLAGS-.o += $(call elide-stack-protector,.o,$(elide-routines.os))
+CFLAGS-.op += $(call elide-stack-protector,.op,$(elide-routines.os))
+CFLAGS-.os += $(call elide-stack-protector,.os,$(all-rtld-routines))
+
ifeq ($(unwind-find-fde),yes)
routines += unwind-dw2-fde-glibc
shared-only-routines += unwind-dw2-fde-glibc
diff --git a/elf/rtld-Rules b/elf/rtld-Rules
index c1bb506..84d9387 100644
--- a/elf/rtld-Rules
+++ b/elf/rtld-Rules
@@ -144,4 +144,6 @@ cpp-srcs-left := $(rtld-modules:%.os=%)
lib := rtld
include $(patsubst %,$(..)cppflags-iterator.mk,$(cpp-srcs-left))
+rtld-CFLAGS += $(no-stack-protector)
+
endif
diff --git a/sysdeps/i386/Makefile b/sysdeps/i386/Makefile
index e94f2cb..e30e133 100644
--- a/sysdeps/i386/Makefile
+++ b/sysdeps/i386/Makefile
@@ -88,7 +88,7 @@ endif
# the first 3 mm/xmm/ymm/zmm registers are used to pass vector parameters
# which must be preserved.
# With SSE disabled, ensure -fpmath is not set to use sse either.
-rtld-CFLAGS = -mno-sse -mno-mmx -mfpmath=387
+rtld-CFLAGS += -mno-sse -mno-mmx -mfpmath=387
ifeq ($(subdir),elf)
CFLAGS-.os += $(if $(filter $(@F),$(patsubst %,%.os,$(all-rtld-routines))),\
$(rtld-CFLAGS))
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=10c85e76c09716e744b4a41006718400b1eb2e84
commit 10c85e76c09716e744b4a41006718400b1eb2e84
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:45 2016 +0100
Disable stack protector in early static initialization [BZ #7065]
The startup code in csu/, and the brk and sbrk functions are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized; TLS initialization also uses
memcpy, which cannot overrun its own stack. Mark all of these as
-fno-stack-protector.
We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure. (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)
diff --git a/ChangeLog b/ChangeLog
index 395a14b..64ccdf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,18 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ * config.make.in (have-ssp, no-stack-protector): New.
+ * csu/Makefile (CFLAGS-.o, CFLAGS-.op, CFLAGS-.os): Use it.
+ * misc/Makefile (CFLAGS-sbrk.o): Likewise.
+ (CFLAGS-sbrk.op): Likewise.
+ (CFLAGS-brk.o): Likewise.
+ (CFLAGS-brk.op): Likewise.
+ * string/Makefile (CFLAGS-memcpy.c): Likewise.
+ (CFLAGS-wordcopy.c): Likewise.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
* configure.ac (HAVE_CC_NO_STACK_PROTECTOR): Define.
* config.h.in (HAVE_CC_NO_STACK_PROTECTOR): New macro.
* include/libc-symbols.h (inhibit_stack_protector): New macro.
diff --git a/config.make.in b/config.make.in
index 35e7e59..4422025 100644
--- a/config.make.in
+++ b/config.make.in
@@ -58,7 +58,9 @@ with-fp = @with_fp@
enable-timezone-tools = @enable_timezone_tools@
unwind-find-fde = @libc_cv_gcc_unwind_find_fde@
have-fpie = @libc_cv_fpie@
+have-ssp = @libc_cv_ssp@
stack-protector = @stack_protector@
+no-stack-protector = @no_stack_protector@
have-selinux = @have_selinux@
have-libaudit = @have_libaudit@
have-libcap = @have_libcap@
diff --git a/csu/Makefile b/csu/Makefile
index 3d23f13..75f36bb 100644
--- a/csu/Makefile
+++ b/csu/Makefile
@@ -46,6 +46,10 @@ before-compile += $(objpfx)version-info.h
# code is compiled with special flags.
tests =
+CFLAGS-.o += $(no-stack-protector)
+CFLAGS-.op += $(no-stack-protector)
+CFLAGS-.os += $(no-stack-protector)
+
ifeq (yes,$(build-shared))
extra-objs += S$(start-installed-name) gmon-start.os
ifneq ($(start-installed-name),$(static-start-installed-name))
diff --git a/misc/Makefile b/misc/Makefile
index d241dae..35dba34 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -108,6 +108,13 @@ CFLAGS-getusershell.c = -fexceptions
CFLAGS-err.c = -fexceptions
CFLAGS-tst-tsearch.c = $(stack-align-test-flags)
+# Called during static library initialization, so turn stack-protection
+# off for non-shared builds.
+CFLAGS-sbrk.o = $(no-stack-protector)
+CFLAGS-sbrk.op = $(no-stack-protector)
+CFLAGS-brk.o = $(no-stack-protector)
+CFLAGS-brk.op = $(no-stack-protector)
+
include ../Rules
$(objpfx)libg.a: $(dep-dummy-lib); $(make-dummy-lib)
diff --git a/string/Makefile b/string/Makefile
index 0816277..64b4c80 100644
--- a/string/Makefile
+++ b/string/Makefile
@@ -73,6 +73,10 @@ CFLAGS-test-ffs.c = -fno-builtin
CFLAGS-tst-inlcall.c = -fno-builtin
CFLAGS-tst-xbzero-opt.c = -O3
+# Called during TLS initialization.
+CFLAGS-memcpy.c = $(no-stack-protector)
+CFLAGS-wordcopy.c = $(no-stack-protector)
+
ifeq ($(run-built-tests),yes)
$(objpfx)tst-svc-cmp.out: tst-svc.expect $(objpfx)tst-svc.out
cmp $^ > $@; \
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=de6591238b478bc86b8cf5af01a484114e399213
commit de6591238b478bc86b8cf5af01a484114e399213
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:41 2016 +0100
Do not stack-protect ifunc resolvers [BZ #7065]
When dynamically linking, ifunc resolvers are called before TLS is
initialized, so they cannot be safely stack-protected.
We avoid disabling stack-protection on large numbers of files by
using __attribute__ ((__optimize__ ("-fno-stack-protector")))
to turn it off just for the resolvers themselves. (We provide
the attribute even when statically linking, because we will later
use it elsewhere too.)
diff --git a/ChangeLog b/ChangeLog
index f176699..395a14b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,29 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
+ * configure.ac (HAVE_CC_NO_STACK_PROTECTOR): Define.
+ * config.h.in (HAVE_CC_NO_STACK_PROTECTOR): New macro.
+ * include/libc-symbols.h (inhibit_stack_protector): New macro.
+ (__ifunc_resolver): Use it.
+ * elf/ifuncdep2.c (foo1_ifunc, foo2_ifunc, foo3_ifunc): Apply
+ inhibit_stack_protector.
+ * elf/ifuncmain6pie.c (foo_ifunc): Likewise.
+ * elf/ifuncmain7.c (foo_ifunc): Likewise.
+ * elf/ifuncmod1.c (foo_ifunc, foo_hidden_ifunc)
+ (foo_protected_ifunc): Likewise.
+ * elf/ifuncmod5.c (foo_ifunc, foo_hidden_ifunc)
+ (foo_protected_ifunc): Likewise.
+ * sysdeps/generic/ifunc-sel.h (ifunc_sel, ifunc_one): Likewise.
+ * sysdeps/nacl/nacl_interface_query.c
+ (nacl_interface_query_ifunc): Likewise.
+ * sysdeps/powerpc/ifunc-sel.h (ifunc_sel, ifunc_one): Likewise.
+ * sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c (getcpu_ifunc):
+ Likewise.
+ * sysdeps/x86_64/ifuncmod8.c (foo_ifunc): Likewise.
+ * sysdeps/unix/make-syscalls.sh: Apply inhibit_stack_protector to
+ the generated vDSO syscall resolver.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
Florian Weimer <fweimer@redhat.com>
[BZ #7065]
diff --git a/config.h.in b/config.h.in
index d96ce0f..82f95a6 100644
--- a/config.h.in
+++ b/config.h.in
@@ -48,6 +48,10 @@
/* Define if compiler accepts -ftree-loop-distribute-patterns. */
#undef HAVE_CC_INHIBIT_LOOP_TO_LIBCALL
+/* Define if compiler accepts -fno-stack-protector in an
+ __attribute__ ((__optimize__)). */
+#undef HAVE_CC_NO_STACK_PROTECTOR
+
/* The level of stack protection in use for glibc as a whole.
May be overridden on a file-by-file basis. */
#ifndef STACK_PROTECTOR_LEVEL
diff --git a/configure b/configure
index 8c69f09..b300795 100755
--- a/configure
+++ b/configure
@@ -3994,6 +3994,8 @@ stack_protector=
no_stack_protector=
if test "$libc_cv_ssp" = yes; then
no_stack_protector="-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0"
+ $as_echo "#define HAVE_CC_NO_STACK_PROTECTOR 1" >>confdefs.h
+
fi
if test "$enable_stack_protector" = yes && test "$libc_cv_ssp" = yes; then
diff --git a/configure.ac b/configure.ac
index c159768..f5fa1aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -653,6 +653,7 @@ stack_protector=
no_stack_protector=
if test "$libc_cv_ssp" = yes; then
no_stack_protector="-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0"
+ AC_DEFINE(HAVE_CC_NO_STACK_PROTECTOR)
fi
if test "$enable_stack_protector" = yes && test "$libc_cv_ssp" = yes; then
diff --git a/elf/ifuncdep2.c b/elf/ifuncdep2.c
index 6e66d31..d87d61d 100644
--- a/elf/ifuncdep2.c
+++ b/elf/ifuncdep2.c
@@ -32,6 +32,7 @@ void * foo1_ifunc (void) __asm__ ("foo1");
__asm__(".type foo1, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo1_ifunc (void)
{
return ifunc_sel (one, minus_one, zero);
@@ -41,6 +42,7 @@ void * foo2_ifunc (void) __asm__ ("foo2");
__asm__(".type foo2, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo2_ifunc (void)
{
return ifunc_sel (minus_one, one, zero);
@@ -50,6 +52,7 @@ void * foo3_ifunc (void) __asm__ ("foo3");
__asm__(".type foo3, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo3_ifunc (void)
{
return ifunc_sel (one, zero, minus_one);
diff --git a/elf/ifuncmain6pie.c b/elf/ifuncmain6pie.c
index 8478d4c..04faeb8 100644
--- a/elf/ifuncmain6pie.c
+++ b/elf/ifuncmain6pie.c
@@ -21,6 +21,7 @@ void * foo_ifunc (void) __asm__ ("foo");
__asm__(".type foo, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo_ifunc (void)
{
return ifunc_one (one);
diff --git a/elf/ifuncmain7.c b/elf/ifuncmain7.c
index 617a596..1e8f7ea 100644
--- a/elf/ifuncmain7.c
+++ b/elf/ifuncmain7.c
@@ -20,6 +20,7 @@ __asm__(".type foo, %gnu_indirect_function");
static void *
__attribute__ ((used))
+inhibit_stack_protector
foo_ifunc (void)
{
return ifunc_one (one);
diff --git a/elf/ifuncmod1.c b/elf/ifuncmod1.c
index 0b61380..f0bf5fb 100644
--- a/elf/ifuncmod1.c
+++ b/elf/ifuncmod1.c
@@ -36,6 +36,7 @@ void * foo_ifunc (void) __asm__ ("foo");
__asm__(".type foo, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo_ifunc (void)
{
return ifunc_sel (one, minus_one, zero);
@@ -45,6 +46,7 @@ void * foo_hidden_ifunc (void) __asm__ ("foo_hidden");
__asm__(".type foo_hidden, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo_hidden_ifunc (void)
{
return ifunc_sel (minus_one, one, zero);
@@ -54,6 +56,7 @@ void * foo_protected_ifunc (void) __asm__ ("foo_protected");
__asm__(".type foo_protected, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo_protected_ifunc (void)
{
return ifunc_sel (one, zero, minus_one);
diff --git a/elf/ifuncmod5.c b/elf/ifuncmod5.c
index 0e65a63..5a95780 100644
--- a/elf/ifuncmod5.c
+++ b/elf/ifuncmod5.c
@@ -31,6 +31,7 @@ void * foo_ifunc (void) __asm__ ("foo");
__asm__(".type foo, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo_ifunc (void)
{
return ifunc_sel (one, minus_one, zero);
@@ -40,6 +41,7 @@ void * foo_hidden_ifunc (void) __asm__ ("foo_hidden");
__asm__(".type foo_hidden, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo_hidden_ifunc (void)
{
return ifunc_sel (minus_one, one, zero);
@@ -49,6 +51,7 @@ void * foo_protected_ifunc (void) __asm__ ("foo_protected");
__asm__(".type foo_protected, %gnu_indirect_function");
void *
+inhibit_stack_protector
foo_protected_ifunc (void)
{
return ifunc_sel (one, zero, minus_one);
diff --git a/include/libc-symbols.h b/include/libc-symbols.h
index 4238d79..d981e67 100644
--- a/include/libc-symbols.h
+++ b/include/libc-symbols.h
@@ -336,6 +336,16 @@ for linking")
#define attribute_relro __attribute__ ((section (".data.rel.ro")))
+
+/* Used to disable stack protection in sensitive places, like ifunc
+ resolvers and early static TLS init. */
+#ifdef HAVE_CC_NO_STACK_PROTECTOR
+# define inhibit_stack_protector \
+ __attribute__ ((__optimize__ ("-fno-stack-protector")))
+#else
+# define inhibit_stack_protector
+#endif
+
/* The following macros are used for PLT bypassing within libc.so
(and if needed other libraries similarly).
First of all, you need to have the function prototyped somewhere,
@@ -737,7 +747,7 @@ for linking")
/* Helper / base macros for indirect function symbols. */
#define __ifunc_resolver(type_name, name, expr, arg, init, classifier) \
- classifier void *name##_ifunc (arg) \
+ classifier inhibit_stack_protector void *name##_ifunc (arg) \
{ \
init (); \
__typeof (type_name) *res = expr; \
diff --git a/sysdeps/generic/ifunc-sel.h b/sysdeps/generic/ifunc-sel.h
index 6a27b69..1fff405 100644
--- a/sysdeps/generic/ifunc-sel.h
+++ b/sysdeps/generic/ifunc-sel.h
@@ -5,6 +5,7 @@
extern int global;
static inline void *
+inhibit_stack_protector
ifunc_sel (int (*f1) (void), int (*f2) (void), int (*f3) (void))
{
switch (global)
@@ -19,6 +20,7 @@ ifunc_sel (int (*f1) (void), int (*f2) (void), int (*f3) (void))
}
static inline void *
+inhibit_stack_protector
ifunc_one (int (*f1) (void))
{
return f1;
diff --git a/sysdeps/nacl/nacl_interface_query.c b/sysdeps/nacl/nacl_interface_query.c
index adf1dd4..dbaa88b 100644
--- a/sysdeps/nacl/nacl_interface_query.c
+++ b/sysdeps/nacl/nacl_interface_query.c
@@ -29,6 +29,7 @@ extern TYPE_nacl_irt_query nacl_interface_query_ifunc (void)
asm ("nacl_interface_query");
TYPE_nacl_irt_query
+inhibit_stack_protector
nacl_interface_query_ifunc (void)
{
return &__nacl_irt_query;
diff --git a/sysdeps/powerpc/ifunc-sel.h b/sysdeps/powerpc/ifunc-sel.h
index ac589bd..bdb00bf 100644
--- a/sysdeps/powerpc/ifunc-sel.h
+++ b/sysdeps/powerpc/ifunc-sel.h
@@ -5,6 +5,7 @@
extern int global;
static inline void *
+inhibit_stack_protector
ifunc_sel (int (*f1) (void), int (*f2) (void), int (*f3) (void))
{
register void *ret __asm__ ("r3");
@@ -32,6 +33,7 @@ ifunc_sel (int (*f1) (void), int (*f2) (void), int (*f3) (void))
}
static inline void *
+inhibit_stack_protector
ifunc_one (int (*f1) (void))
{
register void *ret __asm__ ("r3");
diff --git a/sysdeps/unix/make-syscalls.sh b/sysdeps/unix/make-syscalls.sh
index 58d165e..123553c 100644
--- a/sysdeps/unix/make-syscalls.sh
+++ b/sysdeps/unix/make-syscalls.sh
@@ -287,6 +287,7 @@ while read file srcfile caller syscall args strong weak; do
(echo '#include <dl-vdso.h>'; \\
echo 'extern void *${strong}_ifunc (void) __asm ("${strong}");'; \\
echo 'void *'; \\
+ echo 'inhibit_stack_protector'; \\
echo '${strong}_ifunc (void)'; \\
echo '{'; \\
echo ' PREPARE_VERSION_KNOWN (symver, ${vdso_symver});'; \\
diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c b/sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c
index cbac4b3..8436f9d 100644
--- a/sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c
+++ b/sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c
@@ -21,6 +21,7 @@
void *getcpu_ifunc (void) __asm__ ("__getcpu");
void *
+inhibit_stack_protector
getcpu_ifunc (void)
{
PREPARE_VERSION (linux26, "LINUX_2.6", 61765110);
diff --git a/sysdeps/x86_64/ifuncmod8.c b/sysdeps/x86_64/ifuncmod8.c
index c004367..7c06562 100644
--- a/sysdeps/x86_64/ifuncmod8.c
+++ b/sysdeps/x86_64/ifuncmod8.c
@@ -28,6 +28,7 @@ foo_impl (float x)
}
void *
+inhibit_stack_protector
foo_ifunc (void)
{
__m128i xmm = _mm_set1_epi32 (-1);
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=003a27e8195470f470f4d9384ca70d4e9fc8bd1b
commit 003a27e8195470f470f4d9384ca70d4e9fc8bd1b
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:34 2016 +0100
Initialize the stack guard earlier when linking statically [BZ #7065]
The address of the stack canary is stored in a per-thread variable,
which means that we must ensure that the TLS area is intialized before
calling any -fstack-protector'ed functions. For dynamically linked
applications, we ensure this (in a later patch) by disabling
-fstack-protector for the whole dynamic linker, but for static
applications, the AT_ENTRY address is called directly by the kernel, so
we must deal with the problem differently.
In static appliations, __libc_setup_tls performs the TCB setup and TLS
initialization, so this commit arranges for it to be called early and
unconditionally. The call (and the stack guard initialization) is
before the DL_SYSDEP_OSCHECK hook, which if set will probably call
functions which are stack-protected (it does on Linux and NaCL too). We
also move apply_irel up, so that we can still safely call functions that
require ifuncs while in __libc_setup_tls (though if stack-protection is
enabled we still have to avoid calling functions that are not
stack-protected at this stage).
diff --git a/ChangeLog b/ChangeLog
index f1b95e0..f176699 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,23 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+ Florian Weimer <fweimer@redhat.com>
+
+ [BZ #7065]
+ Initialize the stack guard earlier when linking statically.
+ * sysdeps/generic/ldsodefs.h (__libc_setup_tls)
+ (__pthread_initialize_minimal): Declare.
+ * csu/libc-start.c (__pthread_initialize_minimal): Remove
+ declaration.
+ (LIBC_START_MAIN): Call __libc_setup_tls early and directly. Move
+ stack canary and apply_irel initialization up. Call
+ __pthread_initialize_minimal only if linked in.
+ * csu/libc-tls.c (__libc_setup_tls): Replace arguments with their
+ constant values.
+ (__pthread_initialize_minimal): Remove.
+ * nptl/nptl-init.c (__libc_setup_tls): Remove declaration.
+ (__pthread_initialize_minimal_internal): Do not call
+ __libc_setup_tls.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
* configure.ac (libc_cv_ssp): Move up.
diff --git a/csu/libc-start.c b/csu/libc-start.c
index 99c040a..cc59073 100644
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -29,7 +29,6 @@ extern int __libc_multiple_libcs;
#include <tls.h>
#ifndef SHARED
# include <dl-osinfo.h>
-extern void __pthread_initialize_minimal (void);
# ifndef THREAD_SET_STACK_GUARD
/* Only exported for architectures that don't store the stack guard canary
in thread local area. */
@@ -175,22 +174,11 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
}
}
-# ifdef DL_SYSDEP_OSCHECK
- if (!__libc_multiple_libcs)
- {
- /* This needs to run to initiliaze _dl_osversion before TLS
- setup might check it. */
- DL_SYSDEP_OSCHECK (__libc_fatal);
- }
-# endif
-
/* Perform IREL{,A} relocations. */
apply_irel ();
- /* Initialize the thread library at least a bit since the libgcc
- functions are using thread functions if these are available and
- we need to setup errno. */
- __pthread_initialize_minimal ();
+ /* The stack guard goes into the TCB, so initialize it early. */
+ __libc_setup_tls ();
/* Set up the stack checker's canary. */
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random);
@@ -200,6 +188,19 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
__stack_chk_guard = stack_chk_guard;
# endif
+# ifdef DL_SYSDEP_OSCHECK
+ if (!__libc_multiple_libcs)
+ {
+ /* This needs to run to initiliaze _dl_osversion before TLS
+ setup might check it. */
+ DL_SYSDEP_OSCHECK (__libc_fatal);
+ }
+# endif
+
+ /* Initialize libpthread if linked in. */
+ if (__pthread_initialize_minimal != NULL)
+ __pthread_initialize_minimal ();
+
/* Set up the pointer guard value. */
uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
stack_chk_guard);
diff --git a/csu/libc-tls.c b/csu/libc-tls.c
index 8f92234..454f165 100644
--- a/csu/libc-tls.c
+++ b/csu/libc-tls.c
@@ -102,14 +102,14 @@ init_static_tls (size_t memsz, size_t align)
}
void
-__libc_setup_tls (size_t tcbsize, size_t tcbalign)
+__libc_setup_tls (void)
{
void *tlsblock;
size_t memsz = 0;
size_t filesz = 0;
void *initimage = NULL;
size_t align = 0;
- size_t max_align = tcbalign;
+ size_t max_align = TCB_ALIGNMENT;
size_t tcb_offset;
const ElfW(Phdr) *phdr;
@@ -142,9 +142,9 @@ __libc_setup_tls (size_t tcbsize, size_t tcbalign)
_dl_allocate_tls_storage (in elf/dl-tls.c) does using __libc_memalign
and dl_tls_static_align. */
tcb_offset = roundup (memsz + GL(dl_tls_static_size), max_align);
- tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
+ tlsblock = __sbrk (tcb_offset + TLS_INIT_TCB_SIZE + max_align);
#elif TLS_DTV_AT_TP
- tcb_offset = roundup (tcbsize, align ?: 1);
+ tcb_offset = roundup (TLS_INIT_TCB_SIZE, align ?: 1);
tlsblock = __sbrk (tcb_offset + memsz + max_align
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
tlsblock += TLS_PRE_TCB_SIZE;
@@ -215,12 +215,3 @@ __libc_setup_tls (size_t tcbsize, size_t tcbalign)
init_static_tls (memsz, MAX (TLS_TCB_ALIGN, max_align));
}
-
-/* This is the minimal initialization function used when libpthread is
- not used. */
-void
-__attribute__ ((weak))
-__pthread_initialize_minimal (void)
-{
- __libc_setup_tls (TLS_INIT_TCB_SIZE, TLS_INIT_TCB_ALIGN);
-}
diff --git a/nptl/nptl-init.c b/nptl/nptl-init.c
index 0fd54a0..8494b26 100644
--- a/nptl/nptl-init.c
+++ b/nptl/nptl-init.c
@@ -70,10 +70,6 @@ int __have_futex_clock_realtime;
static const char nptl_version[] __attribute_used__ = VERSION;
-#ifndef SHARED
-extern void __libc_setup_tls (size_t tcbsize, size_t tcbalign);
-#endif
-
#ifdef SHARED
static
#else
@@ -288,18 +284,6 @@ static bool __nptl_initial_report_events __attribute_used__;
void
__pthread_initialize_minimal_internal (void)
{
-#ifndef SHARED
- /* Unlike in the dynamically linked case the dynamic linker has not
- taken care of initializing the TLS data structures. */
- __libc_setup_tls (TLS_TCB_SIZE, TLS_TCB_ALIGN);
-
- /* We must prevent gcc from being clever and move any of the
- following code ahead of the __libc_setup_tls call. This function
- will initialize the thread register which is subsequently
- used. */
- __asm __volatile ("");
-#endif
-
/* Minimal initialization of the thread descriptor. */
struct pthread *pd = THREAD_SELF;
__pthread_initialize_pids (pd);
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index 34d7ec1..bb67840 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -994,6 +994,17 @@ extern size_t _dl_count_modids (void) internal_function attribute_hidden;
/* Calculate offset of the TLS blocks in the static TLS block. */
extern void _dl_determine_tlsoffset (void) internal_function attribute_hidden;
+#ifndef SHARED
+/* Set up the TCB for statically linked applications. This is called
+ early during startup because we always use TLS (for errno and the
+ stack protector, among other things). */
+void __libc_setup_tls (void);
+
+/* Initialization of libpthread for statically linked applications.
+ If libpthread is not linked in, this is an empty function. */
+void __pthread_initialize_minimal (void) weak_function;
+#endif
+
/* Allocate memory for static TLS block (unless MEM is nonzero) and dtv. */
extern void *_dl_allocate_tls (void *mem) internal_function;
rtld_hidden_proto (_dl_allocate_tls)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=03baef1c9cfb396d76cae20a00aee657871e79c4
commit 03baef1c9cfb396d76cae20a00aee657871e79c4
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:18 2016 +0100
Configure support for --enable-stack-protector [BZ #7065]
This adds =all and =strong, with obvious semantics, defaulting to off.
We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.
We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts. (This helps us overcome
another existing limitation, that glibc doesn't work with GCCs hacked
to pass in -fstack-protector by default.)
We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value
appropriate for the stack-protection level in use for each file in
particular.
diff --git a/ChangeLog b/ChangeLog
index 0dd96f2..f1b95e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
+ * configure.ac (libc_cv_ssp): Move up.
+ (libc_cv_ssp_strong): Likewise.
+ (libc_cv_ssp_all): New.
+ (stack_protector): Augment, adding -fstack-protector-all.
+ (no_stack_protector): New.
+ (STACK_PROTECTOR_LEVEL): New.
+ (AC_ARG_ENABLE(stack-protector)): New configure flag.
+ * manual/install.texi (--enable-stack-protector): Document it.
+ * config.h.in (STACK_PROTECTOR_LEVEL): New macro.
+
2016-12-24 Carlos O'Donell <carlos@redhat.com>
* README.pretty-printers: Must specify CPPFLAGS-* also.
diff --git a/INSTALL b/INSTALL
index acb622a..104f36b 100644
--- a/INSTALL
+++ b/INSTALL
@@ -135,6 +135,17 @@ will be used, and CFLAGS sets optimization options for the compiler.
'--enable-lock-elision=yes'
Enable lock elision for pthread mutexes by default.
+'--enable-stack-protector'
+'--enable-stack-protector=strong'
+'--enable-stack-protector=all'
+ Compile the C library and all other parts of the glibc package
+ (including the threading and math libraries, NSS modules, and
+ transliteration modules) using the GCC '-fstack-protector',
+ '-fstack-protector-strong' or '-fstack-protector-all' options to
+ detect stack overruns. Only the dynamic linker and a small number
+ of routines called directly from assembler are excluded from this
+ protection.
+
'--enable-pt_chown'
The file 'pt_chown' is a helper binary for 'grantpt' (*note
Pseudo-Terminals: Allocation.) that is installed setuid root to fix
diff --git a/config.h.in b/config.h.in
index 33757bd..d96ce0f 100644
--- a/config.h.in
+++ b/config.h.in
@@ -48,6 +48,12 @@
/* Define if compiler accepts -ftree-loop-distribute-patterns. */
#undef HAVE_CC_INHIBIT_LOOP_TO_LIBCALL
+/* The level of stack protection in use for glibc as a whole.
+ May be overridden on a file-by-file basis. */
+#ifndef STACK_PROTECTOR_LEVEL
+#undef STACK_PROTECTOR_LEVEL
+#endif
+
/* Define if the regparm attribute shall be used for local functions
(gcc on ix86 only). */
#undef USE_REGPARMS
diff --git a/configure b/configure
index 10b0fb7..8c69f09 100755
--- a/configure
+++ b/configure
@@ -620,7 +620,6 @@ libc_cv_cc_loop_to_function
libc_cv_cc_submachine
libc_cv_cc_nofma
libc_cv_mtls_dialect_gnu2
-stack_protector
fno_unit_at_a_time
libc_cv_output_format
libc_cv_has_glob_dat
@@ -661,6 +660,9 @@ sysdeps_add_ons
sysnames
submachine
multi_arch
+no_stack_protector
+stack_protector
+libc_cv_ssp
base_machine
add_on_subdirs
add_ons
@@ -766,6 +768,7 @@ enable_lock_elision
enable_add_ons
enable_hidden_plt
enable_bind_now
+enable_stack_protector
enable_static_nss
enable_force_install
enable_maintainer_mode
@@ -1427,6 +1430,9 @@ Optional Features:
for add-ons if no parameter given
--disable-hidden-plt do not hide internal function calls to avoid PLT
--enable-bind-now disable lazy relocations in DSOs
+ --enable-stack-protector=[yes|no|all|strong]
+ Use -fstack-protector[-all|-strong] to detect glibc
+ buffer overflows
--enable-static-nss build static NSS modules [default=no]
--disable-force-install don't force installation of files from this package,
even if they are older than the installed files
@@ -3427,6 +3433,18 @@ if test "x$bindnow" = xyes; then
fi
+# Check whether --enable-stack-protector was given.
+if test "${enable_stack_protector+set}" = set; then :
+ enableval=$enable_stack_protector; enable_stack_protector=$enableval
+else
+ enable_stack_protector=no
+fi
+
+case "$enable_stack_protector" in
+all|yes|no|strong) ;;
+*) as_fn_error $? "Not a valid argument for --enable-stack-protector: \"$enable_stack_protector\"" "$LINENO" 5;;
+esac
+
# Check whether --enable-static-nss was given.
if test "${enable_static_nss+set}" = set; then :
enableval=$enable_static_nss; static_nss=$enableval
@@ -3912,6 +3930,89 @@ fi
test -n "$base_machine" || base_machine=$machine
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fstack-protector" >&5
+$as_echo_n "checking for -fstack-protector... " >&6; }
+if ${libc_cv_ssp+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -Werror -fstack-protector -xc /dev/null -S -o /dev/null'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ libc_cv_ssp=yes
+else
+ libc_cv_ssp=no
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp" >&5
+$as_echo "$libc_cv_ssp" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fstack-protector-strong" >&5
+$as_echo_n "checking for -fstack-protector-strong... " >&6; }
+if ${libc_cv_ssp_strong+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -Werror -fstack-protector-strong -xc /dev/null -S -o /dev/null'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ libc_cv_ssp_strong=yes
+else
+ libc_cv_ssp_strong=no
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp_strong" >&5
+$as_echo "$libc_cv_ssp_strong" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fstack-protector-all" >&5
+$as_echo_n "checking for -fstack-protector-all... " >&6; }
+if ${libc_cv_ssp_all+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -Werror -fstack-protector-all -xc /dev/null -S -o /dev/null'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ libc_cv_ssp_all=yes
+else
+ libc_cv_ssp_all=no
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp_all" >&5
+$as_echo "$libc_cv_ssp_all" >&6; }
+
+stack_protector=
+no_stack_protector=
+if test "$libc_cv_ssp" = yes; then
+ no_stack_protector="-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0"
+fi
+
+if test "$enable_stack_protector" = yes && test "$libc_cv_ssp" = yes; then
+ stack_protector="-fstack-protector"
+ $as_echo "#define STACK_PROTECTOR_LEVEL 1" >>confdefs.h
+
+elif test "$enable_stack_protector" = all && test "$libc_cv_ssp_all" = yes; then
+ stack_protector="-fstack-protector-all"
+ $as_echo "#define STACK_PROTECTOR_LEVEL 2" >>confdefs.h
+
+elif test "$enable_stack_protector" = strong && test "$libc_cv_ssp_strong" = yes; then
+ stack_protector="-fstack-protector-strong"
+ $as_echo "#define STACK_PROTECTOR_LEVEL 3" >>confdefs.h
+
+fi
+
+
+
+
# For the multi-arch option we need support in the assembler & linker.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for assembler and linker STT_GNU_IFUNC support" >&5
$as_echo_n "checking for assembler and linker STT_GNU_IFUNC support... " >&6; }
@@ -5915,54 +6016,6 @@ else
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fstack-protector" >&5
-$as_echo_n "checking for -fstack-protector... " >&6; }
-if ${libc_cv_ssp+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -Werror -fstack-protector -xc /dev/null -S -o /dev/null'
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- libc_cv_ssp=yes
-else
- libc_cv_ssp=no
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp" >&5
-$as_echo "$libc_cv_ssp" >&6; }
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fstack-protector-strong" >&5
-$as_echo_n "checking for -fstack-protector-strong... " >&6; }
-if ${libc_cv_ssp_strong+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -Werror -fstack-protector-strong -xc /dev/null -S -o /dev/null'
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- libc_cv_ssp_strong=yes
-else
- libc_cv_ssp_strong=no
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp_strong" >&5
-$as_echo "$libc_cv_ssp_strong" >&6; }
-
-stack_protector=
-if test "$libc_cv_ssp_strong" = "yes"; then
- stack_protector="-fstack-protector-strong"
-elif test "$libc_cv_ssp" = "yes"; then
- stack_protector="-fstack-protector"
-fi
-
-
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -mtls-dialect=gnu2" >&5
$as_echo_n "checking for -mtls-dialect=gnu2... " >&6; }
if ${libc_cv_mtls_dialect_gnu2+:} false; then :
diff --git a/configure.ac b/configure.ac
index aa6e2d7..c159768 100644
--- a/configure.ac
+++ b/configure.ac
@@ -235,6 +235,18 @@ if test "x$bindnow" = xyes; then
AC_DEFINE(BIND_NOW)
fi
+dnl Build glibc with -fstack-protector, -fstack-protector-all, or
+dnl -fstack-protector-strong.
+AC_ARG_ENABLE([stack-protector],
+ AC_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
+ [Use -fstack-protector[-all|-strong] to detect glibc buffer overflows]),
+ [enable_stack_protector=$enableval],
+ [enable_stack_protector=no])
+case "$enable_stack_protector" in
+all|yes|no|strong) ;;
+*) AC_MSG_ERROR([Not a valid argument for --enable-stack-protector: \"$enable_stack_protector\"]);;
+esac
+
dnl On some platforms we cannot use dynamic loading. We must provide
dnl static NSS modules.
AC_ARG_ENABLE([static-nss],
@@ -619,6 +631,44 @@ fi
test -n "$base_machine" || base_machine=$machine
AC_SUBST(base_machine)
+AC_CACHE_CHECK(for -fstack-protector, libc_cv_ssp, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector],
+ [libc_cv_ssp=yes],
+ [libc_cv_ssp=no])
+])
+
+AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
+ [libc_cv_ssp_strong=yes],
+ [libc_cv_ssp_strong=no])
+])
+
+AC_CACHE_CHECK(for -fstack-protector-all, libc_cv_ssp_all, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-all],
+ [libc_cv_ssp_all=yes],
+ [libc_cv_ssp_all=no])
+])
+
+stack_protector=
+no_stack_protector=
+if test "$libc_cv_ssp" = yes; then
+ no_stack_protector="-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0"
+fi
+
+if test "$enable_stack_protector" = yes && test "$libc_cv_ssp" = yes; then
+ stack_protector="-fstack-protector"
+ AC_DEFINE(STACK_PROTECTOR_LEVEL, 1)
+elif test "$enable_stack_protector" = all && test "$libc_cv_ssp_all" = yes; then
+ stack_protector="-fstack-protector-all"
+ AC_DEFINE(STACK_PROTECTOR_LEVEL, 2)
+elif test "$enable_stack_protector" = strong && test "$libc_cv_ssp_strong" = yes; then
+ stack_protector="-fstack-protector-strong"
+ AC_DEFINE(STACK_PROTECTOR_LEVEL, 3)
+fi
+AC_SUBST(libc_cv_ssp)
+AC_SUBST(stack_protector)
+AC_SUBST(no_stack_protector)
+
# For the multi-arch option we need support in the assembler & linker.
AC_CACHE_CHECK([for assembler and linker STT_GNU_IFUNC support],
libc_cv_ld_gnu_indirect_function, [dnl
@@ -1461,26 +1511,6 @@ else
fi
AC_SUBST(fno_unit_at_a_time)
-AC_CACHE_CHECK(for -fstack-protector, libc_cv_ssp, [dnl
-LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector],
- [libc_cv_ssp=yes],
- [libc_cv_ssp=no])
-])
-
-AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
-LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
- [libc_cv_ssp_strong=yes],
- [libc_cv_ssp_strong=no])
-])
-
-stack_protector=
-if test "$libc_cv_ssp_strong" = "yes"; then
- stack_protector="-fstack-protector-strong"
-elif test "$libc_cv_ssp" = "yes"; then
- stack_protector="-fstack-protector"
-fi
-AC_SUBST(stack_protector)
-
AC_CACHE_CHECK([for -mtls-dialect=gnu2], libc_cv_mtls_dialect_gnu2,
[dnl
cat > conftest.c <<EOF
diff --git a/manual/install.texi b/manual/install.texi
index 35e02ad..d02e870 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -164,6 +164,17 @@ time. Consult the @file{timezone} subdirectory for more details.
@item --enable-lock-elision=yes
Enable lock elision for pthread mutexes by default.
+@item --enable-stack-protector
+@itemx --enable-stack-protector=strong
+@itemx --enable-stack-protector=all
+Compile the C library and all other parts of the glibc package
+(including the threading and math libraries, NSS modules, and
+transliteration modules) using the GCC @option{-fstack-protector},
+@option{-fstack-protector-strong} or @option{-fstack-protector-all}
+options to detect stack overruns. Only the dynamic linker and a small
+number of routines called directly from assembler are excluded from this
+protection.
+
@pindex pt_chown
@findex grantpt
@item --enable-pt_chown
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 149 +++++++++++++
INSTALL | 11 +
Makeconfig | 8 +-
NEWS | 4 +
aclocal.m4 | 6 +-
config.h.in | 10 +
config.make.in | 2 +
configure | 243 +++++++++++----------
configure.ac | 146 +++++++------
csu/Makefile | 4 +
csu/libc-start.c | 29 ++--
csu/libc-tls.c | 17 +-
debug/Makefile | 6 +
debug/stack_chk_fail.c | 2 +
elf/Makefile | 30 +++-
elf/ifuncdep2.c | 3 +
elf/ifuncmain6pie.c | 1 +
elf/ifuncmain7.c | 1 +
elf/ifuncmod1.c | 3 +
elf/ifuncmod5.c | 3 +
elf/rtld-Rules | 2 +
include/libc-symbols.h | 12 +-
login/Makefile | 1 -
manual/install.texi | 11 +
misc/Makefile | 7 +
nptl/nptl-init.c | 16 --
nscd/Makefile | 1 -
resolv/Makefile | 1 -
signal/Makefile | 2 +
string/Makefile | 4 +
sysdeps/generic/ifunc-sel.h | 2 +
sysdeps/generic/ldsodefs.h | 11 +
sysdeps/generic/symbol-hacks.h | 12 +
sysdeps/i386/Makefile | 2 +-
sysdeps/nacl/nacl_interface_query.c | 1 +
sysdeps/powerpc/ifunc-sel.h | 2 +
sysdeps/unix/make-syscalls.sh | 1 +
sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c | 8 +-
sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c | 4 +-
sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c | 1 +
sysdeps/x86_64/ifuncmod8.c | 1 +
41 files changed, 539 insertions(+), 241 deletions(-)
hooks/post-receive
--
GNU C Library master sources