From patchwork Wed Mar 10 10:14:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 1450429 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=sourceware.org; envelope-from=libc-alpha-bounces@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=rPrlla88; dkim-atps=neutral Received: from sourceware.org (unknown [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DwScK1wmCz9sR4 for ; Wed, 10 Mar 2021 21:14:41 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 02ABC3870868; Wed, 10 Mar 2021 10:14:32 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 02ABC3870868 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1615371272; bh=ZT8JQ5eQIQ58sWl2BzqnFXM+z2RGtet5GI5Hs/hULr0=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=rPrlla887M0Wdy+WwBBUs4ATWNHqMxdCuJyhOWOYojvw0YKv6Si6+auUTK+gH6vTT ip3IOXH4+I27cU14EZVRJcLsS66IPJhmhZUjenjeTXGbXxi1GKadEm3sp2o+2rf0wD 7OL7/FvEBve3vOEXoJjY8/0igqmOAIxqeVc8jvQI= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from dormouse.elm.relay.mailchannels.net (dormouse.elm.relay.mailchannels.net [23.83.212.50]) by sourceware.org (Postfix) with ESMTPS id 326ED3870850 for ; Wed, 10 Mar 2021 10:14:28 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 326ED3870850 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id C01EB642A1A; Wed, 10 Mar 2021 10:14:26 +0000 (UTC) Received: from pdx1-sub0-mail-a30.g.dreamhost.com (100-98-118-122.trex.outbound.svc.cluster.local [100.98.118.122]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 5BBFC642776; Wed, 10 Mar 2021 10:14:26 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a30.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.98.118.122 (trex/6.0.2); Wed, 10 Mar 2021 10:14:26 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Whistle-Quick: 40ab6ca7629f4993_1615371266613_128075789 X-MC-Loop-Signature: 1615371266613:3395359147 X-MC-Ingress-Time: 1615371266613 Received: from pdx1-sub0-mail-a30.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a30.g.dreamhost.com (Postfix) with ESMTP id 1F9EC7F046; Wed, 10 Mar 2021 02:14:26 -0800 (PST) Received: from rhbox.intra.reserved-bit.com (unknown [1.186.101.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a30.g.dreamhost.com (Postfix) with ESMTPSA id 769A67E6B7; Wed, 10 Mar 2021 02:14:24 -0800 (PST) X-DH-BACKEND: pdx1-sub0-mail-a30 To: libc-alpha@sourceware.org Subject: [PATCH 3/3] Build libc-start with stack protector for SHARED Date: Wed, 10 Mar 2021 15:44:00 +0530 Message-Id: <20210310101400.3904724-4-siddhesh@sourceware.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210310101400.3904724-1-siddhesh@sourceware.org> References: <20210310101400.3904724-1-siddhesh@sourceware.org> MIME-Version: 1.0 X-Spam-Status: No, score=-3495.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Cc: fweimer@redhat.com Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" This does not change the emitted code since __libc_start_main does not return, but is important for formal flags compliance. This also cleans up the cosmetic inconsistency in the stack protector flags in csu, especially the incorrect value of STACK_PROTECTOR_LEVEL. Reviewed-by: Adhemerval Zanella --- Makeconfig | 8 ++++++++ csu/Makefile | 22 ++++++++++++---------- elf/Makefile | 4 ---- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/Makeconfig b/Makeconfig index 0a4811b5e5..01f8638c2e 100644 --- a/Makeconfig +++ b/Makeconfig @@ -856,6 +856,14 @@ ifneq ($(stack-protector),) +stack-protector=$(stack-protector) endif +# Some routines are unsafe to build with stack-protection since they're called +# before the stack check guard is set up. Provide a way to disable stack +# protector. The first argument is the extension (.o, .os, .oS) and the second +# is a list of routines that this path should be applied to. +define elide-stack-protector +$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector)) +endef + # This is the program that generates makefile dependencies from C source files. # The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy # targets for headers so that removed headers don't break the build. diff --git a/csu/Makefile b/csu/Makefile index e587434be8..3054329cea 100644 --- a/csu/Makefile +++ b/csu/Makefile @@ -45,18 +45,20 @@ install-lib = $(start-installed-name) g$(start-installed-name) $(csu-dummies) # code is compiled with special flags. tests = -CFLAGS-.o += $(no-stack-protector) -CFLAGS-.op += $(no-stack-protector) -CFLAGS-.os += $(no-stack-protector) - -# Dummy object not actually used for anything. It is linked into -# crt1.o nevertheless, which in turn is statically linked into +# static-reloc.os is a dummy object not actually used for anything. It is +# linked into crt1.o nevertheless, which in turn is statically linked into # applications, so that build flags matter. # See . -# NB: Using $(stack-protector) in this way causes a wrong definition -# STACK_PROTECTOR_LEVEL due to the preceding $(no-stack-protector), -# but it does not matter for this source file. -CFLAGS-static-reloc.os += $(stack-protector) +# +# libc-start.os is safe to be built with stack protector since +# __libc_start_main is called after stack canary setup is done. +ssp-safe.os = static-reloc libc-start + +CFLAGS-.o += $(call elide-stack-protector,.o,$(routines)) +CFLAGS-.op += $(call elide-stack-protector,.op,$(routines)) +CFLAGS-.oS += $(call elide-stack-protector,.oS,$(routines)) +CFLAGS-.os += $(call elide-stack-protector,.os,$(filter-out \ + $(ssp-safe.os),$(routines))) ifeq (yes,$(build-shared)) extra-objs += S$(start-installed-name) gmon-start.os diff --git a/elf/Makefile b/elf/Makefile index b06bf6ca20..285d9f2f3c 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -83,10 +83,6 @@ endif # Also compile all routines in the static library that are elided from # the shared libc because they are in libc.a in the same way. -define elide-stack-protector -$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector)) -endef - CFLAGS-.o += $(call elide-stack-protector,.o,$(elide-routines.os)) CFLAGS-.op += $(call elide-stack-protector,.op,$(elide-routines.os)) CFLAGS-.os += $(call elide-stack-protector,.os,$(all-rtld-routines))