aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Alcock <nick.alcock@oracle.com>2016-12-26 10:08:45 +0100
committerFlorian Weimer <fweimer@redhat.com>2016-12-26 10:08:45 +0100
commit10c85e76c09716e744b4a41006718400b1eb2e84 (patch)
treedb306524b5147cd0ec6a67dd95aeb079d99112cc
parentde6591238b478bc86b8cf5af01a484114e399213 (diff)
downloadglibc-10c85e76c09716e744b4a41006718400b1eb2e84.zip
glibc-10c85e76c09716e744b4a41006718400b1eb2e84.tar.gz
glibc-10c85e76c09716e744b4a41006718400b1eb2e84.tar.bz2
Disable stack protector in early static initialization [BZ #7065]
The startup code in csu/, and the brk and sbrk functions are needed very early in initialization of a statically-linked program, before the stack guard is initialized; TLS initialization also uses memcpy, which cannot overrun its own stack. Mark all of these as -fno-stack-protector. We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both substituted by the configury changes made earlier, to detect the case when -fno-stack-protector is supported by the compiler, and unconditionally pass it in when this is the case, whether or not --enable-stack-protector is passed to configure. (This means that it'll even work when the compiler's been hacked to pass -fstack-protector by default, unless the hackage is so broken that it does so in a way that is impossible to override.)
-rw-r--r--ChangeLog12
-rw-r--r--config.make.in2
-rw-r--r--csu/Makefile4
-rw-r--r--misc/Makefile7
-rw-r--r--string/Makefile4
5 files changed, 29 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 395a14b..64ccdf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,18 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ * config.make.in (have-ssp, no-stack-protector): New.
+ * csu/Makefile (CFLAGS-.o, CFLAGS-.op, CFLAGS-.os): Use it.
+ * misc/Makefile (CFLAGS-sbrk.o): Likewise.
+ (CFLAGS-sbrk.op): Likewise.
+ (CFLAGS-brk.o): Likewise.
+ (CFLAGS-brk.op): Likewise.
+ * string/Makefile (CFLAGS-memcpy.c): Likewise.
+ (CFLAGS-wordcopy.c): Likewise.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
* configure.ac (HAVE_CC_NO_STACK_PROTECTOR): Define.
* config.h.in (HAVE_CC_NO_STACK_PROTECTOR): New macro.
* include/libc-symbols.h (inhibit_stack_protector): New macro.
diff --git a/config.make.in b/config.make.in
index 35e7e59..4422025 100644
--- a/config.make.in
+++ b/config.make.in
@@ -58,7 +58,9 @@ with-fp = @with_fp@
enable-timezone-tools = @enable_timezone_tools@
unwind-find-fde = @libc_cv_gcc_unwind_find_fde@
have-fpie = @libc_cv_fpie@
+have-ssp = @libc_cv_ssp@
stack-protector = @stack_protector@
+no-stack-protector = @no_stack_protector@
have-selinux = @have_selinux@
have-libaudit = @have_libaudit@
have-libcap = @have_libcap@
diff --git a/csu/Makefile b/csu/Makefile
index 3d23f13..75f36bb 100644
--- a/csu/Makefile
+++ b/csu/Makefile
@@ -46,6 +46,10 @@ before-compile += $(objpfx)version-info.h
# code is compiled with special flags.
tests =
+CFLAGS-.o += $(no-stack-protector)
+CFLAGS-.op += $(no-stack-protector)
+CFLAGS-.os += $(no-stack-protector)
+
ifeq (yes,$(build-shared))
extra-objs += S$(start-installed-name) gmon-start.os
ifneq ($(start-installed-name),$(static-start-installed-name))
diff --git a/misc/Makefile b/misc/Makefile
index d241dae..35dba34 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -108,6 +108,13 @@ CFLAGS-getusershell.c = -fexceptions
CFLAGS-err.c = -fexceptions
CFLAGS-tst-tsearch.c = $(stack-align-test-flags)
+# Called during static library initialization, so turn stack-protection
+# off for non-shared builds.
+CFLAGS-sbrk.o = $(no-stack-protector)
+CFLAGS-sbrk.op = $(no-stack-protector)
+CFLAGS-brk.o = $(no-stack-protector)
+CFLAGS-brk.op = $(no-stack-protector)
+
include ../Rules
$(objpfx)libg.a: $(dep-dummy-lib); $(make-dummy-lib)
diff --git a/string/Makefile b/string/Makefile
index 0816277..64b4c80 100644
--- a/string/Makefile
+++ b/string/Makefile
@@ -73,6 +73,10 @@ CFLAGS-test-ffs.c = -fno-builtin
CFLAGS-tst-inlcall.c = -fno-builtin
CFLAGS-tst-xbzero-opt.c = -O3
+# Called during TLS initialization.
+CFLAGS-memcpy.c = $(no-stack-protector)
+CFLAGS-wordcopy.c = $(no-stack-protector)
+
ifeq ($(run-built-tests),yes)
$(objpfx)tst-svc-cmp.out: tst-svc.expect $(objpfx)tst-svc.out
cmp $^ > $@; \