Patchwork [04/17,v5] Mark all machinery needed in early static-link init as -fno-stack-protector.

login
register
mail settings
Submitter Nix
Date March 13, 2016, 3:16 p.m.
Message ID <1457882222-22599-5-git-send-email-nix@esperi.org.uk>
Download mbox | patch
Permalink /patch/11331/
State New
Headers show

Comments

Nix - March 13, 2016, 3:16 p.m.
From: Nick Alcock <nick.alcock@oracle.com>

The startup code in csu/, brk() and sbrk(), and the
__pthread_initialize_tcb_internal() function we just introduced are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized.  Mark all of these as
-fno-stack-protector.

We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure.  (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)

(At one point we marked __libc_fatal() as non-stack-protected too,
but this was pointless: all it did was call other routines which *are*
stack-protected.  The earliest __libc_fatal() call is in the
DL_SYSDEP_OSCHECK hook on some platforms, when statically linking:
this is fine, since it is after TLS and stack-canary initialization.
I have tested invocation of programs statically and dynamically
linked against this glibc on older kernels on x86 and ARM, and they
still "work", i.e. fail with the appropriate message.)

v2: No longer mark memcpy() as -fno-stack-protector.
v3: Use $(no-stack-protector).
v4: Use inhibit_stack_protector rather than de-protecting all of nptl-init.c.
v5: Don't stack-protect brk() and sbrk() in the shared library.

	* config.make.in (have-ssp): New.
	(no-stack-protector): New.
	* csu/Makefile (CFLAGS-.o): Use it.
	(CFLAGS-.og): Likewise.
	(CFLAGS-.op): Likewise.
	(CFLAGS-.os): Likewise.
	* misc/Makefile (CFLAGS-sbrk.o): Likewise.
	(CFLAGS-sbrk.op): Likewise.
	(CFLAGS-sbrk.og): Likewise.
	(CFLAGS-brk.o): Likewise.
	(CFLAGS-brk.op): Likewise.
	(CFLAGS-brk.og): Likewise.
	* nptl/nptl-init.c [!SHARED] (__pthread_initialize_tcb_internal):
	Likewise.
---
 config.make.in   | 2 ++
 csu/Makefile     | 5 +++++
 misc/Makefile    | 8 ++++++++
 nptl/nptl-init.c | 1 +
 4 files changed, 16 insertions(+)
Mike Frysinger - April 10, 2016, 4:02 a.m.
On 13 Mar 2016 15:16, Nix wrote:
> We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both

@no_stack_protector@

> --- a/csu/Makefile
> +++ b/csu/Makefile
>
> +CFLAGS-.o += $(no-stack-protector)
> +CFLAGS-.og += $(no-stack-protector)
> +CFLAGS-.op += $(no-stack-protector)
> +CFLAGS-.os += $(no-stack-protector)

is there a format you're trying to avoid ?  *.oS ?
could use a comment.

> --- a/misc/Makefile
> +++ b/misc/Makefile
>  
> +# Called during static library initialization.
> +CFLAGS-sbrk.o = $(no-stack-protector)
> +CFLAGS-sbrk.op = $(no-stack-protector)
> +CFLAGS-sbrk.og = $(no-stack-protector)
> +CFLAGS-brk.o = $(no-stack-protector)
> +CFLAGS-brk.op = $(no-stack-protector)
> +CFLAGS-brk.og = $(no-stack-protector)

same here
-mike
Nix - April 10, 2016, 11:27 a.m.
On 10 Apr 2016, Mike Frysinger outgrape:

> On 13 Mar 2016 15:16, Nix wrote:
>> We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both
>
> @no_stack_protector@
>
>> --- a/csu/Makefile
>> +++ b/csu/Makefile
>>
>> +CFLAGS-.o += $(no-stack-protector)
>> +CFLAGS-.og += $(no-stack-protector)
>> +CFLAGS-.op += $(no-stack-protector)
>> +CFLAGS-.os += $(no-stack-protector)
>
> is there a format you're trying to avoid ?  *.oS ?

Not particularly. If CFLAGS on its own works, I could use that.

>> --- a/misc/Makefile
>> +++ b/misc/Makefile
>>  
>> +# Called during static library initialization.
>> +CFLAGS-sbrk.o = $(no-stack-protector)
>> +CFLAGS-sbrk.op = $(no-stack-protector)
>> +CFLAGS-sbrk.og = $(no-stack-protector)
>> +CFLAGS-brk.o = $(no-stack-protector)
>> +CFLAGS-brk.op = $(no-stack-protector)
>> +CFLAGS-brk.og = $(no-stack-protector)
>
> same here

Now this is .os-avoidance. I assumed the mention of static library
initialization was sufficient, but I could add ', so turn it off for
non-.os' or something if you like.
Nix - May 15, 2016, 10:01 a.m.
On 10 Apr 2016, nix@esperi.org.uk said:

> On 10 Apr 2016, Mike Frysinger outgrape:
>
>> On 13 Mar 2016 15:16, Nix wrote:
>>> We also finally introduce @libc_cv_ssp@ and @no-stack-protector@, both
>>
>> @no_stack_protector@
>>
>>> --- a/csu/Makefile
>>> +++ b/csu/Makefile
>>>
>>> +CFLAGS-.o += $(no-stack-protector)
>>> +CFLAGS-.og += $(no-stack-protector)
>>> +CFLAGS-.op += $(no-stack-protector)
>>> +CFLAGS-.os += $(no-stack-protector)
>>
>> is there a format you're trying to avoid ?  *.oS ?
>
> Not particularly. If CFLAGS on its own works, I could use that.

It doesn't. We have to explicitly name the lot. (*.oS is not affected by
this, which is the only reason I'm not naming it...)

Patch

diff --git a/config.make.in b/config.make.in
index 05ed6ec..9afd4ff 100644
--- a/config.make.in
+++ b/config.make.in
@@ -55,7 +55,9 @@  with-fp = @with_fp@
 enable-timezone-tools = @enable_timezone_tools@
 unwind-find-fde = @libc_cv_gcc_unwind_find_fde@
 have-fpie = @libc_cv_fpie@
+have-ssp = @libc_cv_ssp@
 stack-protector = @stack_protector@
+no-stack-protector = @no_stack_protector@
 have-selinux = @have_selinux@
 have-libaudit = @have_libaudit@
 have-libcap = @have_libcap@
diff --git a/csu/Makefile b/csu/Makefile
index 31e8bb9..22afe67 100644
--- a/csu/Makefile
+++ b/csu/Makefile
@@ -45,6 +45,11 @@  before-compile += $(objpfx)version-info.h
 tests := tst-empty tst-atomic tst-atomic-long
 tests-static := tst-empty
 
+CFLAGS-.o += $(no-stack-protector)
+CFLAGS-.og += $(no-stack-protector)
+CFLAGS-.op += $(no-stack-protector)
+CFLAGS-.os += $(no-stack-protector)
+
 ifeq (yes,$(build-shared))
 extra-objs += S$(start-installed-name) gmon-start.os
 ifneq ($(start-installed-name),$(static-start-installed-name))
diff --git a/misc/Makefile b/misc/Makefile
index d7bbc85..e3062f8 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -99,6 +99,14 @@  CFLAGS-getusershell.c = -fexceptions
 CFLAGS-err.c = -fexceptions
 CFLAGS-tst-tsearch.c = $(stack-align-test-flags)
 
+# Called during static library initialization.
+CFLAGS-sbrk.o = $(no-stack-protector)
+CFLAGS-sbrk.op = $(no-stack-protector)
+CFLAGS-sbrk.og = $(no-stack-protector)
+CFLAGS-brk.o = $(no-stack-protector)
+CFLAGS-brk.op = $(no-stack-protector)
+CFLAGS-brk.og = $(no-stack-protector)
+
 include ../Rules
 
 $(objpfx)libg.a: $(dep-dummy-lib); $(make-dummy-lib)
diff --git a/nptl/nptl-init.c b/nptl/nptl-init.c
index a4626be..2775d14 100644
--- a/nptl/nptl-init.c
+++ b/nptl/nptl-init.c
@@ -298,6 +298,7 @@  static bool __nptl_initial_report_events __attribute_used__;
 
 #ifndef SHARED
 void
+inhibit_stack_protector
 __pthread_initialize_tcb_internal (void)
 {
   /* Unlike in the dynamically linked case the dynamic linker has not