[hurd,commited] : Fix static initialization with -fstack-protector-strong
Commit Message
When linked statically, TLS initialization is not achieved before
mach_init and alike, so ssp accesses to tcbhead's stack_guard would
crash. We can just avoid using ssp in the few functions needed before
TLS is set up.
* mach/Makefile (CFLAGS-mach_init.o, CFLAGS-RPC_vm_statistics.o,
CFLAGS-RPC_vm_map.o, CFLAGS-RPC_vm_protect.o,
CFLAGS-RPC_i386_set_gdt.o, CFLAGS-RPC_i386_set_ldt.o,
CFLAGS-RPC_task_get_special_port.o): Add $(no-stack-protector).
* hurd/Makefile (CFLAGS-hurdstartup.o,
CFLAGS-RPC_exec_startup_get_info.o): Add $(no-stack-protector).
Comments
On 27 Aug 2017, Samuel Thibault outgrape:
> When linked statically, TLS initialization is not achieved before
> mach_init and alike, so ssp accesses to tcbhead's stack_guard would
> crash. We can just avoid using ssp in the few functions needed before
> TLS is set up.
Oh blast I forgot all about Hurd didn't I.
Sorry.
> diff --git a/hurd/Makefile b/hurd/Makefile
> index 9205822b24..b44b9b80c6 100644
> --- a/hurd/Makefile
> +++ b/hurd/Makefile
> @@ -81,6 +81,10 @@ $(inlines:%=$(objpfx)%.c): $(objpfx)%-inlines.c: %.h
> echo '#include "$<"') > $@-new
> mv -f $@-new $@
> generated += $(inlines:=.c)
> +
> +# Avoid ssp before TLS is initialized.
> +CFLAGS-hurdstartup.o = $(no-stack-protector)
> +CFLAGS-RPC_exec_startup_get_info.o = $(no-stack-protector)
This certainly looks like the right sort of thing to be doing, though I
don't have anything I can test it on right now.
-fstack-protector-all might well comb out some more cases.
Nick Alcock, on ven. 15 sept. 2017 17:38:38 +0100, wrote:
> On 27 Aug 2017, Samuel Thibault outgrape:
> > When linked statically, TLS initialization is not achieved before
> > mach_init and alike, so ssp accesses to tcbhead's stack_guard would
> > crash. We can just avoid using ssp in the few functions needed before
> > TLS is set up.
>
> Oh blast I forgot all about Hurd didn't I.
>
> Sorry.
No problem. Determining which functions need it is not trivial anyway :)
Samuel
@@ -81,6 +81,10 @@ $(inlines:%=$(objpfx)%.c): $(objpfx)%-inlines.c: %.h
echo '#include "$<"') > $@-new
mv -f $@-new $@
generated += $(inlines:=.c)
+
+# Avoid ssp before TLS is initialized.
+CFLAGS-hurdstartup.o = $(no-stack-protector)
+CFLAGS-RPC_exec_startup_get_info.o = $(no-stack-protector)
include ../mach/Machrules
include ../Rules
@@ -53,6 +53,15 @@ server-interfaces := mach/exc
# Clear any environment value.
generated =
+
+# Avoid ssp before TLS is initialized.
+CFLAGS-mach_init.o = $(no-stack-protector)
+CFLAGS-RPC_vm_statistics.o = $(no-stack-protector)
+CFLAGS-RPC_vm_map.o = $(no-stack-protector)
+CFLAGS-RPC_vm_protect.o = $(no-stack-protector)
+CFLAGS-RPC_i386_set_gdt.o = $(no-stack-protector)
+CFLAGS-RPC_i386_set_ldt.o = $(no-stack-protector)
+CFLAGS-RPC_task_get_special_port.o = $(no-stack-protector)
# Translate GNU names for CPUs into the names used in Mach header files.
mach-machine = $(patsubst powerpc,ppc,$(base-machine))