[05/12] Mark all machinery needed in early static-link init as -fno-stack-protector.
Commit Message
From: Nick Alcock <nick.alcock@oracle.com>
The startup code in csu/, brk() and sbrk(), memcpy() and the
__pthread_initialize_tcb_internal() function we just introduced are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized. Mark all of these as
-fno-stack-protector.
We also finally introduce @libc_cv_ssp@, substituted by the configury
changes made much earlier, to detect the case when -fno-stack-protector
is supported by the compiler, and unconditionally pass it in when this
is the case, whether or not --enable-stack-protector is passed to
configure. (This means that it'll even work when the compiler's been
hacked to pass -fstack-protector by default, unless the hackage is so
broken that it does so in a way that is impossible to override.)
(At one point we marked __libc_fatal() as non-stack-protected too,
but this was pointless: all it did was call other routines which *are*
stack-protected. I am slightly worried that __libc_fatal() calls from
very early in static binary execution may crash as a result, but I'm
not sure how to test this: booting a very old kernel, perhaps?)
---
config.make.in | 1 +
csu/Makefile | 7 +++++++
misc/Makefile | 6 ++++++
nptl/Makefile | 5 +++++
string/Makefile | 5 +++++
5 files changed, 24 insertions(+)
@@ -55,6 +55,7 @@ with-fp = @with_fp@
enable-timezone-tools = @enable_timezone_tools@
unwind-find-fde = @libc_cv_gcc_unwind_find_fde@
have-fpie = @libc_cv_fpie@
+have-ssp = @libc_cv_ssp@
stack-protector = @stack_protector@
have-selinux = @have_selinux@
have-libaudit = @have_libaudit@
@@ -45,6 +45,13 @@ before-compile += $(objpfx)version-info.h
tests := tst-empty tst-atomic tst-atomic-long
tests-static := tst-empty
+ifeq ($(have-ssp),yes)
+CFLAGS-.o += -fno-stack-protector
+CFLAGS-.og += -fno-stack-protector
+CFLAGS-.op += -fno-stack-protector
+CFLAGS-.os += -fno-stack-protector
+endif
+
ifeq (yes,$(build-shared))
extra-objs += S$(start-installed-name) gmon-start.os
ifneq ($(start-installed-name),$(static-start-installed-name))
@@ -99,6 +99,12 @@ CFLAGS-getusershell.c = -fexceptions
CFLAGS-err.c = -fexceptions
CFLAGS-tst-tsearch.c = $(stack-align-test-flags)
+ifeq ($(have-ssp),yes)
+# Called during static library initialization.
+CFLAGS-sbrk.c = -fno-stack-protector
+CFLAGS-brk.c = -fno-stack-protector
+endif
+
include ../Rules
$(objpfx)libg.a: $(dep-dummy-lib); $(make-dummy-lib)
@@ -327,6 +327,11 @@ tests += tst-execstack
endif
endif
+ifeq ($(have-ssp),yes)
+# Parts of nptl-init.c are called before the stack guard is initialized.
+CFLAGS-nptl-init.c += -fno-stack-protector
+endif
+
modules-names = tst-atfork2mod tst-tls3mod tst-tls4moda tst-tls4modb \
tst-tls5mod tst-tls5moda tst-tls5modb tst-tls5modc \
tst-tls5modd tst-tls5mode tst-tls5modf tst-stack4mod \
@@ -71,6 +71,11 @@ CFLAGS-stratcliff.c = -fno-builtin
CFLAGS-test-ffs.c = -fno-builtin
CFLAGS-tst-inlcall.c = -fno-builtin
+ifeq ($(have-ssp),yes)
+# This is used in early initialization.
+CFLAGS-memcpy.c = -fno-stack-protector
+endif
+
ifeq ($(run-built-tests),yes)
$(objpfx)tst-svc-cmp.out: tst-svc.expect $(objpfx)tst-svc.out
cmp $^ > $@; \