diff mbox

[01/12] Configury support for --enable-stack-protector.

Message ID 8737sln19y.fsf@esperi.org.uk
State New, archived
Headers show

Commit Message

Nix Feb. 21, 2016, 10:31 p.m. UTC
On 20 Feb 2016, Joseph Myers spake thusly:

> Any patch adding a new configure option should also document it in 
> install.texi and regenerate INSTALL.

Like this? (Assuming that using multiple @items in succession like that
is sensible. If there's a better way to delineate possible options in a
way that the reader can match up with the -fstack-protector options
described below, please susgest it.)

(I haven't included the INSTALL regeneration here, because when I try to
do it I end up with half of INSTALL getting re-word-wrapped, with
massive numbers of spurious changes that have nothing to do with the
stanza I've added. Is a particular version of texinfo required for this
to work?)

8>---------------------------------------------------------------<8
From: Nick Alcock <nick.alcock@oracle.com>

This adds =all and =strong, with obvious semantics, and with a rather
arbitrarily-chosen default off, which we might well want to change to
something stronger once this patch has been tested by people other than
me.

We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.

We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts.  (This helps us overcome
another existing limitation, that glibc doesn't work with GCC's hacked
to pass in -fstack-protector by default.)

We might want to add another configuration option to turn on
-fstack-protector for nscd and other network-facing operations by
default, but for now I've stuck with one option to control everything.
---
 configure.ac        | 61 +++++++++++++++++++++++++++++++++++------------------
 manual/install.texi | 12 +++++++++++
 2 files changed, 53 insertions(+), 20 deletions(-)

Comments

Joseph Myers Feb. 22, 2016, 6:03 p.m. UTC | #1
On Sun, 21 Feb 2016, Nix wrote:

> On 20 Feb 2016, Joseph Myers spake thusly:
> 
> > Any patch adding a new configure option should also document it in 
> > install.texi and regenerate INSTALL.
> 
> Like this? (Assuming that using multiple @items in succession like that
> is sensible. If there's a better way to delineate possible options in a
> way that the reader can match up with the -fstack-protector options
> described below, please susgest it.)

You should use @itemx for the second and subsequent entries in such a 
list.

> (I haven't included the INSTALL regeneration here, because when I try to
> do it I end up with half of INSTALL getting re-word-wrapped, with
> massive numbers of spurious changes that have nothing to do with the
> stanza I've added. Is a particular version of texinfo required for this
> to work?)

Carlos recently changed <https://sourceware.org/glibc/wiki/Regeneration> 
to say texinfo 6.0 (but it was the change from 4 to 5 that caused big 
changes in the output).
Nix Feb. 22, 2016, 9:23 p.m. UTC | #2
On 22 Feb 2016, Joseph Myers outgrape:

> On Sun, 21 Feb 2016, Nix wrote:
>
>> On 20 Feb 2016, Joseph Myers spake thusly:
>> 
>> > Any patch adding a new configure option should also document it in 
>> > install.texi and regenerate INSTALL.
>> 
>> Like this? (Assuming that using multiple @items in succession like that
>> is sensible. If there's a better way to delineate possible options in a
>> way that the reader can match up with the -fstack-protector options
>> described below, please susgest it.)
>
> You should use @itemx for the second and subsequent entries in such a 
> list.

Aha, thank you. Adjusted, will be in the next series.

>> (I haven't included the INSTALL regeneration here, because when I try to
>> do it I end up with half of INSTALL getting re-word-wrapped, with
>> massive numbers of spurious changes that have nothing to do with the
>> stanza I've added. Is a particular version of texinfo required for this
>> to work?)
>
> Carlos recently changed <https://sourceware.org/glibc/wiki/Regeneration> 
> to say texinfo 6.0 (but it was the change from 4 to 5 that caused big 
> changes in the output).

Useful wiki page, thanks. I'll regenerate with 6.0 in the next series.
(I presume you want configure regenerated as well -- it looks like the
page is out of date, since that's clearly being generated with 2.69 at
present, but the page says 2.68.)
diff mbox

Patch

diff --git a/configure.ac b/configure.ac
index 3c766b7..61bf882 100644
--- a/configure.ac
+++ b/configure.ac
@@ -232,6 +232,18 @@  AC_ARG_ENABLE([bind-now],
 	      [bindnow=no])
 AC_SUBST(bindnow)
 
+dnl Build glibc with -fstack-protector, -fstack-protector-all, or
+dnl -fstack-protector-strong.
+AC_ARG_ENABLE([stack-protector],
+            AC_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
+                           [Detect stack overflows in glibc functions, either with local buffers (yes), or with those plus arrays (strong), or all functions (all)]),
+            [enable_stack_protector=$enableval],
+            [enable_stack_protector=no])
+case x"$enable_stack_protector" in
+    xall|xyes|xno|xstrong) ;;
+    *) AC_MSG_ERROR([Not a valid argument for --enable-stack-protector]);;
+esac
+
 dnl On some platforms we cannot use dynamic loading.  We must provide
 dnl static NSS modules.
 AC_ARG_ENABLE([static-nss],
@@ -602,6 +614,35 @@  fi
 test -n "$base_machine" || base_machine=$machine
 AC_SUBST(base_machine)
 
+AC_CACHE_CHECK(for -fstack-protector, libc_cv_ssp, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector],
+		   [libc_cv_ssp=yes],
+		   [libc_cv_ssp=no])
+])
+
+AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
+		   [libc_cv_ssp_strong=yes],
+		   [libc_cv_ssp_strong=no])
+])
+
+AC_CACHE_CHECK(for -fstack-protector-all, libc_cv_ssp_all, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-all],
+		   [libc_cv_ssp_all=yes],
+		   [libc_cv_ssp_all=no])
+])
+
+stack_protector=
+if test x$enable_stack_protector = xyes && test $libc_cv_ssp = yes; then
+  stack_protector=-fstack-protector
+elif test x$enable_stack_protector = xall && test $libc_cv_ssp_all = yes; then
+  stack_protector=-fstack-protector-all
+elif test x$enable_stack_protector = xstrong && test $libc_cv_ssp_strong = yes; then
+  stack_protector=-fstack-protector-strong
+fi
+AC_SUBST(libc_cv_ssp)
+AC_SUBST(stack_protector)
+
 # For the multi-arch option we need support in the assembler & linker.
 AC_CACHE_CHECK([for assembler and linker STT_GNU_IFUNC support],
 	       libc_cv_ld_gnu_indirect_function, [dnl
@@ -1389,26 +1430,6 @@  else
 fi
 AC_SUBST(fno_unit_at_a_time)
 
-AC_CACHE_CHECK(for -fstack-protector, libc_cv_ssp, [dnl
-LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector],
-		   [libc_cv_ssp=yes],
-		   [libc_cv_ssp=no])
-])
-
-AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
-LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
-		   [libc_cv_ssp_strong=yes],
-		   [libc_cv_ssp_strong=no])
-])
-
-stack_protector=
-if test "$libc_cv_ssp_strong" = "yes"; then
-  stack_protector="-fstack-protector-strong"
-elif test "$libc_cv_ssp" = "yes"; then
-  stack_protector="-fstack-protector"
-fi
-AC_SUBST(stack_protector)
-
 AC_CACHE_CHECK(whether cc puts quotes around section names,
 	       libc_cv_have_section_quotes,
 	       [cat > conftest.c <<EOF
diff --git a/manual/install.texi b/manual/install.texi
index b329950..cec2060 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -170,6 +170,18 @@  time.  Consult the @file{timezone} subdirectory for more details.
 @item --enable-lock-elision=yes
 Enable lock elision for pthread mutexes by default.
 
+@item --enable-stack-protector
+@item --enable-stack-protector=strong
+@item --enable-stack-protector=all
+Compile the C library and all other parts of the glibc package
+(including the threading and math libraries, NSS modules, and
+transliteration modules) using the GCC @option{-fstack-protector},
+@option{-fstack-protector-strong} or @option{-fstack-protector-all}
+options to detect stack overruns.  Only the dynamic linker and a small
+number of routines called directly from assembler are excluded from this
+protection.
+
+
 @pindex pt_chown
 @findex grantpt
 @item --enable-pt_chown