From patchwork Wed Feb 3 09:35:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 41916 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C32B83894C2B; Wed, 3 Feb 2021 09:35:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C32B83894C2B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1612344950; bh=+GBeVFiVka70CauMHA0B/wM+S1BAVf9EWza9f0jAG5o=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=BTofxycsFy/FCk0b36V+xUgisqmpsxvVs+nVsRNo0zDZ1xBsoMCHGxL3b/3MHZiUd j9J4A7ewhGLXcV537yeMVLT04u76qsNVGnWDPMfA15qmIoakka2synC2KZ56hRrQCr mdFQVN/k8cmxOaJobvZAb3kSfkX3YgVGLmH0PcEI= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from dragonfly.birch.relay.mailchannels.net (dragonfly.birch.relay.mailchannels.net [23.83.209.51]) by sourceware.org (Postfix) with ESMTPS id ABF543893641 for ; Wed, 3 Feb 2021 09:35:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org ABF543893641 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 62F403420BD for ; Wed, 3 Feb 2021 09:35:44 +0000 (UTC) Received: from pdx1-sub0-mail-a56.g.dreamhost.com (100-96-133-12.trex.outbound.svc.cluster.local [100.96.133.12]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id DDF31341D4A for ; Wed, 3 Feb 2021 09:35:43 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a56.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.133.12 (trex/6.0.2); Wed, 03 Feb 2021 09:35:44 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Shelf-Abiding: 6c06f25b322c7bd8_1612344944127_3635080473 X-MC-Loop-Signature: 1612344944127:572313027 X-MC-Ingress-Time: 1612344944126 Received: from pdx1-sub0-mail-a56.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a56.g.dreamhost.com (Postfix) with ESMTP id 7FA397ED29 for ; Wed, 3 Feb 2021 01:35:43 -0800 (PST) Received: from rhbox.intra.reserved-bit.com (unknown [1.186.101.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a56.g.dreamhost.com (Postfix) with ESMTPSA id 396BE7ED30 for ; Wed, 3 Feb 2021 01:35:41 -0800 (PST) X-DH-BACKEND: pdx1-sub0-mail-a56 To: libc-alpha@sourceware.org Subject: [PATCH] New configure option --with-elided-stack-protector-cflags Date: Wed, 3 Feb 2021 15:05:32 +0530 Message-Id: <20210203093532.2225969-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-Spam-Status: No, score=-3495.2 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Add a new configure option --with-elided-stack-protector-cflags that allows customization of flags added to routines for whom the stack protector is elided due to them being called too early in program startup. The default remains "-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0" --- INSTALL | 7 +++++++ configure | 15 ++++++++++++++- configure.ac | 8 +++++++- manual/install.texi | 7 +++++++ 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 9a50e3ee06..26509da5b9 100644 --- a/INSTALL +++ b/INSTALL @@ -106,6 +106,13 @@ if 'CFLAGS' is specified it must enable optimization. For example: particular case and potentially change debugging information and metadata only). +'--with-elided-stack-protector-cflags=CFLAGS' + When the '--enable-stack-protector' configure option is set, use + compiler flags CFLAGS to build the parts of the library that cannot + be built with stack protector enabled. The default value is + '-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0'. This option has + no effect when used without '--enable-stack-protector'. + '--disable-shared' Don't build shared libraries even if it is possible. Not all systems support shared libraries; you need ELF support and diff --git a/configure b/configure index 1dc3af60b4..3317170ed2 100755 --- a/configure +++ b/configure @@ -763,6 +763,7 @@ with_selinux with_headers with_default_link with_nonshared_cflags +with_elided_stack_protector_cflags enable_sanity_checks enable_shared enable_profile @@ -1482,6 +1483,9 @@ Optional Packages: --with-default-link do not use explicit linker scripts --with-nonshared-cflags=CFLAGS build nonshared libraries with additional CFLAGS + --with-elided-stack-protector-cflags=CFLAGS + additional CFLAGS to build routines that cannot be + built with stack protector --with-cpu=CPU select code for CPU variant Some influential environment variables: @@ -3349,6 +3353,15 @@ fi + +# Check whether --with-elided-stack-protector-cflags was given. +if test "${with_elided_stack_protector_cflags+set}" = set; then : + withval=$with_elided_stack_protector_cflags; elided_ssp_cflags=$withval +else + elided_ssp_cflags="-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0" +fi + + # Check whether --enable-sanity-checks was given. if test "${enable_sanity_checks+set}" = set; then : enableval=$enable_sanity_checks; enable_sanity=$enableval @@ -3958,7 +3971,7 @@ $as_echo "$libc_cv_ssp_all" >&6; } stack_protector= no_stack_protector= if test "$libc_cv_ssp" = yes; then - no_stack_protector="-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0" + no_stack_protector="$elided_ssp_cflags" $as_echo "#define HAVE_CC_NO_STACK_PROTECTOR 1" >>confdefs.h fi diff --git a/configure.ac b/configure.ac index dfebb8a7cc..54368625d2 100644 --- a/configure.ac +++ b/configure.ac @@ -163,6 +163,12 @@ AC_ARG_WITH([nonshared-cflags], [extra_nonshared_cflags=]) AC_SUBST(extra_nonshared_cflags) +AC_ARG_WITH([elided-stack-protector-cflags], + AC_HELP_STRING([--with-elided-stack-protector-cflags=CFLAGS], + [additional CFLAGS to build routines that cannot be built with stack protector]), + [elided_ssp_cflags=$withval], + [elided_ssp_cflags="-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0"]) + AC_ARG_ENABLE([sanity-checks], AC_HELP_STRING([--disable-sanity-checks], [really do not use threads (should not be used except in special situations) @<:@default=yes@:>@]), @@ -586,7 +592,7 @@ LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-all], stack_protector= no_stack_protector= if test "$libc_cv_ssp" = yes; then - no_stack_protector="-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0" + no_stack_protector="$elided_ssp_cflags" AC_DEFINE(HAVE_CC_NO_STACK_PROTECTOR) fi diff --git a/manual/install.texi b/manual/install.texi index 419576f49c..60a8932fb5 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -131,6 +131,13 @@ that the objects in @file{libc_nonshared.a} are compiled with this flag (although this will not affect the generated code in this particular case and potentially change debugging information and metadata only). +@item --with-elided-stack-protector-cflags=@var{cflags} +When the @option{--enable-stack-protector} configure option is set, use +compiler flags @var{cflags} to build the parts of the library that cannot be +built with stack protector enabled. The default value is +@samp{-fno-stack-protector -DSTACK_PROTECTOR_LEVEL=0}. This option has no +effect when used without @option{--enable-stack-protector}. + @c disable static doesn't work currently @c @item --disable-static @c Don't build static libraries. Static libraries aren't that useful these