From 10c85e76c09716e744b4a41006718400b1eb2e84 Mon Sep 17 00:00:00 2001 From: Nick Alcock Date: Mon, 26 Dec 2016 10:08:45 +0100 Subject: [PATCH] Disable stack protector in early static initialization [BZ #7065] The startup code in csu/, and the brk and sbrk functions are needed very early in initialization of a statically-linked program, before the stack guard is initialized; TLS initialization also uses memcpy, which cannot overrun its own stack. Mark all of these as -fno-stack-protector. We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both substituted by the configury changes made earlier, to detect the case when -fno-stack-protector is supported by the compiler, and unconditionally pass it in when this is the case, whether or not --enable-stack-protector is passed to configure. (This means that it'll even work when the compiler's been hacked to pass -fstack-protector by default, unless the hackage is so broken that it does so in a way that is impossible to override.) --- ChangeLog | 12 ++++++++++++ config.make.in | 2 ++ csu/Makefile | 4 ++++ misc/Makefile | 7 +++++++ string/Makefile | 4 ++++ 5 files changed, 29 insertions(+) diff --git a/ChangeLog b/ChangeLog index 395a14b..64ccdf7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,18 @@ 2016-12-26 Nick Alcock [BZ #7065] + * config.make.in (have-ssp, no-stack-protector): New. + * csu/Makefile (CFLAGS-.o, CFLAGS-.op, CFLAGS-.os): Use it. + * misc/Makefile (CFLAGS-sbrk.o): Likewise. + (CFLAGS-sbrk.op): Likewise. + (CFLAGS-brk.o): Likewise. + (CFLAGS-brk.op): Likewise. + * string/Makefile (CFLAGS-memcpy.c): Likewise. + (CFLAGS-wordcopy.c): Likewise. + +2016-12-26 Nick Alcock + + [BZ #7065] * configure.ac (HAVE_CC_NO_STACK_PROTECTOR): Define. * config.h.in (HAVE_CC_NO_STACK_PROTECTOR): New macro. * include/libc-symbols.h (inhibit_stack_protector): New macro. diff --git a/config.make.in b/config.make.in index 35e7e59..4422025 100644 --- a/config.make.in +++ b/config.make.in @@ -58,7 +58,9 @@ with-fp = @with_fp@ enable-timezone-tools = @enable_timezone_tools@ unwind-find-fde = @libc_cv_gcc_unwind_find_fde@ have-fpie = @libc_cv_fpie@ +have-ssp = @libc_cv_ssp@ stack-protector = @stack_protector@ +no-stack-protector = @no_stack_protector@ have-selinux = @have_selinux@ have-libaudit = @have_libaudit@ have-libcap = @have_libcap@ diff --git a/csu/Makefile b/csu/Makefile index 3d23f13..75f36bb 100644 --- a/csu/Makefile +++ b/csu/Makefile @@ -46,6 +46,10 @@ before-compile += $(objpfx)version-info.h # code is compiled with special flags. tests = +CFLAGS-.o += $(no-stack-protector) +CFLAGS-.op += $(no-stack-protector) +CFLAGS-.os += $(no-stack-protector) + ifeq (yes,$(build-shared)) extra-objs += S$(start-installed-name) gmon-start.os ifneq ($(start-installed-name),$(static-start-installed-name)) diff --git a/misc/Makefile b/misc/Makefile index d241dae..35dba34 100644 --- a/misc/Makefile +++ b/misc/Makefile @@ -108,6 +108,13 @@ CFLAGS-getusershell.c = -fexceptions CFLAGS-err.c = -fexceptions CFLAGS-tst-tsearch.c = $(stack-align-test-flags) +# Called during static library initialization, so turn stack-protection +# off for non-shared builds. +CFLAGS-sbrk.o = $(no-stack-protector) +CFLAGS-sbrk.op = $(no-stack-protector) +CFLAGS-brk.o = $(no-stack-protector) +CFLAGS-brk.op = $(no-stack-protector) + include ../Rules $(objpfx)libg.a: $(dep-dummy-lib); $(make-dummy-lib) diff --git a/string/Makefile b/string/Makefile index 0816277..64b4c80 100644 --- a/string/Makefile +++ b/string/Makefile @@ -73,6 +73,10 @@ CFLAGS-test-ffs.c = -fno-builtin CFLAGS-tst-inlcall.c = -fno-builtin CFLAGS-tst-xbzero-opt.c = -O3 +# Called during TLS initialization. +CFLAGS-memcpy.c = $(no-stack-protector) +CFLAGS-wordcopy.c = $(no-stack-protector) + ifeq ($(run-built-tests),yes) $(objpfx)tst-svc-cmp.out: tst-svc.expect $(objpfx)tst-svc.out cmp $^ > $@; \ -- 2.7.4