allow libc itself to be built with stack protector enabled

this was already essentially possible as a result of the previous
commits changing the dynamic linker/thread pointer bootstrap process.
this commit mainly adds build system infrastructure:

configure no longer attempts to disable stack protector. instead it
simply determines how so the makefile can disable stack protector for
a few translation units used during early startup.

stack protector is also disabled for memcpy and memset since compilers
(incorrectly) generate calls to them on some archs to implement
struct initialization and assignment, and such calls may creep into
early initialization.

no explicit attempt to enable stack protector is made by configure at
this time; any stack protector option supported by the compiler can be
passed to configure in CFLAGS, and if the compiler uses stack
protector by default, this default is respected.

diff --git a/Makefile b/Makefile
index 02b44f8e54295909b41cc5175d7563826a4b34d3..d943988dc1fdc677a500f9f46b208ffc2044eacd 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -97,6 +97,13 @@ $(OPTIMIZE_SRCS:%.c=%.o) $(OPTIMIZE_SRCS:%.c=%.lo): CFLAGS += -O3
 MEMOPS_SRCS = src/string/memcpy.c src/string/memmove.c src/string/memcmp.c src/string/memset.c
 $(MEMOPS_SRCS:%.c=%.o) $(MEMOPS_SRCS:%.c=%.lo): CFLAGS += $(CFLAGS_MEMOPS)
 
+NOSSP_SRCS = $(wildcard crt/*.c) \
+       src/env/__libc_start_main.c src/env/__init_tls.c \
+       src/thread/__set_thread_area.c src/env/__stack_chk_fail.c \
+       src/string/memset.c src/string/memcpy.c \
+       src/ldso/dlstart.c src/ldso/dynlink.c
+$(NOSSP_SRCS:%.c=%.o) $(NOSSP_SRCS:%.c=%.lo): CFLAGS += $(CFLAGS_NOSSP)
+
 # This incantation ensures that changes to any subarch asm files will
 # force the corresponding object file to be rebuilt, even if the implicit
 # rule below goes indirectly through a .sub file.

diff --git a/configure b/configure
index 7304b132ae72e86273542477c5e7e44d2ab3a1b9..41a73b46ef7e5d1d43b68c854605d67a6aed0b9c 100755 (executable)
--- a/configure
+++ b/configure
@@ -111,6 +111,7 @@ fi
 CFLAGS_C99FSE=
 CFLAGS_AUTO=
 CFLAGS_MEMOPS=
+CFLAGS_NOSSP=
 LDFLAGS_AUTO=
 OPTIMIZE_GLOBS=
 prefix=/usr/local/musl
@@ -290,6 +291,13 @@ printf "yes\n"
 CFLAGS_C99FSE="$CFLAGS_C99FSE -D__may_alias__="
 fi
 
+#
+# Check for options to disable stack protector, which needs to be
+# disabled for a few early-bootstrap translation units. If not found,
+# this is not an error; we assume the toolchain does not do ssp.
+#
+tryflag CFLAGS_NOSSP -fno-stack-protector
+
 #
 # Check for options that may be needed to prevent the compiler from
 # generating self-referential versions of memcpy,, memmove, memcmp,
@@ -408,7 +416,6 @@ tryflag CFLAGS_AUTO -Wno-pointer-to-int-cast
 fi
 
 # Some patched GCC builds have these defaults messed up...
-tryflag CFLAGS_AUTO -fno-stack-protector
 tryldflag LDFLAGS_AUTO -Wl,--hash-style=both
 
 test "$shared" = "no" || {
@@ -526,6 +533,7 @@ CC = $CC
 CFLAGS = $CFLAGS_AUTO $CFLAGS
 CFLAGS_C99FSE = $CFLAGS_C99FSE
 CFLAGS_MEMOPS = $CFLAGS_MEMOPS
+CFLAGS_NOSSP = $CFLAGS_NOSSP
 CPPFLAGS = $CPPFLAGS
 LDFLAGS = $LDFLAGS_AUTO $LDFLAGS
 CROSS_COMPILE = $CROSS_COMPILE

diff --git a/src/env/__stack_chk_fail.c b/src/env/__stack_chk_fail.c
index cc55460b46e74758f4113a9d77ce6a132d1cdd3d..1b6a9f820bf3c7babbefedc2acec1119e304d563 100644 (file)
--- a/src/env/__stack_chk_fail.c
+++ b/src/env/__stack_chk_fail.c
@@ -16,3 +16,13 @@ void __stack_chk_fail(void)
 {
        a_crash();
 }
+
+#ifdef SHARED
+
+__attribute__((__visibility__("hidden")))
+void __stack_chk_fail_local(void)
+{
+       a_crash();
+}
+
+#endif