d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fa3483e67c
freebsd-dev/lib/libc/Makefile
Jeremie Le Hen 54f82841d5 Turn libc.so into an ld script rather than a symlink pointing to the 
real shared object and libssp_nonshared.a.

This was the last showstopper that prevented from enabling SSP for ports
by default.  portmgr@ performed a buildworld which showed no significant
breakage with this patch.

Details:

On i386 for PIC objects, gcc uses the __stack_chk_fail_local hidden
symbol instead of calling __stack_chk_fail directly [1].  This happen
not only with our gcc-4.2.1 but also with the latest gcc-4.8.  If you
want the very nasty details, see [2].

OTOH the problem doesn't exist on other architectures.  It also doesn't
exist with Clang as the latter will somehow manage to create the
function in the object file at compile time (contrary to only
referencing it through a symbol that will be brought in at link time).

In a perfect world, when an object file is compiled with
-fstack-protector, it will be linked into a binary or a DSO with this
same flag as well, so GCC will add libssp_nonshared.a to the linker
command-line.  Unfortunately, we don't control softwares in ports and we
may have such broken DSO.  This is the whole point of this patch.

You can reproduce the problem on i386 by compiling a source file into an
object file with "-fstack-protector-all -fPIE" and linking it
into a binary without "-fstack-protector".

This ld script automatically proposes libssp_nonshared.a along with the
real libc DSO to the linker.  It is important to understand that the
object file contained in this library will be pulled in the resulting
binary _only if_ the linker notices one of its symbols is needed (i.e.
one of the SSP symbol is missing).

A theorical performance impact could be when compiling, but my testing
showed less than 0.1% of difference.

[1] For 32-bit code gcc saves the PIC register setup by using
    __stack_chk_fail_local hidden function instead of calling
    __stack_chk_fail directly.  See comment line 19460 in:
    src/contrib/gcc/config/i386/i386.c

[2] When compiling a source file to an object file, if you use something
    which is external to the compilation unit, GCC doesn't know yet if
    this symbol will be inside or outside the DSO.  So it expects the
    worst case and routes the symbol through the GOT, which means
    additional space and extra relocation for rtld(1).

    Declaring a symbol has hidden tells GCC to use the optimal route (no
    GOT), but on the other hand this means the symbol has to be provided
    in the same DSO (namely libssp_nonshared.a).

    On i386, GCC actually uses an hidden symbol for SSP in PIC objects
    to save PIC register setup, as said in [1].

PR:		ports/138228
PR:		ports/168010
Reviewed by:	kib, kan
2013-06-12 21:12:05 +00:00

163 lines
4.9 KiB
Makefile
Raw Blame History

# @(#)Makefile 8.2 (Berkeley) 2/3/94
# $FreeBSD$
SHLIBDIR?= /lib
.include <bsd.own.mk>
# Pick the current architecture directory for libc. In general, this is
# named MACHINE_CPUARCH, but some ABIs are different enough to require
# their own libc, so allow a directory named MACHINE_ARCH to override this.
.if exists(${.CURDIR}/${MACHINE_ARCH})
LIBC_ARCH=${MACHINE_ARCH}
.else
LIBC_ARCH=${MACHINE_CPUARCH}
.endif
# All library objects contain FreeBSD revision strings by default; they may be
# excluded as a space-saving measure. To produce a library that does
# not contain these strings, add -DSTRIP_FBSDID (see <sys/cdefs.h>) to CFLAGS
# below. Note: there are no IDs for syscall stubs whose sources are generated.
# To include legacy CSRG sccsid strings, add -DLIBC_SCCS and -DSYSLIBC_SCCS
# to CFLAGS below. -DSYSLIBC_SCCS affects just the system call stubs.
LIB=c
SHLIB_MAJOR= 7
SHLIB_LDSCRIPT=libc.ldscript
WARNS?= 2
CFLAGS+=-I${.CURDIR}/include -I${.CURDIR}/../../include
CFLAGS+=-I${.CURDIR}/${LIBC_ARCH}
.if ${MK_NLS} != "no"
CFLAGS+=-DNLS
.endif
CLEANFILES+=tags
INSTALL_PIC_ARCHIVE=
PRECIOUSLIB=
.ifndef NO_THREAD_STACK_UNWIND
CANCELPOINTS_CFLAGS=-fexceptions
CFLAGS+=${CANCELPOINTS_CFLAGS}
.endif
#
# Only link with static libgcc.a (no libgcc_eh.a).
#
DPADD+= ${LIBGCC}
LDFLAGS+= -nodefaultlibs
LDADD+= -lgcc
.if ${MK_SSP} != "no"
LDADD+= -lssp_nonshared
.endif
# Define (empty) variables so that make doesn't give substitution
# errors if the included makefiles don't change these:
MDSRCS=
MISRCS=
MDASM=
MIASM=
NOASM=
.include "${.CURDIR}/${LIBC_ARCH}/Makefile.inc"
.include "${.CURDIR}/db/Makefile.inc"
.include "${.CURDIR}/compat-43/Makefile.inc"
.include "${.CURDIR}/gdtoa/Makefile.inc"
.include "${.CURDIR}/gen/Makefile.inc"
.include "${.CURDIR}/gmon/Makefile.inc"
.if ${MK_ICONV} != "no"
.include "${.CURDIR}/iconv/Makefile.inc"
.endif
.include "${.CURDIR}/inet/Makefile.inc"
.include "${.CURDIR}/isc/Makefile.inc"
.include "${.CURDIR}/locale/Makefile.inc"
.include "${.CURDIR}/nameser/Makefile.inc"
.include "${.CURDIR}/net/Makefile.inc"
.include "${.CURDIR}/nls/Makefile.inc"
.include "${.CURDIR}/posix1e/Makefile.inc"
.if ${LIBC_ARCH} != "amd64" && \
${LIBC_ARCH} != "ia64" && \
${LIBC_ARCH} != "powerpc64" && \
${LIBC_ARCH} != "sparc64" && \
${MACHINE_ARCH:Mmipsn32*} == "" && \
${MACHINE_ARCH:Mmips64*} == ""
.include "${.CURDIR}/quad/Makefile.inc"
.endif
.include "${.CURDIR}/regex/Makefile.inc"
.include "${.CURDIR}/resolv/Makefile.inc"
.include "${.CURDIR}/stdio/Makefile.inc"
.include "${.CURDIR}/stdlib/Makefile.inc"
.include "${.CURDIR}/stdlib/jemalloc/Makefile.inc"
.include "${.CURDIR}/stdtime/Makefile.inc"
.include "${.CURDIR}/string/Makefile.inc"
.include "${.CURDIR}/sys/Makefile.inc"
.include "${.CURDIR}/rpc/Makefile.inc"
.include "${.CURDIR}/uuid/Makefile.inc"
.include "${.CURDIR}/xdr/Makefile.inc"
.if ${LIBC_ARCH} == "arm" || ${LIBC_ARCH} == "mips"
.include "${.CURDIR}/softfloat/Makefile.inc"
.endif
.if ${MK_NIS} != "no"
CFLAGS+= -DYP
.include "${.CURDIR}/yp/Makefile.inc"
.endif
.if ${MK_HESIOD} != "no"
CFLAGS+= -DHESIOD
.endif
.if ${MK_FP_LIBC} == "no"
CFLAGS+= -DNO_FLOATING_POINT
.endif
.if ${MK_NS_CACHING} != "no"
CFLAGS+= -DNS_CACHING
.endif
.if defined(_FREEFALL_CONFIG)
CFLAGS+=-D_FREEFALL_CONFIG
.endif
VERSION_DEF=${.CURDIR}/Versions.def
SYMBOL_MAPS=${SYM_MAPS}
CFLAGS+= -DSYMBOL_VERSIONING
# If there are no machine dependent sources, append all the
# machine-independent sources:
.if empty(MDSRCS)
SRCS+= ${MISRCS}
.else
# Append machine-dependent sources, then append machine-independent sources
# for which there is no machine-dependent variant.
SRCS+= ${MDSRCS}
.for _src in ${MISRCS}
.if ${MDSRCS:R:M${_src:R}} == ""
SRCS+= ${_src}
.endif
.endfor
.endif
KQSRCS= adddi3.c anddi3.c ashldi3.c ashrdi3.c cmpdi2.c divdi3.c iordi3.c \
lshldi3.c lshrdi3.c moddi3.c muldi3.c negdi2.c notdi2.c qdivrem.c \
subdi3.c ucmpdi2.c udivdi3.c umoddi3.c xordi3.c
KSRCS= bcmp.c ffs.c ffsl.c fls.c flsl.c mcount.c strcat.c strchr.c \
strcmp.c strcpy.c strlen.c strncpy.c strrchr.c
libkern: libkern.gen libkern.${LIBC_ARCH}
libkern.gen: ${KQSRCS} ${KSRCS}
cp -p ${.CURDIR}/quad/quad.h ${.ALLSRC} ${DESTDIR}/sys/libkern
libkern.${LIBC_ARCH}:: ${KMSRCS}
.if defined(KMSRCS) && !empty(KMSRCS)
cp -p ${.ALLSRC} ${DESTDIR}/sys/libkern/${LIBC_ARCH}
.endif
.include <bsd.lib.mk>
# Disable warnings in contributed sources.
CWARNFLAGS:= ${.IMPSRC:Ngdtoa_*.c:C/^.+$/${CWARNFLAGS}/:C/^$/-w/}
# XXX For now, we don't allow libc to be compiled with
# -fstack-protector-all because it breaks rtld. We may want to make a librtld
# in the future to circumvent this.
SSP_CFLAGS:= ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/}
# Disable stack protection for SSP symbols.
SSP_CFLAGS:= ${.IMPSRC:N*/stack_protector.c:C/^.+$/${SSP_CFLAGS}/}
# Generate stack unwinding tables for cancellation points
CANCELPOINTS_CFLAGS:= ${.IMPSRC:Mcancelpoints_*:C/^.+$/${CANCELPOINTS_CFLAGS}/:C/^$//}
Reference in New Issue View Git Blame Copy Permalink