From 2286fe763592aa13d320186bf3e233a560af749b Mon Sep 17 00:00:00 2001 From: Alexander Kabaev Date: Tue, 14 Jul 2009 21:19:13 +0000 Subject: [PATCH] Second attempt at eliminating .text relocations in shared libraries compiled with stack protector. Use libssp_nonshared library to pull __stack_chk_fail_local symbol into each library that needs it instead of pulling it from libc. GCC generates local calls to this function which result in absolute relocations put into position-independent code segment, making dynamic loader do extra work every time given shared library is being relocated and making affected text pages non-shareable. Reviewed by: kib Approved by: re (kib) --- Makefile.inc1 | 2 +- contrib/gcc/config/freebsd-spec.h | 1 + gnu/lib/libgcc/Makefile | 6 ++++++ gnu/lib/libssp/libssp_nonshared/Makefile | 2 +- lib/libc/Makefile | 2 +- lib/libc/sys/Symbol.map | 1 - lib/libc/sys/stack_protector.c | 7 +------ libexec/rtld-elf/Makefile | 2 +- share/mk/bsd.lib.mk | 4 ++-- 9 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index 0f8d28ecc7a6..d05b004d652a 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -1069,7 +1069,7 @@ libraries: # # static libgcc.a prerequisite for shared libc # -_prereq_libs= gnu/lib/libgcc +_prereq_libs= gnu/lib/libssp/libssp_nonshared gnu/lib/libgcc # These dependencies are not automatically generated: # diff --git a/contrib/gcc/config/freebsd-spec.h b/contrib/gcc/config/freebsd-spec.h index a58788ad3c9b..06735c8874e1 100644 --- a/contrib/gcc/config/freebsd-spec.h +++ b/contrib/gcc/config/freebsd-spec.h @@ -168,6 +168,7 @@ is built with the --enable-threads configure-time option.} \ %{pg: %{pthread:-lpthread_p} -lc_p}} \ %{shared: \ %{pthread:-lpthread} -lc} \ + %{fstack-protector|fstack-protector-all:-lssp_nonshared} \ " #endif #endif diff --git a/gnu/lib/libgcc/Makefile b/gnu/lib/libgcc/Makefile index 49b96e6e3a03..399aff85bb0b 100644 --- a/gnu/lib/libgcc/Makefile +++ b/gnu/lib/libgcc/Makefile @@ -7,6 +7,12 @@ SHLIB_NAME= libgcc_s.so.1 SHLIBDIR?= /lib .include +# +# libgcc is linked in last and thus cannot depend on ssp symbols coming +# from earlier libraries. Disable stack protection for this library. +# +MK_SSP= no + .include "${.CURDIR}/../../usr.bin/cc/Makefile.tgt" .PATH: ${GCCDIR}/config/${GCC_CPU} ${GCCDIR}/config ${GCCDIR} diff --git a/gnu/lib/libssp/libssp_nonshared/Makefile b/gnu/lib/libssp/libssp_nonshared/Makefile index 1dcd54f6d557..94544951fdfd 100644 --- a/gnu/lib/libssp/libssp_nonshared/Makefile +++ b/gnu/lib/libssp/libssp_nonshared/Makefile @@ -13,6 +13,6 @@ SRCS= ssp-local.c CFLAGS+= -DHAVE_CONFIG_H CFLAGS+= -I${.CURDIR}/.. -I${GCCLIB}/libssp -I${GCCLIB}/include -CFLAGS+= -fPIC -DPIC +CFLAGS+= -fPIC -DPIC -fvisibility=hidden .include diff --git a/lib/libc/Makefile b/lib/libc/Makefile index cf9ef3aa77e4..4f13f8e1f5a5 100644 --- a/lib/libc/Makefile +++ b/lib/libc/Makefile @@ -26,7 +26,7 @@ PRECIOUSLIB= # DPADD+= ${LIBGCC} LDFLAGS+= -nodefaultlibs -LDADD+= -lgcc +LDADD+= -lgcc -lssp_nonshared # Define (empty) variables so that make doesn't give substitution # errors if the included makefiles don't change these: diff --git a/lib/libc/sys/Symbol.map b/lib/libc/sys/Symbol.map index 901b261ab9a0..56d8aaaa4647 100644 --- a/lib/libc/sys/Symbol.map +++ b/lib/libc/sys/Symbol.map @@ -282,7 +282,6 @@ FBSD_1.0 { socket; socketpair; __stack_chk_fail; - __stack_chk_fail_local; __stack_chk_guard; stat; statfs; diff --git a/lib/libc/sys/stack_protector.c b/lib/libc/sys/stack_protector.c index f753fcddd4b7..63beebc1c944 100644 --- a/lib/libc/sys/stack_protector.c +++ b/lib/libc/sys/stack_protector.c @@ -47,7 +47,6 @@ static void __guard_setup(void) __attribute__((__constructor__, __used__)); static void __fail(const char *); void __stack_chk_fail(void); void __chk_fail(void); -void __stack_chk_fail_local(void); /*LINTED used*/ static void @@ -109,8 +108,4 @@ __chk_fail(void) __fail("buffer overflow detected; terminated"); } -void -__stack_chk_fail_local(void) -{ - __stack_chk_fail(); -} +__sym_compat(__stack_chk_fail_local, __stack_chk_fail, FBSD_1.0); diff --git a/libexec/rtld-elf/Makefile b/libexec/rtld-elf/Makefile index 7c2039845b61..5e9729c68bde 100644 --- a/libexec/rtld-elf/Makefile +++ b/libexec/rtld-elf/Makefile @@ -22,7 +22,7 @@ MLINKS= rtld.1 ld-elf.so.1.1 \ CFLAGS+= -fpic -DPIC LDFLAGS+= -shared -Wl,-Bsymbolic DPADD= ${LIBC_PIC} -LDADD= -lc_pic +LDADD= -lc_pic -lssp_nonshared .if ${MACHINE_ARCH} != "ia64" .if ${MK_SYMVER} == "yes" diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk index 741c9cb2b618..982ff50cfc48 100644 --- a/share/mk/bsd.lib.mk +++ b/share/mk/bsd.lib.mk @@ -200,11 +200,11 @@ ${SHLIB_NAME}: ${SOBJS} @ln -fs ${.TARGET} ${SHLIB_LINK} .endif .if !defined(NM) - @${CC} ${LDFLAGS} -shared -Wl,-x \ + @${CC} ${LDFLAGS} ${SSP_CFLAGS} -shared -Wl,-x \ -o ${.TARGET} -Wl,-soname,${SONAME} \ `lorder ${SOBJS} | tsort -q` ${LDADD} .else - @${CC} ${LDFLAGS} -shared -Wl,-x \ + @${CC} ${LDFLAGS} ${SSP_CFLAGS} -shared -Wl,-x \ -o ${.TARGET} -Wl,-soname,${SONAME} \ `NM='${NM}' lorder ${SOBJS} | tsort -q` ${LDADD} .endif