From db08bfce2f50c5f6532e9a318e794d5d10689430 Mon Sep 17 00:00:00 2001 From: Konstantin Belousov Date: Wed, 9 May 2018 10:28:24 +0000 Subject: [PATCH] Created static libc PIC/no-SSP library to be used by rtld. Rtld is not compatible with SSP, and since we link libc_pic.a to rtld to have the basic support like memory and string copy functions, we have to both carefully limit libc use, and to provide the ssp support shims. This change makes the libc use in rtld more straighforward but still limited, and allows to remove the shims, to be done in the next commit. Submitted by: Luis Pires Reviewed by: bdrewery, brooks Differential revision: https://reviews.freebsd.org/D15283 --- lib/libc/Makefile | 1 + share/mk/bsd.README | 2 ++ share/mk/bsd.dep.mk | 5 ++++- share/mk/bsd.lib.mk | 46 ++++++++++++++++++++++++++++++++++++++-- share/mk/meta.autodep.mk | 4 ++-- share/mk/src.libnames.mk | 4 ++++ 6 files changed, 57 insertions(+), 5 deletions(-) diff --git a/lib/libc/Makefile b/lib/libc/Makefile index 9b1a87148df5..85fc4480d4c8 100644 --- a/lib/libc/Makefile +++ b/lib/libc/Makefile @@ -43,6 +43,7 @@ CFLAGS+=-DNLS .endif CLEANFILES+=tags INSTALL_PIC_ARCHIVE= +BUILD_NOSSP_PIC_ARCHIVE= PRECIOUSLIB= .ifndef NO_THREAD_STACK_UNWIND diff --git a/share/mk/bsd.README b/share/mk/bsd.README index 9e593e0990d8..4e0a02dcbf41 100644 --- a/share/mk/bsd.README +++ b/share/mk/bsd.README @@ -115,6 +115,8 @@ the tree where the file gets installed. The profiled libraries are no longer built in a different directory than the regular libraries. A new suffix, ".po", is used to denote a profiled object, and ".pico" denotes a position-independent relocatable object. +".nossppico" denotes a position-independent relocatable object without +stack smashing protection. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= diff --git a/share/mk/bsd.dep.mk b/share/mk/bsd.dep.mk index dd5405f694fa..5d0aac91f1b4 100644 --- a/share/mk/bsd.dep.mk +++ b/share/mk/bsd.dep.mk @@ -160,13 +160,16 @@ ${_D}.o: ${_DSRC} ${OBJS:S/^${_D}.o$//} @rm -f ${.TARGET} ${DTRACE} ${DTRACEFLAGS} -G -o ${.TARGET} -s ${.ALLSRC:N*.h} .if defined(LIB) -CLEANFILES+= ${_D}.pico ${_D}.po +CLEANFILES+= ${_D}.pico ${_D}.po ${_D}.nossppico ${_D}.pico: ${_DSRC} ${SOBJS:S/^${_D}.pico$//} @rm -f ${.TARGET} ${DTRACE} ${DTRACEFLAGS} -G -o ${.TARGET} -s ${.ALLSRC:N*.h} ${_D}.po: ${_DSRC} ${POBJS:S/^${_D}.po$//} @rm -f ${.TARGET} ${DTRACE} ${DTRACEFLAGS} -G -o ${.TARGET} -s ${.ALLSRC:N*.h} +${_D}.nossppico: ${_DSRC} ${SOBJS:S/^${_D}.nossppico$//} + @rm -f ${.TARGET} + ${DTRACE} ${DTRACEFLAGS} -G -o ${.TARGET} -s ${.ALLSRC:N*.h} .endif .endfor .endfor diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk index 7e76d9c78ede..d8356ceb84ca 100644 --- a/share/mk/bsd.lib.mk +++ b/share/mk/bsd.lib.mk @@ -21,9 +21,11 @@ LIB_PRIVATE= ${PRIVATELIB:Dprivate} # SHLIB_NAME will be defined only if we are to create a shared library. # SHLIB_LINK will be defined only if we are to create a link to it. # INSTALL_PIC_ARCHIVE will be defined only if we are to create a PIC archive. +# BUILD_NOSSP_PIC_ARCHIVE will be defined only if we are to create a PIC archive. .if defined(NO_PIC) .undef SHLIB_NAME .undef INSTALL_PIC_ARCHIVE +.undef BUILD_NOSSP_PIC_ARCHIVE .else .if !defined(SHLIB) && defined(LIB) SHLIB= ${LIB} @@ -78,7 +80,8 @@ CTFFLAGS+= -g # prefer .s to a .c, add .po, remove stuff not used in the BSD libraries # .pico used for PIC object files -.SUFFIXES: .out .o .bc .ll .po .pico .S .asm .s .c .cc .cpp .cxx .C .f .y .l .ln +# .nossppico used for NOSSP PIC object files +.SUFFIXES: .out .o .bc .ll .po .pico .nossppico .S .asm .s .c .cc .cpp .cxx .C .f .y .l .ln .if !defined(PICFLAG) .if ${MACHINE_CPUARCH} == "sparc64" @@ -98,12 +101,19 @@ PO_FLAG=-pg ${CC} ${PICFLAG} -DPIC ${SHARED_CFLAGS} ${CFLAGS} -c ${.IMPSRC} -o ${.TARGET} ${CTFCONVERT_CMD} +.c.nossppico: + ${CC} ${PICFLAG} -DPIC ${SHARED_CFLAGS:C/^-fstack-protector.*$//} ${CFLAGS:C/^-fstack-protector.*$//} -c ${.IMPSRC} -o ${.TARGET} + ${CTFCONVERT_CMD} + .cc.po .C.po .cpp.po .cxx.po: ${CXX} ${PO_FLAG} ${STATIC_CXXFLAGS} ${PO_CXXFLAGS} -c ${.IMPSRC} -o ${.TARGET} .cc.pico .C.pico .cpp.pico .cxx.pico: ${CXX} ${PICFLAG} -DPIC ${SHARED_CXXFLAGS} ${CXXFLAGS} -c ${.IMPSRC} -o ${.TARGET} +.cc.nossppico .C.nossppico .cpp.nossppico .cxx.nossppico: + ${CXX} ${PICFLAG} -DPIC ${SHARED_CXXFLAGS:C/^-fstack-protector.*$//} ${CXXFLAGS:C/^-fstack-protector.*$//} -c ${.IMPSRC} -o ${.TARGET} + .f.po: ${FC} -pg ${FFLAGS} -o ${.TARGET} -c ${.IMPSRC} ${CTFCONVERT_CMD} @@ -112,7 +122,11 @@ PO_FLAG=-pg ${FC} ${PICFLAG} -DPIC ${FFLAGS} -o ${.TARGET} -c ${.IMPSRC} ${CTFCONVERT_CMD} -.s.po .s.pico: +.f.nossppico: + ${FC} ${PICFLAG} -DPIC ${FFLAGS:C/^-fstack-protector.*$//} -o ${.TARGET} -c ${.IMPSRC} + ${CTFCONVERT_CMD} + +.s.po .s.pico .s.nossppico: ${AS} ${AFLAGS} -o ${.TARGET} ${.IMPSRC} ${CTFCONVERT_CMD} @@ -126,6 +140,11 @@ PO_FLAG=-pg ${CFLAGS} ${ACFLAGS} -c ${.IMPSRC} -o ${.TARGET} ${CTFCONVERT_CMD} +.asm.nossppico: + ${CC:N${CCACHE_BIN}} -x assembler-with-cpp ${PICFLAG} -DPIC \ + ${CFLAGS:C/^-fstack-protector.*$//} ${ACFLAGS} -c ${.IMPSRC} -o ${.TARGET} + ${CTFCONVERT_CMD} + .S.po: ${CC:N${CCACHE_BIN}} -DPROF ${PO_CFLAGS} ${ACFLAGS} -c ${.IMPSRC} \ -o ${.TARGET} @@ -136,6 +155,11 @@ PO_FLAG=-pg -c ${.IMPSRC} -o ${.TARGET} ${CTFCONVERT_CMD} +.S.nossppico: + ${CC:N${CCACHE_BIN}} ${PICFLAG} -DPIC ${CFLAGS:C/^-fstack-protector.*$//} ${ACFLAGS} \ + -c ${.IMPSRC} -o ${.TARGET} + ${CTFCONVERT_CMD} + _LIBDIR:=${LIBDIR} _SHLIBDIR:=${SHLIBDIR} @@ -285,6 +309,19 @@ lib${LIB_PRIVATE}${LIB}_pic.a: ${SOBJS} ${RANLIB} ${RANLIBFLAGS} ${.TARGET} .endif +.if defined(BUILD_NOSSP_PIC_ARCHIVE) && defined(LIB) && !empty(LIB) +NOSSPSOBJS+= ${OBJS:.o=.nossppico} +DEPENDOBJS+= ${NOSSPSOBJS} +CLEANFILES+= ${NOSSPSOBJS} +_LIBS+= lib${LIB_PRIVATE}${LIB}_nossp_pic.a + +lib${LIB_PRIVATE}${LIB}_nossp_pic.a: ${NOSSPSOBJS} + @${ECHO} building special nossp pic ${LIB} library + @rm -f ${.TARGET} + ${AR} ${ARFLAGS} ${.TARGET} ${NOSSPSOBJS} ${ARADD} + ${RANLIB} ${RANLIBFLAGS} ${.TARGET} +.endif + .endif # !defined(INTERNALLIB) .if defined(_SKIP_BUILD) @@ -425,6 +462,11 @@ OBJS_DEPEND_GUESS.${_S:${OBJS_SRCS_FILTER:ts:}}.po+= ${_S} OBJS_DEPEND_GUESS.${_S:${OBJS_SRCS_FILTER:ts:}}.pico+= ${_S} .endfor .endif +.if defined(BUILD_NOSSP_PIC_ARCHIVE) && defined(LIB) && !empty(LIB) +.for _S in ${SRCS:N*.[hly]} +OBJS_DEPEND_GUESS.${_S:${OBJS_SRCS_FILTER:ts:}}.nossppico+= ${_S} +.endfor +.endif .if defined(HAS_TESTS) MAKE+= MK_MAKE_CHECK_USE_SANDBOX=yes diff --git a/share/mk/meta.autodep.mk b/share/mk/meta.autodep.mk index 7df58bc9d0eb..d3a497d445e5 100644 --- a/share/mk/meta.autodep.mk +++ b/share/mk/meta.autodep.mk @@ -23,7 +23,7 @@ __${_this}__: .NOTMAIN .if defined(SRCS) # it would be nice to be able to query .SUFFIXES -OBJ_EXTENSIONS+= .o .po .lo .pico +OBJ_EXTENSIONS+= .o .po .lo .pico .nossppico # explicit dependencies help short-circuit .SUFFIX searches SRCS_DEP_FILTER+= N*.[hly] @@ -179,7 +179,7 @@ DEPEND_SUFFIXES += .c .h .cpp .hpp .cxx .hxx .cc .hh @case "${.MAKE.META.FILES:T:M*.po.*}" in \ *.po.*) mv $@.${.MAKE.PID} $@;; \ *) { cat $@.${.MAKE.PID}; \ - sed 's,\.pico:,.o:,;s,\.o:,.po:,' $@.${.MAKE.PID}; } | sort -u > $@; \ + sed 's,\.nossppico:,.o:,;s,\.pico:,.o:,;s,\.o:,.po:,' $@.${.MAKE.PID}; } | sort -u > $@; \ rm -f $@.${.MAKE.PID};; \ esac .else diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index c6ee3b5fef35..4b3c111b1525 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -31,6 +31,7 @@ _PRIVATELIBS= \ _INTERNALLIBS= \ amu \ bsnmptools \ + c_nossp_pic \ cron \ elftc \ fifolog \ @@ -471,6 +472,9 @@ LIBAMU?= ${LIBAMUDIR}/libamu.a LIBPMCSTATDIR= ${OBJTOP}/lib/libpmcstat LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat.a +LIBC_NOSSP_PICDIR= ${OBJTOP}/lib/libc +LIBC_NOSSP_PIC?= ${LIBC_NOSSP_PICDIR}/libc_nossp_pic.a + # Define a directory for each library. This is useful for adding -L in when # not using a --sysroot or for meta mode bootstrapping when there is no # Makefile.depend. These are sorted by directory.