8 Commits

Author SHA1 Message Date
kan
ef443476d9 Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by:        kib
Approved by:        re (kib)
2009-07-14 21:19:13 +00:00
kan
a3faeb1b41 Back out previous revision until better tested fix is ready.
Approved by: re (impliciti, by approving previos check-in)
2009-06-29 01:33:59 +00:00
kan
f780ef8f19 Eliminate .text relocations in shared libraries compiled with stack protector.
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC generates
local calls to this function which result in absolute relocations put into
position-independent code segment, making dynamic loader do extra work everys
time given shared library is being relocated and making affected text pages
non-shareable.

Reviewed by:        kib
Approved by:        re (kensmith)
2009-06-28 23:51:39 +00:00
ru
9d424734ae Restore the install location of libssp.so.0.
Noticed by:	tegge
2009-02-24 16:14:15 +00:00
ru
21f7074ade Fix build when WITH_SSP is set explicitly.
Submitted by:	Jeremie Le Hen
2009-02-21 15:04:31 +00:00
ru
8735fdbd4c Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
  turned opt-in for stable branches depending on the consensus.  You
  can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
  It is harmless to steal the knob as SSP symbols have been provided
  by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
  (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
  libc will be automatically downgraded to -fstack-protector because it
  breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2008-06-25 21:33:28 +00:00
ru
59fb918e03 Don't forget to clean generated ssp.h. 2007-05-22 10:40:58 +00:00
kan
ebf45ed0c9 Update bmake glue to build GCC 4.2.
Also:
        Switch FreeBSD to use libgcc_s.so.1.

        Use dl_iterate_phdr to locate shared objects' exception frame
        info instead of depending on older register_frame_info machinery.
        This allows us to avoid depending on libgcc_s.so.1 in binaries
        that do not use exception handling directly. As an additional
        benefit it breaks circular libc <=> libgcc_s.so.1 dependency too.

        Build newly added libgomp.so.1 library, the runtime support
        bits for OpenMP.

        Build LGPLed libssp library. Our libc provides our own
        BSD-licensed SSP callbacks implementation, so this library
        is only built to benefit applications that have hadcoded
        knowledge of libssp.so and libssp_nonshared.a. When linked
        in from command line, these libraries override libc
        implementation.
2007-05-19 04:25:59 +00:00