+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
+ * configure.ac: Add check for unsupported stack-protection level.
+ (libc_cv_predef_stack_protector): Remove.
+ (no_ssp): New variable.
+ (STACK_PROTECTOR_LEVEL): Set to zero when --disable-stack-protector.
+ (stack_protector): Set to -fno-stack-protector similarly.
+ (libc_cv_ld_gnu_indirect_function): Use no_ssp.
+ (libc_cv_asm_set_directive): Likewise.
+ (libc_cv_protected_data): Likewise.
+ (libc_cv_z_combreloc): Likewise.
+ (libc_cv_hashstyle): Likewise.
+ (libc_cv_has_glob_dat): Likewise.
+ (libc_cv_output_format): Likewise.
+ (libc_cv_output_format): Likewise.
+ (libc_cv_ehdr_start): Likewise.
+ * aclocal.m4 (LIBC_TRY_LINK_STATIC): Likewise.
+ (LIBC_LINKER_FEATURE): Likewise.
+ (LIBC_COMPILER_BUILTIN_INLINED): Likewise.
+
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
int __start (void) { return 0; }
$1
EOF
-AS_IF([AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -o conftest
+AS_IF([AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -o conftest
conftest.c -static -nostartfiles -nostdlib
1>&AS_MESSAGE_LOG_FD])],
[$2], [$3])
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
- if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
$2 -nostdlib -nostartfiles
-fPIC -shared -o conftest.so conftest.c
1>&AS_MESSAGE_LOG_FD])
cat > conftest.c <<EOF
int _start (void) { $2 return 0; }
EOF
-if ! AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+if ! AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
$3 -nostdlib -nostartfiles
-S conftest.c -o - | fgrep "$1"
1>&AS_MESSAGE_LOG_FD])
stack_protector="-fstack-protector-strong"
$as_echo "#define STACK_PROTECTOR_LEVEL 3" >>confdefs.h
+else
+ stack_protector="-fno-stack-protector"
+ $as_echo "#define STACK_PROTECTOR_LEVEL 0" >>confdefs.h
+
fi
+if test -n "$stack_protector"; then
+ no_ssp=-fno-stack-protector
+else
+ no_ssp=
+
+ if test "$enable_stack_protector" != no; then
+ as_fn_error $? "--enable-stack-protector=$enable_stack_protector specified, but specified level of stack protection is not supported by the compiler." "$LINENO" 5
+ fi
+fi
+
# For the multi-arch option we need support in the assembler & linker.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for assembler and linker STT_GNU_IFUNC support" >&5
$as_echo_n "checking for assembler and linker STT_GNU_IFUNC support... " >&6; }
EOF
libc_cv_ld_gnu_indirect_function=no
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.S 1>&5 2>&5; then
# Do a link to see if the backend supports IFUNC relocs.
$READELF -r conftest 1>&5
void _start() { glibc_conftest_frobozz = 1; }
EOF
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.s conftest1.c 1>&5 2>&5; then
libc_cv_asm_set_directive=yes
else
int bar __attribute__ ((visibility ("protected"))) = 1;
EOF
libc_cv_protected_data=no
- if { ac_try='${CC-cc} -nostdlib -nostartfiles -fPIC -shared conftest.c -o conftest.so'
+ if { ac_try='${CC-cc} -nostdlib -nostartfiles $no_ssp -fPIC -shared conftest.c -o conftest.so'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
(eval $ac_try) 2>&5
ac_status=$?
extern int bar;
int main (void) { return bar; }
EOF
- if { ac_try='${CC-cc} -nostdlib -nostartfiles conftest.c -o conftest conftest.so'
+ if { ac_try='${CC-cc} -nostdlib -nostartfiles $no_ssp conftest.c -o conftest conftest.so'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
(eval $ac_try) 2>&5
ac_status=$?
__attribute__ ((destructor)) void dtor (void) { asm (""); }
EOF
-if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -o conftest
+if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -o conftest
conftest.c -static -nostartfiles -nostdlib
1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
int foo (void) { return bar (mumble); }
EOF
if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
- -fPIC -shared -o conftest.so conftest.c
+ -fPIC -shared $no_ssp -o conftest.so conftest.c
-nostdlib -nostartfiles
-Wl,-z,combreloc 1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
- if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
-Wl,-z,execstack -nostdlib -nostartfiles
-fPIC -shared -o conftest.so conftest.c
1>&5'
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
-if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
-fPIC -shared -o conftest.so conftest.c
-Wl,--hash-style=both -nostdlib 1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
EOF
if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
-fPIC -shared -o conftest.so conftest.c
- -nostdlib -nostartfiles
+ -nostdlib -nostartfiles $no_ssp
1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
(eval $ac_try) 2>&5
$as_echo_n "(cached) " >&6
else
if libc_cv_output_format=`
-${CC-cc} -nostartfiles -nostdlib -Wl,--print-output-format 2>&5`
+${CC-cc} -nostartfiles -nostdlib $no_ssp -Wl,--print-output-format 2>&5`
then
:
else
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implicitly enables -fstack-protector" >&5
-$as_echo_n "checking whether $CC implicitly enables -fstack-protector... " >&6; }
-if ${libc_cv_predef_stack_protector+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-extern void foobar (char *);
-int
-main ()
-{
-char large_array[2048]; foobar (large_array);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-libc_undefs=`$NM -u conftest.o |
- LC_ALL=C $AWK '$1 == "U" { print $2 | "sort -u"; next } { exit(1) }' \
- 2>&5` || {
- as_fn_error $? "confusing output from $NM -u" "$LINENO" 5
-}
-echo >&5 "libc_undefs='$libc_undefs'"
-# On some architectures, there are architecture-specific undefined
-# symbols (resolved by the linker), so filter out unknown symbols.
-# This will fail to produce the correct result if the compiler
-# defaults to -fstack-protector but this produces an undefined symbol
-# other than __stack_chk_fail or __stack_chk_fail_local. However,
-# compilers like that have not been encountered in practice.
-libc_undefs=`echo "$libc_undefs" | \
- egrep '^(foobar|__stack_chk_fail|__stack_chk_fail_local)$'`
-case "$libc_undefs" in
-foobar) libc_cv_predef_stack_protector=no ;;
-'__stack_chk_fail
-foobar'|'__stack_chk_fail_local
-foobar') libc_cv_predef_stack_protector=yes ;;
-*) as_fn_error $? "unexpected symbols in test: $libc_undefs" "$LINENO" 5 ;;
-esac
-else
- as_fn_error $? "test compilation failed" "$LINENO" 5
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_predef_stack_protector" >&5
-$as_echo "$libc_cv_predef_stack_protector" >&6; }
-libc_extra_cflags=
-if test $libc_cv_predef_stack_protector = yes; then
- libc_extra_cflags="$libc_extra_cflags -fno-stack-protector"
-fi
-libc_extra_cppflags=
-
# Some linkers on some architectures support __ehdr_start but with
# bugs. Make sure usage of it does not create relocations in the
# output (as the linker should resolve them all for us).
old_LDFLAGS="$LDFLAGS"
old_LIBS="$LIBS"
CFLAGS="$CFLAGS -fPIC"
-LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared"
+LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared $no_ssp"
LIBS=
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
elif test "$enable_stack_protector" = strong && test "$libc_cv_ssp_strong" = yes; then
stack_protector="-fstack-protector-strong"
AC_DEFINE(STACK_PROTECTOR_LEVEL, 3)
+else
+ stack_protector="-fno-stack-protector"
+ AC_DEFINE(STACK_PROTECTOR_LEVEL, 0)
fi
AC_SUBST(libc_cv_ssp)
AC_SUBST(stack_protector)
AC_SUBST(no_stack_protector)
+if test -n "$stack_protector"; then
+ dnl Don't run configure tests with stack-protection on, to avoid problems with
+ dnl bootstrapping.
+ no_ssp=-fno-stack-protector
+else
+ no_ssp=
+
+ if test "$enable_stack_protector" != no; then
+ AC_MSG_ERROR([--enable-stack-protector=$enable_stack_protector specified, but specified level of stack protection is not supported by the compiler.])
+ fi
+fi
+
# For the multi-arch option we need support in the assembler & linker.
AC_CACHE_CHECK([for assembler and linker STT_GNU_IFUNC support],
libc_cv_ld_gnu_indirect_function, [dnl
EOF
libc_cv_ld_gnu_indirect_function=no
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.S 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
# Do a link to see if the backend supports IFUNC relocs.
$READELF -r conftest 1>&AS_MESSAGE_LOG_FD
void _start() { glibc_conftest_frobozz = 1; }
EOF
if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS \
- -nostartfiles -nostdlib \
+ -nostartfiles -nostdlib $no_ssp \
-o conftest conftest.s conftest1.c 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
libc_cv_asm_set_directive=yes
else
int bar __attribute__ ((visibility ("protected"))) = 1;
EOF
libc_cv_protected_data=no
- if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles -fPIC -shared conftest.c -o conftest.so); then
+ if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles $no_ssp -fPIC -shared conftest.c -o conftest.so); then
cat > conftest.c <<EOF
extern int bar;
int main (void) { return bar; }
EOF
- if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles conftest.c -o conftest conftest.so); then
+ if AC_TRY_COMMAND(${CC-cc} -nostdlib -nostartfiles $no_ssp conftest.c -o conftest conftest.so); then
libc_cv_protected_data=yes
fi
fi
int foo (void) { return bar (mumble); }
EOF
if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
- -fPIC -shared -o conftest.so conftest.c
+ -fPIC -shared $no_ssp -o conftest.so conftest.c
-nostdlib -nostartfiles
-Wl,-z,combreloc 1>&AS_MESSAGE_LOG_FD])
then
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
-if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
+if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
-fPIC -shared -o conftest.so conftest.c
-Wl,--hash-style=both -nostdlib 1>&AS_MESSAGE_LOG_FD])
then
EOF
if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
-fPIC -shared -o conftest.so conftest.c
- -nostdlib -nostartfiles
+ -nostdlib -nostartfiles $no_ssp
1>&AS_MESSAGE_LOG_FD])
then
dnl look for GLOB_DAT relocation.
AC_CACHE_CHECK(linker output format, libc_cv_output_format, [dnl
if libc_cv_output_format=`
-${CC-cc} -nostartfiles -nostdlib -Wl,--print-output-format 2>&AS_MESSAGE_LOG_FD`
+${CC-cc} -nostartfiles -nostdlib $no_ssp -Wl,--print-output-format 2>&AS_MESSAGE_LOG_FD`
then
:
else
fi
AC_SUBST(CPPUNDEFS)
-dnl Check for silly hacked compilers inserting -fstack-protector.
-dnl This breaks badly for the early startup code we compile, since
-dnl the compiled code can refer to a magic machine-dependent location
-dnl for the canary value before we have sufficient setup for that to
-dnl work. It's also questionable to build all of libc with this flag
-dnl even when you're doing that for most applications you build, since
-dnl libc's code is so heavily-used and performance-sensitive. If we
-dnl ever really want to make that work, it should be enabled explicitly
-dnl in the libc build, not inherited from implicit compiler settings.
-AC_CACHE_CHECK([whether $CC implicitly enables -fstack-protector],
- libc_cv_predef_stack_protector, [
-AC_TRY_COMPILE([extern void foobar (char *);],
- [char large_array[2048]; foobar (large_array);], [
-libc_undefs=`$NM -u conftest.o |
- LC_ALL=C $AWK '$1 == "U" { print $2 | "sort -u"; next } { exit(1) }' \
- 2>&AS_MESSAGE_LOG_FD` || {
- AC_MSG_ERROR([confusing output from $NM -u])
-}
-echo >&AS_MESSAGE_LOG_FD "libc_undefs='$libc_undefs'"
-# On some architectures, there are architecture-specific undefined
-# symbols (resolved by the linker), so filter out unknown symbols.
-# This will fail to produce the correct result if the compiler
-# defaults to -fstack-protector but this produces an undefined symbol
-# other than __stack_chk_fail or __stack_chk_fail_local. However,
-# compilers like that have not been encountered in practice.
-libc_undefs=`echo "$libc_undefs" | \
- egrep '^(foobar|__stack_chk_fail|__stack_chk_fail_local)$'`
-case "$libc_undefs" in
-foobar) libc_cv_predef_stack_protector=no ;;
-'__stack_chk_fail
-foobar'|'__stack_chk_fail_local
-foobar') libc_cv_predef_stack_protector=yes ;;
-*) AC_MSG_ERROR([unexpected symbols in test: $libc_undefs]) ;;
-esac],
- [AC_MSG_ERROR([test compilation failed])])
-])
-libc_extra_cflags=
-if test $libc_cv_predef_stack_protector = yes; then
- libc_extra_cflags="$libc_extra_cflags -fno-stack-protector"
-fi
-libc_extra_cppflags=
-
# Some linkers on some architectures support __ehdr_start but with
# bugs. Make sure usage of it does not create relocations in the
# output (as the linker should resolve them all for us).
old_LDFLAGS="$LDFLAGS"
old_LIBS="$LIBS"
CFLAGS="$CFLAGS -fPIC"
-LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared"
+LDFLAGS="$LDFLAGS -nostdlib -nostartfiles -shared $no_ssp"
LIBS=
AC_LINK_IFELSE([AC_LANG_SOURCE([
typedef struct {
projects / thirdparty / glibc.git / commitdiff
