Date: Mon, 9 Jun 2008 22:09:37 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: freebsd-arch@freebsd.org Subject: Re: Integration of ProPolice in FreeBSD Message-ID: <20080609200937.GB72413@obiwan.tataz.chchile.org> In-Reply-To: <20080423131720.GP92168@obiwan.tataz.chchile.org> References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <200804181945.59189.max@love2party.net> <20080418204738.GE4840@obiwan.tataz.chchile.org> <20080419071400.GP73016@server.vk2pj.dyndns.org> <20080419074921.GI4840@obiwan.tataz.chchile.org> <20080420095911.GT5934@hoeg.nl> <f19c444a0804200320ifd64f85tbb19bcdbbb657dbb@mail.gmail.com> <20080423131720.GP92168@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi Ruslan, all,
On Wed, Apr 23, 2008 at 03:17:20PM +0200, Jeremie Le Hen wrote:
> Hi Antoine,
>
> On Fri, Apr 18, 2008 at 04:37:06PM +0200, Antoine Brodin wrote:
> > Last time I looked at your patch, there was a problem when using
> > -fstack-protector-all instead of -fstack-protector:
> > when you compile lib/csu/*, gnu/lib/csu/*, or
> > src/lib/libc/sys/stack_protector.c with this flag, there is a kind of
> > chicken/egg problem and you end up with an unusable world.
> > That said, it would be great to be able to compile world with SSP when
> > an option is set in src.conf.
>
> You were right. I had a chance to test it this weekend. Thank you for
> pointing this out.
I have had little spare time lately, this is why my followup have taken
so long.
Since this report from Antoine, my goal has been to be able to use
-fstack-protector-all when building world. I hoped it would be quite
straightforward, IOW that preventing bootstrap functions from being
protected would be enough. Unfortunately, it seems that building
libc_pic.a/libc.so with -fstack-protector-all breaks rtld in a very
twisted way that I'm unable to untangle for now.
Nonetheless, I really want to see this patch hit the tree before 8.x is
forked off. I have existed for more than two years and I would like to
avoid delaying it futher. So I will go the easy path for now and
prevent libc from being built with -fstack-protector-all.
Here are what haved changed since the previous patch:
- SSP is opt-out except for ia64; this is intended to trigger bugs.
However this doesn't mean it will be enabled by default in stable
releases.
- Thanks to Antoine, SSP related symbols are now compiled without stack
protection itself. This prevents a chicken and egg problem.
- lib/csu, gnu/lib/csu and libexec/rtld-elf are built without stack
protection.
I'm looking forward for more review and testing of this patch in order
to get it committed soon.
Ruslan, would you mind reviewing the change in bsd.own.mk as well?
Thank you very much.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
--VS++wcV0S1rZb1Fb
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="fbsd8-ssp.diff"
Index: Makefile.inc1
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/Makefile.inc1,v
retrieving revision 1.603
diff -u -p -r1.603 Makefile.inc1
--- Makefile.inc1 15 Apr 2008 05:14:42 -0000 1.603
+++ Makefile.inc1 24 Apr 2008 11:50:33 -0000
@@ -216,6 +216,7 @@ BMAKE= MAKEOBJDIRPREFIX=${WORLDTMP} \
${BMAKEENV} ${MAKE} -f Makefile.inc1 \
DESTDIR= \
BOOTSTRAPPING=${OSRELDATE} \
+ -DWITHOUT_SSP \
-DWITHOUT_HTML -DWITHOUT_INFO -DNO_LINT -DWITHOUT_MAN \
-DWITHOUT_NLS -DNO_PIC -DWITHOUT_PROFILE -DNO_SHARED \
-DNO_CPU_CFLAGS -DNO_WARNS
@@ -225,6 +226,7 @@ TMAKE= MAKEOBJDIRPREFIX=${OBJTREE} \
${BMAKEENV} ${MAKE} -f Makefile.inc1 \
TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \
DESTDIR= \
+ -DWITHOUT_SSP \
BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS
# cross-tools stage
@@ -437,7 +439,7 @@ build32:
.if ${MK_KERBEROS} != "no"
.for _t in obj depend all
cd ${.CURDIR}/kerberos5/tools; \
- MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= ${_t}
+ MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= ${_t}
.endfor
.endif
.for _t in obj includes
@@ -459,7 +461,7 @@ build32:
.endfor
.for _dir in lib/ncurses/ncurses lib/ncurses/ncursesw lib/libmagic
cd ${.CURDIR}/${_dir}; \
- MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= build-tools
+ MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= build-tools
.endfor
cd ${.CURDIR}; \
${LIB32WMAKE} -f Makefile.inc1 libraries
@@ -740,13 +742,13 @@ buildkernel:
@echo "--------------------------------------------------------------"
cd ${KRNLOBJDIR}/${_kernel}; \
MAKESRCPATH=${KERNSRCDIR}/dev/aic7xxx/aicasm \
- ${MAKE} -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile
+ ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile
# XXX - Gratuitously builds aicasm in the ``makeoptions NO_MODULES'' case.
.if !defined(MODULES_WITH_WORLD) && !defined(NO_MODULES) && exists(${KERNSRCDIR}/modules)
.for target in obj depend all
cd ${KERNSRCDIR}/modules/aic7xxx/aicasm; \
MAKEOBJDIRPREFIX=${KRNLOBJDIR}/${_kernel}/modules \
- ${MAKE} -DNO_CPU_CFLAGS ${target}
+ ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS ${target}
.endfor
.endif
.if !defined(NO_KERNELDEPEND)
Index: gnu/lib/csu/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/csu/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- gnu/lib/csu/Makefile 24 Jan 2008 07:43:09 -0000 1.28
+++ gnu/lib/csu/Makefile 25 Apr 2008 14:41:01 -0000
@@ -19,6 +19,7 @@ CFLAGS+= -I${GCCLIB}/include -I${GCCDIR}
-I${CCDIR}/cc_tools
CRTS_CFLAGS= -DCRTSTUFFS_O -DSHARED ${PICFLAG}
MKDEP= -DCRT_BEGIN
+WITHOUT_SSP=
.if ${MACHINE_ARCH} == "ia64"
BEGINSRC= crtbegin.asm
Index: gnu/lib/libssp/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/libssp/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- gnu/lib/libssp/Makefile 22 May 2007 10:40:58 -0000 1.2
+++ gnu/lib/libssp/Makefile 24 Apr 2008 22:22:21 -0000
@@ -10,6 +10,7 @@ LIB= ssp
SHLIB_MAJOR= 0
SHLIBDIR?= /lib
NO_PROFILE=
+WITHOUT_SSP=
SRCS= ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \
memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \
Index: lib/csu/Makefile.inc
===================================================================
RCS file: lib/csu/Makefile.inc
diff -N lib/csu/Makefile.inc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lib/csu/Makefile.inc 24 Apr 2008 22:27:03 -0000
@@ -0,0 +1 @@
+WITHOUT_SSP=
Index: lib/libc/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libc/Makefile,v
retrieving revision 1.73
diff -u -p -r1.73 Makefile
--- lib/libc/Makefile 1 Oct 2007 18:15:10 -0000 1.73
+++ lib/libc/Makefile 8 Jun 2008 21:24:42 -0000
@@ -122,3 +122,7 @@ libkern.${MACHINE_ARCH}:: ${KMSRCS}
# Disable warnings in contributed sources.
CWARNFLAGS:= ${.IMPSRC:Ngdtoa_*.c:C/^.+$/${CWARNFLAGS}/}
+# For now, we don't allow libc to be compiled with -fstack-protector-all.
+SSP_CFLAGS:= ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/}
+# Disable stack protection for SSP symbols.
+SSP_CFLAGS:= ${.IMPSRC:N*/stack_protector.c:C/^.+$/${SSP_CFLAGS}/}
Index: lib/libstand/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libstand/Makefile,v
retrieving revision 1.59
diff -u -p -r1.59 Makefile
--- lib/libstand/Makefile 24 Oct 2007 21:32:57 -0000 1.59
+++ lib/libstand/Makefile 16 Apr 2008 09:11:15 -0000
@@ -12,6 +12,7 @@ NO_PIC=
INCS= stand.h
MAN= libstand.3
+WITHOUT_SSP=
CFLAGS+= -ffreestanding -Wformat
CFLAGS+= -I${.CURDIR}
Index: lib/libthr/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libthr/Makefile,v
retrieving revision 1.34
diff -u -p -r1.34 Makefile
--- lib/libthr/Makefile 29 Mar 2008 17:44:38 -0000 1.34
+++ lib/libthr/Makefile 14 May 2008 20:04:39 -0000
@@ -8,6 +8,8 @@
# (for system call stubs) to CFLAGS below. -DSYSLIBC_SCCS affects just the
# system call stubs.
+WITHOUT_SSP=
+
.include <bsd.own.mk>
.if ${SHLIBDIR} == "/usr/lib"
Index: libexec/rtld-elf/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/libexec/rtld-elf/Makefile,v
retrieving revision 1.41
diff -u -p -r1.41 Makefile
--- libexec/rtld-elf/Makefile 16 May 2007 23:24:15 -0000 1.41
+++ libexec/rtld-elf/Makefile 8 Jun 2008 17:38:10 -0000
@@ -1,5 +1,7 @@
# $FreeBSD: src/libexec/rtld-elf/Makefile,v 1.41 2007/05/16 23:24:15 marcel Exp $
+WITHOUT_SSP=
+
.include <bsd.own.mk>
PROG?= ld-elf.so.1
Index: rescue/librescue/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/librescue/Makefile,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile
--- rescue/librescue/Makefile 27 Jul 2006 12:28:05 -0000 1.9
+++ rescue/librescue/Makefile 16 Apr 2008 09:11:36 -0000
@@ -2,6 +2,8 @@
# $FreeBSD: src/rescue/librescue/Makefile,v 1.9 2006/07/27 12:28:05 yar Exp $
#
+WITHOUT_SSP=
+
.include <bsd.own.mk>
# Certain library entries have hard-coded references to
Index: rescue/rescue/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/rescue/Makefile,v
retrieving revision 1.60
diff -u -p -r1.60 Makefile
--- rescue/rescue/Makefile 29 Mar 2008 13:15:33 -0000 1.60
+++ rescue/rescue/Makefile 24 Apr 2008 11:57:04 -0000
@@ -2,6 +2,7 @@
# @(#)Makefile 8.1 (Berkeley) 6/2/93
NO_MAN=
+WITHOUT_SSP=
.include <bsd.own.mk>
Index: share/mk/bsd.own.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.own.mk,v
retrieving revision 1.74
diff -u -p -r1.74 bsd.own.mk
--- share/mk/bsd.own.mk 29 Mar 2008 17:44:39 -0000 1.74
+++ share/mk/bsd.own.mk 14 May 2008 09:51:40 -0000
@@ -280,6 +280,18 @@ WITH_IDEA=
.endif
#
+# Default settings depending on other conditions.
+#
+OPT_YES=
+OPT_NO=
+
+.if ${MACHINE_ARCH} != "ia64"
+OPT_YES+= SSP
+.else
+OPT_NO+= SSP
+.endif
+
+#
# MK_* options which default to "yes".
#
.for var in \
@@ -349,7 +361,6 @@ WITH_IDEA=
SENDMAIL \
SETUID_LOGIN \
SHAREDOCS \
- SSP \
SYMVER \
SYSCONS \
TCSH \
@@ -357,7 +368,8 @@ WITH_IDEA=
USB \
WPA_SUPPLICANT_EAPOL \
ZFS \
- ZONEINFO
+ ZONEINFO \
+ ${OPT_YES}
.if defined(WITH_${var}) && defined(WITHOUT_${var})
.error WITH_${var} and WITHOUT_${var} can't both be set.
.endif
@@ -377,7 +389,8 @@ MK_${var}:= yes
.for var in \
BIND_LIBS \
HESIOD \
- IDEA
+ IDEA \
+ ${OPT_NO}
.if defined(WITH_${var}) && defined(WITHOUT_${var})
.error WITH_${var} and WITHOUT_${var} can't both be set.
.endif
Index: share/mk/bsd.sys.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.sys.mk,v
retrieving revision 1.44
diff -u -p -r1.44 bsd.sys.mk
--- share/mk/bsd.sys.mk 22 Nov 2007 23:21:12 -0000 1.44
+++ share/mk/bsd.sys.mk 4 Jun 2008 18:37:49 -0000
@@ -74,5 +74,11 @@ CWARNFLAGS += -Werror
CWARNFLAGS += -Wno-unknown-pragmas
.endif
+.if ${MK_SSP} != "no" && ${CC} != "icc"
+# Don't use -Wstack-protector as it breaks world with -Werror.
+SSP_CFLAGS ?= -fstack-protector
+CFLAGS += ${SSP_CFLAGS}
+.endif
+
# Allow user-specified additional warning flags
CFLAGS += ${CWARNFLAGS}
Index: sys/boot/Makefile.inc
===================================================================
RCS file: sys/boot/Makefile.inc
diff -N sys/boot/Makefile.inc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/boot/Makefile.inc 16 Apr 2008 09:13:16 -0000
@@ -0,0 +1,2 @@
+# Really, there's no need for stack-smashing protection in /boot programs.
+WITHOUT_SSP=
Index: sys/boot/arm/Makefile.inc
===================================================================
RCS file: sys/boot/arm/Makefile.inc
diff -N sys/boot/arm/Makefile.inc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/boot/arm/Makefile.inc 28 Mar 2008 07:51:09 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/arm/at91/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/arm/at91/Makefile.inc,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile.inc
--- sys/boot/arm/at91/Makefile.inc 13 Jul 2007 14:27:04 -0000 1.7
+++ sys/boot/arm/at91/Makefile.inc 28 Mar 2008 07:52:30 -0000
@@ -53,3 +53,5 @@ MK_FPGA:=no
.endif
.endif
+
+.include "../Makefile.inc"
Index: sys/boot/efi/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/efi/Makefile.inc,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile.inc
--- sys/boot/efi/Makefile.inc 12 Feb 2004 08:10:33 -0000 1.7
+++ sys/boot/efi/Makefile.inc 28 Mar 2008 06:55:25 -0000
@@ -5,3 +5,5 @@ BINDIR?= /boot
# Options used when building app-specific efi components
CFLAGS+= -ffreestanding -fshort-wchar -Wformat
LDFLAGS+= -nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/i386/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/Makefile.inc,v
retrieving revision 1.12
diff -u -p -r1.12 Makefile.inc
--- sys/boot/i386/Makefile.inc 28 Sep 2006 10:02:04 -0000 1.12
+++ sys/boot/i386/Makefile.inc 28 Mar 2008 07:41:32 -0000
@@ -24,3 +24,5 @@ BTXDIR= ${.CURDIR}/../btx
BTXLDR= ${BTXDIR}/btxldr/btxldr
BTXKERN= ${BTXDIR}/btx/btx
BTXCRT= ${BTXDIR}/lib/crt0.o
+
+.include "../Makefile.inc"
Index: sys/boot/i386/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/loader/Makefile,v
retrieving revision 1.85
diff -u -p -r1.85 Makefile
--- sys/boot/i386/loader/Makefile 29 May 2007 14:35:57 -0000 1.85
+++ sys/boot/i386/loader/Makefile 16 Apr 2008 09:14:10 -0000
@@ -1,5 +1,7 @@
# $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85 2007/05/29 14:35:57 simokawa Exp $
+WITHOUT_SSP=
+
.include <bsd.own.mk>
PROG= loader.sym
Index: sys/boot/ia64/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/Makefile.inc,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile.inc
--- sys/boot/ia64/Makefile.inc 12 Feb 2004 08:10:33 -0000 1.3
+++ sys/boot/ia64/Makefile.inc 28 Mar 2008 07:42:17 -0000
@@ -5,3 +5,5 @@ BINDIR?= /boot
# Options used when building standalone components
CFLAGS+= -ffreestanding -fshort-wchar -Wformat
LDFLAGS+= -nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/ia64/common/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/common/Makefile,v
retrieving revision 1.1
diff -u -p -r1.1 Makefile
--- sys/boot/ia64/common/Makefile 5 Nov 2006 22:03:03 -0000 1.1
+++ sys/boot/ia64/common/Makefile 16 Apr 2008 09:14:35 -0000
@@ -1,5 +1,7 @@
# $FreeBSD: src/sys/boot/ia64/common/Makefile,v 1.1 2006/11/05 22:03:03 marcel Exp $
+WITHOUT_SSP=
+
.include <bsd.own.mk>
LIB= ia64
Index: sys/boot/ia64/efi/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/efi/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- sys/boot/ia64/efi/Makefile 5 Nov 2006 22:03:03 -0000 1.28
+++ sys/boot/ia64/efi/Makefile 16 Apr 2008 09:15:11 -0000
@@ -1,6 +1,7 @@
# $FreeBSD: src/sys/boot/ia64/efi/Makefile,v 1.28 2006/11/05 22:03:03 marcel Exp $
NO_MAN=
+WITHOUT_SSP=
.include <bsd.own.mk>
Index: sys/boot/ia64/ski/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/ski/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- sys/boot/ia64/ski/Makefile 5 Nov 2006 22:03:04 -0000 1.20
+++ sys/boot/ia64/ski/Makefile 16 Apr 2008 09:15:25 -0000
@@ -1,6 +1,7 @@
# $FreeBSD: src/sys/boot/ia64/ski/Makefile,v 1.20 2006/11/05 22:03:04 marcel Exp $
NO_MAN=
+WITHOUT_SSP=
.include <bsd.own.mk>
Index: sys/boot/ofw/Makefile.inc
===================================================================
RCS file: sys/boot/ofw/Makefile.inc
diff -N sys/boot/ofw/Makefile.inc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/boot/ofw/Makefile.inc 28 Mar 2008 07:43:20 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/pc98/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/Makefile.inc,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile.inc
--- sys/boot/pc98/Makefile.inc 15 Oct 2007 14:20:24 -0000 1.7
+++ sys/boot/pc98/Makefile.inc 28 Mar 2008 07:44:15 -0000
@@ -19,3 +19,5 @@ BTXDIR= ${.CURDIR}/../btx
BTXLDR= ${BTXDIR}/btxldr/btxldr
BTXKERN= ${BTXDIR}/btx/btx
BTXCRT= ${BTXDIR}/lib/crt0.o
+
+.include "../Makefile.inc"
Index: sys/boot/pc98/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/loader/Makefile,v
retrieving revision 1.41
diff -u -p -r1.41 Makefile
--- sys/boot/pc98/loader/Makefile 2 Nov 2006 00:26:45 -0000 1.41
+++ sys/boot/pc98/loader/Makefile 16 Apr 2008 09:15:51 -0000
@@ -1,5 +1,7 @@
# $FreeBSD: src/sys/boot/pc98/loader/Makefile,v 1.41 2006/11/02 00:26:45 marcel Exp $
+WITHOUT_SSP=
+
.include <bsd.own.mk>
PROG= loader.sym
Index: sys/boot/powerpc/Makefile.inc
===================================================================
RCS file: sys/boot/powerpc/Makefile.inc
diff -N sys/boot/powerpc/Makefile.inc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/boot/powerpc/Makefile.inc 28 Mar 2008 07:46:36 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/powerpc/ofw/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/powerpc/ofw/Makefile,v
retrieving revision 1.23
diff -u -p -r1.23 Makefile
--- sys/boot/powerpc/ofw/Makefile 23 Feb 2008 17:48:23 -0000 1.23
+++ sys/boot/powerpc/ofw/Makefile 16 Apr 2008 09:16:20 -0000
@@ -1,5 +1,7 @@
# $FreeBSD: src/sys/boot/powerpc/ofw/Makefile,v 1.23 2008/02/23 17:48:23 marcel Exp $
+WITHOUT_SSP=
+
.include <bsd.own.mk>
PROG= loader
Index: sys/boot/sparc64/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/Makefile.inc,v
retrieving revision 1.1
diff -u -p -r1.1 Makefile.inc
--- sys/boot/sparc64/Makefile.inc 9 Feb 2004 14:17:02 -0000 1.1
+++ sys/boot/sparc64/Makefile.inc 28 Mar 2008 07:49:09 -0000
@@ -3,3 +3,5 @@
BINDIR?= /boot
CFLAGS+= -ffreestanding
LDFLAGS+= -nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/sparc64/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/loader/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- sys/boot/sparc64/loader/Makefile 17 Mar 2006 18:54:36 -0000 1.20
+++ sys/boot/sparc64/loader/Makefile 16 Apr 2008 09:16:39 -0000
@@ -1,5 +1,7 @@
# $FreeBSD: src/sys/boot/sparc64/loader/Makefile,v 1.20 2006/03/17 18:54:36 ru Exp $
+WITHOUT_SSP=
+
.include <bsd.own.mk>
PROG= loader
Index: sys/boot/uboot/Makefile.inc
===================================================================
RCS file: sys/boot/uboot/Makefile.inc
diff -N sys/boot/uboot/Makefile.inc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/boot/uboot/Makefile.inc 28 Mar 2008 07:50:18 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/conf/files
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/files,v
retrieving revision 1.1294
diff -u -p -r1.1294 files
--- sys/conf/files 21 Apr 2008 10:09:53 -0000 1.1294
+++ sys/conf/files 24 Apr 2008 14:34:34 -0000
@@ -1499,6 +1499,8 @@ kern/posix4_mib.c standard
kern/sched_4bsd.c optional sched_4bsd
kern/sched_ule.c optional sched_ule
kern/serdev_if.m standard
+kern/stack_protector.c standard \
+ compile-with "${NORMAL_C:N-fstack-protector*}"
kern/subr_acl_posix1e.c standard
kern/subr_autoconf.c standard
kern/subr_blist.c standard
Index: sys/conf/kern.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.mk,v
retrieving revision 1.52
diff -u -p -r1.52 kern.mk
--- sys/conf/kern.mk 24 May 2007 21:53:42 -0000 1.52
+++ sys/conf/kern.mk 29 Mar 2008 13:44:15 -0000
@@ -97,3 +97,10 @@ CFLAGS+= -ffreestanding
.if ${CC} == "icc"
CFLAGS+= -restrict
.endif
+
+#
+# GCC SSP support.
+#
+.if ${MK_SSP} != "no" && ${CC} != "icc"
+CFLAGS+= -fstack-protector
+.endif
Index: sys/conf/kern.pre.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.pre.mk,v
retrieving revision 1.97
diff -u -p -r1.97 kern.pre.mk
--- sys/conf/kern.pre.mk 2 Feb 2008 19:55:28 -0000 1.97
+++ sys/conf/kern.pre.mk 29 Mar 2008 14:06:45 -0000
@@ -3,10 +3,7 @@
# Part of a unified Makefile for building kernels. This part contains all
# of the definitions that need to be before %BEFORE_DEPEND.
-SRCCONF?= /etc/src.conf
-.if exists(${SRCCONF})
-.include "${SRCCONF}"
-.endif
+.include <bsd.own.mk>
# Can be overridden by makeoptions or /etc/make.conf
KERNEL_KO?= kernel
Index: sys/kern/stack_protector.c
===================================================================
RCS file: sys/kern/stack_protector.c
diff -N sys/kern/stack_protector.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/kern/stack_protector.c 29 Mar 2008 18:20:37 -0000
@@ -0,0 +1,32 @@
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/systm.h>
+#include <sys/libkern.h>
+
+#if defined(__SSP__) || defined(__SSP_ALL__)
+long __stack_chk_guard[8] = {};
+void __stack_chk_fail(void);
+
+void
+__stack_chk_fail(void)
+{
+
+ panic("stack overflow detected; backtrace may be corrupted");
+}
+
+#define __arraycount(__x) (sizeof(__x) / sizeof(__x[0]))
+static void
+__stack_chk_init(void *dummy __unused)
+{
+ size_t i;
+ long guard[__arraycount(__stack_chk_guard)];
+
+ arc4rand(guard, sizeof(guard), 0);
+ for (i = 0; i < __arraycount(guard); i++)
+ __stack_chk_guard[i] = guard[i];
+}
+/* SI_SUB_EVENTHANDLER is right after SI_SUB_LOCK used by arc4rand() init. */
+SYSINIT(stack_chk, SI_SUB_EVENTHANDLER, SI_ORDER_ANY, __stack_chk_init, NULL);
+
+#endif
--VS++wcV0S1rZb1Fb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080609200937.GB72413>