Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Jun 2008 17:31:05 +0200
From:      Jeremie Le Hen <jeremie@le-hen.org>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Integration of ProPolice in FreeBSD
Message-ID:  <20080619153105.GL46885@obiwan.tataz.chchile.org>
In-Reply-To: <20080614182623.F66582@fledge.watson.org>
References:  <20080612184237.GC15774@obiwan.tataz.chchile.org> <20080614182623.F66582@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--O5XBE6gyVG5Rl6Rj
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Hi Robert, hi all,

On Sat, Jun 14, 2008 at 06:27:30PM +0100, Robert Watson wrote:
> 
>  On Thu, 12 Jun 2008, Jeremie Le Hen wrote:
> 
> > (This mail has already been sent to -arch@.  I'm sending it here now for a 
> > wider audience because I really need testers.)
> 
>  Dear Jeremie,
> 
>  Unfortunately, I can't lend my hands to this project as they're currently 
>  full of other stuff. However, I would really be very pleased to see is 
>  [finally] ship a release with ProPolice enabled.  We're definitely trailing 
>  the pack in this regard, and I think it's bad practice to not ship with what 
>  are considered industry-standard protections here.  Thanks for your work on 
>  this!

Thank you for those words or cheer.

I inquired some of my friends to get some testing, and in most of case
the answer was « I'm running RELENG_7 ».  So I've made a patch against
RELENG_7.  There are only minor changes in src/Makefile.inc1 because
-DNO_CTR has been sown all over the file :).

So to make it clear for casual glancers:

!!! !!! !!!
	This patch is against RELENG_7.  If you can afford a reboot,
	please test!  I need some feedback before it gets committed to
	-CURRENT.  The patch is very stable on my laptop.
!!! !!! !!!

Thanks you every one.
Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

--O5XBE6gyVG5Rl6Rj
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="fbsd7-ssp.diff"

Index: Makefile.inc1
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/Makefile.inc1,v
retrieving revision 1.588.2.4
diff -u -p -r1.588.2.4 Makefile.inc1
--- Makefile.inc1	24 Feb 2008 14:31:41 -0000	1.588.2.4
+++ Makefile.inc1	18 Jun 2008 21:13:21 -0000
@@ -206,6 +206,7 @@ BMAKE=		MAKEOBJDIRPREFIX=${WORLDTMP} \
 		${BMAKEENV} ${MAKE} -f Makefile.inc1 \
 		DESTDIR= \
 		BOOTSTRAPPING=${OSRELDATE} \
+		-DWITHOUT_SSP \
 		-DWITHOUT_HTML -DWITHOUT_INFO -DNO_LINT -DWITHOUT_MAN \
 		-DWITHOUT_NLS -DNO_PIC -DWITHOUT_PROFILE -DNO_SHARED \
 		-DNO_CPU_CFLAGS -DNO_WARNS
@@ -215,7 +216,8 @@ TMAKE=		MAKEOBJDIRPREFIX=${OBJTREE} \
 		${BMAKEENV} ${MAKE} -f Makefile.inc1 \
 		TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \
 		DESTDIR= \
-		BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS
+		BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS \
+		-DWITHOUT_SSP
 
 # cross-tools stage
 XMAKE=		TOOLS_PREFIX=${WORLDTMP} ${BMAKE} \
@@ -425,7 +427,7 @@ build32:
 .if ${MK_KERBEROS} != "no"
 .for _t in obj depend all
 	cd ${.CURDIR}/kerberos5/tools; \
-	    MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= ${_t}
+	    MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= ${_t}
 .endfor
 .endif
 .for _t in obj includes
@@ -447,7 +449,7 @@ build32:
 .endfor
 .for _dir in lib/ncurses/ncurses lib/ncurses/ncursesw lib/libmagic
 	cd ${.CURDIR}/${_dir}; \
-	    MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= build-tools
+	    MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= build-tools
 .endfor
 	cd ${.CURDIR}; \
 	    ${LIB32WMAKE} -f Makefile.inc1 libraries
@@ -706,13 +708,13 @@ buildkernel:
 	@echo "--------------------------------------------------------------"
 	cd ${KRNLOBJDIR}/${_kernel}; \
 	    MAKESRCPATH=${KERNSRCDIR}/dev/aic7xxx/aicasm \
-	    ${MAKE} -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile
+	    ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile
 # XXX - Gratuitously builds aicasm in the ``makeoptions NO_MODULES'' case.
 .if !defined(MODULES_WITH_WORLD) && !defined(NO_MODULES) && exists(${KERNSRCDIR}/modules)
 .for target in obj depend all
 	cd ${KERNSRCDIR}/modules/aic7xxx/aicasm; \
 	    MAKEOBJDIRPREFIX=${KRNLOBJDIR}/${_kernel}/modules \
-	    ${MAKE} -DNO_CPU_CFLAGS ${target}
+	    ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS ${target}
 .endfor
 .endif
 .if !defined(NO_KERNELDEPEND)
Index: gnu/lib/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/Makefile,v
retrieving revision 1.42
diff -u -p -r1.42 Makefile
--- gnu/lib/Makefile	19 May 2007 04:25:54 -0000	1.42
+++ gnu/lib/Makefile	18 Jun 2008 21:08:09 -0000
@@ -2,7 +2,7 @@
 
 .include <bsd.own.mk>
 
-SUBDIR= csu libgcc libgcov libdialog libgomp libregex libreadline
+SUBDIR= csu libgcc libgcov libdialog libgomp libregex libreadline libssp
 
 # libsupc++ uses libstdc++ headers, although 'make includes' should
 # have taken care of that already.
@@ -14,8 +14,4 @@ SUBDIR+= libstdc++ libsupc++
 SUBDIR+= libobjc
 .endif
 
-.if ${MK_SSP} != "no"
-SUBDIR+= libssp
-.endif
-
 .include <bsd.subdir.mk>
Index: gnu/lib/csu/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/csu/Makefile,v
retrieving revision 1.25
diff -u -p -r1.25 Makefile
--- gnu/lib/csu/Makefile	19 May 2007 04:25:55 -0000	1.25
+++ gnu/lib/csu/Makefile	18 Jun 2008 21:08:09 -0000
@@ -19,6 +19,7 @@ CFLAGS+=	-I${GCCLIB}/include -I${GCCDIR}
 		-I${CCDIR}/cc_tools
 CRTS_CFLAGS=	-DCRTSTUFFS_O -DSHARED ${PICFLAG}
 MKDEP=		-DCRT_BEGIN
+WITHOUT_SSP=
 
 .if ${MACHINE_ARCH} == "ia64"
 BEGINSRC=	crtbegin.asm
Index: gnu/lib/libssp/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/libssp/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- gnu/lib/libssp/Makefile	22 May 2007 10:40:58 -0000	1.2
+++ gnu/lib/libssp/Makefile	18 Jun 2008 21:08:09 -0000
@@ -10,6 +10,7 @@ LIB=		ssp
 SHLIB_MAJOR=	0
 SHLIBDIR?=	/lib
 NO_PROFILE=
+WITHOUT_SSP=
 
 SRCS=	ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \
 	memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \
Index: lib/csu/Makefile.inc
===================================================================
RCS file: lib/csu/Makefile.inc
diff -N lib/csu/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ lib/csu/Makefile.inc	18 Jun 2008 21:08:09 -0000
@@ -0,0 +1 @@
+WITHOUT_SSP=
Index: lib/libc/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libc/Makefile,v
retrieving revision 1.73
diff -u -p -r1.73 Makefile
--- lib/libc/Makefile	1 Oct 2007 18:15:10 -0000	1.73
+++ lib/libc/Makefile	18 Jun 2008 21:08:09 -0000
@@ -122,3 +122,9 @@ libkern.${MACHINE_ARCH}:: ${KMSRCS}
 
 # Disable warnings in contributed sources.
 CWARNFLAGS:=	${.IMPSRC:Ngdtoa_*.c:C/^.+$/${CWARNFLAGS}/}
+# XXX For now, we don't allow libc to be compiled with
+# -fstack-protector-all because it breaks rtld.  We may want to make a librtld
+# in the future to circumvent this.
+SSP_CFLAGS:=	${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/}
+# Disable stack protection for SSP symbols.
+SSP_CFLAGS:=	${.IMPSRC:N*/stack_protector.c:C/^.+$/${SSP_CFLAGS}/}
Index: lib/libstand/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libstand/Makefile,v
retrieving revision 1.57.2.3
diff -u -p -r1.57.2.3 Makefile
--- lib/libstand/Makefile	4 May 2008 11:58:25 -0000	1.57.2.3
+++ lib/libstand/Makefile	18 Jun 2008 21:08:09 -0000
@@ -12,6 +12,7 @@ NO_PIC=
 INCS=		stand.h
 MAN=		libstand.3
 
+WITHOUT_SSP=
 CFLAGS+= -ffreestanding -Wformat
 CFLAGS+= -I${.CURDIR}
 
Index: lib/libthr/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libthr/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- lib/libthr/Makefile	9 Oct 2007 23:31:10 -0000	1.28
+++ lib/libthr/Makefile	18 Jun 2008 21:08:09 -0000
@@ -8,6 +8,8 @@
 # (for system call stubs) to CFLAGS below.  -DSYSLIBC_SCCS affects just the
 # system call stubs.
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 .if (${DEFAULT_THREAD_LIB} == "libthr" || ${MK_LIBKSE} == "no") && \
Index: libexec/rtld-elf/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/libexec/rtld-elf/Makefile,v
retrieving revision 1.41
diff -u -p -r1.41 Makefile
--- libexec/rtld-elf/Makefile	16 May 2007 23:24:15 -0000	1.41
+++ libexec/rtld-elf/Makefile	18 Jun 2008 21:08:09 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/libexec/rtld-elf/Makefile,v 1.41 2007/05/16 23:24:15 marcel Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 PROG?=		ld-elf.so.1
Index: rescue/librescue/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/librescue/Makefile,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile
--- rescue/librescue/Makefile	27 Jul 2006 12:28:05 -0000	1.9
+++ rescue/librescue/Makefile	18 Jun 2008 21:08:10 -0000
@@ -2,6 +2,8 @@
 # $FreeBSD: src/rescue/librescue/Makefile,v 1.9 2006/07/27 12:28:05 yar Exp $
 #
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 # Certain library entries have hard-coded references to
Index: rescue/rescue/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/rescue/Makefile,v
retrieving revision 1.56
diff -u -p -r1.56 Makefile
--- rescue/rescue/Makefile	14 Jul 2007 21:49:22 -0000	1.56
+++ rescue/rescue/Makefile	18 Jun 2008 21:08:10 -0000
@@ -2,6 +2,7 @@
 #	@(#)Makefile	8.1 (Berkeley) 6/2/93
 
 NO_MAN=
+WITHOUT_SSP=
 
 .include <bsd.own.mk>
 
Index: share/mk/bsd.sys.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.sys.mk,v
retrieving revision 1.41
diff -u -p -r1.41 bsd.sys.mk
--- share/mk/bsd.sys.mk	24 May 2007 21:53:42 -0000	1.41
+++ share/mk/bsd.sys.mk	18 Jun 2008 21:08:10 -0000
@@ -77,5 +77,11 @@ CWARNFLAGS	+=	-Werror
 CWARNFLAGS	+=	-Wno-unknown-pragmas
 .endif
 
+.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64"
+# Don't use -Wstack-protector as it breaks world with -Werror.
+SSP_CFLAGS	?=	-fstack-protector
+CFLAGS		+=	${SSP_CFLAGS}
+.endif
+
 # Allow user-specified additional warning flags
 CFLAGS		+=	${CWARNFLAGS}
Index: sys/boot/Makefile.inc
===================================================================
RCS file: sys/boot/Makefile.inc
diff -N sys/boot/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -0,0 +1 @@
+WITHOUT_SSP=
Index: sys/boot/arm/Makefile.inc
===================================================================
RCS file: sys/boot/arm/Makefile.inc
diff -N sys/boot/arm/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/arm/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/arm/at91/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/arm/at91/Makefile.inc,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile.inc
--- sys/boot/arm/at91/Makefile.inc	13 Jul 2007 14:27:04 -0000	1.7
+++ sys/boot/arm/at91/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -53,3 +53,5 @@ MK_FPGA:=no
 .endif
 
 .endif
+
+.include "../Makefile.inc"
Index: sys/boot/efi/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/efi/Makefile.inc,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile.inc
--- sys/boot/efi/Makefile.inc	12 Feb 2004 08:10:33 -0000	1.7
+++ sys/boot/efi/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -5,3 +5,5 @@ BINDIR?=	/boot
 # Options used when building app-specific efi components
 CFLAGS+=	-ffreestanding -fshort-wchar -Wformat
 LDFLAGS+=	-nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/i386/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/Makefile.inc,v
retrieving revision 1.12
diff -u -p -r1.12 Makefile.inc
--- sys/boot/i386/Makefile.inc	28 Sep 2006 10:02:04 -0000	1.12
+++ sys/boot/i386/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -24,3 +24,5 @@ BTXDIR=		${.CURDIR}/../btx
 BTXLDR=		${BTXDIR}/btxldr/btxldr
 BTXKERN=	${BTXDIR}/btx/btx
 BTXCRT=		${BTXDIR}/lib/crt0.o
+
+.include "../Makefile.inc"
Index: sys/boot/i386/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/loader/Makefile,v
retrieving revision 1.85
diff -u -p -r1.85 Makefile
--- sys/boot/i386/loader/Makefile	29 May 2007 14:35:57 -0000	1.85
+++ sys/boot/i386/loader/Makefile	18 Jun 2008 21:08:10 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85 2007/05/29 14:35:57 simokawa Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 PROG=		loader.sym
Index: sys/boot/ia64/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/Makefile.inc,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile.inc
--- sys/boot/ia64/Makefile.inc	12 Feb 2004 08:10:33 -0000	1.3
+++ sys/boot/ia64/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -5,3 +5,5 @@ BINDIR?=	/boot
 # Options used when building standalone components
 CFLAGS+=	-ffreestanding -fshort-wchar -Wformat
 LDFLAGS+=	-nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/ia64/common/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/common/Makefile,v
retrieving revision 1.1
diff -u -p -r1.1 Makefile
--- sys/boot/ia64/common/Makefile	5 Nov 2006 22:03:03 -0000	1.1
+++ sys/boot/ia64/common/Makefile	18 Jun 2008 21:08:10 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/ia64/common/Makefile,v 1.1 2006/11/05 22:03:03 marcel Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 LIB=		ia64
Index: sys/boot/ia64/efi/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/efi/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- sys/boot/ia64/efi/Makefile	5 Nov 2006 22:03:03 -0000	1.28
+++ sys/boot/ia64/efi/Makefile	18 Jun 2008 21:08:10 -0000
@@ -1,6 +1,7 @@
 # $FreeBSD: src/sys/boot/ia64/efi/Makefile,v 1.28 2006/11/05 22:03:03 marcel Exp $
 
 NO_MAN=
+WITHOUT_SSP=
 
 .include <bsd.own.mk>
 
Index: sys/boot/ia64/ski/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/ski/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- sys/boot/ia64/ski/Makefile	5 Nov 2006 22:03:04 -0000	1.20
+++ sys/boot/ia64/ski/Makefile	18 Jun 2008 21:08:10 -0000
@@ -1,6 +1,7 @@
 # $FreeBSD: src/sys/boot/ia64/ski/Makefile,v 1.20 2006/11/05 22:03:04 marcel Exp $
 
 NO_MAN=
+WITHOUT_SSP=
 
 .include <bsd.own.mk>
 
Index: sys/boot/ofw/Makefile.inc
===================================================================
RCS file: sys/boot/ofw/Makefile.inc
diff -N sys/boot/ofw/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/ofw/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/pc98/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/Makefile.inc,v
retrieving revision 1.6.2.1
diff -u -p -r1.6.2.1 Makefile.inc
--- sys/boot/pc98/Makefile.inc	18 Oct 2007 12:08:53 -0000	1.6.2.1
+++ sys/boot/pc98/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -19,3 +19,5 @@ BTXDIR=		${.CURDIR}/../btx
 BTXLDR=		${BTXDIR}/btxldr/btxldr
 BTXKERN=	${BTXDIR}/btx/btx
 BTXCRT=		${BTXDIR}/lib/crt0.o
+
+.include "../Makefile.inc"
Index: sys/boot/pc98/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/loader/Makefile,v
retrieving revision 1.41
diff -u -p -r1.41 Makefile
--- sys/boot/pc98/loader/Makefile	2 Nov 2006 00:26:45 -0000	1.41
+++ sys/boot/pc98/loader/Makefile	18 Jun 2008 21:08:10 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/pc98/loader/Makefile,v 1.41 2006/11/02 00:26:45 marcel Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 PROG=		loader.sym
Index: sys/boot/powerpc/Makefile.inc
===================================================================
RCS file: sys/boot/powerpc/Makefile.inc
diff -N sys/boot/powerpc/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/powerpc/Makefile.inc	18 Jun 2008 21:08:10 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/sparc64/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/Makefile.inc,v
retrieving revision 1.1
diff -u -p -r1.1 Makefile.inc
--- sys/boot/sparc64/Makefile.inc	9 Feb 2004 14:17:02 -0000	1.1
+++ sys/boot/sparc64/Makefile.inc	18 Jun 2008 21:08:19 -0000
@@ -3,3 +3,5 @@
 BINDIR?=	/boot
 CFLAGS+=	-ffreestanding
 LDFLAGS+=	-nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/sparc64/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/loader/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- sys/boot/sparc64/loader/Makefile	17 Mar 2006 18:54:36 -0000	1.20
+++ sys/boot/sparc64/loader/Makefile	18 Jun 2008 21:08:19 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/sparc64/loader/Makefile,v 1.20 2006/03/17 18:54:36 ru Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 PROG=		loader
Index: sys/conf/files
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/files,v
retrieving revision 1.1243.2.22
diff -u -p -r1.1243.2.22 files
--- sys/conf/files	19 May 2008 12:34:43 -0000	1.1243.2.22
+++ sys/conf/files	18 Jun 2008 21:08:19 -0000
@@ -1490,6 +1490,8 @@ kern/posix4_mib.c		standard
 kern/sched_4bsd.c		optional sched_4bsd
 kern/sched_ule.c		optional sched_ule
 kern/serdev_if.m		standard
+kern/stack_protector.c		standard \
+	compile-with "${NORMAL_C:N-fstack-protector*}"
 kern/subr_acl_posix1e.c		standard
 kern/subr_autoconf.c		standard
 kern/subr_blist.c		standard
Index: sys/conf/kern.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.mk,v
retrieving revision 1.52
diff -u -p -r1.52 kern.mk
--- sys/conf/kern.mk	24 May 2007 21:53:42 -0000	1.52
+++ sys/conf/kern.mk	18 Jun 2008 21:08:19 -0000
@@ -97,3 +97,10 @@ CFLAGS+=	-ffreestanding
 .if ${CC} == "icc"
 CFLAGS+=	-restrict
 .endif
+
+#
+# GCC SSP support.
+#
+.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64"
+CFLAGS+=	-fstack-protector
+.endif
Index: sys/conf/kern.pre.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.pre.mk,v
retrieving revision 1.92
diff -u -p -r1.92 kern.pre.mk
--- sys/conf/kern.pre.mk	8 Aug 2007 19:12:06 -0000	1.92
+++ sys/conf/kern.pre.mk	18 Jun 2008 21:08:19 -0000
@@ -3,10 +3,7 @@
 # Part of a unified Makefile for building kernels.  This part contains all
 # of the definitions that need to be before %BEFORE_DEPEND.
 
-SRCCONF?=	/etc/src.conf
-.if exists(${SRCCONF})
-.include "${SRCCONF}"
-.endif
+.include <bsd.own.mk>
 
 # Can be overridden by makeoptions or /etc/make.conf
 KERNEL_KO?=	kernel
Index: sys/kern/stack_protector.c
===================================================================
RCS file: sys/kern/stack_protector.c
diff -N sys/kern/stack_protector.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/kern/stack_protector.c	18 Jun 2008 21:08:19 -0000
@@ -0,0 +1,32 @@
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/systm.h>
+#include <sys/libkern.h>
+
+#if defined(__SSP__) || defined(__SSP_ALL__)
+long __stack_chk_guard[8] = {};
+void __stack_chk_fail(void);
+
+void
+__stack_chk_fail(void)
+{
+
+	panic("stack overflow detected; backtrace may be corrupted");
+}
+
+#define __arraycount(__x)	(sizeof(__x) / sizeof(__x[0]))
+static void
+__stack_chk_init(void *dummy __unused)
+{
+	size_t i;
+	long guard[__arraycount(__stack_chk_guard)];
+
+	arc4rand(guard, sizeof(guard), 0);
+	for (i = 0; i < __arraycount(guard); i++)
+		__stack_chk_guard[i] = guard[i];
+}
+/* SI_SUB_EVENTHANDLER is right after SI_SUB_LOCK used by arc4rand() init. */
+SYSINIT(stack_chk, SI_SUB_EVENTHANDLER, SI_ORDER_ANY, __stack_chk_init, NULL);
+
+#endif
Index: tools/build/options/WITHOUT_SSP
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/tools/build/options/WITHOUT_SSP,v
retrieving revision 1.1
diff -u -p -r1.1 WITHOUT_SSP
--- tools/build/options/WITHOUT_SSP	19 May 2007 04:42:58 -0000	1.1
+++ tools/build/options/WITHOUT_SSP	18 Jun 2008 21:08:19 -0000
@@ -1,2 +1,2 @@
 .\" $FreeBSD: src/tools/build/options/WITHOUT_SSP,v 1.1 2007/05/19 04:42:58 kan Exp $
-Set to not build propolice stack smashing protection library.
+Set to not build world with propolice stack smashing protection.

--O5XBE6gyVG5Rl6Rj--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080619153105.GL46885>