From owner-freebsd-hackers@FreeBSD.ORG Thu Jun 12 18:46:41 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D12D106567D for ; Thu, 12 Jun 2008 18:46:41 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by mx1.freebsd.org (Postfix) with ESMTP id 4C36D8FC1D for ; Thu, 12 Jun 2008 18:46:40 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id 75FC73F61C9 for ; Thu, 12 Jun 2008 20:46:38 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 3E5203F614D for ; Thu, 12 Jun 2008 20:46:38 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 9BD0F9B497 for ; Thu, 12 Jun 2008 18:42:37 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 8979B4089; Thu, 12 Jun 2008 20:42:37 +0200 (CEST) Date: Thu, 12 Jun 2008 20:42:37 +0200 From: Jeremie Le Hen To: freebsd-hackers@freebsd.org Message-ID: <20080612184237.GC15774@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0eh6TmSyL6TZE2Uz" Content-Disposition: inline In-Reply-To: <20080423131720.GP92168@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.15 (2007-04-06) Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2008 18:46:41 -0000 --0eh6TmSyL6TZE2Uz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Ruslan, all, (This mail has already been sent to -arch@. I'm sending it here now for a wider audience because I really need testers.) On Wed, Apr 23, 2008 at 03:17:20PM +0200, Jeremie Le Hen wrote: > Hi Antoine, > > On Fri, Apr 18, 2008 at 04:37:06PM +0200, Antoine Brodin wrote: > > Last time I looked at your patch, there was a problem when using > > -fstack-protector-all instead of -fstack-protector: > > when you compile lib/csu/*, gnu/lib/csu/*, or > > src/lib/libc/sys/stack_protector.c with this flag, there is a kind of > > chicken/egg problem and you end up with an unusable world. > > That said, it would be great to be able to compile world with SSP when > > an option is set in src.conf. > > You were right. I had a chance to test it this weekend. Thank you for > pointing this out. I have had little spare time lately, this is why my followup have taken so long. Since this report from Antoine, my goal has been to be able to use -fstack-protector-all when building world. I hoped it would be quite straightforward, IOW that preventing bootstrap functions from being protected would be enough. Unfortunately, it seems that building libc_pic.a/libc.so with -fstack-protector-all breaks rtld in a very twisted way that I'm unable to untangle for now. Nonetheless, I really want to see this patch hit the tree before 8.x is forked off. I have existed for more than two years and I would like to avoid delaying it futher. So I will go the easy path for now and prevent libc from being built with -fstack-protector-all. Here are what haved changed since the previous patch: - SSP is opt-out except for ia64; this is intended to trigger bugs. However this doesn't mean it will be enabled by default in stable releases. - Thanks to Antoine, SSP related symbols are now compiled without stack protection itself. This prevents a chicken and egg problem. - lib/csu, gnu/lib/csu and libexec/rtld-elf are built without stack protection. I'm looking forward for more review and testing of this patch in order to get it committed soon. Ruslan, would you mind reviewing the change in bsd.own.mk as well? Thank you very much. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > --0eh6TmSyL6TZE2Uz Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="fbsd8-ssp.diff" Index: Makefile.inc1 =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/Makefile.inc1,v retrieving revision 1.603 diff -u -p -r1.603 Makefile.inc1 --- Makefile.inc1 15 Apr 2008 05:14:42 -0000 1.603 +++ Makefile.inc1 24 Apr 2008 11:50:33 -0000 @@ -216,6 +216,7 @@ BMAKE= MAKEOBJDIRPREFIX=${WORLDTMP} \ ${BMAKEENV} ${MAKE} -f Makefile.inc1 \ DESTDIR= \ BOOTSTRAPPING=${OSRELDATE} \ + -DWITHOUT_SSP \ -DWITHOUT_HTML -DWITHOUT_INFO -DNO_LINT -DWITHOUT_MAN \ -DWITHOUT_NLS -DNO_PIC -DWITHOUT_PROFILE -DNO_SHARED \ -DNO_CPU_CFLAGS -DNO_WARNS @@ -225,6 +226,7 @@ TMAKE= MAKEOBJDIRPREFIX=${OBJTREE} \ ${BMAKEENV} ${MAKE} -f Makefile.inc1 \ TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \ DESTDIR= \ + -DWITHOUT_SSP \ BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS # cross-tools stage @@ -437,7 +439,7 @@ build32: .if ${MK_KERBEROS} != "no" .for _t in obj depend all cd ${.CURDIR}/kerberos5/tools; \ - MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= ${_t} + MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= ${_t} .endfor .endif .for _t in obj includes @@ -459,7 +461,7 @@ build32: .endfor .for _dir in lib/ncurses/ncurses lib/ncurses/ncursesw lib/libmagic cd ${.CURDIR}/${_dir}; \ - MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= build-tools + MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= build-tools .endfor cd ${.CURDIR}; \ ${LIB32WMAKE} -f Makefile.inc1 libraries @@ -740,13 +742,13 @@ buildkernel: @echo "--------------------------------------------------------------" cd ${KRNLOBJDIR}/${_kernel}; \ MAKESRCPATH=${KERNSRCDIR}/dev/aic7xxx/aicasm \ - ${MAKE} -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile + ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile # XXX - Gratuitously builds aicasm in the ``makeoptions NO_MODULES'' case. .if !defined(MODULES_WITH_WORLD) && !defined(NO_MODULES) && exists(${KERNSRCDIR}/modules) .for target in obj depend all cd ${KERNSRCDIR}/modules/aic7xxx/aicasm; \ MAKEOBJDIRPREFIX=${KRNLOBJDIR}/${_kernel}/modules \ - ${MAKE} -DNO_CPU_CFLAGS ${target} + ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS ${target} .endfor .endif .if !defined(NO_KERNELDEPEND) Index: gnu/lib/csu/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/csu/Makefile,v retrieving revision 1.28 diff -u -p -r1.28 Makefile --- gnu/lib/csu/Makefile 24 Jan 2008 07:43:09 -0000 1.28 +++ gnu/lib/csu/Makefile 25 Apr 2008 14:41:01 -0000 @@ -19,6 +19,7 @@ CFLAGS+= -I${GCCLIB}/include -I${GCCDIR} -I${CCDIR}/cc_tools CRTS_CFLAGS= -DCRTSTUFFS_O -DSHARED ${PICFLAG} MKDEP= -DCRT_BEGIN +WITHOUT_SSP= .if ${MACHINE_ARCH} == "ia64" BEGINSRC= crtbegin.asm Index: gnu/lib/libssp/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/libssp/Makefile,v retrieving revision 1.2 diff -u -p -r1.2 Makefile --- gnu/lib/libssp/Makefile 22 May 2007 10:40:58 -0000 1.2 +++ gnu/lib/libssp/Makefile 24 Apr 2008 22:22:21 -0000 @@ -10,6 +10,7 @@ LIB= ssp SHLIB_MAJOR= 0 SHLIBDIR?= /lib NO_PROFILE= +WITHOUT_SSP= SRCS= ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \ memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \ Index: lib/csu/Makefile.inc =================================================================== RCS file: lib/csu/Makefile.inc diff -N lib/csu/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ lib/csu/Makefile.inc 24 Apr 2008 22:27:03 -0000 @@ -0,0 +1 @@ +WITHOUT_SSP= Index: lib/libc/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libc/Makefile,v retrieving revision 1.73 diff -u -p -r1.73 Makefile --- lib/libc/Makefile 1 Oct 2007 18:15:10 -0000 1.73 +++ lib/libc/Makefile 8 Jun 2008 21:24:42 -0000 @@ -122,3 +122,7 @@ libkern.${MACHINE_ARCH}:: ${KMSRCS} # Disable warnings in contributed sources. CWARNFLAGS:= ${.IMPSRC:Ngdtoa_*.c:C/^.+$/${CWARNFLAGS}/} +# For now, we don't allow libc to be compiled with -fstack-protector-all. +SSP_CFLAGS:= ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/} +# Disable stack protection for SSP symbols. +SSP_CFLAGS:= ${.IMPSRC:N*/stack_protector.c:C/^.+$/${SSP_CFLAGS}/} Index: lib/libstand/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libstand/Makefile,v retrieving revision 1.59 diff -u -p -r1.59 Makefile --- lib/libstand/Makefile 24 Oct 2007 21:32:57 -0000 1.59 +++ lib/libstand/Makefile 16 Apr 2008 09:11:15 -0000 @@ -12,6 +12,7 @@ NO_PIC= INCS= stand.h MAN= libstand.3 +WITHOUT_SSP= CFLAGS+= -ffreestanding -Wformat CFLAGS+= -I${.CURDIR} Index: lib/libthr/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libthr/Makefile,v retrieving revision 1.34 diff -u -p -r1.34 Makefile --- lib/libthr/Makefile 29 Mar 2008 17:44:38 -0000 1.34 +++ lib/libthr/Makefile 14 May 2008 20:04:39 -0000 @@ -8,6 +8,8 @@ # (for system call stubs) to CFLAGS below. -DSYSLIBC_SCCS affects just the # system call stubs. +WITHOUT_SSP= + .include .if ${SHLIBDIR} == "/usr/lib" Index: libexec/rtld-elf/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/libexec/rtld-elf/Makefile,v retrieving revision 1.41 diff -u -p -r1.41 Makefile --- libexec/rtld-elf/Makefile 16 May 2007 23:24:15 -0000 1.41 +++ libexec/rtld-elf/Makefile 8 Jun 2008 17:38:10 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/libexec/rtld-elf/Makefile,v 1.41 2007/05/16 23:24:15 marcel Exp $ +WITHOUT_SSP= + .include PROG?= ld-elf.so.1 Index: rescue/librescue/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/librescue/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- rescue/librescue/Makefile 27 Jul 2006 12:28:05 -0000 1.9 +++ rescue/librescue/Makefile 16 Apr 2008 09:11:36 -0000 @@ -2,6 +2,8 @@ # $FreeBSD: src/rescue/librescue/Makefile,v 1.9 2006/07/27 12:28:05 yar Exp $ # +WITHOUT_SSP= + .include # Certain library entries have hard-coded references to Index: rescue/rescue/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/rescue/Makefile,v retrieving revision 1.60 diff -u -p -r1.60 Makefile --- rescue/rescue/Makefile 29 Mar 2008 13:15:33 -0000 1.60 +++ rescue/rescue/Makefile 24 Apr 2008 11:57:04 -0000 @@ -2,6 +2,7 @@ # @(#)Makefile 8.1 (Berkeley) 6/2/93 NO_MAN= +WITHOUT_SSP= .include Index: share/mk/bsd.own.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.own.mk,v retrieving revision 1.74 diff -u -p -r1.74 bsd.own.mk --- share/mk/bsd.own.mk 29 Mar 2008 17:44:39 -0000 1.74 +++ share/mk/bsd.own.mk 14 May 2008 09:51:40 -0000 @@ -280,6 +280,18 @@ WITH_IDEA= .endif # +# Default settings depending on other conditions. +# +OPT_YES= +OPT_NO= + +.if ${MACHINE_ARCH} != "ia64" +OPT_YES+= SSP +.else +OPT_NO+= SSP +.endif + +# # MK_* options which default to "yes". # .for var in \ @@ -349,7 +361,6 @@ WITH_IDEA= SENDMAIL \ SETUID_LOGIN \ SHAREDOCS \ - SSP \ SYMVER \ SYSCONS \ TCSH \ @@ -357,7 +368,8 @@ WITH_IDEA= USB \ WPA_SUPPLICANT_EAPOL \ ZFS \ - ZONEINFO + ZONEINFO \ + ${OPT_YES} .if defined(WITH_${var}) && defined(WITHOUT_${var}) .error WITH_${var} and WITHOUT_${var} can't both be set. .endif @@ -377,7 +389,8 @@ MK_${var}:= yes .for var in \ BIND_LIBS \ HESIOD \ - IDEA + IDEA \ + ${OPT_NO} .if defined(WITH_${var}) && defined(WITHOUT_${var}) .error WITH_${var} and WITHOUT_${var} can't both be set. .endif Index: share/mk/bsd.sys.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.sys.mk,v retrieving revision 1.44 diff -u -p -r1.44 bsd.sys.mk --- share/mk/bsd.sys.mk 22 Nov 2007 23:21:12 -0000 1.44 +++ share/mk/bsd.sys.mk 4 Jun 2008 18:37:49 -0000 @@ -74,5 +74,11 @@ CWARNFLAGS += -Werror CWARNFLAGS += -Wno-unknown-pragmas .endif +.if ${MK_SSP} != "no" && ${CC} != "icc" +# Don't use -Wstack-protector as it breaks world with -Werror. +SSP_CFLAGS ?= -fstack-protector +CFLAGS += ${SSP_CFLAGS} +.endif + # Allow user-specified additional warning flags CFLAGS += ${CWARNFLAGS} Index: sys/boot/Makefile.inc =================================================================== RCS file: sys/boot/Makefile.inc diff -N sys/boot/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/Makefile.inc 16 Apr 2008 09:13:16 -0000 @@ -0,0 +1,2 @@ +# Really, there's no need for stack-smashing protection in /boot programs. +WITHOUT_SSP= Index: sys/boot/arm/Makefile.inc =================================================================== RCS file: sys/boot/arm/Makefile.inc diff -N sys/boot/arm/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/arm/Makefile.inc 28 Mar 2008 07:51:09 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/arm/at91/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/arm/at91/Makefile.inc,v retrieving revision 1.7 diff -u -p -r1.7 Makefile.inc --- sys/boot/arm/at91/Makefile.inc 13 Jul 2007 14:27:04 -0000 1.7 +++ sys/boot/arm/at91/Makefile.inc 28 Mar 2008 07:52:30 -0000 @@ -53,3 +53,5 @@ MK_FPGA:=no .endif .endif + +.include "../Makefile.inc" Index: sys/boot/efi/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/efi/Makefile.inc,v retrieving revision 1.7 diff -u -p -r1.7 Makefile.inc --- sys/boot/efi/Makefile.inc 12 Feb 2004 08:10:33 -0000 1.7 +++ sys/boot/efi/Makefile.inc 28 Mar 2008 06:55:25 -0000 @@ -5,3 +5,5 @@ BINDIR?= /boot # Options used when building app-specific efi components CFLAGS+= -ffreestanding -fshort-wchar -Wformat LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/i386/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/Makefile.inc,v retrieving revision 1.12 diff -u -p -r1.12 Makefile.inc --- sys/boot/i386/Makefile.inc 28 Sep 2006 10:02:04 -0000 1.12 +++ sys/boot/i386/Makefile.inc 28 Mar 2008 07:41:32 -0000 @@ -24,3 +24,5 @@ BTXDIR= ${.CURDIR}/../btx BTXLDR= ${BTXDIR}/btxldr/btxldr BTXKERN= ${BTXDIR}/btx/btx BTXCRT= ${BTXDIR}/lib/crt0.o + +.include "../Makefile.inc" Index: sys/boot/i386/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/loader/Makefile,v retrieving revision 1.85 diff -u -p -r1.85 Makefile --- sys/boot/i386/loader/Makefile 29 May 2007 14:35:57 -0000 1.85 +++ sys/boot/i386/loader/Makefile 16 Apr 2008 09:14:10 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85 2007/05/29 14:35:57 simokawa Exp $ +WITHOUT_SSP= + .include PROG= loader.sym Index: sys/boot/ia64/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- sys/boot/ia64/Makefile.inc 12 Feb 2004 08:10:33 -0000 1.3 +++ sys/boot/ia64/Makefile.inc 28 Mar 2008 07:42:17 -0000 @@ -5,3 +5,5 @@ BINDIR?= /boot # Options used when building standalone components CFLAGS+= -ffreestanding -fshort-wchar -Wformat LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/ia64/common/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/common/Makefile,v retrieving revision 1.1 diff -u -p -r1.1 Makefile --- sys/boot/ia64/common/Makefile 5 Nov 2006 22:03:03 -0000 1.1 +++ sys/boot/ia64/common/Makefile 16 Apr 2008 09:14:35 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/common/Makefile,v 1.1 2006/11/05 22:03:03 marcel Exp $ +WITHOUT_SSP= + .include LIB= ia64 Index: sys/boot/ia64/efi/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/efi/Makefile,v retrieving revision 1.28 diff -u -p -r1.28 Makefile --- sys/boot/ia64/efi/Makefile 5 Nov 2006 22:03:03 -0000 1.28 +++ sys/boot/ia64/efi/Makefile 16 Apr 2008 09:15:11 -0000 @@ -1,6 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/efi/Makefile,v 1.28 2006/11/05 22:03:03 marcel Exp $ NO_MAN= +WITHOUT_SSP= .include Index: sys/boot/ia64/ski/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/ski/Makefile,v retrieving revision 1.20 diff -u -p -r1.20 Makefile --- sys/boot/ia64/ski/Makefile 5 Nov 2006 22:03:04 -0000 1.20 +++ sys/boot/ia64/ski/Makefile 16 Apr 2008 09:15:25 -0000 @@ -1,6 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/ski/Makefile,v 1.20 2006/11/05 22:03:04 marcel Exp $ NO_MAN= +WITHOUT_SSP= .include Index: sys/boot/ofw/Makefile.inc =================================================================== RCS file: sys/boot/ofw/Makefile.inc diff -N sys/boot/ofw/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/ofw/Makefile.inc 28 Mar 2008 07:43:20 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/pc98/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/Makefile.inc,v retrieving revision 1.7 diff -u -p -r1.7 Makefile.inc --- sys/boot/pc98/Makefile.inc 15 Oct 2007 14:20:24 -0000 1.7 +++ sys/boot/pc98/Makefile.inc 28 Mar 2008 07:44:15 -0000 @@ -19,3 +19,5 @@ BTXDIR= ${.CURDIR}/../btx BTXLDR= ${BTXDIR}/btxldr/btxldr BTXKERN= ${BTXDIR}/btx/btx BTXCRT= ${BTXDIR}/lib/crt0.o + +.include "../Makefile.inc" Index: sys/boot/pc98/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/loader/Makefile,v retrieving revision 1.41 diff -u -p -r1.41 Makefile --- sys/boot/pc98/loader/Makefile 2 Nov 2006 00:26:45 -0000 1.41 +++ sys/boot/pc98/loader/Makefile 16 Apr 2008 09:15:51 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/pc98/loader/Makefile,v 1.41 2006/11/02 00:26:45 marcel Exp $ +WITHOUT_SSP= + .include PROG= loader.sym Index: sys/boot/powerpc/Makefile.inc =================================================================== RCS file: sys/boot/powerpc/Makefile.inc diff -N sys/boot/powerpc/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/powerpc/Makefile.inc 28 Mar 2008 07:46:36 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/powerpc/ofw/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/powerpc/ofw/Makefile,v retrieving revision 1.23 diff -u -p -r1.23 Makefile --- sys/boot/powerpc/ofw/Makefile 23 Feb 2008 17:48:23 -0000 1.23 +++ sys/boot/powerpc/ofw/Makefile 16 Apr 2008 09:16:20 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/powerpc/ofw/Makefile,v 1.23 2008/02/23 17:48:23 marcel Exp $ +WITHOUT_SSP= + .include PROG= loader Index: sys/boot/sparc64/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/Makefile.inc,v retrieving revision 1.1 diff -u -p -r1.1 Makefile.inc --- sys/boot/sparc64/Makefile.inc 9 Feb 2004 14:17:02 -0000 1.1 +++ sys/boot/sparc64/Makefile.inc 28 Mar 2008 07:49:09 -0000 @@ -3,3 +3,5 @@ BINDIR?= /boot CFLAGS+= -ffreestanding LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/sparc64/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/loader/Makefile,v retrieving revision 1.20 diff -u -p -r1.20 Makefile --- sys/boot/sparc64/loader/Makefile 17 Mar 2006 18:54:36 -0000 1.20 +++ sys/boot/sparc64/loader/Makefile 16 Apr 2008 09:16:39 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/sparc64/loader/Makefile,v 1.20 2006/03/17 18:54:36 ru Exp $ +WITHOUT_SSP= + .include PROG= loader Index: sys/boot/uboot/Makefile.inc =================================================================== RCS file: sys/boot/uboot/Makefile.inc diff -N sys/boot/uboot/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/uboot/Makefile.inc 28 Mar 2008 07:50:18 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/conf/files =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/files,v retrieving revision 1.1294 diff -u -p -r1.1294 files --- sys/conf/files 21 Apr 2008 10:09:53 -0000 1.1294 +++ sys/conf/files 24 Apr 2008 14:34:34 -0000 @@ -1499,6 +1499,8 @@ kern/posix4_mib.c standard kern/sched_4bsd.c optional sched_4bsd kern/sched_ule.c optional sched_ule kern/serdev_if.m standard +kern/stack_protector.c standard \ + compile-with "${NORMAL_C:N-fstack-protector*}" kern/subr_acl_posix1e.c standard kern/subr_autoconf.c standard kern/subr_blist.c standard Index: sys/conf/kern.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.mk,v retrieving revision 1.52 diff -u -p -r1.52 kern.mk --- sys/conf/kern.mk 24 May 2007 21:53:42 -0000 1.52 +++ sys/conf/kern.mk 29 Mar 2008 13:44:15 -0000 @@ -97,3 +97,10 @@ CFLAGS+= -ffreestanding .if ${CC} == "icc" CFLAGS+= -restrict .endif + +# +# GCC SSP support. +# +.if ${MK_SSP} != "no" && ${CC} != "icc" +CFLAGS+= -fstack-protector +.endif Index: sys/conf/kern.pre.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.pre.mk,v retrieving revision 1.97 diff -u -p -r1.97 kern.pre.mk --- sys/conf/kern.pre.mk 2 Feb 2008 19:55:28 -0000 1.97 +++ sys/conf/kern.pre.mk 29 Mar 2008 14:06:45 -0000 @@ -3,10 +3,7 @@ # Part of a unified Makefile for building kernels. This part contains all # of the definitions that need to be before %BEFORE_DEPEND. -SRCCONF?= /etc/src.conf -.if exists(${SRCCONF}) -.include "${SRCCONF}" -.endif +.include # Can be overridden by makeoptions or /etc/make.conf KERNEL_KO?= kernel Index: sys/kern/stack_protector.c =================================================================== RCS file: sys/kern/stack_protector.c diff -N sys/kern/stack_protector.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/kern/stack_protector.c 29 Mar 2008 18:20:37 -0000 @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#if defined(__SSP__) || defined(__SSP_ALL__) +long __stack_chk_guard[8] = {}; +void __stack_chk_fail(void); + +void +__stack_chk_fail(void) +{ + + panic("stack overflow detected; backtrace may be corrupted"); +} + +#define __arraycount(__x) (sizeof(__x) / sizeof(__x[0])) +static void +__stack_chk_init(void *dummy __unused) +{ + size_t i; + long guard[__arraycount(__stack_chk_guard)]; + + arc4rand(guard, sizeof(guard), 0); + for (i = 0; i < __arraycount(guard); i++) + __stack_chk_guard[i] = guard[i]; +} +/* SI_SUB_EVENTHANDLER is right after SI_SUB_LOCK used by arc4rand() init. */ +SYSINIT(stack_chk, SI_SUB_EVENTHANDLER, SI_ORDER_ANY, __stack_chk_init, NULL); + +#endif --0eh6TmSyL6TZE2Uz--