From owner-freebsd-arch@FreeBSD.ORG Mon Jun 9 20:13:33 2008 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 165D2106564A; Mon, 9 Jun 2008 20:13:33 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by mx1.freebsd.org (Postfix) with ESMTP id 4206A8FC1A; Mon, 9 Jun 2008 20:13:32 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id B1F923F6161; Mon, 9 Jun 2008 22:13:30 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 0AF523F6384; Mon, 9 Jun 2008 22:13:27 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 9FD3A9B497; Mon, 9 Jun 2008 20:09:37 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 8F2D74089; Mon, 9 Jun 2008 22:09:37 +0200 (CEST) Date: Mon, 9 Jun 2008 22:09:37 +0200 From: Jeremie Le Hen To: Ruslan Ermilov Message-ID: <20080609200937.GB72413@obiwan.tataz.chchile.org> References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <200804181945.59189.max@love2party.net> <20080418204738.GE4840@obiwan.tataz.chchile.org> <20080419071400.GP73016@server.vk2pj.dyndns.org> <20080419074921.GI4840@obiwan.tataz.chchile.org> <20080420095911.GT5934@hoeg.nl> <20080423131720.GP92168@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="VS++wcV0S1rZb1Fb" Content-Disposition: inline In-Reply-To: <20080423131720.GP92168@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-arch@freebsd.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2008 20:13:33 -0000 --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Ruslan, all, On Wed, Apr 23, 2008 at 03:17:20PM +0200, Jeremie Le Hen wrote: > Hi Antoine, > > On Fri, Apr 18, 2008 at 04:37:06PM +0200, Antoine Brodin wrote: > > Last time I looked at your patch, there was a problem when using > > -fstack-protector-all instead of -fstack-protector: > > when you compile lib/csu/*, gnu/lib/csu/*, or > > src/lib/libc/sys/stack_protector.c with this flag, there is a kind of > > chicken/egg problem and you end up with an unusable world. > > That said, it would be great to be able to compile world with SSP when > > an option is set in src.conf. > > You were right. I had a chance to test it this weekend. Thank you for > pointing this out. I have had little spare time lately, this is why my followup have taken so long. Since this report from Antoine, my goal has been to be able to use -fstack-protector-all when building world. I hoped it would be quite straightforward, IOW that preventing bootstrap functions from being protected would be enough. Unfortunately, it seems that building libc_pic.a/libc.so with -fstack-protector-all breaks rtld in a very twisted way that I'm unable to untangle for now. Nonetheless, I really want to see this patch hit the tree before 8.x is forked off. I have existed for more than two years and I would like to avoid delaying it futher. So I will go the easy path for now and prevent libc from being built with -fstack-protector-all. Here are what haved changed since the previous patch: - SSP is opt-out except for ia64; this is intended to trigger bugs. However this doesn't mean it will be enabled by default in stable releases. - Thanks to Antoine, SSP related symbols are now compiled without stack protection itself. This prevents a chicken and egg problem. - lib/csu, gnu/lib/csu and libexec/rtld-elf are built without stack protection. I'm looking forward for more review and testing of this patch in order to get it committed soon. Ruslan, would you mind reviewing the change in bsd.own.mk as well? Thank you very much. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > --VS++wcV0S1rZb1Fb Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="fbsd8-ssp.diff" Index: Makefile.inc1 =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/Makefile.inc1,v retrieving revision 1.603 diff -u -p -r1.603 Makefile.inc1 --- Makefile.inc1 15 Apr 2008 05:14:42 -0000 1.603 +++ Makefile.inc1 24 Apr 2008 11:50:33 -0000 @@ -216,6 +216,7 @@ BMAKE= MAKEOBJDIRPREFIX=${WORLDTMP} \ ${BMAKEENV} ${MAKE} -f Makefile.inc1 \ DESTDIR= \ BOOTSTRAPPING=${OSRELDATE} \ + -DWITHOUT_SSP \ -DWITHOUT_HTML -DWITHOUT_INFO -DNO_LINT -DWITHOUT_MAN \ -DWITHOUT_NLS -DNO_PIC -DWITHOUT_PROFILE -DNO_SHARED \ -DNO_CPU_CFLAGS -DNO_WARNS @@ -225,6 +226,7 @@ TMAKE= MAKEOBJDIRPREFIX=${OBJTREE} \ ${BMAKEENV} ${MAKE} -f Makefile.inc1 \ TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \ DESTDIR= \ + -DWITHOUT_SSP \ BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS # cross-tools stage @@ -437,7 +439,7 @@ build32: .if ${MK_KERBEROS} != "no" .for _t in obj depend all cd ${.CURDIR}/kerberos5/tools; \ - MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= ${_t} + MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= ${_t} .endfor .endif .for _t in obj includes @@ -459,7 +461,7 @@ build32: .endfor .for _dir in lib/ncurses/ncurses lib/ncurses/ncursesw lib/libmagic cd ${.CURDIR}/${_dir}; \ - MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= build-tools + MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= build-tools .endfor cd ${.CURDIR}; \ ${LIB32WMAKE} -f Makefile.inc1 libraries @@ -740,13 +742,13 @@ buildkernel: @echo "--------------------------------------------------------------" cd ${KRNLOBJDIR}/${_kernel}; \ MAKESRCPATH=${KERNSRCDIR}/dev/aic7xxx/aicasm \ - ${MAKE} -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile + ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile # XXX - Gratuitously builds aicasm in the ``makeoptions NO_MODULES'' case. .if !defined(MODULES_WITH_WORLD) && !defined(NO_MODULES) && exists(${KERNSRCDIR}/modules) .for target in obj depend all cd ${KERNSRCDIR}/modules/aic7xxx/aicasm; \ MAKEOBJDIRPREFIX=${KRNLOBJDIR}/${_kernel}/modules \ - ${MAKE} -DNO_CPU_CFLAGS ${target} + ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS ${target} .endfor .endif .if !defined(NO_KERNELDEPEND) Index: gnu/lib/csu/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/csu/Makefile,v retrieving revision 1.28 diff -u -p -r1.28 Makefile --- gnu/lib/csu/Makefile 24 Jan 2008 07:43:09 -0000 1.28 +++ gnu/lib/csu/Makefile 25 Apr 2008 14:41:01 -0000 @@ -19,6 +19,7 @@ CFLAGS+= -I${GCCLIB}/include -I${GCCDIR} -I${CCDIR}/cc_tools CRTS_CFLAGS= -DCRTSTUFFS_O -DSHARED ${PICFLAG} MKDEP= -DCRT_BEGIN +WITHOUT_SSP= .if ${MACHINE_ARCH} == "ia64" BEGINSRC= crtbegin.asm Index: gnu/lib/libssp/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/libssp/Makefile,v retrieving revision 1.2 diff -u -p -r1.2 Makefile --- gnu/lib/libssp/Makefile 22 May 2007 10:40:58 -0000 1.2 +++ gnu/lib/libssp/Makefile 24 Apr 2008 22:22:21 -0000 @@ -10,6 +10,7 @@ LIB= ssp SHLIB_MAJOR= 0 SHLIBDIR?= /lib NO_PROFILE= +WITHOUT_SSP= SRCS= ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \ memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \ Index: lib/csu/Makefile.inc =================================================================== RCS file: lib/csu/Makefile.inc diff -N lib/csu/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ lib/csu/Makefile.inc 24 Apr 2008 22:27:03 -0000 @@ -0,0 +1 @@ +WITHOUT_SSP= Index: lib/libc/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libc/Makefile,v retrieving revision 1.73 diff -u -p -r1.73 Makefile --- lib/libc/Makefile 1 Oct 2007 18:15:10 -0000 1.73 +++ lib/libc/Makefile 8 Jun 2008 21:24:42 -0000 @@ -122,3 +122,7 @@ libkern.${MACHINE_ARCH}:: ${KMSRCS} # Disable warnings in contributed sources. CWARNFLAGS:= ${.IMPSRC:Ngdtoa_*.c:C/^.+$/${CWARNFLAGS}/} +# For now, we don't allow libc to be compiled with -fstack-protector-all. +SSP_CFLAGS:= ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/} +# Disable stack protection for SSP symbols. +SSP_CFLAGS:= ${.IMPSRC:N*/stack_protector.c:C/^.+$/${SSP_CFLAGS}/} Index: lib/libstand/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libstand/Makefile,v retrieving revision 1.59 diff -u -p -r1.59 Makefile --- lib/libstand/Makefile 24 Oct 2007 21:32:57 -0000 1.59 +++ lib/libstand/Makefile 16 Apr 2008 09:11:15 -0000 @@ -12,6 +12,7 @@ NO_PIC= INCS= stand.h MAN= libstand.3 +WITHOUT_SSP= CFLAGS+= -ffreestanding -Wformat CFLAGS+= -I${.CURDIR} Index: lib/libthr/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libthr/Makefile,v retrieving revision 1.34 diff -u -p -r1.34 Makefile --- lib/libthr/Makefile 29 Mar 2008 17:44:38 -0000 1.34 +++ lib/libthr/Makefile 14 May 2008 20:04:39 -0000 @@ -8,6 +8,8 @@ # (for system call stubs) to CFLAGS below. -DSYSLIBC_SCCS affects just the # system call stubs. +WITHOUT_SSP= + .include .if ${SHLIBDIR} == "/usr/lib" Index: libexec/rtld-elf/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/libexec/rtld-elf/Makefile,v retrieving revision 1.41 diff -u -p -r1.41 Makefile --- libexec/rtld-elf/Makefile 16 May 2007 23:24:15 -0000 1.41 +++ libexec/rtld-elf/Makefile 8 Jun 2008 17:38:10 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/libexec/rtld-elf/Makefile,v 1.41 2007/05/16 23:24:15 marcel Exp $ +WITHOUT_SSP= + .include PROG?= ld-elf.so.1 Index: rescue/librescue/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/librescue/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- rescue/librescue/Makefile 27 Jul 2006 12:28:05 -0000 1.9 +++ rescue/librescue/Makefile 16 Apr 2008 09:11:36 -0000 @@ -2,6 +2,8 @@ # $FreeBSD: src/rescue/librescue/Makefile,v 1.9 2006/07/27 12:28:05 yar Exp $ # +WITHOUT_SSP= + .include # Certain library entries have hard-coded references to Index: rescue/rescue/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/rescue/Makefile,v retrieving revision 1.60 diff -u -p -r1.60 Makefile --- rescue/rescue/Makefile 29 Mar 2008 13:15:33 -0000 1.60 +++ rescue/rescue/Makefile 24 Apr 2008 11:57:04 -0000 @@ -2,6 +2,7 @@ # @(#)Makefile 8.1 (Berkeley) 6/2/93 NO_MAN= +WITHOUT_SSP= .include Index: share/mk/bsd.own.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.own.mk,v retrieving revision 1.74 diff -u -p -r1.74 bsd.own.mk --- share/mk/bsd.own.mk 29 Mar 2008 17:44:39 -0000 1.74 +++ share/mk/bsd.own.mk 14 May 2008 09:51:40 -0000 @@ -280,6 +280,18 @@ WITH_IDEA= .endif # +# Default settings depending on other conditions. +# +OPT_YES= +OPT_NO= + +.if ${MACHINE_ARCH} != "ia64" +OPT_YES+= SSP +.else +OPT_NO+= SSP +.endif + +# # MK_* options which default to "yes". # .for var in \ @@ -349,7 +361,6 @@ WITH_IDEA= SENDMAIL \ SETUID_LOGIN \ SHAREDOCS \ - SSP \ SYMVER \ SYSCONS \ TCSH \ @@ -357,7 +368,8 @@ WITH_IDEA= USB \ WPA_SUPPLICANT_EAPOL \ ZFS \ - ZONEINFO + ZONEINFO \ + ${OPT_YES} .if defined(WITH_${var}) && defined(WITHOUT_${var}) .error WITH_${var} and WITHOUT_${var} can't both be set. .endif @@ -377,7 +389,8 @@ MK_${var}:= yes .for var in \ BIND_LIBS \ HESIOD \ - IDEA + IDEA \ + ${OPT_NO} .if defined(WITH_${var}) && defined(WITHOUT_${var}) .error WITH_${var} and WITHOUT_${var} can't both be set. .endif Index: share/mk/bsd.sys.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.sys.mk,v retrieving revision 1.44 diff -u -p -r1.44 bsd.sys.mk --- share/mk/bsd.sys.mk 22 Nov 2007 23:21:12 -0000 1.44 +++ share/mk/bsd.sys.mk 4 Jun 2008 18:37:49 -0000 @@ -74,5 +74,11 @@ CWARNFLAGS += -Werror CWARNFLAGS += -Wno-unknown-pragmas .endif +.if ${MK_SSP} != "no" && ${CC} != "icc" +# Don't use -Wstack-protector as it breaks world with -Werror. +SSP_CFLAGS ?= -fstack-protector +CFLAGS += ${SSP_CFLAGS} +.endif + # Allow user-specified additional warning flags CFLAGS += ${CWARNFLAGS} Index: sys/boot/Makefile.inc =================================================================== RCS file: sys/boot/Makefile.inc diff -N sys/boot/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/Makefile.inc 16 Apr 2008 09:13:16 -0000 @@ -0,0 +1,2 @@ +# Really, there's no need for stack-smashing protection in /boot programs. +WITHOUT_SSP= Index: sys/boot/arm/Makefile.inc =================================================================== RCS file: sys/boot/arm/Makefile.inc diff -N sys/boot/arm/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/arm/Makefile.inc 28 Mar 2008 07:51:09 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/arm/at91/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/arm/at91/Makefile.inc,v retrieving revision 1.7 diff -u -p -r1.7 Makefile.inc --- sys/boot/arm/at91/Makefile.inc 13 Jul 2007 14:27:04 -0000 1.7 +++ sys/boot/arm/at91/Makefile.inc 28 Mar 2008 07:52:30 -0000 @@ -53,3 +53,5 @@ MK_FPGA:=no .endif .endif + +.include "../Makefile.inc" Index: sys/boot/efi/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/efi/Makefile.inc,v retrieving revision 1.7 diff -u -p -r1.7 Makefile.inc --- sys/boot/efi/Makefile.inc 12 Feb 2004 08:10:33 -0000 1.7 +++ sys/boot/efi/Makefile.inc 28 Mar 2008 06:55:25 -0000 @@ -5,3 +5,5 @@ BINDIR?= /boot # Options used when building app-specific efi components CFLAGS+= -ffreestanding -fshort-wchar -Wformat LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/i386/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/Makefile.inc,v retrieving revision 1.12 diff -u -p -r1.12 Makefile.inc --- sys/boot/i386/Makefile.inc 28 Sep 2006 10:02:04 -0000 1.12 +++ sys/boot/i386/Makefile.inc 28 Mar 2008 07:41:32 -0000 @@ -24,3 +24,5 @@ BTXDIR= ${.CURDIR}/../btx BTXLDR= ${BTXDIR}/btxldr/btxldr BTXKERN= ${BTXDIR}/btx/btx BTXCRT= ${BTXDIR}/lib/crt0.o + +.include "../Makefile.inc" Index: sys/boot/i386/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/loader/Makefile,v retrieving revision 1.85 diff -u -p -r1.85 Makefile --- sys/boot/i386/loader/Makefile 29 May 2007 14:35:57 -0000 1.85 +++ sys/boot/i386/loader/Makefile 16 Apr 2008 09:14:10 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85 2007/05/29 14:35:57 simokawa Exp $ +WITHOUT_SSP= + .include PROG= loader.sym Index: sys/boot/ia64/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- sys/boot/ia64/Makefile.inc 12 Feb 2004 08:10:33 -0000 1.3 +++ sys/boot/ia64/Makefile.inc 28 Mar 2008 07:42:17 -0000 @@ -5,3 +5,5 @@ BINDIR?= /boot # Options used when building standalone components CFLAGS+= -ffreestanding -fshort-wchar -Wformat LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/ia64/common/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/common/Makefile,v retrieving revision 1.1 diff -u -p -r1.1 Makefile --- sys/boot/ia64/common/Makefile 5 Nov 2006 22:03:03 -0000 1.1 +++ sys/boot/ia64/common/Makefile 16 Apr 2008 09:14:35 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/common/Makefile,v 1.1 2006/11/05 22:03:03 marcel Exp $ +WITHOUT_SSP= + .include LIB= ia64 Index: sys/boot/ia64/efi/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/efi/Makefile,v retrieving revision 1.28 diff -u -p -r1.28 Makefile --- sys/boot/ia64/efi/Makefile 5 Nov 2006 22:03:03 -0000 1.28 +++ sys/boot/ia64/efi/Makefile 16 Apr 2008 09:15:11 -0000 @@ -1,6 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/efi/Makefile,v 1.28 2006/11/05 22:03:03 marcel Exp $ NO_MAN= +WITHOUT_SSP= .include Index: sys/boot/ia64/ski/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/ski/Makefile,v retrieving revision 1.20 diff -u -p -r1.20 Makefile --- sys/boot/ia64/ski/Makefile 5 Nov 2006 22:03:04 -0000 1.20 +++ sys/boot/ia64/ski/Makefile 16 Apr 2008 09:15:25 -0000 @@ -1,6 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/ski/Makefile,v 1.20 2006/11/05 22:03:04 marcel Exp $ NO_MAN= +WITHOUT_SSP= .include Index: sys/boot/ofw/Makefile.inc =================================================================== RCS file: sys/boot/ofw/Makefile.inc diff -N sys/boot/ofw/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/ofw/Makefile.inc 28 Mar 2008 07:43:20 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/pc98/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/Makefile.inc,v retrieving revision 1.7 diff -u -p -r1.7 Makefile.inc --- sys/boot/pc98/Makefile.inc 15 Oct 2007 14:20:24 -0000 1.7 +++ sys/boot/pc98/Makefile.inc 28 Mar 2008 07:44:15 -0000 @@ -19,3 +19,5 @@ BTXDIR= ${.CURDIR}/../btx BTXLDR= ${BTXDIR}/btxldr/btxldr BTXKERN= ${BTXDIR}/btx/btx BTXCRT= ${BTXDIR}/lib/crt0.o + +.include "../Makefile.inc" Index: sys/boot/pc98/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/loader/Makefile,v retrieving revision 1.41 diff -u -p -r1.41 Makefile --- sys/boot/pc98/loader/Makefile 2 Nov 2006 00:26:45 -0000 1.41 +++ sys/boot/pc98/loader/Makefile 16 Apr 2008 09:15:51 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/pc98/loader/Makefile,v 1.41 2006/11/02 00:26:45 marcel Exp $ +WITHOUT_SSP= + .include PROG= loader.sym Index: sys/boot/powerpc/Makefile.inc =================================================================== RCS file: sys/boot/powerpc/Makefile.inc diff -N sys/boot/powerpc/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/powerpc/Makefile.inc 28 Mar 2008 07:46:36 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/powerpc/ofw/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/powerpc/ofw/Makefile,v retrieving revision 1.23 diff -u -p -r1.23 Makefile --- sys/boot/powerpc/ofw/Makefile 23 Feb 2008 17:48:23 -0000 1.23 +++ sys/boot/powerpc/ofw/Makefile 16 Apr 2008 09:16:20 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/powerpc/ofw/Makefile,v 1.23 2008/02/23 17:48:23 marcel Exp $ +WITHOUT_SSP= + .include PROG= loader Index: sys/boot/sparc64/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/Makefile.inc,v retrieving revision 1.1 diff -u -p -r1.1 Makefile.inc --- sys/boot/sparc64/Makefile.inc 9 Feb 2004 14:17:02 -0000 1.1 +++ sys/boot/sparc64/Makefile.inc 28 Mar 2008 07:49:09 -0000 @@ -3,3 +3,5 @@ BINDIR?= /boot CFLAGS+= -ffreestanding LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/sparc64/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/loader/Makefile,v retrieving revision 1.20 diff -u -p -r1.20 Makefile --- sys/boot/sparc64/loader/Makefile 17 Mar 2006 18:54:36 -0000 1.20 +++ sys/boot/sparc64/loader/Makefile 16 Apr 2008 09:16:39 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/sparc64/loader/Makefile,v 1.20 2006/03/17 18:54:36 ru Exp $ +WITHOUT_SSP= + .include PROG= loader Index: sys/boot/uboot/Makefile.inc =================================================================== RCS file: sys/boot/uboot/Makefile.inc diff -N sys/boot/uboot/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/uboot/Makefile.inc 28 Mar 2008 07:50:18 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/conf/files =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/files,v retrieving revision 1.1294 diff -u -p -r1.1294 files --- sys/conf/files 21 Apr 2008 10:09:53 -0000 1.1294 +++ sys/conf/files 24 Apr 2008 14:34:34 -0000 @@ -1499,6 +1499,8 @@ kern/posix4_mib.c standard kern/sched_4bsd.c optional sched_4bsd kern/sched_ule.c optional sched_ule kern/serdev_if.m standard +kern/stack_protector.c standard \ + compile-with "${NORMAL_C:N-fstack-protector*}" kern/subr_acl_posix1e.c standard kern/subr_autoconf.c standard kern/subr_blist.c standard Index: sys/conf/kern.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.mk,v retrieving revision 1.52 diff -u -p -r1.52 kern.mk --- sys/conf/kern.mk 24 May 2007 21:53:42 -0000 1.52 +++ sys/conf/kern.mk 29 Mar 2008 13:44:15 -0000 @@ -97,3 +97,10 @@ CFLAGS+= -ffreestanding .if ${CC} == "icc" CFLAGS+= -restrict .endif + +# +# GCC SSP support. +# +.if ${MK_SSP} != "no" && ${CC} != "icc" +CFLAGS+= -fstack-protector +.endif Index: sys/conf/kern.pre.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.pre.mk,v retrieving revision 1.97 diff -u -p -r1.97 kern.pre.mk --- sys/conf/kern.pre.mk 2 Feb 2008 19:55:28 -0000 1.97 +++ sys/conf/kern.pre.mk 29 Mar 2008 14:06:45 -0000 @@ -3,10 +3,7 @@ # Part of a unified Makefile for building kernels. This part contains all # of the definitions that need to be before %BEFORE_DEPEND. -SRCCONF?= /etc/src.conf -.if exists(${SRCCONF}) -.include "${SRCCONF}" -.endif +.include # Can be overridden by makeoptions or /etc/make.conf KERNEL_KO?= kernel Index: sys/kern/stack_protector.c =================================================================== RCS file: sys/kern/stack_protector.c diff -N sys/kern/stack_protector.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/kern/stack_protector.c 29 Mar 2008 18:20:37 -0000 @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#if defined(__SSP__) || defined(__SSP_ALL__) +long __stack_chk_guard[8] = {}; +void __stack_chk_fail(void); + +void +__stack_chk_fail(void) +{ + + panic("stack overflow detected; backtrace may be corrupted"); +} + +#define __arraycount(__x) (sizeof(__x) / sizeof(__x[0])) +static void +__stack_chk_init(void *dummy __unused) +{ + size_t i; + long guard[__arraycount(__stack_chk_guard)]; + + arc4rand(guard, sizeof(guard), 0); + for (i = 0; i < __arraycount(guard); i++) + __stack_chk_guard[i] = guard[i]; +} +/* SI_SUB_EVENTHANDLER is right after SI_SUB_LOCK used by arc4rand() init. */ +SYSINIT(stack_chk, SI_SUB_EVENTHANDLER, SI_ORDER_ANY, __stack_chk_init, NULL); + +#endif --VS++wcV0S1rZb1Fb--