From owner-freebsd-hackers@FreeBSD.ORG Thu Jun 19 15:35:21 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB7EE106566B; Thu, 19 Jun 2008 15:35:21 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by mx1.freebsd.org (Postfix) with ESMTP id 1C6F18FC20; Thu, 19 Jun 2008 15:35:21 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id F2D2B3F633C; Thu, 19 Jun 2008 17:35:19 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id AA8E13F62E9; Thu, 19 Jun 2008 17:35:19 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 60E9E9B497; Thu, 19 Jun 2008 15:31:05 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 5D9E14089; Thu, 19 Jun 2008 17:31:05 +0200 (CEST) Date: Thu, 19 Jun 2008 17:31:05 +0200 From: Jeremie Le Hen To: Robert Watson Message-ID: <20080619153105.GL46885@obiwan.tataz.chchile.org> References: <20080612184237.GC15774@obiwan.tataz.chchile.org> <20080614182623.F66582@fledge.watson.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="O5XBE6gyVG5Rl6Rj" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20080614182623.F66582@fledge.watson.org> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-hackers@freebsd.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 15:35:21 -0000 --O5XBE6gyVG5Rl6Rj Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit Hi Robert, hi all, On Sat, Jun 14, 2008 at 06:27:30PM +0100, Robert Watson wrote: > > On Thu, 12 Jun 2008, Jeremie Le Hen wrote: > > > (This mail has already been sent to -arch@. I'm sending it here now for a > > wider audience because I really need testers.) > > Dear Jeremie, > > Unfortunately, I can't lend my hands to this project as they're currently > full of other stuff. However, I would really be very pleased to see is > [finally] ship a release with ProPolice enabled. We're definitely trailing > the pack in this regard, and I think it's bad practice to not ship with what > are considered industry-standard protections here. Thanks for your work on > this! Thank you for those words or cheer. I inquired some of my friends to get some testing, and in most of case the answer was « I'm running RELENG_7 ». So I've made a patch against RELENG_7. There are only minor changes in src/Makefile.inc1 because -DNO_CTR has been sown all over the file :). So to make it clear for casual glancers: !!! !!! !!! This patch is against RELENG_7. If you can afford a reboot, please test! I need some feedback before it gets committed to -CURRENT. The patch is very stable on my laptop. !!! !!! !!! Thanks you every one. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > --O5XBE6gyVG5Rl6Rj Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="fbsd7-ssp.diff" Index: Makefile.inc1 =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/Makefile.inc1,v retrieving revision 1.588.2.4 diff -u -p -r1.588.2.4 Makefile.inc1 --- Makefile.inc1 24 Feb 2008 14:31:41 -0000 1.588.2.4 +++ Makefile.inc1 18 Jun 2008 21:13:21 -0000 @@ -206,6 +206,7 @@ BMAKE= MAKEOBJDIRPREFIX=${WORLDTMP} \ ${BMAKEENV} ${MAKE} -f Makefile.inc1 \ DESTDIR= \ BOOTSTRAPPING=${OSRELDATE} \ + -DWITHOUT_SSP \ -DWITHOUT_HTML -DWITHOUT_INFO -DNO_LINT -DWITHOUT_MAN \ -DWITHOUT_NLS -DNO_PIC -DWITHOUT_PROFILE -DNO_SHARED \ -DNO_CPU_CFLAGS -DNO_WARNS @@ -215,7 +216,8 @@ TMAKE= MAKEOBJDIRPREFIX=${OBJTREE} \ ${BMAKEENV} ${MAKE} -f Makefile.inc1 \ TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \ DESTDIR= \ - BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS + BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS \ + -DWITHOUT_SSP # cross-tools stage XMAKE= TOOLS_PREFIX=${WORLDTMP} ${BMAKE} \ @@ -425,7 +427,7 @@ build32: .if ${MK_KERBEROS} != "no" .for _t in obj depend all cd ${.CURDIR}/kerberos5/tools; \ - MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= ${_t} + MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= ${_t} .endfor .endif .for _t in obj includes @@ -447,7 +449,7 @@ build32: .endfor .for _dir in lib/ncurses/ncurses lib/ncurses/ncursesw lib/libmagic cd ${.CURDIR}/${_dir}; \ - MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= build-tools + MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= build-tools .endfor cd ${.CURDIR}; \ ${LIB32WMAKE} -f Makefile.inc1 libraries @@ -706,13 +708,13 @@ buildkernel: @echo "--------------------------------------------------------------" cd ${KRNLOBJDIR}/${_kernel}; \ MAKESRCPATH=${KERNSRCDIR}/dev/aic7xxx/aicasm \ - ${MAKE} -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile + ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile # XXX - Gratuitously builds aicasm in the ``makeoptions NO_MODULES'' case. .if !defined(MODULES_WITH_WORLD) && !defined(NO_MODULES) && exists(${KERNSRCDIR}/modules) .for target in obj depend all cd ${KERNSRCDIR}/modules/aic7xxx/aicasm; \ MAKEOBJDIRPREFIX=${KRNLOBJDIR}/${_kernel}/modules \ - ${MAKE} -DNO_CPU_CFLAGS ${target} + ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS ${target} .endfor .endif .if !defined(NO_KERNELDEPEND) Index: gnu/lib/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/Makefile,v retrieving revision 1.42 diff -u -p -r1.42 Makefile --- gnu/lib/Makefile 19 May 2007 04:25:54 -0000 1.42 +++ gnu/lib/Makefile 18 Jun 2008 21:08:09 -0000 @@ -2,7 +2,7 @@ .include -SUBDIR= csu libgcc libgcov libdialog libgomp libregex libreadline +SUBDIR= csu libgcc libgcov libdialog libgomp libregex libreadline libssp # libsupc++ uses libstdc++ headers, although 'make includes' should # have taken care of that already. @@ -14,8 +14,4 @@ SUBDIR+= libstdc++ libsupc++ SUBDIR+= libobjc .endif -.if ${MK_SSP} != "no" -SUBDIR+= libssp -.endif - .include Index: gnu/lib/csu/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/csu/Makefile,v retrieving revision 1.25 diff -u -p -r1.25 Makefile --- gnu/lib/csu/Makefile 19 May 2007 04:25:55 -0000 1.25 +++ gnu/lib/csu/Makefile 18 Jun 2008 21:08:09 -0000 @@ -19,6 +19,7 @@ CFLAGS+= -I${GCCLIB}/include -I${GCCDIR} -I${CCDIR}/cc_tools CRTS_CFLAGS= -DCRTSTUFFS_O -DSHARED ${PICFLAG} MKDEP= -DCRT_BEGIN +WITHOUT_SSP= .if ${MACHINE_ARCH} == "ia64" BEGINSRC= crtbegin.asm Index: gnu/lib/libssp/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/gnu/lib/libssp/Makefile,v retrieving revision 1.2 diff -u -p -r1.2 Makefile --- gnu/lib/libssp/Makefile 22 May 2007 10:40:58 -0000 1.2 +++ gnu/lib/libssp/Makefile 18 Jun 2008 21:08:09 -0000 @@ -10,6 +10,7 @@ LIB= ssp SHLIB_MAJOR= 0 SHLIBDIR?= /lib NO_PROFILE= +WITHOUT_SSP= SRCS= ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \ memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \ Index: lib/csu/Makefile.inc =================================================================== RCS file: lib/csu/Makefile.inc diff -N lib/csu/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ lib/csu/Makefile.inc 18 Jun 2008 21:08:09 -0000 @@ -0,0 +1 @@ +WITHOUT_SSP= Index: lib/libc/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libc/Makefile,v retrieving revision 1.73 diff -u -p -r1.73 Makefile --- lib/libc/Makefile 1 Oct 2007 18:15:10 -0000 1.73 +++ lib/libc/Makefile 18 Jun 2008 21:08:09 -0000 @@ -122,3 +122,9 @@ libkern.${MACHINE_ARCH}:: ${KMSRCS} # Disable warnings in contributed sources. CWARNFLAGS:= ${.IMPSRC:Ngdtoa_*.c:C/^.+$/${CWARNFLAGS}/} +# XXX For now, we don't allow libc to be compiled with +# -fstack-protector-all because it breaks rtld. We may want to make a librtld +# in the future to circumvent this. +SSP_CFLAGS:= ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/} +# Disable stack protection for SSP symbols. +SSP_CFLAGS:= ${.IMPSRC:N*/stack_protector.c:C/^.+$/${SSP_CFLAGS}/} Index: lib/libstand/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libstand/Makefile,v retrieving revision 1.57.2.3 diff -u -p -r1.57.2.3 Makefile --- lib/libstand/Makefile 4 May 2008 11:58:25 -0000 1.57.2.3 +++ lib/libstand/Makefile 18 Jun 2008 21:08:09 -0000 @@ -12,6 +12,7 @@ NO_PIC= INCS= stand.h MAN= libstand.3 +WITHOUT_SSP= CFLAGS+= -ffreestanding -Wformat CFLAGS+= -I${.CURDIR} Index: lib/libthr/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libthr/Makefile,v retrieving revision 1.28 diff -u -p -r1.28 Makefile --- lib/libthr/Makefile 9 Oct 2007 23:31:10 -0000 1.28 +++ lib/libthr/Makefile 18 Jun 2008 21:08:09 -0000 @@ -8,6 +8,8 @@ # (for system call stubs) to CFLAGS below. -DSYSLIBC_SCCS affects just the # system call stubs. +WITHOUT_SSP= + .include .if (${DEFAULT_THREAD_LIB} == "libthr" || ${MK_LIBKSE} == "no") && \ Index: libexec/rtld-elf/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/libexec/rtld-elf/Makefile,v retrieving revision 1.41 diff -u -p -r1.41 Makefile --- libexec/rtld-elf/Makefile 16 May 2007 23:24:15 -0000 1.41 +++ libexec/rtld-elf/Makefile 18 Jun 2008 21:08:09 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/libexec/rtld-elf/Makefile,v 1.41 2007/05/16 23:24:15 marcel Exp $ +WITHOUT_SSP= + .include PROG?= ld-elf.so.1 Index: rescue/librescue/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/librescue/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- rescue/librescue/Makefile 27 Jul 2006 12:28:05 -0000 1.9 +++ rescue/librescue/Makefile 18 Jun 2008 21:08:10 -0000 @@ -2,6 +2,8 @@ # $FreeBSD: src/rescue/librescue/Makefile,v 1.9 2006/07/27 12:28:05 yar Exp $ # +WITHOUT_SSP= + .include # Certain library entries have hard-coded references to Index: rescue/rescue/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/rescue/Makefile,v retrieving revision 1.56 diff -u -p -r1.56 Makefile --- rescue/rescue/Makefile 14 Jul 2007 21:49:22 -0000 1.56 +++ rescue/rescue/Makefile 18 Jun 2008 21:08:10 -0000 @@ -2,6 +2,7 @@ # @(#)Makefile 8.1 (Berkeley) 6/2/93 NO_MAN= +WITHOUT_SSP= .include Index: share/mk/bsd.sys.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.sys.mk,v retrieving revision 1.41 diff -u -p -r1.41 bsd.sys.mk --- share/mk/bsd.sys.mk 24 May 2007 21:53:42 -0000 1.41 +++ share/mk/bsd.sys.mk 18 Jun 2008 21:08:10 -0000 @@ -77,5 +77,11 @@ CWARNFLAGS += -Werror CWARNFLAGS += -Wno-unknown-pragmas .endif +.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64" +# Don't use -Wstack-protector as it breaks world with -Werror. +SSP_CFLAGS ?= -fstack-protector +CFLAGS += ${SSP_CFLAGS} +.endif + # Allow user-specified additional warning flags CFLAGS += ${CWARNFLAGS} Index: sys/boot/Makefile.inc =================================================================== RCS file: sys/boot/Makefile.inc diff -N sys/boot/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -0,0 +1 @@ +WITHOUT_SSP= Index: sys/boot/arm/Makefile.inc =================================================================== RCS file: sys/boot/arm/Makefile.inc diff -N sys/boot/arm/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/arm/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/arm/at91/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/arm/at91/Makefile.inc,v retrieving revision 1.7 diff -u -p -r1.7 Makefile.inc --- sys/boot/arm/at91/Makefile.inc 13 Jul 2007 14:27:04 -0000 1.7 +++ sys/boot/arm/at91/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -53,3 +53,5 @@ MK_FPGA:=no .endif .endif + +.include "../Makefile.inc" Index: sys/boot/efi/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/efi/Makefile.inc,v retrieving revision 1.7 diff -u -p -r1.7 Makefile.inc --- sys/boot/efi/Makefile.inc 12 Feb 2004 08:10:33 -0000 1.7 +++ sys/boot/efi/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -5,3 +5,5 @@ BINDIR?= /boot # Options used when building app-specific efi components CFLAGS+= -ffreestanding -fshort-wchar -Wformat LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/i386/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/Makefile.inc,v retrieving revision 1.12 diff -u -p -r1.12 Makefile.inc --- sys/boot/i386/Makefile.inc 28 Sep 2006 10:02:04 -0000 1.12 +++ sys/boot/i386/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -24,3 +24,5 @@ BTXDIR= ${.CURDIR}/../btx BTXLDR= ${BTXDIR}/btxldr/btxldr BTXKERN= ${BTXDIR}/btx/btx BTXCRT= ${BTXDIR}/lib/crt0.o + +.include "../Makefile.inc" Index: sys/boot/i386/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/loader/Makefile,v retrieving revision 1.85 diff -u -p -r1.85 Makefile --- sys/boot/i386/loader/Makefile 29 May 2007 14:35:57 -0000 1.85 +++ sys/boot/i386/loader/Makefile 18 Jun 2008 21:08:10 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85 2007/05/29 14:35:57 simokawa Exp $ +WITHOUT_SSP= + .include PROG= loader.sym Index: sys/boot/ia64/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- sys/boot/ia64/Makefile.inc 12 Feb 2004 08:10:33 -0000 1.3 +++ sys/boot/ia64/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -5,3 +5,5 @@ BINDIR?= /boot # Options used when building standalone components CFLAGS+= -ffreestanding -fshort-wchar -Wformat LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/ia64/common/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/common/Makefile,v retrieving revision 1.1 diff -u -p -r1.1 Makefile --- sys/boot/ia64/common/Makefile 5 Nov 2006 22:03:03 -0000 1.1 +++ sys/boot/ia64/common/Makefile 18 Jun 2008 21:08:10 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/common/Makefile,v 1.1 2006/11/05 22:03:03 marcel Exp $ +WITHOUT_SSP= + .include LIB= ia64 Index: sys/boot/ia64/efi/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/efi/Makefile,v retrieving revision 1.28 diff -u -p -r1.28 Makefile --- sys/boot/ia64/efi/Makefile 5 Nov 2006 22:03:03 -0000 1.28 +++ sys/boot/ia64/efi/Makefile 18 Jun 2008 21:08:10 -0000 @@ -1,6 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/efi/Makefile,v 1.28 2006/11/05 22:03:03 marcel Exp $ NO_MAN= +WITHOUT_SSP= .include Index: sys/boot/ia64/ski/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/ski/Makefile,v retrieving revision 1.20 diff -u -p -r1.20 Makefile --- sys/boot/ia64/ski/Makefile 5 Nov 2006 22:03:04 -0000 1.20 +++ sys/boot/ia64/ski/Makefile 18 Jun 2008 21:08:10 -0000 @@ -1,6 +1,7 @@ # $FreeBSD: src/sys/boot/ia64/ski/Makefile,v 1.20 2006/11/05 22:03:04 marcel Exp $ NO_MAN= +WITHOUT_SSP= .include Index: sys/boot/ofw/Makefile.inc =================================================================== RCS file: sys/boot/ofw/Makefile.inc diff -N sys/boot/ofw/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/ofw/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/pc98/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/Makefile.inc,v retrieving revision 1.6.2.1 diff -u -p -r1.6.2.1 Makefile.inc --- sys/boot/pc98/Makefile.inc 18 Oct 2007 12:08:53 -0000 1.6.2.1 +++ sys/boot/pc98/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -19,3 +19,5 @@ BTXDIR= ${.CURDIR}/../btx BTXLDR= ${BTXDIR}/btxldr/btxldr BTXKERN= ${BTXDIR}/btx/btx BTXCRT= ${BTXDIR}/lib/crt0.o + +.include "../Makefile.inc" Index: sys/boot/pc98/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/loader/Makefile,v retrieving revision 1.41 diff -u -p -r1.41 Makefile --- sys/boot/pc98/loader/Makefile 2 Nov 2006 00:26:45 -0000 1.41 +++ sys/boot/pc98/loader/Makefile 18 Jun 2008 21:08:10 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/pc98/loader/Makefile,v 1.41 2006/11/02 00:26:45 marcel Exp $ +WITHOUT_SSP= + .include PROG= loader.sym Index: sys/boot/powerpc/Makefile.inc =================================================================== RCS file: sys/boot/powerpc/Makefile.inc diff -N sys/boot/powerpc/Makefile.inc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/boot/powerpc/Makefile.inc 18 Jun 2008 21:08:10 -0000 @@ -0,0 +1 @@ +.include "../Makefile.inc" Index: sys/boot/sparc64/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/Makefile.inc,v retrieving revision 1.1 diff -u -p -r1.1 Makefile.inc --- sys/boot/sparc64/Makefile.inc 9 Feb 2004 14:17:02 -0000 1.1 +++ sys/boot/sparc64/Makefile.inc 18 Jun 2008 21:08:19 -0000 @@ -3,3 +3,5 @@ BINDIR?= /boot CFLAGS+= -ffreestanding LDFLAGS+= -nostdlib + +.include "../Makefile.inc" Index: sys/boot/sparc64/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/loader/Makefile,v retrieving revision 1.20 diff -u -p -r1.20 Makefile --- sys/boot/sparc64/loader/Makefile 17 Mar 2006 18:54:36 -0000 1.20 +++ sys/boot/sparc64/loader/Makefile 18 Jun 2008 21:08:19 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/sparc64/loader/Makefile,v 1.20 2006/03/17 18:54:36 ru Exp $ +WITHOUT_SSP= + .include PROG= loader Index: sys/conf/files =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/files,v retrieving revision 1.1243.2.22 diff -u -p -r1.1243.2.22 files --- sys/conf/files 19 May 2008 12:34:43 -0000 1.1243.2.22 +++ sys/conf/files 18 Jun 2008 21:08:19 -0000 @@ -1490,6 +1490,8 @@ kern/posix4_mib.c standard kern/sched_4bsd.c optional sched_4bsd kern/sched_ule.c optional sched_ule kern/serdev_if.m standard +kern/stack_protector.c standard \ + compile-with "${NORMAL_C:N-fstack-protector*}" kern/subr_acl_posix1e.c standard kern/subr_autoconf.c standard kern/subr_blist.c standard Index: sys/conf/kern.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.mk,v retrieving revision 1.52 diff -u -p -r1.52 kern.mk --- sys/conf/kern.mk 24 May 2007 21:53:42 -0000 1.52 +++ sys/conf/kern.mk 18 Jun 2008 21:08:19 -0000 @@ -97,3 +97,10 @@ CFLAGS+= -ffreestanding .if ${CC} == "icc" CFLAGS+= -restrict .endif + +# +# GCC SSP support. +# +.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64" +CFLAGS+= -fstack-protector +.endif Index: sys/conf/kern.pre.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.pre.mk,v retrieving revision 1.92 diff -u -p -r1.92 kern.pre.mk --- sys/conf/kern.pre.mk 8 Aug 2007 19:12:06 -0000 1.92 +++ sys/conf/kern.pre.mk 18 Jun 2008 21:08:19 -0000 @@ -3,10 +3,7 @@ # Part of a unified Makefile for building kernels. This part contains all # of the definitions that need to be before %BEFORE_DEPEND. -SRCCONF?= /etc/src.conf -.if exists(${SRCCONF}) -.include "${SRCCONF}" -.endif +.include # Can be overridden by makeoptions or /etc/make.conf KERNEL_KO?= kernel Index: sys/kern/stack_protector.c =================================================================== RCS file: sys/kern/stack_protector.c diff -N sys/kern/stack_protector.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sys/kern/stack_protector.c 18 Jun 2008 21:08:19 -0000 @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#if defined(__SSP__) || defined(__SSP_ALL__) +long __stack_chk_guard[8] = {}; +void __stack_chk_fail(void); + +void +__stack_chk_fail(void) +{ + + panic("stack overflow detected; backtrace may be corrupted"); +} + +#define __arraycount(__x) (sizeof(__x) / sizeof(__x[0])) +static void +__stack_chk_init(void *dummy __unused) +{ + size_t i; + long guard[__arraycount(__stack_chk_guard)]; + + arc4rand(guard, sizeof(guard), 0); + for (i = 0; i < __arraycount(guard); i++) + __stack_chk_guard[i] = guard[i]; +} +/* SI_SUB_EVENTHANDLER is right after SI_SUB_LOCK used by arc4rand() init. */ +SYSINIT(stack_chk, SI_SUB_EVENTHANDLER, SI_ORDER_ANY, __stack_chk_init, NULL); + +#endif Index: tools/build/options/WITHOUT_SSP =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/tools/build/options/WITHOUT_SSP,v retrieving revision 1.1 diff -u -p -r1.1 WITHOUT_SSP --- tools/build/options/WITHOUT_SSP 19 May 2007 04:42:58 -0000 1.1 +++ tools/build/options/WITHOUT_SSP 18 Jun 2008 21:08:19 -0000 @@ -1,2 +1,2 @@ .\" $FreeBSD: src/tools/build/options/WITHOUT_SSP,v 1.1 2007/05/19 04:42:58 kan Exp $ -Set to not build propolice stack smashing protection library. +Set to not build world with propolice stack smashing protection. --O5XBE6gyVG5Rl6Rj--