Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 2 May 2008 09:01:47 +0200
From:      Jeremie Le Hen <jeremie@le-hen.org>
To:        obrien@freebsd.org
Cc:        freebsd-arch@FreeBSD.org
Subject:   Re: Integration of ProPolice in FreeBSD
Message-ID:  <20080502070147.GE74500@obiwan.tataz.chchile.org>
In-Reply-To: <20080427012416.GA9817@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--eAbsdosE1cNLO4uF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi David,

Sorry for the late reply, I was abroad.

On Sat, Apr 26, 2008 at 06:24:16PM -0700, David O'Brien wrote:
> On Fri, Apr 18, 2008 at 03:27:49PM +0200, Jeremie Le Hen wrote:
> > As you may already know I've integrated GCC's ProPolice into
> > FreeBSD.  The build infrastructure overlord, namely ru@, (I'm
> > quoting kan@) has reviewed the patch and technically it is ready to
> > hit the CVS tree.
> 
> Please post the patch in this thread - your webserver has been very
> difficult to contact.

Indeed, sorry for the disturbance.  I've attached the patch.  This is
what you should hit the tree, except there will be a few additional bits
to prevent self foot-shooting when people will turn -fstack-protector
into -fstack-protector-all in share/mk/bsd.sys.mk.  I'm currently
working on it.

Thanks.
Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

--eAbsdosE1cNLO4uF
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="fbsd8-ssp.diff"

Index: Makefile.inc1
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/Makefile.inc1,v
retrieving revision 1.601
diff -u -p -r1.601 Makefile.inc1
--- Makefile.inc1	2 Mar 2008 11:10:46 -0000	1.601
+++ Makefile.inc1	27 Mar 2008 21:24:53 -0000
@@ -216,6 +216,7 @@ BMAKE=		MAKEOBJDIRPREFIX=${WORLDTMP} \
 		${BMAKEENV} ${MAKE} -f Makefile.inc1 \
 		DESTDIR= \
 		BOOTSTRAPPING=${OSRELDATE} \
+		-DWITHOUT_SSP \
 		-DWITHOUT_HTML -DWITHOUT_INFO -DNO_LINT -DWITHOUT_MAN \
 		-DWITHOUT_NLS -DNO_PIC -DWITHOUT_PROFILE -DNO_SHARED \
 		-DNO_CPU_CFLAGS -DNO_WARNS
@@ -225,6 +226,7 @@ TMAKE=		MAKEOBJDIRPREFIX=${OBJTREE} \
 		${BMAKEENV} ${MAKE} -f Makefile.inc1 \
 		TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \
 		DESTDIR= \
+		-DWITHOUT_SSP \
 		BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS -DNO_WARNS
 
 # cross-tools stage
@@ -437,7 +439,7 @@ build32:
 .if ${MK_KERBEROS} != "no"
 .for _t in obj depend all
 	cd ${.CURDIR}/kerberos5/tools; \
-	    MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= ${_t}
+	    MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= ${_t}
 .endfor
 .endif
 .for _t in obj includes
@@ -459,7 +461,7 @@ build32:
 .endfor
 .for _dir in lib/ncurses/ncurses lib/ncurses/ncursesw lib/libmagic
 	cd ${.CURDIR}/${_dir}; \
-	    MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= build-tools
+	    MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} -DWITHOUT_SSP DESTDIR= build-tools
 .endfor
 	cd ${.CURDIR}; \
 	    ${LIB32WMAKE} -f Makefile.inc1 libraries
@@ -740,13 +742,13 @@ buildkernel:
 	@echo "--------------------------------------------------------------"
 	cd ${KRNLOBJDIR}/${_kernel}; \
 	    MAKESRCPATH=${KERNSRCDIR}/dev/aic7xxx/aicasm \
-	    ${MAKE} -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile
+	    ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS -f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile
 # XXX - Gratuitously builds aicasm in the ``makeoptions NO_MODULES'' case.
 .if !defined(MODULES_WITH_WORLD) && !defined(NO_MODULES) && exists(${KERNSRCDIR}/modules)
 .for target in obj depend all
 	cd ${KERNSRCDIR}/modules/aic7xxx/aicasm; \
 	    MAKEOBJDIRPREFIX=${KRNLOBJDIR}/${_kernel}/modules \
-	    ${MAKE} -DNO_CPU_CFLAGS ${target}
+	    ${MAKE} -DWITHOUT_SSP -DNO_CPU_CFLAGS ${target}
 .endfor
 .endif
 .if !defined(NO_KERNELDEPEND)
Index: lib/libstand/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/lib/libstand/Makefile,v
retrieving revision 1.59
diff -u -p -r1.59 Makefile
--- lib/libstand/Makefile	24 Oct 2007 21:32:57 -0000	1.59
+++ lib/libstand/Makefile	16 Apr 2008 09:11:15 -0000
@@ -12,6 +12,7 @@ NO_PIC=
 INCS=		stand.h
 MAN=		libstand.3
 
+WITHOUT_SSP=
 CFLAGS+= -ffreestanding -Wformat
 CFLAGS+= -I${.CURDIR}
 
Index: rescue/librescue/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/librescue/Makefile,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile
--- rescue/librescue/Makefile	27 Jul 2006 12:28:05 -0000	1.9
+++ rescue/librescue/Makefile	16 Apr 2008 09:11:36 -0000
@@ -2,6 +2,8 @@
 # $FreeBSD: src/rescue/librescue/Makefile,v 1.9 2006/07/27 12:28:05 yar Exp $
 #
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 # Certain library entries have hard-coded references to
Index: rescue/rescue/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/rescue/rescue/Makefile,v
retrieving revision 1.59
diff -u -p -r1.59 Makefile
--- rescue/rescue/Makefile	5 Mar 2008 23:32:12 -0000	1.59
+++ rescue/rescue/Makefile	16 Apr 2008 09:12:02 -0000
@@ -2,6 +2,7 @@
 #	@(#)Makefile	8.1 (Berkeley) 6/2/93
 
 NO_MAN=
+WITHOUT_SSP=
 
 .include <bsd.own.mk>
 
Index: share/mk/bsd.sys.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.sys.mk,v
retrieving revision 1.44
diff -u -p -r1.44 bsd.sys.mk
--- share/mk/bsd.sys.mk	22 Nov 2007 23:21:12 -0000	1.44
+++ share/mk/bsd.sys.mk	29 Mar 2008 23:13:06 -0000
@@ -74,5 +74,10 @@ CWARNFLAGS	+=	-Werror
 CWARNFLAGS	+=	-Wno-unknown-pragmas
 .endif
 
+.if ${MK_SSP} != "no" && ${CC} != "icc"
+CFLAGS		+=	-fstack-protector
+# Don't use -Wstack-protector as it breaks world with -Werror.
+.endif
+
 # Allow user-specified additional warning flags
 CFLAGS		+=	${CWARNFLAGS}
Index: sys/boot/Makefile.inc
===================================================================
RCS file: sys/boot/Makefile.inc
diff -N sys/boot/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/Makefile.inc	16 Apr 2008 09:13:16 -0000
@@ -0,0 +1,2 @@
+# Really, there's no need for stack-smashing protection in /boot programs.
+WITHOUT_SSP=
Index: sys/boot/arm/Makefile.inc
===================================================================
RCS file: sys/boot/arm/Makefile.inc
diff -N sys/boot/arm/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/arm/Makefile.inc	28 Mar 2008 07:51:09 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/arm/at91/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/arm/at91/Makefile.inc,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile.inc
--- sys/boot/arm/at91/Makefile.inc	13 Jul 2007 14:27:04 -0000	1.7
+++ sys/boot/arm/at91/Makefile.inc	28 Mar 2008 07:52:30 -0000
@@ -53,3 +53,5 @@ MK_FPGA:=no
 .endif
 
 .endif
+
+.include "../Makefile.inc"
Index: sys/boot/efi/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/efi/Makefile.inc,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile.inc
--- sys/boot/efi/Makefile.inc	12 Feb 2004 08:10:33 -0000	1.7
+++ sys/boot/efi/Makefile.inc	28 Mar 2008 06:55:25 -0000
@@ -5,3 +5,5 @@ BINDIR?=	/boot
 # Options used when building app-specific efi components
 CFLAGS+=	-ffreestanding -fshort-wchar -Wformat
 LDFLAGS+=	-nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/i386/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/Makefile.inc,v
retrieving revision 1.12
diff -u -p -r1.12 Makefile.inc
--- sys/boot/i386/Makefile.inc	28 Sep 2006 10:02:04 -0000	1.12
+++ sys/boot/i386/Makefile.inc	28 Mar 2008 07:41:32 -0000
@@ -24,3 +24,5 @@ BTXDIR=		${.CURDIR}/../btx
 BTXLDR=		${BTXDIR}/btxldr/btxldr
 BTXKERN=	${BTXDIR}/btx/btx
 BTXCRT=		${BTXDIR}/lib/crt0.o
+
+.include "../Makefile.inc"
Index: sys/boot/i386/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/loader/Makefile,v
retrieving revision 1.85
diff -u -p -r1.85 Makefile
--- sys/boot/i386/loader/Makefile	29 May 2007 14:35:57 -0000	1.85
+++ sys/boot/i386/loader/Makefile	16 Apr 2008 09:14:10 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85 2007/05/29 14:35:57 simokawa Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 PROG=		loader.sym
Index: sys/boot/ia64/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/Makefile.inc,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile.inc
--- sys/boot/ia64/Makefile.inc	12 Feb 2004 08:10:33 -0000	1.3
+++ sys/boot/ia64/Makefile.inc	28 Mar 2008 07:42:17 -0000
@@ -5,3 +5,5 @@ BINDIR?=	/boot
 # Options used when building standalone components
 CFLAGS+=	-ffreestanding -fshort-wchar -Wformat
 LDFLAGS+=	-nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/ia64/common/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/common/Makefile,v
retrieving revision 1.1
diff -u -p -r1.1 Makefile
--- sys/boot/ia64/common/Makefile	5 Nov 2006 22:03:03 -0000	1.1
+++ sys/boot/ia64/common/Makefile	16 Apr 2008 09:14:35 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/ia64/common/Makefile,v 1.1 2006/11/05 22:03:03 marcel Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 LIB=		ia64
Index: sys/boot/ia64/efi/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/efi/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- sys/boot/ia64/efi/Makefile	5 Nov 2006 22:03:03 -0000	1.28
+++ sys/boot/ia64/efi/Makefile	16 Apr 2008 09:15:11 -0000
@@ -1,6 +1,7 @@
 # $FreeBSD: src/sys/boot/ia64/efi/Makefile,v 1.28 2006/11/05 22:03:03 marcel Exp $
 
 NO_MAN=
+WITHOUT_SSP=
 
 .include <bsd.own.mk>
 
Index: sys/boot/ia64/ski/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/ia64/ski/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- sys/boot/ia64/ski/Makefile	5 Nov 2006 22:03:04 -0000	1.20
+++ sys/boot/ia64/ski/Makefile	16 Apr 2008 09:15:25 -0000
@@ -1,6 +1,7 @@
 # $FreeBSD: src/sys/boot/ia64/ski/Makefile,v 1.20 2006/11/05 22:03:04 marcel Exp $
 
 NO_MAN=
+WITHOUT_SSP=
 
 .include <bsd.own.mk>
 
Index: sys/boot/ofw/Makefile.inc
===================================================================
RCS file: sys/boot/ofw/Makefile.inc
diff -N sys/boot/ofw/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/ofw/Makefile.inc	28 Mar 2008 07:43:20 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/pc98/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/Makefile.inc,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile.inc
--- sys/boot/pc98/Makefile.inc	15 Oct 2007 14:20:24 -0000	1.7
+++ sys/boot/pc98/Makefile.inc	28 Mar 2008 07:44:15 -0000
@@ -19,3 +19,5 @@ BTXDIR=		${.CURDIR}/../btx
 BTXLDR=		${BTXDIR}/btxldr/btxldr
 BTXKERN=	${BTXDIR}/btx/btx
 BTXCRT=		${BTXDIR}/lib/crt0.o
+
+.include "../Makefile.inc"
Index: sys/boot/pc98/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/pc98/loader/Makefile,v
retrieving revision 1.41
diff -u -p -r1.41 Makefile
--- sys/boot/pc98/loader/Makefile	2 Nov 2006 00:26:45 -0000	1.41
+++ sys/boot/pc98/loader/Makefile	16 Apr 2008 09:15:51 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/pc98/loader/Makefile,v 1.41 2006/11/02 00:26:45 marcel Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 PROG=		loader.sym
Index: sys/boot/powerpc/Makefile.inc
===================================================================
RCS file: sys/boot/powerpc/Makefile.inc
diff -N sys/boot/powerpc/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/powerpc/Makefile.inc	28 Mar 2008 07:46:36 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/boot/powerpc/ofw/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/powerpc/ofw/Makefile,v
retrieving revision 1.23
diff -u -p -r1.23 Makefile
--- sys/boot/powerpc/ofw/Makefile	23 Feb 2008 17:48:23 -0000	1.23
+++ sys/boot/powerpc/ofw/Makefile	16 Apr 2008 09:16:20 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/powerpc/ofw/Makefile,v 1.23 2008/02/23 17:48:23 marcel Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 PROG=		loader
Index: sys/boot/sparc64/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/Makefile.inc,v
retrieving revision 1.1
diff -u -p -r1.1 Makefile.inc
--- sys/boot/sparc64/Makefile.inc	9 Feb 2004 14:17:02 -0000	1.1
+++ sys/boot/sparc64/Makefile.inc	28 Mar 2008 07:49:09 -0000
@@ -3,3 +3,5 @@
 BINDIR?=	/boot
 CFLAGS+=	-ffreestanding
 LDFLAGS+=	-nostdlib
+
+.include "../Makefile.inc"
Index: sys/boot/sparc64/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/sparc64/loader/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- sys/boot/sparc64/loader/Makefile	17 Mar 2006 18:54:36 -0000	1.20
+++ sys/boot/sparc64/loader/Makefile	16 Apr 2008 09:16:39 -0000
@@ -1,5 +1,7 @@
 # $FreeBSD: src/sys/boot/sparc64/loader/Makefile,v 1.20 2006/03/17 18:54:36 ru Exp $
 
+WITHOUT_SSP=
+
 .include <bsd.own.mk>
 
 PROG=		loader
Index: sys/boot/uboot/Makefile.inc
===================================================================
RCS file: sys/boot/uboot/Makefile.inc
diff -N sys/boot/uboot/Makefile.inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/boot/uboot/Makefile.inc	28 Mar 2008 07:50:18 -0000
@@ -0,0 +1 @@
+.include "../Makefile.inc"
Index: sys/conf/files
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/files,v
retrieving revision 1.1284
diff -u -p -r1.1284 files
--- sys/conf/files	26 Mar 2008 15:23:08 -0000	1.1284
+++ sys/conf/files	27 Mar 2008 21:24:57 -0000
@@ -1507,6 +1507,7 @@ kern/posix4_mib.c		standard
 kern/sched_4bsd.c		optional sched_4bsd
 kern/sched_ule.c		optional sched_ule
 kern/serdev_if.m		standard
+kern/stack_protector.c		standard
 kern/subr_acl_posix1e.c		standard
 kern/subr_autoconf.c		standard
 kern/subr_blist.c		standard
Index: sys/conf/kern.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.mk,v
retrieving revision 1.52
diff -u -p -r1.52 kern.mk
--- sys/conf/kern.mk	24 May 2007 21:53:42 -0000	1.52
+++ sys/conf/kern.mk	29 Mar 2008 13:44:15 -0000
@@ -97,3 +97,10 @@ CFLAGS+=	-ffreestanding
 .if ${CC} == "icc"
 CFLAGS+=	-restrict
 .endif
+
+#
+# GCC SSP support.
+#
+.if ${MK_SSP} != "no" && ${CC} != "icc"
+CFLAGS+=	-fstack-protector
+.endif
Index: sys/conf/kern.pre.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/conf/kern.pre.mk,v
retrieving revision 1.97
diff -u -p -r1.97 kern.pre.mk
--- sys/conf/kern.pre.mk	2 Feb 2008 19:55:28 -0000	1.97
+++ sys/conf/kern.pre.mk	29 Mar 2008 14:06:45 -0000
@@ -3,10 +3,7 @@
 # Part of a unified Makefile for building kernels.  This part contains all
 # of the definitions that need to be before %BEFORE_DEPEND.
 
-SRCCONF?=	/etc/src.conf
-.if exists(${SRCCONF})
-.include "${SRCCONF}"
-.endif
+.include <bsd.own.mk>
 
 # Can be overridden by makeoptions or /etc/make.conf
 KERNEL_KO?=	kernel
Index: sys/kern/stack_protector.c
===================================================================
RCS file: sys/kern/stack_protector.c
diff -N sys/kern/stack_protector.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/kern/stack_protector.c	29 Mar 2008 18:20:37 -0000
@@ -0,0 +1,32 @@
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/systm.h>
+#include <sys/libkern.h>
+
+#if defined(__SSP__) || defined(__SSP_ALL__)
+long __stack_chk_guard[8] = {};
+void __stack_chk_fail(void);
+
+void
+__stack_chk_fail(void)
+{
+
+	panic("stack overflow detected; backtrace may be corrupted");
+}
+
+#define __arraycount(__x)	(sizeof(__x) / sizeof(__x[0]))
+static void
+__stack_chk_init(void *dummy __unused)
+{
+	size_t i;
+	long guard[__arraycount(__stack_chk_guard)];
+
+	arc4rand(guard, sizeof(guard), 0);
+	for (i = 0; i < __arraycount(guard); i++)
+		__stack_chk_guard[i] = guard[i];
+}
+/* SI_SUB_EVENTHANDLER is right after SI_SUB_LOCK used by arc4rand() init. */
+SYSINIT(stack_chk, SI_SUB_EVENTHANDLER, SI_ORDER_ANY, __stack_chk_init, NULL);
+
+#endif

--eAbsdosE1cNLO4uF--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080502070147.GE74500>