rendered paste body--- START COMMITLOG ---
commit xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Author: XXX
Date: XXX
pulled in ProPolice patches (SSP) for stack smashing protection
from FreeBSD-current.
This was done by using the following commands:
svn diff -r180011:180012 http://svn.freebsd.org/base/head
svn diff -r180021:180023 http://svn.freebsd.org/base/head
svn diff -r188894:188895 http://svn.freebsd.org/base/head
and massaging the resulting patches somewhat.
The SVN commit logs for these revisions follow:
------------------------------------------------------------------------
r180012 | ru | 2008-06-25 23:33:28 +0200 (Wed, 25 Jun 2008) | 20 lines
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
------------------------------------------------------------------------
r180023 | ru | 2008-06-26 09:56:16 +0200 (Thu, 26 Jun 2008) | 7 lines
Fix a fallout from SSP commit, and make this compile again.
Bonus: including kern.mk just to pick kernel warning flags
was an extremely bad idea anyway, because it also picked
up CFLAGS (it probably wasn't the case at the time of CVS
rev. 1.1, I haven't checked). Remove duplicate CWARNFLAGS
from CFLAGS.
------------------------------------------------------------------------
r180022 | ru | 2008-06-26 09:52:45 +0200 (Thu, 26 Jun 2008) | 12 lines
Fix a chicken-and-egg problem: this files implements SSP support,
so we cannot compile it with -fstack-protector[-all] flags (or
it will self-recurse); this is ensured in sys/conf/files. This
OTOH means that checking for defines __SSP__ and __SSP_ALL__ to
determine if we should be compiling the support is impossible
(which it was trying, resulting in an empty object file). Fix
this by always compiling the symbols in this files. It's good
because it allows us to always have SSP support, and then compile
with SSP selectively.
Reported by: tinderbox
------------------------------------------------------------------------
r188895 | ru | 2009-02-21 16:04:31 +0100 (Sat, 21 Feb 2009) | 4 lines
Fix build when WITH_SSP is set explicitly.
Submitted by: Jeremie Le Hen
------------------------------------------------------------------------
--- END COMMITLOG ---
--- START PATCH ---
diff --git a/Makefile.inc1 b/Makefile.inc1
index ffca288..3d94867 100644
--- a/Makefile.inc1
+++ b/Makefile.inc1
@@ -215,7 +215,6 @@ BMAKE= MAKEOBJDIRPREFIX=${WORLDTMP} \
${BMAKEENV} ${MAKE} -f Makefile.inc1 \
DESTDIR= \
BOOTSTRAPPING=${OSRELDATE} \
- SSP_CFLAGS= \
-DWITHOUT_HTML -DWITHOUT_INFO -DNO_LINT -DWITHOUT_MAN \
-DWITHOUT_NLS -DNO_PIC -DWITHOUT_PROFILE -DNO_SHARED \
-DNO_CPU_CFLAGS -DNO_WARNS -DNO_CTF
@@ -225,7 +224,6 @@ TMAKE= MAKEOBJDIRPREFIX=${OBJTREE} \
${BMAKEENV} ${MAKE} -f Makefile.inc1 \
TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \
DESTDIR= \
- SSP_CFLAGS= \
BOOTSTRAPPING=${OSRELDATE} -DNO_LINT -DNO_CPU_CFLAGS \
-DNO_WARNS -DNO_CTF
@@ -442,7 +440,7 @@ build32:
.if ${MK_KERBEROS} != "no"
.for _t in obj depend all
cd ${.CURDIR}/kerberos5/tools; \
- MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} SSP_CFLAGS= DESTDIR= ${_t}
+ MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= ${_t}
.endfor
.endif
.for _t in obj includes
@@ -464,7 +462,7 @@ build32:
.endfor
.for _dir in lib/ncurses/ncurses lib/ncurses/ncursesw lib/libmagic
cd ${.CURDIR}/${_dir}; \
- MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} SSP_CFLAGS= DESTDIR= build-tools
+ MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} DESTDIR= build-tools
.endfor
cd ${.CURDIR}; \
${LIB32WMAKE} -f Makefile.inc1 libraries
@@ -737,14 +735,14 @@ buildkernel:
@echo "--------------------------------------------------------------"
cd ${KRNLOBJDIR}/${_kernel}; \
MAKESRCPATH=${KERNSRCDIR}/dev/aic7xxx/aicasm \
- ${MAKE} SSP_CFLAGS= -DNO_CPU_CFLAGS -DNO_CTF \
+ ${MAKE} -DNO_CPU_CFLAGS -DNO_CTF \
-f ${KERNSRCDIR}/dev/aic7xxx/aicasm/Makefile
# XXX - Gratuitously builds aicasm in the ``makeoptions NO_MODULES'' case.
.if !defined(MODULES_WITH_WORLD) && !defined(NO_MODULES) && exists(${KERNSRCDIR}/modules)
.for target in obj depend all
cd ${KERNSRCDIR}/modules/aic7xxx/aicasm; \
MAKEOBJDIRPREFIX=${KRNLOBJDIR}/${_kernel}/modules \
- ${MAKE} SSP_CFLAGS= -DNO_CPU_CFLAGS -DNO_CTF ${target}
+ ${MAKE} -DNO_CPU_CFLAGS -DNO_CTF ${target}
.endfor
.endif
.if !defined(NO_KERNELDEPEND)
diff --git a/gnu/lib/Makefile b/gnu/lib/Makefile
index c852ffd..295c71a 100644
--- a/gnu/lib/Makefile
+++ b/gnu/lib/Makefile
@@ -2,7 +2,7 @@
.include <bsd.own.mk>
-SUBDIR= csu libgcc libgcov libdialog libgomp libregex libreadline libssp
+SUBDIR= csu libgcc libgcov libdialog libgomp libregex libreadline
# libsupc++ uses libstdc++ headers, although 'make includes' should
# have taken care of that already.
@@ -14,4 +14,8 @@ SUBDIR+= libstdc++ libsupc++
SUBDIR+= libobjc
.endif
+.if ${MK_SSP} != "no"
+SUBDIR+= libssp
+.endif
+
.include <bsd.subdir.mk>
diff --git a/gnu/lib/csu/Makefile b/gnu/lib/csu/Makefile
index e9cd0bb..cf7c28c 100644
--- a/gnu/lib/csu/Makefile
+++ b/gnu/lib/csu/Makefile
@@ -1,8 +1,5 @@
# $FreeBSD: src/gnu/lib/csu/Makefile,v 1.25.8.1 2009/04/15 03:14:26 kensmith Exp $
-.include <bsd.own.mk>
-MK_SSP= no
-
GCCDIR= ${.CURDIR}/../../../contrib/gcc
GCCLIB= ${.CURDIR}/../../../contrib/gcclibs
CCDIR= ${.CURDIR}/../../usr.bin/cc
diff --git a/gnu/lib/libssp/Makefile b/gnu/lib/libssp/Makefile
index e1bfce8..143197e 100644
--- a/gnu/lib/libssp/Makefile
+++ b/gnu/lib/libssp/Makefile
@@ -1,8 +1,5 @@
# $FreeBSD: src/gnu/lib/libssp/Makefile,v 1.2.8.1 2009/04/15 03:14:26 kensmith Exp $
-.include <bsd.own.mk>
-MK_SSP= no
-
GCCDIR= ${.CURDIR}/../../../contrib/gcc
GCCLIB= ${.CURDIR}/../../../contrib/gcclibs
SRCDIR= ${GCCLIB}/libssp
diff --git a/lib/csu/Makefile.inc b/lib/csu/Makefile.inc
deleted file mode 100644
index 3545446..0000000
--- a/lib/csu/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
-# $FreeBSD$
-
-SSP_CFLAGS=
diff --git a/lib/libc/Makefile b/lib/libc/Makefile
index 3e6659b..e296eda 100644
--- a/lib/libc/Makefile
+++ b/lib/libc/Makefile
@@ -122,9 +122,3 @@ libkern.${MACHINE_ARCH}:: ${KMSRCS}
# Disable warnings in contributed sources.
CWARNFLAGS:= ${.IMPSRC:Ngdtoa_*.c:C/^.+$/${CWARNFLAGS}/}
-# XXX For now, we don't allow libc to be compiled with
-# -fstack-protector-all because it breaks rtld. We may want to make a librtld
-# in the future to circumvent this.
-SSP_CFLAGS:= ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/}
-# Disable stack protection for SSP symbols.
-SSP_CFLAGS:= ${.IMPSRC:N*/stack_protector.c:C/^.+$/${SSP_CFLAGS}/}
diff --git a/lib/libstand/Makefile b/lib/libstand/Makefile
index ceeb183..ab232fc 100644
--- a/lib/libstand/Makefile
+++ b/lib/libstand/Makefile
@@ -6,9 +6,6 @@
# quite large.
#
-.include <bsd.own.mk>
-MK_SSP= no
-
LIB= stand
NO_PROFILE=
NO_PIC=
diff --git a/libexec/rtld-elf/Makefile b/libexec/rtld-elf/Makefile
index 9259787..81f6db5 100644
--- a/libexec/rtld-elf/Makefile
+++ b/libexec/rtld-elf/Makefile
@@ -1,7 +1,6 @@
# $FreeBSD: src/libexec/rtld-elf/Makefile,v 1.41.8.1 2009/04/15 03:14:26 kensmith Exp $
.include <bsd.own.mk>
-MK_SSP= no
PROG?= ld-elf.so.1
SRCS= rtld_start.S \
diff --git a/rescue/librescue/Makefile b/rescue/librescue/Makefile
index 64fa30e..183cd01 100644
--- a/rescue/librescue/Makefile
+++ b/rescue/librescue/Makefile
@@ -3,7 +3,6 @@
#
.include <bsd.own.mk>
-MK_SSP= no
# Certain library entries have hard-coded references to
# /bin, /sbin, etc, that require those entries to be
diff --git a/rescue/rescue/Makefile b/rescue/rescue/Makefile
index c19786b..a1c8142 100644
--- a/rescue/rescue/Makefile
+++ b/rescue/rescue/Makefile
@@ -4,7 +4,6 @@
NO_MAN=
.include <bsd.own.mk>
-MK_SSP= no
PROG= rescue
BINDIR?=/rescue
diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk
index afc0b75..f26fb20 100644
--- a/share/mk/bsd.sys.mk
+++ b/share/mk/bsd.sys.mk
@@ -77,11 +77,5 @@ CWARNFLAGS += -Werror
CWARNFLAGS += -Wno-unknown-pragmas
.endif
-.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64"
-# Don't use -Wstack-protector as it breaks world with -Werror.
-SSP_CFLAGS ?= -fstack-protector
-CFLAGS += ${SSP_CFLAGS}
-.endif
-
# Allow user-specified additional warning flags
CFLAGS += ${CWARNFLAGS}
diff --git a/sys/boot/Makefile.inc b/sys/boot/Makefile.inc
deleted file mode 100644
index 3545446..0000000
--- a/sys/boot/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
-# $FreeBSD$
-
-SSP_CFLAGS=
diff --git a/sys/boot/arm/Makefile.inc b/sys/boot/arm/Makefile.inc
deleted file mode 100644
index 265f86d..0000000
--- a/sys/boot/arm/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
-# $FreeBSD$
-
-.include "../Makefile.inc"
diff --git a/sys/boot/arm/at91/Makefile.inc b/sys/boot/arm/at91/Makefile.inc
index b74e41f..4eeec3a 100644
--- a/sys/boot/arm/at91/Makefile.inc
+++ b/sys/boot/arm/at91/Makefile.inc
@@ -53,5 +53,3 @@ MK_FPGA:=no
.endif
.endif
-
-.include "../Makefile.inc"
diff --git a/sys/boot/efi/Makefile.inc b/sys/boot/efi/Makefile.inc
index 72986ea..068f45d 100644
--- a/sys/boot/efi/Makefile.inc
+++ b/sys/boot/efi/Makefile.inc
@@ -5,5 +5,3 @@ BINDIR?= /boot
# Options used when building app-specific efi components
CFLAGS+= -ffreestanding -fshort-wchar -Wformat
LDFLAGS+= -nostdlib
-
-.include "../Makefile.inc"
diff --git a/sys/boot/i386/Makefile.inc b/sys/boot/i386/Makefile.inc
index 54ff83c..d9d8631 100644
--- a/sys/boot/i386/Makefile.inc
+++ b/sys/boot/i386/Makefile.inc
@@ -24,5 +24,3 @@ BTXDIR= ${.CURDIR}/../btx
BTXLDR= ${BTXDIR}/btxldr/btxldr
BTXKERN= ${BTXDIR}/btx/btx
BTXCRT= ${BTXDIR}/lib/crt0.o
-
-.include "../Makefile.inc"
diff --git a/sys/boot/i386/loader/Makefile b/sys/boot/i386/loader/Makefile
index a69e67f..11d2d15 100644
--- a/sys/boot/i386/loader/Makefile
+++ b/sys/boot/i386/loader/Makefile
@@ -1,7 +1,6 @@
# $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85.2.1.2.1 2009/04/15 03:14:26 kensmith Exp $
.include <bsd.own.mk>
-MK_SSP= no
PROG= loader.sym
INTERNALPROG=
diff --git a/sys/boot/ia64/Makefile.inc b/sys/boot/ia64/Makefile.inc
index c1d539c..f7e003d 100644
--- a/sys/boot/ia64/Makefile.inc
+++ b/sys/boot/ia64/Makefile.inc
@@ -5,5 +5,3 @@ BINDIR?= /boot
# Options used when building standalone components
CFLAGS+= -ffreestanding -fshort-wchar -Wformat
LDFLAGS+= -nostdlib
-
-.include "../Makefile.inc"
diff --git a/sys/boot/ia64/common/Makefile b/sys/boot/ia64/common/Makefile
index 16cbac5..5f644d2 100644
--- a/sys/boot/ia64/common/Makefile
+++ b/sys/boot/ia64/common/Makefile
@@ -1,7 +1,6 @@
# $FreeBSD: src/sys/boot/ia64/common/Makefile,v 1.1.8.1 2009/04/15 03:14:26 kensmith Exp $
.include <bsd.own.mk>
-MK_SSP= no
LIB= ia64
INTERNALLIB=
diff --git a/sys/boot/ia64/efi/Makefile b/sys/boot/ia64/efi/Makefile
index 704a816..8e64f83 100644
--- a/sys/boot/ia64/efi/Makefile
+++ b/sys/boot/ia64/efi/Makefile
@@ -3,7 +3,6 @@
NO_MAN=
.include <bsd.own.mk>
-MK_SSP= no
PROG= loader.sym
INTERNALPROG=
diff --git a/sys/boot/ia64/ski/Makefile b/sys/boot/ia64/ski/Makefile
index 0034c7b..dcc94bf 100644
--- a/sys/boot/ia64/ski/Makefile
+++ b/sys/boot/ia64/ski/Makefile
@@ -3,7 +3,6 @@
NO_MAN=
.include <bsd.own.mk>
-MK_SSP= no
PROG= skiload
STRIP= # We must not strip skiload at install time.
diff --git a/sys/boot/ofw/Makefile.inc b/sys/boot/ofw/Makefile.inc
deleted file mode 100644
index 265f86d..0000000
--- a/sys/boot/ofw/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
-# $FreeBSD$
-
-.include "../Makefile.inc"
diff --git a/sys/boot/pc98/Makefile.inc b/sys/boot/pc98/Makefile.inc
index 1447852..485865e 100644
--- a/sys/boot/pc98/Makefile.inc
+++ b/sys/boot/pc98/Makefile.inc
@@ -19,5 +19,3 @@ BTXDIR= ${.CURDIR}/../btx
BTXLDR= ${BTXDIR}/btxldr/btxldr
BTXKERN= ${BTXDIR}/btx/btx
BTXCRT= ${BTXDIR}/lib/crt0.o
-
-.include "../Makefile.inc"
diff --git a/sys/boot/pc98/boot2/Makefile b/sys/boot/pc98/boot2/Makefile
index c6358de..aa8225f 100644
--- a/sys/boot/pc98/boot2/Makefile
+++ b/sys/boot/pc98/boot2/Makefile
@@ -12,6 +12,7 @@ CFLAGS= -Os -mrtd \
-fno-unit-at-a-time \
-D_KERNEL -DBOOTWAIT=${BOOTWAIT} -DTIMEOUT=${TIMEOUT}
CFLAGS+= -DBOOTSEG=${BOOTSEG} -DBOOTSTACK=${BOOTSTACK}
+CFLAGS+= ${CWARNFLAGS}
CFLAGS+= -I${.CURDIR}/../../.. -I.
# By default, if a serial port is going to be used as console, use COM1
@@ -109,5 +110,5 @@ i386:
CLEANFILES+= machine i386
-CWARNFLAGS!= ${MAKE} -f bsd.own.mk -f ${.CURDIR}/../../../conf/kern.mk -V CWARNFLAGS
+.include "${.CURDIR}/../../../conf/kern.mk"
.include <bsd.prog.mk>
diff --git a/sys/boot/pc98/loader/Makefile b/sys/boot/pc98/loader/Makefile
index 2b716c5..87d0147 100644
--- a/sys/boot/pc98/loader/Makefile
+++ b/sys/boot/pc98/loader/Makefile
@@ -1,7 +1,6 @@
# $FreeBSD: src/sys/boot/pc98/loader/Makefile,v 1.41.8.1 2009/04/15 03:14:26 kensmith Exp $
.include <bsd.own.mk>
-MK_SSP= no
PROG= loader.sym
INTERNALPROG=
diff --git a/sys/boot/powerpc/Makefile.inc b/sys/boot/powerpc/Makefile.inc
deleted file mode 100644
index 265f86d..0000000
--- a/sys/boot/powerpc/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
-# $FreeBSD$
-
-.include "../Makefile.inc"
diff --git a/sys/boot/sparc64/Makefile.inc b/sys/boot/sparc64/Makefile.inc
index 954f930..b09c750 100644
--- a/sys/boot/sparc64/Makefile.inc
+++ b/sys/boot/sparc64/Makefile.inc
@@ -3,5 +3,3 @@
BINDIR?= /boot
CFLAGS+= -ffreestanding
LDFLAGS+= -nostdlib
-
-.include "../Makefile.inc"
diff --git a/sys/boot/sparc64/loader/Makefile b/sys/boot/sparc64/loader/Makefile
index da211f9..2e643ae 100644
--- a/sys/boot/sparc64/loader/Makefile
+++ b/sys/boot/sparc64/loader/Makefile
@@ -1,7 +1,6 @@
# $FreeBSD: src/sys/boot/sparc64/loader/Makefile,v 1.20.8.1 2009/04/15 03:14:26 kensmith Exp $
.include <bsd.own.mk>
-MK_SSP= no
PROG= loader
NEWVERSWHAT= "bootstrap loader" sparc64
diff --git a/sys/conf/files b/sys/conf/files
index 5b888f0..bef9ad0 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -1653,8 +1653,6 @@ kern/posix4_mib.c standard
kern/sched_4bsd.c optional sched_4bsd
kern/sched_ule.c optional sched_ule
kern/serdev_if.m standard
-kern/stack_protector.c standard \
- compile-with "${NORMAL_C:N-fstack-protector*}"
kern/subr_acl_posix1e.c standard
kern/subr_autoconf.c standard
kern/subr_blist.c standard
diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk
index 540dab1..ed4912d 100644
--- a/sys/conf/kern.mk
+++ b/sys/conf/kern.mk
@@ -98,10 +98,3 @@ CFLAGS+= -ffreestanding
.if ${CC} == "icc"
CFLAGS+= -restrict
.endif
-
-#
-# GCC SSP support.
-#
-.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64"
-CFLAGS+= -fstack-protector
-.endif
diff --git a/sys/kern/stack_protector.c b/sys/kern/stack_protector.c
deleted file mode 100644
index 554d47d..0000000
--- a/sys/kern/stack_protector.c
+++ /dev/null
@@ -1,32 +0,0 @@
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/kernel.h>
-#include <sys/systm.h>
-#include <sys/libkern.h>
-
-long __stack_chk_guard[8] = {};
-void __stack_chk_fail(void);
-
-void
-__stack_chk_fail(void)
-{
-
- panic("stack overflow detected; backtrace may be corrupted");
-}
-
-#define __arraycount(__x) (sizeof(__x) / sizeof(__x[0]))
-static void
-__stack_chk_init(void *dummy __unused)
-{
- size_t i;
- long guard[__arraycount(__stack_chk_guard)];
-
- arc4rand(guard, sizeof(guard), 0);
- for (i = 0; i < __arraycount(guard); i++)
- __stack_chk_guard[i] = guard[i];
-}
-/* SI_SUB_EVENTHANDLER is right after SI_SUB_LOCK used by arc4rand() init. */
-SYSINIT(stack_chk, SI_SUB_EVENTHANDLER, SI_ORDER_ANY, __stack_chk_init, NULL);
diff --git a/tools/build/options/WITHOUT_SSP b/tools/build/options/WITHOUT_SSP
index 5a0b888..2f06f27 100644
--- a/tools/build/options/WITHOUT_SSP
+++ b/tools/build/options/WITHOUT_SSP
@@ -1,2 +1,2 @@
.\" $FreeBSD: src/tools/build/options/WITHOUT_SSP,v 1.1.8.1 2009/04/15 03:14:26 kensmith Exp $
-Set to not build world with propolice stack smashing protection.
+Set to not build propolice stack smashing protection library.
--- END PATCH ---