From 30b99d798f9728a96d4766dd3f7fcfe5daae8945 Mon Sep 17 00:00:00 2001 From: Roland McGrath Date: Mon, 14 May 2012 16:08:25 -0700 Subject: [PATCH] BZ#10375: Configure magic to use -fno-stack-protector if needed. --- ChangeLog | 9 ++++ Makeconfig | 2 +- NEWS | 28 +++++----- config.make.in | 1 + configure | 139 +++++++++++++++++++++++++++++++++++++++++++++++++ configure.in | 34 ++++++++++++ 6 files changed, 198 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index cde0173851..ecfdebcc13 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ 2012-05-16 Roland McGrath + [BZ #10375] + * configure.in (NM): Add AC_CHECK_TOOL for it. + (libc_extra_cflags): New substituted variable. + Check for -fstack-protector being used implicitly. + * configure: Regenerated. + * config.make.in (config-extra-cflags): New variable, + gets @libc_extra_cflags@. + * Makeconfig (CFLAGS): Add $(config-extra-cflags) near the front. + [BZ #10375] * configure.in: Check for _FORTIFY_SOURCE being predefined. (CPPUNDEFS): New substituted variable; add -U_FORTIFY_SOURCE if needed. diff --git a/Makeconfig b/Makeconfig index b81594f077..3a09764dfa 100644 --- a/Makeconfig +++ b/Makeconfig @@ -668,7 +668,7 @@ CPPFLAGS = $(CPPUNDEFS) $(CPPFLAGS-config) $($(subdir)-CPPFLAGS) \ $(foreach lib,$(libof-$(basename $(@F))) \ $(libof-$(&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_NM+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NM"; then + ac_cv_prog_NM="$NM" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_NM="${ac_tool_prefix}nm" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NM=$ac_cv_prog_NM +if test -n "$NM"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NM" >&5 +$as_echo "$NM" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_NM"; then + ac_ct_NM=$NM + # Extract the first word of "nm", so it can be a program name with args. +set dummy nm; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_NM+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_NM"; then + ac_cv_prog_ac_ct_NM="$ac_ct_NM" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_NM="nm" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_NM=$ac_cv_prog_ac_ct_NM +if test -n "$ac_ct_NM"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NM" >&5 +$as_echo "$ac_ct_NM" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_NM" = x; then + NM="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NM=$ac_ct_NM + fi +else + NM="$ac_cv_prog_NM" +fi + for ac_prog in autoconf do @@ -7577,6 +7671,51 @@ if test $libc_cv_predef_fortify_source = yes; then fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implicitly enables -fstack-protector" >&5 +$as_echo_n "checking whether $CC implicitly enables -fstack-protector... " >&6; } +if ${libc_cv_predef_stack_protector+:} false; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern void foobar (char *); +int +main () +{ +char large_array[2048]; foobar (large_array); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +libc_undefs=`$NM -u conftest.o | + LC_ALL=C $AWK '$1 == "U" { print $2 | "sort -u"; next } { exit(1) }' \ + 2>&5` || { + as_fn_error $? "confusing output from $NM -u" "$LINENO" 5 +} +echo >&5 "libc_undefs='$libc_undefs'" +case "$libc_undefs" in +foobar) libc_cv_predef_stack_protector=no ;; +'__stack_chk_fail +foobar') libc_cv_predef_stack_protector=yes ;; +*) as_fn_error $? "unexpected symbols in test: $libc_undefs" "$LINENO" 5 ;; +esac +else + as_fn_error $? "test compilation failed" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_predef_stack_protector" >&5 +$as_echo "$libc_cv_predef_stack_protector" >&6; } +libc_extra_cflags= +if test $libc_cv_predef_stack_protector = yes; then + libc_extra_cflags=-fno-stack-protector +fi + + ### End of automated tests. ### Now run sysdeps configure fragments. diff --git a/configure.in b/configure.in index 0916e9ec5c..a9ee7334d6 100644 --- a/configure.in +++ b/configure.in @@ -927,6 +927,7 @@ AC_CHECK_PROG_VER(SED, sed, --version, SED=: aux_missing="$aux_missing sed") AC_CHECK_TOOL(READELF, readelf, false) +AC_CHECK_TOOL(NM, nm, false) AC_CHECK_PROGS(AUTOCONF, autoconf, no) case "x$AUTOCONF" in @@ -2052,6 +2053,39 @@ if test $libc_cv_predef_fortify_source = yes; then fi AC_SUBST(CPPUNDEFS) +dnl Check for silly hacked compilers inserting -fstack-protector. +dnl This breaks badly for the early startup code we compile, since +dnl the compiled code can refer to a magic machine-dependent location +dnl for the canary value before we have sufficient setup for that to +dnl work. It's also questionable to build all of libc with this flag +dnl even when you're doing that for most applications you build, since +dnl libc's code is so heavily-used and performance-sensitive. If we +dnl ever really want to make that work, it should be enabled explicitly +dnl in the libc build, not inherited from implicit compiler settings. +AC_CACHE_CHECK([whether $CC implicitly enables -fstack-protector], + libc_cv_predef_stack_protector, [ +AC_TRY_COMPILE([extern void foobar (char *);], + [char large_array[2048]; foobar (large_array);], [ +libc_undefs=`$NM -u conftest.o | + LC_ALL=C $AWK '$1 == "U" { print $2 | "sort -u"; next } { exit(1) }' \ + 2>&AS_MESSAGE_LOG_FD` || { + AC_MSG_ERROR([confusing output from $NM -u]) +} +echo >&AS_MESSAGE_LOG_FD "libc_undefs='$libc_undefs'" +case "$libc_undefs" in +foobar) libc_cv_predef_stack_protector=no ;; +'__stack_chk_fail +foobar') libc_cv_predef_stack_protector=yes ;; +*) AC_MSG_ERROR([unexpected symbols in test: $libc_undefs]) ;; +esac], + [AC_MSG_ERROR([test compilation failed])]) +]) +libc_extra_cflags= +if test $libc_cv_predef_stack_protector = yes; then + libc_extra_cflags=-fno-stack-protector +fi +AC_SUBST(libc_extra_cflags) + ### End of automated tests. ### Now run sysdeps configure fragments.