diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2020-01-16 03:38:06 +0000 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2020-01-16 03:38:06 +0000 |
| commit | c79d5c1c8076a26d166a66ceccf281d0a0b49853 (patch) | |
| tree | e11debab09d7b705b4988c321d7ad43d502e3774 | |
| parent | 214409019bec87e6b002046a94a47526ca69b4d0 (diff) | |
| download | src-c79d5c1c8076a26d166a66ceccf281d0a0b49853.tar.gz src-c79d5c1c8076a26d166a66ceccf281d0a0b49853.zip | |
MFC r356356, r356358, r356422: replace gcclibs' libssp
r356356:
Provide libssp based on libc
For libssp.so, rebuild stack_protector.c with FORTIFY_SOURCE stubs that just
abort built into it.
For libssp_nonshared.a, steal stack_protector_compat.c from
^/lib/libc/secure and massage it to maintain that __stack_chk_fail_local
is a hidden symbol.
libssp is now built unconditionally regardless of {WITH,WITHOUT}_SSP in the
build environment, and the gcclibs version has been disconnected from the
build in favor of this one.
r356358:
libssp: fix FORTIFY_SOURCE stub declarations
The LSB 4.1 that I referenced omitted the varargs, and I failed to catch it.
The __vsnprintf_chk error was from just downright misreading the page. GCC6
caught all of these, but I had only tested GCC4.2.
r356422:
Update libssp paths in various Makefile.depend* files
I've been advised that the model that uses these are fairly resilient, but
we do know the proper path to use (or remove, in the case of ^/targets/...),
so go ahead and update them to reflect that.
Notes
Notes:
svn path=/stable/11/; revision=356775
| -rw-r--r-- | Makefile.inc1 | 2 | ||||
| -rw-r--r-- | ObsoleteFiles.inc | 7 | ||||
| -rw-r--r-- | gnu/lib/Makefile | 4 | ||||
| -rw-r--r-- | lib/Makefile | 6 | ||||
| -rw-r--r-- | lib/libssp/Makefile | 20 | ||||
| -rw-r--r-- | lib/libssp/Symbol.map | 26 | ||||
| -rw-r--r-- | lib/libssp/Versions.def | 4 | ||||
| -rw-r--r-- | lib/libssp/fortify_stubs.c | 134 | ||||
| -rw-r--r-- | lib/libssp_nonshared/Makefile | 11 | ||||
| -rw-r--r-- | lib/libssp_nonshared/libssp_nonshared.c | 17 | ||||
| -rw-r--r-- | share/mk/local.dirdeps.mk | 2 | ||||
| -rw-r--r-- | share/mk/local.gendirdeps.mk | 2 | ||||
| -rw-r--r-- | share/mk/src.libnames.mk | 4 | ||||
| -rw-r--r-- | targets/pseudo/userland/gnu/Makefile.depend | 2 | ||||
| -rw-r--r-- | tools/build/mk/OptionalObsoleteFiles.inc | 35 |
15 files changed, 229 insertions, 47 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1 index 7f0a42d83088..87bc58c708e3 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -2114,7 +2114,7 @@ libraries: .MAKE .PHONY # # static libgcc.a prerequisite for shared libc # -_prereq_libs= gnu/lib/libssp/libssp_nonshared gnu/lib/libgcc lib/libcompiler_rt +_prereq_libs= lib/libssp_nonshared gnu/lib/libgcc lib/libcompiler_rt # These dependencies are not automatically generated: # diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index a6df35f70b1b..e377d6cef870 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -38,6 +38,13 @@ # xargs -n1 | sort | uniq -d; # done +# 20200115: gcc libssp removed +OLD_FILES+=usr/include/ssp/ssp.h +OLD_FILES+=usr/include/ssp/stdio.h +OLD_FILES+=usr/include/ssp/string.h +OLD_FILES+=usr/include/ssp/unistd.h +OLD_DIRS+=usr/include/ssp + # 20190723: new clang import which bumps version from 8.0.0 to 8.0.1. OLD_FILES+=usr/lib/clang/8.0.0/include/sanitizer/allocator_interface.h OLD_FILES+=usr/lib/clang/8.0.0/include/sanitizer/asan_interface.h diff --git a/gnu/lib/Makefile b/gnu/lib/Makefile index 6d75b906b3db..f19a8f908bf8 100644 --- a/gnu/lib/Makefile +++ b/gnu/lib/Makefile @@ -10,10 +10,6 @@ SUBDIR+= libgcc SUBDIR+= libgcov libgomp .endif -.if ${MK_SSP} != "no" -SUBDIR+= libssp -.endif - .if ${MK_TESTS} != "no" SUBDIR+= tests .endif diff --git a/lib/Makefile b/lib/Makefile index 2b0938ce7d8f..0144624876a5 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -18,6 +18,8 @@ SUBDIR_BOOTSTRAP= \ ${_libcplusplus} \ ${_libcxxrt} \ libelf \ + libssp \ + libssp_nonshared \ msun # The main list; please keep these sorted alphabetically. @@ -136,7 +138,9 @@ SUBDIR_DEPEND_libatm= libmd SUBDIR_DEPEND_libauditdm= libbsm SUBDIR_DEPEND_libbsnmp= ${_libnetgraph} SUBDIR_DEPEND_libc++:= libcxxrt -SUBDIR_DEPEND_libc= libcompiler_rt +# libssp_nonshared doesn't need to be linked into libc on every arch, but it is +# small enough to build that this bit of serialization is likely insignificant. +SUBDIR_DEPEND_libc= libcompiler_rt libssp_nonshared SUBDIR_DEPEND_libcam= libsbuf SUBDIR_DEPEND_libcasper= libnv SUBDIR_DEPEND_libdevstat= libkvm diff --git a/lib/libssp/Makefile b/lib/libssp/Makefile new file mode 100644 index 000000000000..63c4f5e6557f --- /dev/null +++ b/lib/libssp/Makefile @@ -0,0 +1,20 @@ +# $FreeBSD$ + +PACKAGE= clibs +SHLIBDIR?= /lib +SHLIB= ssp +SHLIB_MAJOR= 0 + +VERSION_DEF= ${.CURDIR}/Versions.def +SYMBOL_MAPS= ${.CURDIR}/Symbol.map + +.PATH: ${SRCTOP}/lib/libc/secure +CFLAGS+= -I${SRCTOP}/lib/libc/include +# _elf_aux_info is exported from libc as elf_aux_info(3), so just that for the +# libssp build instead. +CFLAGS+= -D_elf_aux_info=elf_aux_info +SRCS= stack_protector.c fortify_stubs.c + +CFLAGS.fortify_stubs.c= -Wno-unused-parameter + +.include <bsd.lib.mk> diff --git a/lib/libssp/Symbol.map b/lib/libssp/Symbol.map new file mode 100644 index 000000000000..51f9b784c81f --- /dev/null +++ b/lib/libssp/Symbol.map @@ -0,0 +1,26 @@ +/* + * $FreeBSD$ + */ + +LIBSSP_1.0 { + __chk_fail; + __stack_chk_fail; + __stack_chk_guard; + + /* + * Currently unsupported: _FORTIFY_SOURCE symbols. It is believed + * that these have never been used on FreeBSD, as our headers lack the + * support that would have generated references to them. + */ + __memcpy_chk; + __memset_chk; + __snprintf_chk; + __sprintf_chk; + __stpcpy_chk; + __strcat_chk; + __strcpy_chk; + __strncat_chk; + __strncpy_chk; + __vsnprintf_chk; + __vsprintf_chk; +}; diff --git a/lib/libssp/Versions.def b/lib/libssp/Versions.def new file mode 100644 index 000000000000..bbad6a02d007 --- /dev/null +++ b/lib/libssp/Versions.def @@ -0,0 +1,4 @@ +# $FreeBSD$ + +LIBSSP_1.0 { +}; diff --git a/lib/libssp/fortify_stubs.c b/lib/libssp/fortify_stubs.c new file mode 100644 index 000000000000..32dc4b25c58b --- /dev/null +++ b/lib/libssp/fortify_stubs.c @@ -0,0 +1,134 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2019 Kyle Evans <kevans@FreeBSD.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/types.h> + +#include <stdarg.h> +#include <stdlib.h> + +/* Signatures grabbed from LSB Core Specification 4.1 */ +void *__memcpy_chk(void *dst, const void *src, size_t len, + size_t dstlen); +void *__memset_chk(void *dst, int c, size_t len, size_t dstlen); +int __snprintf_chk(char *str, size_t maxlen, int flag, size_t strlen, + const char *fmt, ...); +int __sprintf_chk(char *str, int flag, size_t strlen, const char *fmt, ...); +char *__stpcpy_chk(char *dst, const char *src, size_t dstlen); +char *__strcat_chk(char *dst, const char *src, size_t dstlen); +char *__strcpy_chk(char *dst, const char *src, size_t dstlen); +char *__strncat_chk(char *dst, const char *src, size_t len, size_t dstlen); +char *__strncpy_chk(char *dst, const char *src, size_t len, size_t dstlen); +int __vsnprintf_chk(char *str, size_t size, int flags, size_t len, + const char *format, va_list ap); +int __vsprintf_chk(char *str, int flag, size_t slen, const char *format, + va_list ap); + +#define ABORT() abort2("_FORTIFY_SOURCE not supported", 0, NULL) + +void * +__memcpy_chk(void *dst, const void *src, size_t len, + size_t dstlen) +{ + + ABORT(); +} + +void * +__memset_chk(void *dst, int c, size_t len, size_t dstlen) +{ + + ABORT(); +} + +int +__snprintf_chk(char *str, size_t maxlen, int flag, size_t strlen, + const char *fmt, ...) +{ + + ABORT(); +} + +int +__sprintf_chk(char *str, int flag, size_t strlen, const char *fmt, ...) +{ + + ABORT(); +} + +char * +__stpcpy_chk(char *dst, const char *src, size_t dstlen) +{ + + ABORT(); +} + +char * +__strcat_chk(char *dst, const char *src, size_t dstlen) +{ + + ABORT(); +} + +char * +__strcpy_chk(char *dst, const char *src, size_t dstlen) +{ + + ABORT(); +} + +char * +__strncat_chk(char *dst, const char *src, size_t len, size_t dstlen) +{ + + ABORT(); +} + +char * +__strncpy_chk(char *dst, const char *src, size_t len, size_t dstlen) +{ + + ABORT(); +} + +int +__vsnprintf_chk(char *str, size_t size, int flags, size_t len, + const char *format, va_list ap) +{ + + ABORT(); +} + +int +__vsprintf_chk(char *str, int flag, size_t slen, const char *format, + va_list ap) +{ + + ABORT(); +} diff --git a/lib/libssp_nonshared/Makefile b/lib/libssp_nonshared/Makefile new file mode 100644 index 000000000000..44afe12b4b6e --- /dev/null +++ b/lib/libssp_nonshared/Makefile @@ -0,0 +1,11 @@ +# $FreeBSD$ + +PACKAGE= clibs +LIB= ssp_nonshared +NO_PIC= +MK_PROFILE= no + +SRCS= libssp_nonshared.c +CFLAGS+= -fPIC + +.include <bsd.lib.mk> diff --git a/lib/libssp_nonshared/libssp_nonshared.c b/lib/libssp_nonshared/libssp_nonshared.c new file mode 100644 index 000000000000..ab07badbf9fc --- /dev/null +++ b/lib/libssp_nonshared/libssp_nonshared.c @@ -0,0 +1,17 @@ +/* + * Written by Alexander Kabaev <kan@FreeBSD.org> + * The file is in public domain. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +void __stack_chk_fail(void); +void __stack_chk_fail_local(void); + +void __hidden +__stack_chk_fail_local(void) +{ + + __stack_chk_fail(); +} diff --git a/share/mk/local.dirdeps.mk b/share/mk/local.dirdeps.mk index fd675a9fcb08..55af947c60af 100644 --- a/share/mk/local.dirdeps.mk +++ b/share/mk/local.dirdeps.mk @@ -63,7 +63,7 @@ DIRDEPS_FILTER.xtras+= Nusr.bin/clang/clang.host .if ${DEP_RELDIR} == "lib/libc" DIRDEPS += lib/libc_nonshared .if ${MK_SSP:Uno} != "no" -DIRDEPS += gnu/lib/libssp/libssp_nonshared +DIRDEPS += lib/libssp_nonshared .endif .else DIRDEPS_FILTER.xtras+= Nlib/libc_nonshared diff --git a/share/mk/local.gendirdeps.mk b/share/mk/local.gendirdeps.mk index 5df941602f77..607310a3295e 100644 --- a/share/mk/local.gendirdeps.mk +++ b/share/mk/local.gendirdeps.mk @@ -7,7 +7,7 @@ GENDIRDEPS_HEADER= echo '\# ${FreeBSD:L:@v@$$$v$$ @:M*F*}'; # local.dirdeps.mk will put them in if necessary GENDIRDEPS_FILTER+= \ Nbin/cat.host \ - Ngnu/lib/libssp/libssp_nonshared \ + Nlib/libssp_nonshared \ Ncddl/usr.bin/ctf* \ Nlib/libc_nonshared \ Ntargets/pseudo/stage* \ diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index c6b6aa7dbae9..cb371b7bc41a 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -501,8 +501,8 @@ LIBDIALOGDIR= ${OBJTOP}/gnu/lib/libdialog LIBGCOVDIR= ${OBJTOP}/gnu/lib/libgcov LIBGOMPDIR= ${OBJTOP}/gnu/lib/libgomp LIBGNUREGEXDIR= ${OBJTOP}/gnu/lib/libregex -LIBSSPDIR= ${OBJTOP}/gnu/lib/libssp -LIBSSP_NONSHAREDDIR= ${OBJTOP}/gnu/lib/libssp/libssp_nonshared +LIBSSPDIR= ${OBJTOP}/lib/libssp +LIBSSP_NONSHAREDDIR= ${OBJTOP}/lib/libssp_nonshared LIBSUPCPLUSPLUSDIR= ${OBJTOP}/gnu/lib/libsupc++ LIBASN1DIR= ${OBJTOP}/kerberos5/lib/libasn1 LIBGSSAPI_KRB5DIR= ${OBJTOP}/kerberos5/lib/libgssapi_krb5 diff --git a/targets/pseudo/userland/gnu/Makefile.depend b/targets/pseudo/userland/gnu/Makefile.depend index 5c6581b8f2d9..9276a361bc1e 100644 --- a/targets/pseudo/userland/gnu/Makefile.depend +++ b/targets/pseudo/userland/gnu/Makefile.depend @@ -15,8 +15,6 @@ DIRDEPS = \ gnu/lib/libreadline/history/doc \ gnu/lib/libreadline/readline/doc \ gnu/lib/libregex/doc \ - gnu/lib/libssp \ - gnu/lib/libssp/libssp_nonshared \ gnu/lib/libstdc++ \ gnu/lib/libsupc++ \ gnu/usr.bin/binutils/ar \ diff --git a/tools/build/mk/OptionalObsoleteFiles.inc b/tools/build/mk/OptionalObsoleteFiles.inc index 235f4dcc4370..3838f6c12e25 100644 --- a/tools/build/mk/OptionalObsoleteFiles.inc +++ b/tools/build/mk/OptionalObsoleteFiles.inc @@ -7636,41 +7636,6 @@ OLD_FILES+=usr/share/doc/pjdfstest/README OLD_DIRS+=usr/share/doc/pjdfstest .endif -.if ${MK_SSP} == no -OLD_LIBS+=lib/libssp.so.0 -OLD_FILES+=usr/include/ssp/ssp.h -OLD_FILES+=usr/include/ssp/stdio.h -OLD_FILES+=usr/include/ssp/string.h -OLD_FILES+=usr/include/ssp/unistd.h -OLD_FILES+=usr/lib/libssp.a -OLD_FILES+=usr/lib/libssp.so -OLD_FILES+=usr/lib/libssp_nonshared.a -OLD_FILES+=usr/lib32/libssp.a -OLD_FILES+=usr/lib32/libssp.so -OLD_LIBS+=usr/lib32/libssp.so.0 -OLD_FILES+=usr/lib32/libssp_nonshared.a -OLD_FILES+=usr/tests/lib/libc/ssp/Kyuafile -OLD_FILES+=usr/tests/lib/libc/ssp/h_fgets -OLD_FILES+=usr/tests/lib/libc/ssp/h_getcwd -OLD_FILES+=usr/tests/lib/libc/ssp/h_gets -OLD_FILES+=usr/tests/lib/libc/ssp/h_memcpy -OLD_FILES+=usr/tests/lib/libc/ssp/h_memmove -OLD_FILES+=usr/tests/lib/libc/ssp/h_memset -OLD_FILES+=usr/tests/lib/libc/ssp/h_read -OLD_FILES+=usr/tests/lib/libc/ssp/h_readlink -OLD_FILES+=usr/tests/lib/libc/ssp/h_snprintf -OLD_FILES+=usr/tests/lib/libc/ssp/h_sprintf -OLD_FILES+=usr/tests/lib/libc/ssp/h_stpcpy -OLD_FILES+=usr/tests/lib/libc/ssp/h_stpncpy -OLD_FILES+=usr/tests/lib/libc/ssp/h_strcat -OLD_FILES+=usr/tests/lib/libc/ssp/h_strcpy -OLD_FILES+=usr/tests/lib/libc/ssp/h_strncat -OLD_FILES+=usr/tests/lib/libc/ssp/h_strncpy -OLD_FILES+=usr/tests/lib/libc/ssp/h_vsnprintf -OLD_FILES+=usr/tests/lib/libc/ssp/h_vsprintf -OLD_FILES+=usr/tests/lib/libc/ssp/ssp_test -.endif - .if ${MK_SYSCONS} == no OLD_FILES+=usr/share/syscons/fonts/INDEX.fonts OLD_FILES+=usr/share/syscons/fonts/armscii8-8x14.fnt |