diff options
author | kan <kan@FreeBSD.org> | 2009-06-28 23:51:39 +0000 |
---|---|---|
committer | kan <kan@FreeBSD.org> | 2009-06-28 23:51:39 +0000 |
commit | f780ef8f1980f918f04365b9374ef3f0b5c8652b (patch) | |
tree | 601ae0a8f92e47fd15b2574968520ee80c372d0e | |
parent | 54f24c117ae26fcfb1000a0fe7ab5f376997f7f6 (diff) | |
download | FreeBSD-src-f780ef8f1980f918f04365b9374ef3f0b5c8652b.zip FreeBSD-src-f780ef8f1980f918f04365b9374ef3f0b5c8652b.tar.gz |
Eliminate .text relocations in shared libraries compiled with stack protector.
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC generates
local calls to this function which result in absolute relocations put into
position-independent code segment, making dynamic loader do extra work everys
time given shared library is being relocated and making affected text pages
non-shareable.
Reviewed by: kib
Approved by: re (kensmith)
-rw-r--r-- | Makefile.inc1 | 2 | ||||
-rw-r--r-- | gnu/lib/libgcc/Makefile | 8 | ||||
-rw-r--r-- | gnu/lib/libssp/libssp_nonshared/Makefile | 2 | ||||
-rw-r--r-- | gnu/usr.bin/cc/cc_tools/freebsd-native.h | 8 | ||||
-rw-r--r-- | lib/libc/Makefile | 2 | ||||
-rw-r--r-- | lib/libc/sys/Symbol.map | 1 | ||||
-rw-r--r-- | lib/libc/sys/stack_protector.c | 7 | ||||
-rw-r--r-- | libexec/rtld-elf/Makefile | 2 |
8 files changed, 20 insertions, 12 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1 index 0f8d28e..d05b004 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -1069,7 +1069,7 @@ libraries: # # static libgcc.a prerequisite for shared libc # -_prereq_libs= gnu/lib/libgcc +_prereq_libs= gnu/lib/libssp/libssp_nonshared gnu/lib/libgcc # These dependencies are not automatically generated: # diff --git a/gnu/lib/libgcc/Makefile b/gnu/lib/libgcc/Makefile index 49b96e6..65c99d0 100644 --- a/gnu/lib/libgcc/Makefile +++ b/gnu/lib/libgcc/Makefile @@ -6,6 +6,12 @@ LIB= gcc SHLIB_NAME= libgcc_s.so.1 SHLIBDIR?= /lib +# +# libgcc is linked in last and thus cannot depend on ssp symbols coming +# from earlier libraries. Disable stack protection for this library. +# +WITHOUT_SSP= yes + .include <bsd.own.mk> .include "${.CURDIR}/../../usr.bin/cc/Makefile.tgt" @@ -18,7 +24,7 @@ CFLAGS+= -DIN_GCC -DIN_LIBGCC2 -D__GCC_FLOAT_NOT_NEEDED \ -I${.CURDIR}/../../usr.bin/cc/cc_tools LDFLAGS+= -nodefaultlibs -LDADD+= -lc +LDADD+= -lc -lssp_nonshared OBJS= # added to below in various ways depending on TARGET_ARCH diff --git a/gnu/lib/libssp/libssp_nonshared/Makefile b/gnu/lib/libssp/libssp_nonshared/Makefile index 1dcd54f..9454495 100644 --- a/gnu/lib/libssp/libssp_nonshared/Makefile +++ b/gnu/lib/libssp/libssp_nonshared/Makefile @@ -13,6 +13,6 @@ SRCS= ssp-local.c CFLAGS+= -DHAVE_CONFIG_H CFLAGS+= -I${.CURDIR}/.. -I${GCCLIB}/libssp -I${GCCLIB}/include -CFLAGS+= -fPIC -DPIC +CFLAGS+= -fPIC -DPIC -fvisibility=hidden .include <bsd.lib.mk> diff --git a/gnu/usr.bin/cc/cc_tools/freebsd-native.h b/gnu/usr.bin/cc/cc_tools/freebsd-native.h index 6f7fd7b..b9ddea1 100644 --- a/gnu/usr.bin/cc/cc_tools/freebsd-native.h +++ b/gnu/usr.bin/cc/cc_tools/freebsd-native.h @@ -62,3 +62,11 @@ /* FreeBSD is 4.4BSD derived */ #define bsd4_4 + +/* + * Link in libssp_nonshared to get local hidden symbol for + * __stack_chk_fail_local into each binary that needs it. + * Linux does this with static part of their libc.so linker script, we reuse + * libssp_nonshared.a for the same purpose. + */ +#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared}" diff --git a/lib/libc/Makefile b/lib/libc/Makefile index cf9ef3a..4f13f8e 100644 --- a/lib/libc/Makefile +++ b/lib/libc/Makefile @@ -26,7 +26,7 @@ PRECIOUSLIB= # DPADD+= ${LIBGCC} LDFLAGS+= -nodefaultlibs -LDADD+= -lgcc +LDADD+= -lgcc -lssp_nonshared # Define (empty) variables so that make doesn't give substitution # errors if the included makefiles don't change these: diff --git a/lib/libc/sys/Symbol.map b/lib/libc/sys/Symbol.map index 88bc779..41f34ae 100644 --- a/lib/libc/sys/Symbol.map +++ b/lib/libc/sys/Symbol.map @@ -282,7 +282,6 @@ FBSD_1.0 { socket; socketpair; __stack_chk_fail; - __stack_chk_fail_local; __stack_chk_guard; stat; statfs; diff --git a/lib/libc/sys/stack_protector.c b/lib/libc/sys/stack_protector.c index f753fcd..63beebc 100644 --- a/lib/libc/sys/stack_protector.c +++ b/lib/libc/sys/stack_protector.c @@ -47,7 +47,6 @@ static void __guard_setup(void) __attribute__((__constructor__, __used__)); static void __fail(const char *); void __stack_chk_fail(void); void __chk_fail(void); -void __stack_chk_fail_local(void); /*LINTED used*/ static void @@ -109,8 +108,4 @@ __chk_fail(void) __fail("buffer overflow detected; terminated"); } -void -__stack_chk_fail_local(void) -{ - __stack_chk_fail(); -} +__sym_compat(__stack_chk_fail_local, __stack_chk_fail, FBSD_1.0); diff --git a/libexec/rtld-elf/Makefile b/libexec/rtld-elf/Makefile index 7c20398..5e9729c 100644 --- a/libexec/rtld-elf/Makefile +++ b/libexec/rtld-elf/Makefile @@ -22,7 +22,7 @@ MLINKS= rtld.1 ld-elf.so.1.1 \ CFLAGS+= -fpic -DPIC LDFLAGS+= -shared -Wl,-Bsymbolic DPADD= ${LIBC_PIC} -LDADD= -lc_pic +LDADD= -lc_pic -lssp_nonshared .if ${MACHINE_ARCH} != "ia64" .if ${MK_SYMVER} == "yes" |