This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

--enable-stack-protector for glibc, v7


This is version 7 of the stack-protected glibc patch, incorporating all review
comments to date (unless I missed some).

It's not rebased and is still against glibc head as of a few months ago,
a5df3210a641c17, though I have also tested it with HEAD as of last week.  Patches
that have been merged upstream have been dropped, and cherry-picked back in when
testing.  (However, after I tested, Florian's patch f06f3f05 was merged, which
clashes with patch 3, the ifunc resolver protection patch, because it drops
an ifunc resolver.  Fixing this clash is trivial, but will obviously require
me to rebase the patch series, so perhaps the person doing the patch
application would rather do that.)

Tested with these flag combinations on {i686,x86_64)-pc-linux-gnu:

--enable-omitfp --enable-stack-protector=all
--enable-stack-protector
--enable-stack-protector=strong
--enable-stack-protector=all
--enable-stackguard-randomization --enable-stack-protector=all
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector=strong
--enable-omitfp --enable-stackguard-randomization --enable-stack-protector=all
--disable-stack-protector
--enable-stack-protector=no

Tested with with these flag combinations on sparc{32,64}-pc-linux-gnu:

--enable-stack-protector
--enable-stack-protector=strong
--enable-stackguard-randomization --enable-stack-protector=strong
--enable-stackguard-randomization --enable-stack-protector=all
--disable-stack-protector

Tested with these flag combinations on armv7l-unknown-linux-gnueabihf (it
happened to have GCC 4.8, so -strong wasn't available):

--enable-stackguard-randomization --enable-stack-protector
--enable-stackguard-randomization --enable-stack-protector=all --enable-omitfp
--disable-stack-protector

No failures are observed that are not also observed on an unpatched glibc with
the same flag combinations.

On the copyright assignment front, I am informed that Oracle has a blanket
assignment on file for glibc work, so I don't need to do anything. (Patch 11 is
in Adhemerval's name, but obviously there's no assignment problem there either.)

Overview of changes in this posting:

 - Dropped "Allow overriding of CFLAGS as well as CPPFLAGS for rtld." and
   "x86, pthread_cond_*wait: Do not depend on %eax not being clobbered":
   merged upstream.

 - Report the argument value used in --enable-stack-protector on error; fix
   quoting.  [Review comment from Mike Frysinger.]

 - Comment on the reason for some $(no-stack-protector)isms.

 - Stack-protect sigreturn.c, and say why stack-protecting sigreturn handlers
   stubs is necessary.  [Review comment from David Miller.]


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]