1c0ff6aa23
Later, the aports folder will probably get split up in its own repository. But right now this is simply convenient.
215 lines
10 KiB
Diff
215 lines
10 KiB
Diff
# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++.
|
|
# DP: Build libgcc using -fno-stack-protector.
|
|
|
|
---
|
|
gcc/Makefile.in | 2 ++
|
|
gcc/cp/lang-specs.h | 6 +++---
|
|
gcc/doc/invoke.texi | 4 ++++
|
|
gcc/gcc.c | 18 ++++++++++++++----
|
|
gcc/objc/lang-specs.h | 10 +++++-----
|
|
gcc/objcp/lang-specs.h | 8 ++++----
|
|
6 files changed, 32 insertions(+), 16 deletions(-)
|
|
|
|
Index: b/gcc/gcc.c
|
|
===================================================================
|
|
--- a/gcc/gcc.c
|
|
+++ b/gcc/gcc.c
|
|
@@ -858,6 +858,14 @@ proper position among the other output f
|
|
#define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
|
|
#endif
|
|
|
|
+#ifndef SSP_DEFAULT_SPEC
|
|
+#ifdef TARGET_LIBC_PROVIDES_SSP
|
|
+#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}"
|
|
+#else
|
|
+#define SSP_DEFAULT_SPEC ""
|
|
+#endif
|
|
+#endif
|
|
+
|
|
#ifndef LINK_SSP_SPEC
|
|
#ifdef TARGET_LIBC_PROVIDES_SSP
|
|
#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
|
|
@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC;
|
|
static const char *cc1plus_spec = CC1PLUS_SPEC;
|
|
static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
|
|
static const char *link_ssp_spec = LINK_SSP_SPEC;
|
|
+static const char *ssp_default_spec = SSP_DEFAULT_SPEC;
|
|
static const char *asm_spec = ASM_SPEC;
|
|
static const char *asm_final_spec = ASM_FINAL_SPEC;
|
|
static const char *link_spec = LINK_SPEC;
|
|
@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options =
|
|
static const char *cpp_options =
|
|
"%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
|
|
%{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\
|
|
- %{undef} %{save-temps*:-fpch-preprocess}";
|
|
+ %{undef} %{save-temps*:-fpch-preprocess} %(ssp_default)";
|
|
|
|
/* This contains cpp options which are not passed when the preprocessor
|
|
output will be used by another program. */
|
|
@@ -1301,9 +1310,9 @@ static const struct compiler default_com
|
|
%{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
|
|
%(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
|
|
cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
|
|
- %(cc1_options)}\
|
|
+ %(cc1_options) %(ssp_default)}\
|
|
%{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
|
|
- cc1 %(cpp_unique_options) %(cc1_options)}}}\
|
|
+ cc1 %(cpp_unique_options) %(cc1_options) %(ssp_default)}}}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
|
|
{"-",
|
|
"%{!E:%e-E or -x required when input is from standard input}\
|
|
@@ -1328,7 +1337,7 @@ static const struct compiler default_com
|
|
%W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0},
|
|
{".i", "@cpp-output", 0, 0, 0},
|
|
{"@cpp-output",
|
|
- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
+ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(ssp_default) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{".s", "@assembler", 0, 0, 0},
|
|
{"@assembler",
|
|
"%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
|
|
@@ -1560,6 +1569,7 @@ static struct spec_list static_specs[] =
|
|
INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec),
|
|
INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec),
|
|
INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec),
|
|
+ INIT_STATIC_SPEC ("ssp_default", &ssp_default_spec),
|
|
INIT_STATIC_SPEC ("endfile", &endfile_spec),
|
|
INIT_STATIC_SPEC ("link", &link_spec),
|
|
INIT_STATIC_SPEC ("lib", &lib_spec),
|
|
Index: b/gcc/cp/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/cp/lang-specs.h
|
|
+++ b/gcc/cp/lang-specs.h
|
|
@@ -46,7 +46,7 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
|
|
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:-o %g.s \
|
|
%{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}}%V}}}}",
|
|
@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
|
|
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{".ii", "@c++-cpp-output", 0, 0, 0},
|
|
{"@c++-cpp-output",
|
|
"%{!M:%{!MM:%{!E:\
|
|
- cc1plus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1plus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/params.def
|
|
===================================================================
|
|
--- a/gcc/params.def
|
|
+++ b/gcc/params.def
|
|
@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
|
|
DEFPARAM (PARAM_SSP_BUFFER_SIZE,
|
|
"ssp-buffer-size",
|
|
"The lower bound for a buffer to be considered for stack smashing protection.",
|
|
- 8, 1, 0)
|
|
+ 4, 1, 0)
|
|
|
|
DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING,
|
|
"min-size-for-stack-sharing",
|
|
Index: b/gcc/objc/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/objc/lang-specs.h
|
|
+++ b/gcc/objc/lang-specs.h
|
|
@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3.
|
|
%{traditional|traditional-cpp:\
|
|
%eGNU Objective C no longer supports traditional compilation}\
|
|
%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
|
|
- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\
|
|
+ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:\
|
|
- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\
|
|
+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objective-c-header",
|
|
"%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\
|
|
@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3.
|
|
%{traditional|traditional-cpp:\
|
|
%eGNU Objective C no longer supports traditional compilation}\
|
|
%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
|
|
- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ cc1obj -fpreprocessed %b.mi %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
-o %g.s %{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}%V}\
|
|
%{!save-temps*:%{!no-integrated-cpp:\
|
|
- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
-o %g.s %{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0},
|
|
{".mi", "@objective-c-cpp-output", 0, 0, 0},
|
|
{"@objective-c-cpp-output",
|
|
- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objc-cpp-output",
|
|
"%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\
|
|
- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/objcp/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/objcp/lang-specs.h
|
|
+++ b/gcc/objcp/lang-specs.h
|
|
@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
|
|
cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
-o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{"@objective-c++",
|
|
@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
|
|
cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{".mii", "@objective-c++-cpp-output", 0, 0, 0},
|
|
{"@objective-c++-cpp-output",
|
|
"%{!M:%{!MM:%{!E:\
|
|
- cc1objplus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objc++-cpp-output",
|
|
"%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\
|
|
%{!M:%{!MM:%{!E:\
|
|
- cc1objplus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/doc/invoke.texi
|
|
===================================================================
|
|
--- a/gcc/doc/invoke.texi
|
|
+++ b/gcc/doc/invoke.texi
|
|
@@ -9247,6 +9247,9 @@
|
|
The minimum size of variables taking part in stack slot sharing when not
|
|
optimizing. The default value is 32.
|
|
|
|
+The Alpine Linux default is "4", to increase
|
|
+the number of functions protected by the stack protector.
|
|
+
|
|
@item max-jump-thread-duplication-stmts
|
|
Maximum number of statements allowed in a block that needs to be
|
|
duplicated when threading jumps.
|
|
@@ -10185,6 +10188,11 @@
|
|
Like @option{-fstack-protector} but includes additional functions to
|
|
be protected --- those that have local array definitions, or have
|
|
references to local frame addresses.
|
|
+
|
|
+NOTE: In Alpine Linux,
|
|
+@option{-fstack-protector-strong} is enabled by default for C,
|
|
+C++, ObjC, ObjC++, if none of @option{-fno-stack-protector},
|
|
+@option{-nostdlib}, nor @option{-ffreestanding} are found.
|
|
|
|
@item -fstack-protector-explicit
|
|
@opindex fstack-protector-explicit
|