215 lines
10 KiB
Diff
215 lines
10 KiB
Diff
# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++.
|
|
# DP: Build libgcc using -fno-stack-protector.
|
|
|
|
---
|
|
gcc/Makefile.in | 2 ++
|
|
gcc/cp/lang-specs.h | 6 +++---
|
|
gcc/doc/invoke.texi | 4 ++++
|
|
gcc/gcc.c | 18 ++++++++++++++----
|
|
gcc/objc/lang-specs.h | 10 +++++-----
|
|
gcc/objcp/lang-specs.h | 8 ++++----
|
|
6 files changed, 32 insertions(+), 16 deletions(-)
|
|
|
|
Index: b/gcc/gcc.c
|
|
===================================================================
|
|
--- a/gcc/gcc.c
|
|
+++ b/gcc/gcc.c
|
|
@@ -858,6 +858,14 @@ proper position among the other output f
|
|
#define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
|
|
#endif
|
|
|
|
+#ifndef SSP_DEFAULT_SPEC
|
|
+#ifdef TARGET_LIBC_PROVIDES_SSP
|
|
+#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}"
|
|
+#else
|
|
+#define SSP_DEFAULT_SPEC ""
|
|
+#endif
|
|
+#endif
|
|
+
|
|
#ifndef LINK_SSP_SPEC
|
|
#ifdef TARGET_LIBC_PROVIDES_SSP
|
|
#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
|
|
@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC;
|
|
static const char *cc1plus_spec = CC1PLUS_SPEC;
|
|
static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
|
|
static const char *link_ssp_spec = LINK_SSP_SPEC;
|
|
+static const char *ssp_default_spec = SSP_DEFAULT_SPEC;
|
|
static const char *asm_spec = ASM_SPEC;
|
|
static const char *asm_final_spec = ASM_FINAL_SPEC;
|
|
static const char *link_spec = LINK_SPEC;
|
|
@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options =
|
|
static const char *cpp_options =
|
|
"%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
|
|
%{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\
|
|
- %{undef} %{save-temps*:-fpch-preprocess}";
|
|
+ %{undef} %{save-temps*:-fpch-preprocess} %(ssp_default)";
|
|
|
|
/* This contains cpp options which are not passed when the preprocessor
|
|
output will be used by another program. */
|
|
@@ -1301,9 +1310,9 @@ static const struct compiler default_com
|
|
%{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
|
|
%(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
|
|
cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
|
|
- %(cc1_options)}\
|
|
+ %(cc1_options) %(ssp_default)}\
|
|
%{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
|
|
- cc1 %(cpp_unique_options) %(cc1_options)}}}\
|
|
+ cc1 %(cpp_unique_options) %(cc1_options) %(ssp_default)}}}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
|
|
{"-",
|
|
"%{!E:%e-E or -x required when input is from standard input}\
|
|
@@ -1328,7 +1337,7 @@ static const struct compiler default_com
|
|
%W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0},
|
|
{".i", "@cpp-output", 0, 0, 0},
|
|
{"@cpp-output",
|
|
- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
+ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(ssp_default) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{".s", "@assembler", 0, 0, 0},
|
|
{"@assembler",
|
|
"%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
|
|
@@ -1560,6 +1569,7 @@ static struct spec_list static_specs[] =
|
|
INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec),
|
|
INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec),
|
|
INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec),
|
|
+ INIT_STATIC_SPEC ("ssp_default", &ssp_default_spec),
|
|
INIT_STATIC_SPEC ("endfile", &endfile_spec),
|
|
INIT_STATIC_SPEC ("link", &link_spec),
|
|
INIT_STATIC_SPEC ("lib", &lib_spec),
|
|
Index: b/gcc/cp/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/cp/lang-specs.h
|
|
+++ b/gcc/cp/lang-specs.h
|
|
@@ -46,7 +46,7 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
|
|
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:-o %g.s \
|
|
%{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}}%V}}}}",
|
|
@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
|
|
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{".ii", "@c++-cpp-output", 0, 0, 0},
|
|
{"@c++-cpp-output",
|
|
"%{!M:%{!MM:%{!E:\
|
|
- cc1plus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1plus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/params.def
|
|
===================================================================
|
|
--- a/gcc/params.def
|
|
+++ b/gcc/params.def
|
|
@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
|
|
DEFPARAM (PARAM_SSP_BUFFER_SIZE,
|
|
"ssp-buffer-size",
|
|
"The lower bound for a buffer to be considered for stack smashing protection.",
|
|
- 8, 1, 0)
|
|
+ 4, 1, 0)
|
|
|
|
DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING,
|
|
"min-size-for-stack-sharing",
|
|
Index: b/gcc/objc/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/objc/lang-specs.h
|
|
+++ b/gcc/objc/lang-specs.h
|
|
@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3.
|
|
%{traditional|traditional-cpp:\
|
|
%eGNU Objective C no longer supports traditional compilation}\
|
|
%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
|
|
- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\
|
|
+ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:\
|
|
- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\
|
|
+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objective-c-header",
|
|
"%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\
|
|
@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3.
|
|
%{traditional|traditional-cpp:\
|
|
%eGNU Objective C no longer supports traditional compilation}\
|
|
%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
|
|
- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ cc1obj -fpreprocessed %b.mi %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
-o %g.s %{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}%V}\
|
|
%{!save-temps*:%{!no-integrated-cpp:\
|
|
- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
-o %g.s %{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0},
|
|
{".mi", "@objective-c-cpp-output", 0, 0, 0},
|
|
{"@objective-c-cpp-output",
|
|
- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objc-cpp-output",
|
|
"%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\
|
|
- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/objcp/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/objcp/lang-specs.h
|
|
+++ b/gcc/objcp/lang-specs.h
|
|
@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
|
|
cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
-o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{"@objective-c++",
|
|
@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
|
|
cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{".mii", "@objective-c++-cpp-output", 0, 0, 0},
|
|
{"@objective-c++-cpp-output",
|
|
"%{!M:%{!MM:%{!E:\
|
|
- cc1objplus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objc++-cpp-output",
|
|
"%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\
|
|
%{!M:%{!MM:%{!E:\
|
|
- cc1objplus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/doc/invoke.texi
|
|
===================================================================
|
|
--- a/gcc/doc/invoke.texi
|
|
+++ b/gcc/doc/invoke.texi
|
|
@@ -9247,6 +9247,9 @@
|
|
The minimum size of variables taking part in stack slot sharing when not
|
|
optimizing. The default value is 32.
|
|
|
|
+The Alpine Linux default is "4", to increase
|
|
+the number of functions protected by the stack protector.
|
|
+
|
|
@item max-jump-thread-duplication-stmts
|
|
Maximum number of statements allowed in a block that needs to be
|
|
duplicated when threading jumps.
|
|
@@ -10185,6 +10188,11 @@
|
|
Like @option{-fstack-protector} but includes additional functions to
|
|
be protected --- those that have local array definitions, or have
|
|
references to local frame addresses.
|
|
+
|
|
+NOTE: In Alpine Linux,
|
|
+@option{-fstack-protector-strong} is enabled by default for C,
|
|
+C++, ObjC, ObjC++, if none of @option{-fno-stack-protector},
|
|
+@option{-nostdlib}, nor @option{-ffreestanding} are found.
|
|
|
|
@item -fstack-protector-explicit
|
|
@opindex fstack-protector-explicit
|