From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/10677 Path: news.gmane.org!.POSTED!not-for-mail From: "LeMay, Michael" Newsgroups: gmane.linux.lib.musl.general Subject: [RFC PATCH v2 4/4] add SafeStack build support Date: Fri, 28 Oct 2016 20:04:01 +0000 Message-ID: <390CE752059EB848A71F4F676EBAB76D3AC26395@ORSMSX114.amr.corp.intel.com> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1477685204 29872 195.159.176.226 (28 Oct 2016 20:06:44 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 28 Oct 2016 20:06:44 +0000 (UTC) To: "musl@lists.openwall.com" Original-X-From: musl-return-10690-gllmg-musl=m.gmane.org@lists.openwall.com Fri Oct 28 22:06:38 2016 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1c0DPs-0004NH-Hl for gllmg-musl@m.gmane.org; Fri, 28 Oct 2016 22:06:16 +0200 Original-Received: (qmail 21876 invoked by uid 550); 28 Oct 2016 20:06:17 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 21810 invoked from network); 28 Oct 2016 20:06:15 -0000 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,411,1473145200"; d="scan'208";a="24958192" Thread-Topic: [RFC PATCH v2 4/4] add SafeStack build support Thread-Index: AdIxVkhkM54U6AKxSGmJNIrEQypkTQ== Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.22.254.140] Xref: news.gmane.org gmane.linux.lib.musl.general:10677 Archived-At: The SafeStack sanitizer in LLVM Clang seeks to mitigate stack memory corruption vulnerabilities [1]. This patch enhances configure to detect the compiler flag that enables SafeStack. It also enhances the Makefile to specify the necessary compiler flags for specific files. [1] http://clang.llvm.org/docs/SafeStack.html Signed-off-by: Michael LeMay --- Makefile | 42 +++++++++++++++++++++++++++++++++++++++++- configure | 10 ++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8246b78..0bc51ac 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,9 @@ CFLAGS_C99FSE =3D -std=3Dc99 -ffreestanding -nostdinc =20 CFLAGS_ALL =3D $(CFLAGS_C99FSE) CFLAGS_ALL +=3D -D_XOPEN_SOURCE=3D700 -I$(srcdir)/arch/$(ARCH) -I$(srcdir)= /arch/generic -Iobj/src/internal -I$(srcdir)/src/internal -Iobj/include -I$= (srcdir)/include -CFLAGS_ALL +=3D $(CPPFLAGS) $(CFLAGS_AUTO) $(CFLAGS) +CFLAGS_ALL +=3D $(CPPFLAGS) $(CFLAGS_AUTO) +# This flag is selectively re-added for certain files below. +CFLAGS_ALL +=3D $(filter-out -fsanitize=3Dsafe-stack,$(CFLAGS)) =20 LDFLAGS_ALL =3D $(LDFLAGS_AUTO) $(LDFLAGS) =20 @@ -132,6 +134,44 @@ NOSSP_SRCS =3D $(wildcard crt/*.c) \ ldso/dlstart.c ldso/dynlink.c $(NOSSP_SRCS:%.c=3Dobj/%.o) $(NOSSP_SRCS:%.c=3Dobj/%.lo): CFLAGS_ALL +=3D = $(CFLAGS_NOSSP) =20 +# The safestack attribute will be selectively forced within the __init_tls= .c file below. +SAFE_STACK_OBJS =3D $(filter-out $(CRT_OBJS) obj/ldso/dlstart.o obj/src/en= v/__init_tls.o,$(ALL_OBJS)) + +ifeq ($(SAFE_STACK),yes) + +CFLAGS_ALL +=3D -DSAFE_STACK=3D1 + +define FORCE_ATTR =3D + $(eval $(addprefix obj/$(1).,o lo): CFLAGS_ALL +=3D $(foreach func,$(2),-= mllvm -force-attribute=3D$(func):$(FORCED_ATTR))) +endef + +FORCED_ATTR =3D noinline + +# The no_sanitize attribute will only take effect if there are no inlined +# functions that lack the attribute. That is why noinline is applied to th= e +# following functions that are called from functions with the no_sanitize +# attribute. +$(call FORCE_ATTR,ldso/dynlink, \ + __pthread_self a_crash decode_dyn decode_vec find_sym \ + kernel_mapped_dso load_deps load_preload make_global makefuncdescs \ + map_library reclaim_gaps reloc_all search_vec update_tls_size) +$(call FORCE_ATTR,src/env/__init_tls, a_crash) +$(call FORCE_ATTR,src/env/__libc_start_main, a_crash) +$(call FORCE_ATTR,src/internal/safe_stack, __pthread_self a_crash) + +FORCED_ATTR =3D safestack + +# Since __init_tp switches to a new thread control block, it is necessary = to +# avoid accessing the unsafe stack pointer from the time that switch occur= s +# until the unsafe_stack_ptr field in the new thread control block has bee= n +# initialized. That is why only the following function in __init_tls.c is +# instrumented with SafeStack. +$(call FORCE_ATTR,src/env/__init_tls, __copy_tls) + +$(SAFE_STACK_OBJS) $(SAFE_STACK_OBJS:%.o=3D%.lo): CFLAGS_ALL +=3D -fsaniti= ze=3Dsafe-stack + +endif + $(CRT_OBJS): CFLAGS_ALL +=3D -DCRT =20 $(LOBJS) $(LDSO_OBJS): CFLAGS_ALL +=3D -fPIC diff --git a/configure b/configure index 707eb12..a70009f 100755 --- a/configure +++ b/configure @@ -141,6 +141,7 @@ static=3Dyes wrapper=3Dauto gcc_wrapper=3Dno clang_wrapper=3Dno +SAFE_STACK=3Dno =20 for arg ; do case "$arg" in @@ -596,10 +597,18 @@ printf "using compiler runtime libraries: %s\n" "$LIB= CC" SUBARCH=3D t=3D"$CFLAGS_C99FSE $CPPFLAGS $CFLAGS" =20 +fnmatch '-fsanitize=3Dsafe-stack*|*\ -fsanitize=3Dsafe-stack*' "$CFLAGS" &= & SAFE_STACK=3Dyes + if test "$ARCH" =3D "x86_64" ; then trycppif __ILP32__ "$t" && ARCH=3Dx32 fi =20 +if test "$ARCH" =3D "x32" -a "$SAFE_STACK" =3D "yes" ; then +# x32 would change the offset of the unsafe stack pointer in the thread co= ntrol +# block. +fail "$0: error: SafeStack unsupported for x32" +fi + if test "$ARCH" =3D "arm" ; then trycppif __ARMEB__ "$t" && SUBARCH=3D${SUBARCH}eb trycppif __ARM_PCS_VFP "$t" && SUBARCH=3D${SUBARCH}hf @@ -751,6 +760,7 @@ OPTIMIZE_GLOBS =3D $OPTIMIZE_GLOBS ALL_TOOLS =3D $tools TOOL_LIBS =3D $tool_libs ADD_CFI =3D $ADD_CFI +SAFE_STACK =3D $SAFE_STACK EOF test "x$static" =3D xno && echo "STATIC_LIBS =3D" test "x$shared" =3D xno && echo "SHARED_LIBS =3D" --=20 2.7.4