From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6454 Path: news.gmane.org!not-for-mail From: "Anthony G. Basile" Newsgroups: gmane.linux.lib.musl.general Subject: Re: fixing -fPIE + -fstack-protector-all Date: Thu, 06 Nov 2014 07:11:43 -0500 Message-ID: <545B657F.8060805@opensource.dyc.edu> References: <545A414F.8000407@barfooze.de> <20141105180140.5d98fee9@vostro> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1415275808 15542 80.91.229.3 (6 Nov 2014 12:10:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 6 Nov 2014 12:10:08 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-6467-gllmg-musl=m.gmane.org@lists.openwall.com Thu Nov 06 13:10:03 2014 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1XmLt3-0005t4-EL for gllmg-musl@m.gmane.org; Thu, 06 Nov 2014 13:10:01 +0100 Original-Received: (qmail 16017 invoked by uid 550); 6 Nov 2014 12:10:00 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 16003 invoked from network); 6 Nov 2014 12:09:59 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.8.0 In-Reply-To: <20141105180140.5d98fee9@vostro> Xref: news.gmane.org gmane.linux.lib.musl.general:6454 Archived-At: On 11/05/14 11:01, Timo Teras wrote: > On Wed, 05 Nov 2014 16:25:03 +0100 > John Spencer wrote: > >> using -fPIE + -fstack-protector-all is currently broken for a number >> of architectures (most notably i386) in the default gcc setup >> (including the musl-cross patches), as it depends on a >> libssp_nonshared.a which provides __stack_chk_fail_local(). > > In Alpine Linux we are patching gcc to unconditionally to have > -lssp_nonshared: > http://git.alpinelinux.org/cgit/aports/tree/main/gcc/gcc-4.8-musl-libssp.patch The piepatches do not need to link in anything on glibc or uclibc, whereas in your approach they need to pick up the symbol from libc_unshared. It also doesn't depend on whether its a cross compile or native attempt to boostrap into a hardened system (gentoo style) form a non-hardened musl i686. In both cases it will fail unless you provide __stack_chk_fail_local by some "hack". > > And making musl package provide that library: > http://git.alpinelinux.org/cgit/aports/tree/main/musl/__stack_chk_fail_local.c > http://git.alpinelinux.org/cgit/aports/tree/main/musl/APKBUILD#n60 > > This is for two reasons: > > 1. gcc bootstrap is broken if it's to be compiled with > -fstack-protector otherwise > > 2. Linking without "-fstack-protector" flag with .a or .o files that > have been compiled with SSP would break. > > Basically, __stack_chk_fail_local symbol should be provided always. Agreed. The symbol is there on both x86_64 and i386 in libc_nonshared.a (glibc). What I've never understood is why this appears only as an issue in i686 and not x86_64 for musl. I haven't had time to dig into gcc internals to find out why. > Agreeably gcc should emit 'hlt' or similar instead of that function > call. Or at least provide implementation for that function with 'once' > linking. > > /Timo > -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197