This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] New configure option to default enable Smart Stack Protection
- From: Magnus Granberg <zorry at gentoo dot org>
- To: gcc-patches at gcc dot gnu dot org
- Date: Sun, 05 Jul 2015 23:59:32 +0200
- Subject: Re: [PATCH] New configure option to default enable Smart Stack Protection
- Authentication-results: sourceware.org; auth=none
- References: <39898046 dot VMObuEqk0e at laptop1 dot gw dot ume dot nu>
fredag 03 juli 2015 01.01.51 skrev Magnus Granberg:
> Hi
> Working on a patch that enable Smart Stack Protection as default.
> I still miss docs and testcase for the patch. I need you ides and help.
>
> /Magnus G.
> ---
New patch with doc and testcase added.
/Magnus G.
Changlogs
/gcc
2015-07-05 Magnus Granberg <zorry@gentoo.org>
* common.opt (fstack-protector): Initialize to -1.
(fstack-protector-all): Likewise.
(fstack-protector-strong): Likewise.
(fstack-protector-explicit): Likewise.
* configure.ac: Add --enable-default-ssp.
* defaults.h (DEFAULT_FLAG_SSP): New. Default SSP to strong.
* opts.c (finish_options): Update opts->x_flag_stack_protect if it is -1.
* doc/install.texi: Document --enable-default-ssp.
* config.in: Regenerated.
* configure: Likewise.
/testsuite
2015-07-05 Magnus Granberg <zorry@gentoo.org>
* lib/target-supports.exp
(check_effective_target_fstack_protector_enabled): New test.
* gcc.target/i386/ssp-default.c: New test.
----
--- a/gcc/configure.ac 2014-12-05 00:53:24.000000000 +0100
+++ b/gcc/configure.ac 2015-06-08 23:27:11.744348211 +0200
@@ -5221,6 +5119,25 @@ if test x$gcc_cv_libc_provides_ssp = xye
[Define if your target C library provides stack protector support])
fi
+# Check whether --enable-default-ssp was given.
+AC_ARG_ENABLE(default-ssp,
+[AS_HELP_STRING([--enable-default-ssp],
+ [enable Smart Stack Protection as default])],[
+if test x$gcc_cv_libc_provides_ssp = xyes; then
+ case "$target" in
+ ia64*-*-*) enable_default_ssp=no ;;
+ *) enable_default_ssp=$enableval ;;
+ esac
+else
+ enable_default_ssp=no
+fi],
+enable_default_ssp=no)
+if test x$enable_default_ssp == xyes ; then
+ AC_DEFINE(ENABLE_DEFAULT_SSP, 1,
+ [Define if your target supports default stack protector and it is enabled.])
+fi
+AC_SUBST([enable_default_ssp])
+
# Test for <sys/sdt.h> on the target.
GCC_TARGET_TEMPLATE([HAVE_SYS_SDT_H])
AC_MSG_CHECKING(sys/sdt.h in the target C library)
--- a/gcc/defaults.h 2014-11-01 09:13:09.000000000 +0100
+++ b/gcc/defaults.h 2015-06-08 22:43:18.764269749 +0200
@@ -1263,6 +1263,18 @@ see the files COPYING3 and COPYING.RUNTI
#define STACK_SIZE_MODE word_mode
#endif
+/* Default value for flag_stack_protect when flag_stack_protect is initialized to -1:
+ --enable-default-ssp: Default flag_stack_protect to -fstack-protector-strong.
+ --disable-default-ssp: Default flag_stack_protect to 0.
+ */
+#ifdef ENABLE_DEFAULT_SSP
+# ifndef DEFAULT_FLAG_SSP
+# define DEFAULT_FLAG_SSP 3
+# endif
+#else
+# define DEFAULT_FLAG_SSP 0
+#endif
+
/* Provide default values for the macros controlling stack checking. */
/* The default is neither full builtin stack checking... */
--- a/gcc/common.opt 2014-10-28 11:33:04.000000000 +0100
+++ b/gcc/common.opt 2015-06-08 22:41:30.114266512 +0200
@@ -2054,15 +2054,15 @@ Common RejectNegative Joined Var(common_
-fstack-limit-symbol=<name> Trap if the stack goes past symbol <name>
fstack-protector
-Common Report Var(flag_stack_protect, 1)
+Common Report Var(flag_stack_protect, 1) Init(-1)
Use propolice as a stack protection method
fstack-protector-all
-Common Report RejectNegative Var(flag_stack_protect, 2)
+Common Report RejectNegative Var(flag_stack_protect, 2) Init(-1)
Use a stack protection method for every function
fstack-protector-strong
-Common Report RejectNegative Var(flag_stack_protect, 3)
+Common Report RejectNegative Var(flag_stack_protect, 3) Init(-1)
Use a smart stack protection method for certain functions
fstack-protector-explicit
-Common Report RejectNegative Var(flag_stack_protect, 4)
+Common Report RejectNegative Var(flag_stack_protect, 4) Init(-1)
Use stack protection method only for functions with the stack_protect attribute
fstack-usage
--- a/gcc/opts.c 2015-06-10 02:37:39.000000000 +0200
+++ b/gcc/opts.c 2015-07-03 23:47:50.868752099 +0200
@@ -757,6 +757,11 @@ finish_options (struct gcc_options *opts
opts->x_flag_opts_finished = true;
}
+ /* We initialize opts->x_flag_stack_protect to -1 so that targets
+ can set a default value. */
+ if (opts->x_flag_stack_protect == -1)
+ opts->x_flag_stack_protect = DEFAULT_FLAG_SSP;
+
if (opts->x_optimize == 0)
{
/* Inlining does not work if not optimizing,
--- a/gcc/doc/install.texi 2015-06-03 18:38:10.000000000 +0200
+++ bgcc/doc/install.texi 2015-07-03 22:18:41.498592691 +0200
@@ -1642,6 +1642,9 @@ Using the GNU Compiler Collection (GCC)}
See ``RS/6000 and PowerPC Options'' in the main manual
@end ifhtml
+@item --enable-default-ssp
+Turn on @option{-fstack-protector-strong} by default.
+
@item --enable-cld
This option enables @option{-mcld} by default for 32-bit x86 targets.
@ifnothtml
--- a/gcc/testsuite/lib/target-supports.exp 2015-05-21 15:30:24.000000000 +0200
+++ b/gcc/testsuite/lib/target-supports.exp 2015-07-03 21:55:53.748551933 +0200
@@ -1124,6 +1124,16 @@ proc check_effective_target_pie_enabled
}]
}
+# Return 1 if the target generates -fstack-protector by default.
+
+proc check_effective_target_fstack_protector_enabled {} {
+ return [ check_no_compiler_messages fstack_protector_enabled assembly {
+ #if !defined (__SSP__) || !defined (__SSP_ALL__) || !defined (__SSP_STRONG__) || !defined (__SSP_EXPICIT__)
+ #error unsupported
+ #endif
+ }]
+}
+
# Return 1 if the target does not use a status wrapper.
proc check_effective_target_unwrapped { } {
--- a/gcc/testsuite/gcc.target/i386/ssp-default.c 2015-02-24 22:14:09.930176831 +0100
+++ b/gcc/testsuite/gcc.target/i386/ssp-default.c 2015-07-04 13:45:43.930250213 +0200
@@ -0,0 +1,22 @@
+/* { dg-do run { target native } } */
+/* { dg-require-effective-target fstack_protector_enabled } */
+
+#include <stdlib.h>
+
+void
+__stack_chk_fail (void)
+{
+ exit (0); /* pass */
+}
+
+int main ()
+{
+ int i;
+ char foo[255];
+
+ /* smash stack */
+ for (i = 0; i <= 400; i++)
+ foo[i] = 42;
+
+ return 1; /* fail */
+}