From 8b8f13b60d9587e91e8719239a9249b448bc1307 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Mon, 15 Mar 2021 20:25:00 +0530 Subject: Build libc-start with stack protector for SHARED This does not change the emitted code since __libc_start_main does not return, but is important for formal flags compliance. This also cleans up the cosmetic inconsistency in the stack protector flags in csu, especially the incorrect value of STACK_PROTECTOR_LEVEL. Reviewed-by: Adhemerval Zanella --- csu/Makefile | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'csu') diff --git a/csu/Makefile b/csu/Makefile index e587434be8..3054329cea 100644 --- a/csu/Makefile +++ b/csu/Makefile @@ -45,18 +45,20 @@ install-lib = $(start-installed-name) g$(start-installed-name) $(csu-dummies) # code is compiled with special flags. tests = -CFLAGS-.o += $(no-stack-protector) -CFLAGS-.op += $(no-stack-protector) -CFLAGS-.os += $(no-stack-protector) - -# Dummy object not actually used for anything. It is linked into -# crt1.o nevertheless, which in turn is statically linked into +# static-reloc.os is a dummy object not actually used for anything. It is +# linked into crt1.o nevertheless, which in turn is statically linked into # applications, so that build flags matter. # See . -# NB: Using $(stack-protector) in this way causes a wrong definition -# STACK_PROTECTOR_LEVEL due to the preceding $(no-stack-protector), -# but it does not matter for this source file. -CFLAGS-static-reloc.os += $(stack-protector) +# +# libc-start.os is safe to be built with stack protector since +# __libc_start_main is called after stack canary setup is done. +ssp-safe.os = static-reloc libc-start + +CFLAGS-.o += $(call elide-stack-protector,.o,$(routines)) +CFLAGS-.op += $(call elide-stack-protector,.op,$(routines)) +CFLAGS-.oS += $(call elide-stack-protector,.oS,$(routines)) +CFLAGS-.os += $(call elide-stack-protector,.os,$(filter-out \ + $(ssp-safe.os),$(routines))) ifeq (yes,$(build-shared)) extra-objs += S$(start-installed-name) gmon-start.os -- cgit 1.4.1