diff options
author | Magnus Granberg <zorry@gentoo.org> | 2013-11-10 11:22:48 +0100 |
---|---|---|
committer | Magnus Granberg <zorry@gentoo.org> | 2013-11-10 11:22:48 +0100 |
commit | ec80df40d20243d3d534a5ea798424705927dcfb (patch) | |
tree | 48508a1106a3ca17e369eb187582e4e94734f255 | |
parent | update gcc 4.8.X patchset (diff) | |
download | hardened-gccpatchset-ec80df40d20243d3d534a5ea798424705927dcfb.tar.gz hardened-gccpatchset-ec80df40d20243d3d534a5ea798424705927dcfb.tar.bz2 hardened-gccpatchset-ec80df40d20243d3d534a5ea798424705927dcfb.zip |
Add default PIE patches for gcc 4.9.X
-rw-r--r-- | upstream/gcc49_default_pie_Changlog.txt | 22 | ||||
-rw-r--r-- | upstream/gcc49_default_pie_doc.patch | 42 | ||||
-rw-r--r-- | upstream/gcc49_default_pie_main.patch | 133 | ||||
-rw-r--r-- | upstream/gcc49_default_pie_testsuite.patch | 53 |
4 files changed, 250 insertions, 0 deletions
diff --git a/upstream/gcc49_default_pie_Changlog.txt b/upstream/gcc49_default_pie_Changlog.txt new file mode 100644 index 0000000..59ce7d5 --- /dev/null +++ b/upstream/gcc49_default_pie_Changlog.txt @@ -0,0 +1,22 @@ +2013-11-10 Magnus Granberg <zorry@gentoo.org> + + /gcc + * config/gnu-user.h: Define PIE_DRIVER_SELF_SPECS for PIE + as default and GNU_DRIVER_SELF_SPECS. + * config/i386/gnu-user-common.h: Define DRIVER_SELF_SPECS + * configure.ac: Add new option that enable PIE as default. + * configure, config.in: Rebuild. + * Makefile.in: Disable PIE when building the compiler. + * doc/install.texi: Add the new configure option default PIE. + * doc/invoke.texi: Add note for the new configure option default + PIE. + * testsuite/gcc/default-pie.c: New test for new configure option + --enale-default-pie + * testsuite/gcc.dg/other/anon5.C: Add skip test as it fail to link + on effective_target default_pie. + * testsuite/lib/target-supports.exp (check_profiling_available): + We can't use profiling on effective target default_pie. + * testsuite/lib/target-supports.exp (check_effective_target_pie): + Add check_effective_target_default_pie. + /libgcc + * Makefile.in: Disable PIE when building the crtbegin/end files. diff --git a/upstream/gcc49_default_pie_doc.patch b/upstream/gcc49_default_pie_doc.patch new file mode 100644 index 0000000..961d75f --- /dev/null +++ b/upstream/gcc49_default_pie_doc.patch @@ -0,0 +1,42 @@ +--- gcc-4.9-20131006/gcc/doc/install.texi 2013-10-01 19:29:40.000000000 +0200 ++++ gcc-4.9-20131006-work/gcc/doc/install.texi 2013-11-09 15:40:20.831402110 +0100 +@@ -1421,6 +1421,11 @@ do a @samp{make -C gcc gnatlib_and_tools + Specify that the run-time libraries for stack smashing protection + should not be built. + ++@item --enable-default-pie ++We will turn on @option{-fPIE} and @option{-pie} as default when ++compileing and linking if the support is there. We only support ++i?86-*-linux* and x86-64-*-linux* as target for now. ++ + @item --disable-libquadmath + Specify that the GCC quad-precision math library should not be built. + On some systems, the library is required to be linkable when building +--- gcc-4.8-20120302/gcc/doc/invoke.texi 2012-03-01 10:57:59.000000000 +0100 ++++ gcc-4.8-20120302-work/gcc/doc/invoke.texi 2012-07-30 00:57:03.766847851 +0200 +@@ -9457,6 +9480,12 @@ For predictable results, you must also s + that were used to generate code (@option{-fpie}, @option{-fPIE}, + or model suboptions) when you specify this option. + ++NOTE: With configure --enable-default-pie this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, ++@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, ++@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, ++@option{-nodefaultlibs}, nor @option{static} are found. ++ + @item -rdynamic + @opindex rdynamic + Pass the flag @option{-export-dynamic} to the ELF linker, on targets +@@ -19125,6 +19154,12 @@ used during linking. + @code{__pie__} and @code{__PIE__}. The macros have the value 1 + for @option{-fpie} and 2 for @option{-fPIE}. + ++NOTE: With configure --enable-default-pie this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, ++@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, ++@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, ++@option{-nodefaultlibs}, nor @option{static} are found. ++ + @item -fno-jump-tables + @opindex fno-jump-tables + Do not use jump tables for switch statements even where it would be diff --git a/upstream/gcc49_default_pie_main.patch b/upstream/gcc49_default_pie_main.patch new file mode 100644 index 0000000..37eb527 --- /dev/null +++ b/upstream/gcc49_default_pie_main.patch @@ -0,0 +1,133 @@ +--- a/gcc/config/gnu-user.h 2013-08-20 10:31:40.000000000 +0200 ++++ b/gcc/config/gnu-user.h 2013-10-23 22:01:42.337238981 +0200 +@@ -134,3 +134,17 @@ see the files COPYING3 and COPYING.RUNTI + /* Additional libraries needed by -static-libtsan. */ + #undef STATIC_LIBTSAN_LIBS + #define STATIC_LIBTSAN_LIBS "-ldl -lpthread" ++ ++/* We use this to make the compiler use -fPIE as default and link ++ with -pie. */ ++#ifdef ENABLE_DEFAULT_PIE ++#define PIE_DRIVER_SELF_SPECS \ ++"%{pie|fpic|fPIC|fpie|fPIE|fno-pic|fno-PIC|fno-pie|fno-PIE| \ ++ shared|static|nostdlib|nostartfiles:;:-fPIE -pie}" ++#else ++#define PIE_DRIVER_SELF_SPECS "" ++#endif ++ ++#ifndef GNU_DRIVER_SELF_SPECS ++#define GNU_DRIVER_SELF_SPECS PIE_DRIVER_SELF_SPECS ++#endif +--- a/gcc/config/i386/gnu-user-common.h 2013-01-10 21:38:27.000000000 +0100 ++++ b/gcc/config/i386/gnu-user-common.h 2013-10-23 17:37:45.432767049 +0200 +@@ -70,3 +70,8 @@ along with GCC; see the file COPYING3. + + /* Static stack checking is supported by means of probes. */ + #define STACK_CHECK_STATIC_BUILTIN 1 ++ ++/* Use GNU_DRIVER_SELF_SPECS. */ ++#ifndef DRIVER_SELF_SPECS ++#define DRIVER_SELF_SPECS GNU_DRIVER_SELF_SPECS ++#endif +--- a/gcc/configure.ac 2013-09-25 18:10:35.000000000 +0200 ++++ b/gcc/configure.ac 2013-10-22 21:26:56.287602139 +0200 +@@ -5434,6 +5434,31 @@ if test x"${LINKER_HASH_STYLE}" != x; th + [The linker hash style]) + fi + ++# Check whether --enable-default-pie was given and target have the support. ++AC_ARG_ENABLE(default-pie, ++[AS_HELP_STRING([--enable-default-pie], [Enable Position independent executable as default. ++ If we have suppot for it when compiling and linking. ++ Linux targets supported i?86 and x86_64.])], ++enable_default_pie=$enableval, ++enable_default_pie=no) ++if test x$enable_default_pie = xyes; then ++ AC_MSG_CHECKING(if $target support to default with -fPIE and link with -pie as default) ++ enable_default_pie=no ++ case $target in ++ i?86*-*-linux* | x86_64*-*-linux*) ++ enable_default_pie=yes ++ ;; ++ *) ++ ;; ++ esac ++ AC_MSG_RESULT($enable_default_pie) ++fi ++if test x$enable_default_pie == xyes ; then ++ AC_DEFINE(ENABLE_DEFAULT_PIE, 1, ++ [Define if your target support default-pie and you have enable it.]) ++fi ++AC_SUBST([enable_default_pie]) ++ + # Configure the subdirectories + # AC_CONFIG_SUBDIRS($subdirs) + +--- a/gcc/Makefile.in 2013-10-02 21:52:27.000000000 +0200 ++++ b/gcc/Makefile.in 2013-10-24 17:46:22.055357122 +0200 +@@ -957,14 +957,23 @@ CONTEXT_H = context.h + # cross compiler which does not use the native headers and libraries. + INTERNAL_CFLAGS = -DIN_GCC @CROSS@ + ++# We don't want to compile the compiler with -fPIE, it make PCH fail. ++enable_default_pie = @enable_default_pie@ ++ifeq ($(enable_default_pie),yes) ++NOPIE_CFLAGS = -fno-PIE ++else ++NOPIE_CFLAGS= ++endif ++ + # This is the variable actually used when we compile. If you change this, + # you probably want to update BUILD_CFLAGS in configure.ac +-ALL_CFLAGS = $(T_CFLAGS) $(CFLAGS-$@) \ ++ALL_CFLAGS = $(NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \ + $(CFLAGS) $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(WARN_CFLAGS) @DEFS@ + + # The C++ version. +-ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \ +- $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) $(WARN_CXXFLAGS) @DEFS@ ++ALL_CXXFLAGS = $(NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \ ++ $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) \ ++ $(WARN_CXXFLAGS) @DEFS@ + + # Likewise. Put INCLUDES at the beginning: this way, if some autoconf macro + # puts -I options in CPPFLAGS, our include files in the srcdir will always +@@ -1805,6 +1814,7 @@ libgcc.mvars: config.status Makefile spe + echo GCC_CFLAGS = '$(GCC_CFLAGS)' >> tmp-libgcc.mvars + echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars + echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars ++ echo enable_default_pie = '$(enable_default_pie)' >> tmp-libgcc.mvars + + mv tmp-libgcc.mvars libgcc.mvars + +@@ -3460,6 +3470,9 @@ site.exp: ./config.status Makefile + @if test "@enable_lto@" = "yes" ; then \ + echo "set ENABLE_LTO 1" >> ./site.tmp; \ + fi ++ @if test "@enable_default_pie@" = "yes" ; then \ ++ echo "set ENABLE_DEFAULT_PIE 1" >> ./site.tmp; \ ++ fi + # If newlib has been configured, we need to pass -B to gcc so it can find + # newlib's crt0.o if it exists. This will cause a "path prefix not used" + # message if it doesn't, but the testsuite is supposed to ignore the message - +--- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100 ++++ b/libgcc/Makefile.in 2012-06-29 00:15:04.534016511 +0200 +@@ -275,11 +275,17 @@ override CFLAGS := $(filter-out -fprofil + INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \ + $(INCLUDES) @set_have_cc_tls@ @set_use_emutls@ + ++#Don't use -fPIE when compiling crtbegin/end. ++ifeq ($(enable_default_pie),yes) ++NOPIE_CFLAGS = -fno-PIE ++else ++NOPIE_CFLAGS= ++endif + # Options to use when compiling crtbegin/end. + CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \ + -finhibit-size-directive -fno-inline -fno-exceptions \ + -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \ +- -fno-stack-protector \ ++ -fno-stack-protector $(NOPIE_CFLAGS) \ + $(INHIBIT_LIBC_CFLAGS) + + # Extra flags to use when compiling crt{begin,end}.o. diff --git a/upstream/gcc49_default_pie_testsuite.patch b/upstream/gcc49_default_pie_testsuite.patch new file mode 100644 index 0000000..de3d16d --- /dev/null +++ b/upstream/gcc49_default_pie_testsuite.patch @@ -0,0 +1,53 @@ +--- a/gcc/testsuite/gcc.dg/default-pie.c 2013-11-09 21:07:16.741479728 +0100 ++++ b/gcc/testsuite/gcc.dg/default-pie.c 2013-11-09 21:05:07.801479218 +0100 +@@ -0,0 +1,12 @@ ++/* { dg-do compile { target *-*-linux* *-*-gnu* } } */ ++/* { dg-require-effective-target default_pie } */ ++/* { dg-options "-O2" } */ ++int foo (void); ++ ++int ++main (void) ++{ ++ return foo (); ++} ++ ++/* { dg-final { scan-assembler "foo@PLT" } } */ +--- a/gcc/testsuite/g++.dg/other/anon5.C 2012-11-10 15:34:42.000000000 +0100 ++++ b/gcc/testsuite/g++.dg/other/anon5.C 2013-11-09 14:49:52.281390127 +0100 +@@ -1,5 +1,6 @@ + // PR c++/34094 + // { dg-do link { target { ! { *-*-darwin* *-*-hpux* *-*-solaris2.* } } } } ++// { dg-skip-if "" { default_pie } { "*" } { "" } } + // { dg-options "-g" } + // Ignore additional message on powerpc-ibm-aix + // { dg-prune-output "obtain more information" } */ +--- a/gcc/testsuite/lib/target-supports.exp 2013-10-01 11:18:30.000000000 +0200 ++++ b/gcc/testsuite/lib/target-supports.exp 2013-10-25 22:01:46.743388469 +0200 +@@ -474,6 +474,11 @@ proc check_profiling_available { test_wh + } + } + ++ # Profiling don't work with default -fPIE -pie. ++ if { [check_effective_target_default_pie] } { ++ return 0 ++ } ++ + # Support for -p on solaris2 relies on mcrt1.o which comes with the + # vendor compiler. We cannot reliably predict the directory where the + # vendor compiler (and thus mcrt1.o) is installed so we can't +@@ -839,6 +844,14 @@ proc check_effective_target_pie { } { + return 0 + } + ++# Return 1 if -pie, -fPIE are default enable, 0 otherwise. ++ ++proc check_effective_target_default_pie { } { ++ global ENABLE_DEFAULT_PIE ++ return [info exists ENABLE_DEFAULT_PIE] ++ return 0 ++} ++ + # Return true if the target supports -mpaired-single (as used on MIPS). + + proc check_effective_target_mpaired_single { } { |