6f1c7ff607
This is the first part of an effort to allow bootstrapping openjdk without downloading any binaries. The next part will be an openjdk7 package that will be used to bootstrap openjdk8. After that, we can proceed to add the missing parts to go all the way up to 11. [ci skip]
215 lines
10 KiB
Diff
215 lines
10 KiB
Diff
# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++.
|
|
# DP: Build libgcc using -fno-stack-protector.
|
|
|
|
---
|
|
gcc/Makefile.in | 2 ++
|
|
gcc/cp/lang-specs.h | 6 +++---
|
|
gcc/doc/invoke.texi | 4 ++++
|
|
gcc/gcc.c | 18 ++++++++++++++----
|
|
gcc/objc/lang-specs.h | 10 +++++-----
|
|
gcc/objcp/lang-specs.h | 8 ++++----
|
|
6 files changed, 32 insertions(+), 16 deletions(-)
|
|
|
|
Index: b/gcc/gcc.c
|
|
===================================================================
|
|
--- a/gcc/gcc.c
|
|
+++ b/gcc/gcc.c
|
|
@@ -858,6 +858,14 @@ proper position among the other output f
|
|
#define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
|
|
#endif
|
|
|
|
+#ifndef SSP_DEFAULT_SPEC
|
|
+#ifdef TARGET_LIBC_PROVIDES_SSP
|
|
+#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}"
|
|
+#else
|
|
+#define SSP_DEFAULT_SPEC ""
|
|
+#endif
|
|
+#endif
|
|
+
|
|
#ifndef LINK_SSP_SPEC
|
|
#ifdef TARGET_LIBC_PROVIDES_SSP
|
|
#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
|
|
@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC;
|
|
static const char *cc1plus_spec = CC1PLUS_SPEC;
|
|
static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
|
|
static const char *link_ssp_spec = LINK_SSP_SPEC;
|
|
+static const char *ssp_default_spec = SSP_DEFAULT_SPEC;
|
|
static const char *asm_spec = ASM_SPEC;
|
|
static const char *asm_final_spec = ASM_FINAL_SPEC;
|
|
static const char *link_spec = LINK_SPEC;
|
|
@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options =
|
|
static const char *cpp_options =
|
|
"%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
|
|
%{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\
|
|
- %{undef} %{save-temps*:-fpch-preprocess}";
|
|
+ %{undef} %{save-temps*:-fpch-preprocess} %(ssp_default)";
|
|
|
|
/* This contains cpp options which are not passed when the preprocessor
|
|
output will be used by another program. */
|
|
@@ -1301,9 +1310,9 @@ static const struct compiler default_com
|
|
%{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
|
|
%(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
|
|
cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
|
|
- %(cc1_options)}\
|
|
+ %(cc1_options) %(ssp_default)}\
|
|
%{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
|
|
- cc1 %(cpp_unique_options) %(cc1_options)}}}\
|
|
+ cc1 %(cpp_unique_options) %(cc1_options) %(ssp_default)}}}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
|
|
{"-",
|
|
"%{!E:%e-E or -x required when input is from standard input}\
|
|
@@ -1328,7 +1337,7 @@ static const struct compiler default_com
|
|
%W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0},
|
|
{".i", "@cpp-output", 0, 0, 0},
|
|
{"@cpp-output",
|
|
- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
+ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(ssp_default) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{".s", "@assembler", 0, 0, 0},
|
|
{"@assembler",
|
|
"%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
|
|
@@ -1560,6 +1569,7 @@ static struct spec_list static_specs[] =
|
|
INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec),
|
|
INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec),
|
|
INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec),
|
|
+ INIT_STATIC_SPEC ("ssp_default", &ssp_default_spec),
|
|
INIT_STATIC_SPEC ("endfile", &endfile_spec),
|
|
INIT_STATIC_SPEC ("link", &link_spec),
|
|
INIT_STATIC_SPEC ("lib", &lib_spec),
|
|
Index: b/gcc/cp/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/cp/lang-specs.h
|
|
+++ b/gcc/cp/lang-specs.h
|
|
@@ -46,7 +46,7 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
|
|
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:-o %g.s \
|
|
%{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}}%V}}}}",
|
|
@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
|
|
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{".ii", "@c++-cpp-output", 0, 0, 0},
|
|
{"@c++-cpp-output",
|
|
"%{!M:%{!MM:%{!E:\
|
|
- cc1plus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1plus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/params.def
|
|
===================================================================
|
|
--- a/gcc/params.def
|
|
+++ b/gcc/params.def
|
|
@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
|
|
DEFPARAM (PARAM_SSP_BUFFER_SIZE,
|
|
"ssp-buffer-size",
|
|
"The lower bound for a buffer to be considered for stack smashing protection.",
|
|
- 8, 1, 0)
|
|
+ 4, 1, 0)
|
|
|
|
DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING,
|
|
"min-size-for-stack-sharing",
|
|
Index: b/gcc/objc/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/objc/lang-specs.h
|
|
+++ b/gcc/objc/lang-specs.h
|
|
@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3.
|
|
%{traditional|traditional-cpp:\
|
|
%eGNU Objective C no longer supports traditional compilation}\
|
|
%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
|
|
- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\
|
|
+ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:\
|
|
- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\
|
|
+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objective-c-header",
|
|
"%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\
|
|
@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3.
|
|
%{traditional|traditional-cpp:\
|
|
%eGNU Objective C no longer supports traditional compilation}\
|
|
%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
|
|
- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ cc1obj -fpreprocessed %b.mi %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
-o %g.s %{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}%V}\
|
|
%{!save-temps*:%{!no-integrated-cpp:\
|
|
- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
-o %g.s %{!o*:--output-pch=%i.gch}\
|
|
%W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0},
|
|
{".mi", "@objective-c-cpp-output", 0, 0, 0},
|
|
{"@objective-c-cpp-output",
|
|
- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objc-cpp-output",
|
|
"%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\
|
|
- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
|
|
+ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/objcp/lang-specs.h
|
|
===================================================================
|
|
--- a/gcc/objcp/lang-specs.h
|
|
+++ b/gcc/objcp/lang-specs.h
|
|
@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
|
|
cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
-o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{"@objective-c++",
|
|
@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3.
|
|
%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
|
|
cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
|
|
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
|
|
- %(cc1_options) %2\
|
|
+ %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}",
|
|
CPLUSPLUS_CPP_SPEC, 0, 0},
|
|
{".mii", "@objective-c++-cpp-output", 0, 0, 0},
|
|
{"@objective-c++-cpp-output",
|
|
"%{!M:%{!MM:%{!E:\
|
|
- cc1objplus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
{"@objc++-cpp-output",
|
|
"%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\
|
|
%{!M:%{!MM:%{!E:\
|
|
- cc1objplus -fpreprocessed %i %(cc1_options) %2\
|
|
+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
|
|
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
|
|
Index: b/gcc/doc/invoke.texi
|
|
===================================================================
|
|
--- a/gcc/doc/invoke.texi
|
|
+++ b/gcc/doc/invoke.texi
|
|
@@ -9247,6 +9247,9 @@
|
|
The minimum size of variables taking part in stack slot sharing when not
|
|
optimizing. The default value is 32.
|
|
|
|
+The Alpine Linux default is "4", to increase
|
|
+the number of functions protected by the stack protector.
|
|
+
|
|
@item max-jump-thread-duplication-stmts
|
|
Maximum number of statements allowed in a block that needs to be
|
|
duplicated when threading jumps.
|
|
@@ -10185,6 +10188,11 @@
|
|
Like @option{-fstack-protector} but includes additional functions to
|
|
be protected --- those that have local array definitions, or have
|
|
references to local frame addresses.
|
|
+
|
|
+NOTE: In Alpine Linux,
|
|
+@option{-fstack-protector-strong} is enabled by default for C,
|
|
+C++, ObjC, ObjC++, if none of @option{-fno-stack-protector},
|
|
+@option{-nostdlib}, nor @option{-ffreestanding} are found.
|
|
|
|
@item -fstack-protector-explicit
|
|
@opindex fstack-protector-explicit
|