From 350ffdd54baf880f440ddf9697666e283894ded1 Mon Sep 17 00:00:00 2001 From: Robert Mustacchi Date: Thu, 22 Oct 2020 15:56:51 -0700 Subject: 13273 want upanic(2) Reviewed by: C Fraire Reviewed by: Andy Fiddaman Approved by: Gordon Ross --- usr/src/lib/libc/sparc/Makefile.com | 1 + 1 file changed, 1 insertion(+) (limited to 'usr/src/lib/libc/sparc') diff --git a/usr/src/lib/libc/sparc/Makefile.com b/usr/src/lib/libc/sparc/Makefile.com index 8ecec57516..7308fc64f6 100644 --- a/usr/src/lib/libc/sparc/Makefile.com +++ b/usr/src/lib/libc/sparc/Makefile.com @@ -322,6 +322,7 @@ COMSYSOBJS= \ ulimit.o \ umask.o \ umount2.o \ + upanic.o \ utssys.o \ uucopy.o \ vhangup.o \ -- cgit v1.2.3 From 6a817834d81cc75ce12d0d393320837b1fec1e85 Mon Sep 17 00:00:00 2001 From: Robert Mustacchi Date: Sat, 24 Oct 2020 13:26:45 -0700 Subject: 5788 Want support for GCC's stack protector in libc Reviewed by: Andy Fiddaman Reviewed by: Toomas Soome Approved by: Gordon Ross --- usr/src/lib/Makefile | 1 + usr/src/lib/libc/amd64/Makefile | 1 + usr/src/lib/libc/i386/Makefile.com | 1 + usr/src/lib/libc/inc/thr_uberdata.h | 1 + usr/src/lib/libc/port/gen/ssp.c | 67 +++++++++++++++++++++++ usr/src/lib/libc/port/mapfile-vers | 7 +++ usr/src/lib/libc/port/threads/thr.c | 6 ++ usr/src/lib/libc/sparc/Makefile.com | 1 + usr/src/lib/libc/sparcv9/Makefile.com | 1 + usr/src/lib/ssp_ns/Makefile | 37 +++++++++++++ usr/src/lib/ssp_ns/Makefile.com | 40 ++++++++++++++ usr/src/lib/ssp_ns/amd64/Makefile | 19 +++++++ usr/src/lib/ssp_ns/common/ssp_ns.c | 37 +++++++++++++ usr/src/lib/ssp_ns/i386/Makefile | 18 ++++++ usr/src/lib/ssp_ns/sparc/Makefile | 18 ++++++ usr/src/lib/ssp_ns/sparcv9/Makefile | 19 +++++++ usr/src/pkg/manifests/system-library-c-runtime.mf | 2 + usr/src/uts/common/sys/ccompile.h | 1 + 18 files changed, 277 insertions(+) create mode 100644 usr/src/lib/libc/port/gen/ssp.c create mode 100644 usr/src/lib/ssp_ns/Makefile create mode 100644 usr/src/lib/ssp_ns/Makefile.com create mode 100644 usr/src/lib/ssp_ns/amd64/Makefile create mode 100644 usr/src/lib/ssp_ns/common/ssp_ns.c create mode 100644 usr/src/lib/ssp_ns/i386/Makefile create mode 100644 usr/src/lib/ssp_ns/sparc/Makefile create mode 100644 usr/src/lib/ssp_ns/sparcv9/Makefile (limited to 'usr/src/lib/libc/sparc') diff --git a/usr/src/lib/Makefile b/usr/src/lib/Makefile index e3b3889305..55fc83ac7f 100644 --- a/usr/src/lib/Makefile +++ b/usr/src/lib/Makefile @@ -47,6 +47,7 @@ include ../Makefile.master # Build libc and its dependencies SUBDIRS= \ + ssp_ns \ crt \ ../cmd/sgs/libconv \ ../cmd/sgs/libdl \ diff --git a/usr/src/lib/libc/amd64/Makefile b/usr/src/lib/libc/amd64/Makefile index 7ef34a268d..846b260cfd 100644 --- a/usr/src/lib/libc/amd64/Makefile +++ b/usr/src/lib/libc/amd64/Makefile @@ -267,6 +267,7 @@ COMSYSOBJS= \ sigprocmsk.o \ sigsendset.o \ sigsuspend.o \ + ssp.o \ statfs.o \ statvfs.o \ stty.o \ diff --git a/usr/src/lib/libc/i386/Makefile.com b/usr/src/lib/libc/i386/Makefile.com index e9e9479ac9..a45feed38a 100644 --- a/usr/src/lib/libc/i386/Makefile.com +++ b/usr/src/lib/libc/i386/Makefile.com @@ -575,6 +575,7 @@ PORTGEN= \ sigsend.o \ sigsetops.o \ ssignal.o \ + ssp.o \ stack.o \ stpcpy.o \ stpncpy.o \ diff --git a/usr/src/lib/libc/inc/thr_uberdata.h b/usr/src/lib/libc/inc/thr_uberdata.h index c9e2670cc4..7ad0447271 100644 --- a/usr/src/lib/libc/inc/thr_uberdata.h +++ b/usr/src/lib/libc/inc/thr_uberdata.h @@ -1318,6 +1318,7 @@ extern void _flush_windows(void); #define _flush_windows() #endif extern void set_curthread(void *); +extern void ssp_init(void); /* * Utility function used when waking up many threads (more than MAXLWPS) diff --git a/usr/src/lib/libc/port/gen/ssp.c b/usr/src/lib/libc/port/gen/ssp.c new file mode 100644 index 0000000000..81d93829ea --- /dev/null +++ b/usr/src/lib/libc/port/gen/ssp.c @@ -0,0 +1,67 @@ +/* + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + */ + +/* + * Copyright 2020 Oxide Computer Company + */ + +#include +#include + +/* + * This provides an implementation of the stack protector functions that are + * expected by gcc's ssp implementation. + * + * We attempt to initialize the stack guard with random data, which is our best + * protection. If that fails, we'd like to have a guard that is still meaningful + * and not totally predictable. The original StackGuard paper suggests using a + * terminator canary. To make this a little more difficult, we also use a + * portion of the data from gethrtime(). + * + * In a 32-bit environment, we only have four bytes worth of data. We use the + * lower two bytes of the gethrtime() value and then use pieces of the + * terminator canary, '\n\0'. In a 64-bit environment we use the full four byte + * terminator canary and then four bytes of gethrtime. + */ + +/* + * Use an array here so it's easier to get the length at compile time. + */ +static const char ssp_msg[] = "*** stack smashing detected"; + +uintptr_t __stack_chk_guard; + +void +ssp_init(void) +{ + if (getrandom(&__stack_chk_guard, sizeof (__stack_chk_guard), 0) != + sizeof (__stack_chk_guard)) { + /* + * This failed, attempt to get some data that might let us get + * off the ground. + */ + hrtime_t t = gethrtime(); +#ifdef _LP32 + const uint16_t guard = '\n' << 8 | '\0'; + __stack_chk_guard = guard << 16 | (uint16_t)t; +#else + const uint32_t guard = '\r' << 24 | '\n' << 16 | '\0' << 8 | + '\xff'; + __stack_chk_guard = (uint64_t)guard << 32 | (uint32_t)t; +#endif + } +} + +void +__stack_chk_fail(void) +{ + upanic(ssp_msg, sizeof (ssp_msg)); +} diff --git a/usr/src/lib/libc/port/mapfile-vers b/usr/src/lib/libc/port/mapfile-vers index 6a85e0d37e..5223dbc01d 100644 --- a/usr/src/lib/libc/port/mapfile-vers +++ b/usr/src/lib/libc/port/mapfile-vers @@ -78,6 +78,13 @@ $if _x86 && _ELF64 $add amd64 $endif +SYMBOL_VERSION ILLUMOS_0.37 { + global: + __stack_chk_guard; + protected: + __stack_chk_fail; +} ILLUMOS_0.36; + SYMBOL_VERSION ILLUMOS_0.36 { protected: upanic; diff --git a/usr/src/lib/libc/port/threads/thr.c b/usr/src/lib/libc/port/threads/thr.c index 2a982eb8c8..4b7d9035b3 100644 --- a/usr/src/lib/libc/port/threads/thr.c +++ b/usr/src/lib/libc/port/threads/thr.c @@ -1299,6 +1299,11 @@ libc_init(void) */ if (oldself != NULL && (oldself->ul_primarymap || !primary_link_map)) { __tdb_bootstrap = oldself->ul_uberdata->tdb_bootstrap; + /* + * Each link map has its own copy of the stack protector guard + * and must always be initialized. + */ + ssp_init(); mutex_setup(); atfork_init(); /* every link map needs atfork() processing */ init_progname(); @@ -1439,6 +1444,7 @@ libc_init(void) /* tls_size was zero when oldself was allocated */ lfree(oldself, sizeof (ulwp_t)); } + ssp_init(); mutex_setup(); atfork_init(); signal_init(); diff --git a/usr/src/lib/libc/sparc/Makefile.com b/usr/src/lib/libc/sparc/Makefile.com index 7308fc64f6..b2c0c36ef7 100644 --- a/usr/src/lib/libc/sparc/Makefile.com +++ b/usr/src/lib/libc/sparc/Makefile.com @@ -602,6 +602,7 @@ PORTGEN= \ sigsend.o \ sigsetops.o \ ssignal.o \ + ssp.o \ stack.o \ stpcpy.o \ stpncpy.o \ diff --git a/usr/src/lib/libc/sparcv9/Makefile.com b/usr/src/lib/libc/sparcv9/Makefile.com index 9b7ff53999..a009541deb 100644 --- a/usr/src/lib/libc/sparcv9/Makefile.com +++ b/usr/src/lib/libc/sparcv9/Makefile.com @@ -560,6 +560,7 @@ PORTGEN= \ sigsend.o \ sigsetops.o \ ssignal.o \ + ssp.o \ stack.o \ stpcpy.o \ stpncpy.o \ diff --git a/usr/src/lib/ssp_ns/Makefile b/usr/src/lib/ssp_ns/Makefile new file mode 100644 index 0000000000..e04e271f66 --- /dev/null +++ b/usr/src/lib/ssp_ns/Makefile @@ -0,0 +1,37 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright 2020 Oxide Computer Company +# + +include ../Makefile.lib + +SUBDIRS = $(MACH) +$(BUILD64)SUBDIRS += $(MACH64) + +all := TARGET = all +clean := TARGET = clean +clobber := TARGET = clobber +install := TARGET = install + +.KEEP_STATE: + +all clean clobber: $(SUBDIRS) + +install: $(SUBDIRS) + +$(SUBDIRS): FRC + @cd $@; pwd; $(MAKE) $(TARGET) + +FRC: + +include ../Makefile.targ diff --git a/usr/src/lib/ssp_ns/Makefile.com b/usr/src/lib/ssp_ns/Makefile.com new file mode 100644 index 0000000000..5ff9bbd913 --- /dev/null +++ b/usr/src/lib/ssp_ns/Makefile.com @@ -0,0 +1,40 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright 2020 Oxide Computer Company +# + +LIBRARY = libssp_ns.a +VERS = .1 +OBJECTS = ssp_ns.o + +include ../../Makefile.lib + +# +# We need to build an archive file; however, this is going to show up +# and be used in libraries and otherwise. So we need to still build it +# as position independent code. The Makefile system doesn't want to +# build a PIC file that's going into a .a file by default, so we have to +# do a little bit here. +# +LIBS = $(LIBRARY) +SRCDIR = ../common +CFLAGS += $($(MACH)_C_PICFLAGS) + +CLOBBERFILES += $(LIBRARY) + +.KEEP_STATE: + +all: $(LIBS) + + +include ../../Makefile.targ diff --git a/usr/src/lib/ssp_ns/amd64/Makefile b/usr/src/lib/ssp_ns/amd64/Makefile new file mode 100644 index 0000000000..59bd9673ce --- /dev/null +++ b/usr/src/lib/ssp_ns/amd64/Makefile @@ -0,0 +1,19 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright 2020 Oxide Computer Company +# + +include ../Makefile.com +include ../../Makefile.lib.64 + +install: all $(ROOTLIBS64) diff --git a/usr/src/lib/ssp_ns/common/ssp_ns.c b/usr/src/lib/ssp_ns/common/ssp_ns.c new file mode 100644 index 0000000000..bf7c45cd90 --- /dev/null +++ b/usr/src/lib/ssp_ns/common/ssp_ns.c @@ -0,0 +1,37 @@ +/* + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + */ + +/* + * Copyright 2020 Oxide Computer Company + */ + +#include + +/* + * To impement gcc's stack protector library, the compiler emits a function call + * to a symbol which can be called absolutely. As a result, to make that happen, + * we mimic what gcc does with libssp and create an archive file that can be + * used in the specs file to pull this in directly. This is a bit of a pain, but + * that's the best we can do given the architecture that we have. + * + * Warning: This is a static archive. Nothing beyond the call for + * __stack_chk_fail_local and calls to committed interfaces should be here. As + * this implementation will be linked into programs, one should exercise care to + * make sure we don't expose anything else here. + */ + +extern void __stack_chk_fail(void); + +void __HIDDEN +__stack_chk_fail_local(void) +{ + __stack_chk_fail(); +} diff --git a/usr/src/lib/ssp_ns/i386/Makefile b/usr/src/lib/ssp_ns/i386/Makefile new file mode 100644 index 0000000000..c5a17a19d7 --- /dev/null +++ b/usr/src/lib/ssp_ns/i386/Makefile @@ -0,0 +1,18 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright 2020 Oxide Computer Company +# + +include ../Makefile.com + +install: all $(ROOTLIBS) diff --git a/usr/src/lib/ssp_ns/sparc/Makefile b/usr/src/lib/ssp_ns/sparc/Makefile new file mode 100644 index 0000000000..c5a17a19d7 --- /dev/null +++ b/usr/src/lib/ssp_ns/sparc/Makefile @@ -0,0 +1,18 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright 2020 Oxide Computer Company +# + +include ../Makefile.com + +install: all $(ROOTLIBS) diff --git a/usr/src/lib/ssp_ns/sparcv9/Makefile b/usr/src/lib/ssp_ns/sparcv9/Makefile new file mode 100644 index 0000000000..59bd9673ce --- /dev/null +++ b/usr/src/lib/ssp_ns/sparcv9/Makefile @@ -0,0 +1,19 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright 2020 Oxide Computer Company +# + +include ../Makefile.com +include ../../Makefile.lib.64 + +install: all $(ROOTLIBS64) diff --git a/usr/src/pkg/manifests/system-library-c-runtime.mf b/usr/src/pkg/manifests/system-library-c-runtime.mf index 2151c03897..2b8bd7aafd 100644 --- a/usr/src/pkg/manifests/system-library-c-runtime.mf +++ b/usr/src/pkg/manifests/system-library-c-runtime.mf @@ -18,6 +18,7 @@ set name=variant.arch value=$(ARCH) file path=usr/lib/$(ARCH64)/crt1.o file path=usr/lib/$(ARCH64)/crti.o file path=usr/lib/$(ARCH64)/crtn.o +file path=usr/lib/$(ARCH64)/libssp_ns.a file path=usr/lib/$(ARCH64)/values-Xa.o file path=usr/lib/$(ARCH64)/values-Xc.o file path=usr/lib/$(ARCH64)/values-Xs.o @@ -27,6 +28,7 @@ file path=usr/lib/$(ARCH64)/values-xpg6.o file path=usr/lib/crt1.o file path=usr/lib/crti.o file path=usr/lib/crtn.o +file path=usr/lib/libssp_ns.a file path=usr/lib/values-Xa.o file path=usr/lib/values-Xc.o file path=usr/lib/values-Xs.o diff --git a/usr/src/uts/common/sys/ccompile.h b/usr/src/uts/common/sys/ccompile.h index de0031d6b0..e687fd99a3 100644 --- a/usr/src/uts/common/sys/ccompile.h +++ b/usr/src/uts/common/sys/ccompile.h @@ -160,6 +160,7 @@ extern "C" { #define __unused __sun_attr__((__unused__)) #define __used __attribute__((__used__)) #define __weak_symbol __attribute__((__weak__)) +#define __HIDDEN __attribute__((visibility("hidden"))) #ifdef __cplusplus } -- cgit v1.2.3 From 5a0af8165ce9590e7a18f1ef4f9badc4dd72c6e6 Mon Sep 17 00:00:00 2001 From: Robert Mustacchi Date: Sat, 24 Oct 2020 17:43:02 -0700 Subject: 13274 enable -fstack-protector-strong by default in user land Reviewed by: Andy Fiddaman Reviewed by: Toomas Soome Approved by: Gordon Ross --- usr/src/Makefile.master | 39 ++++++++++++++++++++++ usr/src/cmd/Makefile.cmd | 8 ++++- usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile | 9 ++--- usr/src/cmd/lp/cmd/Makefile | 9 ++--- usr/src/cmd/lp/cmd/lpadmin/Makefile | 2 +- usr/src/cmd/lp/cmd/lpsched/Makefile | 6 ++-- usr/src/cmd/lp/model/Makefile | 6 ++-- usr/src/cmd/mdb/Makefile.kmdb | 5 +++ usr/src/cmd/mdb/Makefile.libstand | 6 ++++ usr/src/cmd/mdb/Makefile.libstandctf | 6 ++++ usr/src/cmd/mdb/Makefile.module | 1 + usr/src/cmd/picl/plugins/common/piclevent/Makefile | 2 +- usr/src/cmd/print/bsd-sysv-commands/Makefile | 8 ++--- usr/src/cmd/rcm_daemon/Makefile.com | 2 +- usr/src/cmd/sgs/libconv/Makefile.com | 6 ++++ usr/src/cmd/sgs/rtld/Makefile.com | 16 +++++++++ usr/src/lib/Makefile.lib | 7 ++++ usr/src/lib/libc/amd64/Makefile | 6 ++++ usr/src/lib/libc/i386/Makefile.com | 6 ++++ usr/src/lib/libc/sparc/Makefile.com | 6 ++++ usr/src/lib/libc/sparcv9/Makefile.com | 6 ++++ usr/src/lib/libdisasm/Makefile.com | 6 ++++ usr/src/lib/libdtrace/Makefile.com | 10 +++++- usr/src/lib/libsaveargs/Makefile.com | 6 ++++ usr/src/lib/libumem/Makefile.com | 6 ++++ usr/src/lib/ssp_ns/Makefile.com | 6 ++++ usr/src/stand/lib/Makefile.com | 6 ++++ usr/src/tools/Makefile.tools | 7 ++++ usr/src/uts/intel/Makefile.intel | 30 ----------------- 29 files changed, 182 insertions(+), 57 deletions(-) (limited to 'usr/src/lib/libc/sparc') diff --git a/usr/src/Makefile.master b/usr/src/Makefile.master index c3dfbe70fa..7777f62565 100644 --- a/usr/src/Makefile.master +++ b/usr/src/Makefile.master @@ -410,6 +410,45 @@ CCNOAGGRESSIVELOOPS= \ -_gcc8=-fno-aggressive-loop-optimizations \ -_gcc9=-fno-aggressive-loop-optimizations +# +# Options to control which version of stack-protector we enable. This +# gives us a bit of flexibility and is unfortunately necessary as some +# modules do not function correctly with our defaults (qede). +# +# o STACKPROTECT_ Sets the appropriate version for the compiler +# o STACKPROTECT_strong Sets us to use strong on all of the +# compilers it supports. This is the same +# as the default. +# +# o STACKPROTECT_none Disables the stack protector. +# +# o STACKPROTECT_all Enables it for everything. +# +# o STACKPROTECT_basic Enables the basic stack protector. +# +# -fstack-protector-strong is not available in gcc4 which is why we +# have per-compiler versions below. These are not added to the default +# global CFLAGS at this time as it's being incrementally enabled +# throughout the build. +# +STACKPROTECT_ = -_gcc4=-fstack-protector +STACKPROTECT_ += -_gcc7=-fstack-protector-strong +STACKPROTECT_ += -_gcc8=-fstack-protector-strong +STACKPROTECT_ += -_gcc9=-fstack-protector-strong + +STACKPROTECT_strong = $(STACKPROTECT_) +STACKPROTECT_none = +STACKPROTECT_all = -_gcc=-fstack-protector-all +STACKPROTECT_basic = -_gcc=-fstack-protector + +STACKPROTECT_LD_ = -lssp_ns +STACKPROTECT_LD_none = +STACKRPTOECT_LD_all = $(STACKRPOTECT_LD_) +STACKRPTOECT_LD_basic = $(STACKRPOTECT_LD_) + +CCSTACKPROTECT= $(STACKPROTECT_$(STACKPROTECT)) +LDSTACKPROTECT= $(STACKPROTECT_LD_$(STACKPROTECT)) + # One optimization the compiler might perform is to turn this: # #pragma weak foo # extern int foo; diff --git a/usr/src/cmd/Makefile.cmd b/usr/src/cmd/Makefile.cmd index b16a7532b2..b616d6a7ac 100644 --- a/usr/src/cmd/Makefile.cmd +++ b/usr/src/cmd/Makefile.cmd @@ -115,7 +115,13 @@ ROOTAUDIOSAMPAU=$(ROOTAUDIOSAMP)/au ISAEXEC= $(ROOT)/usr/lib/isaexec PLATEXEC= $(ROOT)/usr/lib/platexec -LDLIBS = $(LDLIBS.cmd) +# +# Enable the stack protector by default. +# +CFLAGS += $(CCSTACKPROTECT) +CFLAGS64 += $(CCSTACKPROTECT) + +LDLIBS = $(LDLIBS.cmd) $(LDSTACKPROTECT) LDFLAGS.cmd = \ $(BDIRECT) $(ENVLDFLAGS1) $(ENVLDFLAGS2) $(ENVLDFLAGS3) \ diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile b/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile index d577640c90..1f7c9b1ef7 100644 --- a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile +++ b/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile @@ -26,7 +26,7 @@ # MINCONN = minconn.so -PASSPROMPT = passprompt.so +PASSPROMPT = passprompt.so PPPOE = pppoe.so LIBRARIES = minconn.so passprompt.so pppoe.so @@ -52,11 +52,8 @@ $(MINCONN):= MAPFILES = mapfile-minconn $(PASSPROMPT):= MAPFILES = mapfile-passprompt $(PPPOE):= MAPFILES = mapfile-pppoe -# A bug in pmake causes redundancy when '+=' is conditionally assigned, so -# '=' is used with extra variables. -XXXLDLIBS = -$(PASSPROMPT):= XXXLDLIBS = -lc -LDLIBS += $(XXXLDLIBS) +$(PASSPROMPT):= LDLIBS += -lc +$(PPPOE):= LDLIBS += -lc CPPFLAGS += -I.. -I$(SRC)/uts/common # XX64 -- this should not be needed -- fix me diff --git a/usr/src/cmd/lp/cmd/Makefile b/usr/src/cmd/lp/cmd/Makefile index 1d31e19262..21fef0076b 100644 --- a/usr/src/cmd/lp/cmd/Makefile +++ b/usr/src/cmd/lp/cmd/Makefile @@ -54,11 +54,12 @@ LDFLAGS += $(MAPFILE.NGB:%=-Wl,-M%) # conditional assignments # lpfilter:= LDLIBS += $(LIBFLT) $(LIBMSG) $(LIBACC) $(LIBOAM) $(LIBLP) \ - -lgen -lsecdb + -lgen -lsecdb $(LDSTACKPROTECT) lpforms:= LDLIBS += $(LIBFRM) $(LIBMSG) $(LIBREQ) $(LIBOAM) \ - $(LIBACC) $(LIBLP) -lsecdb -lpshut:= LDLIBS += $(LIBMSG) $(LIBOAM) $(LIBLP) -lpusers:= LDLIBS += $(LIBMSG) $(LIBACC) $(LIBOAM) $(LIBUSR) $(LIBLP) + $(LIBACC) $(LIBLP) -lsecdb $(LDSTACKPROTECT) +lpshut:= LDLIBS += $(LIBMSG) $(LIBOAM) $(LIBLP) $(LDSTACKPROTECT) +lpusers:= LDLIBS += $(LIBMSG) $(LIBACC) $(LIBOAM) $(LIBUSR) $(LIBLP) \ + $(LDSTACKPROTECT) .KEEP_STATE: diff --git a/usr/src/cmd/lp/cmd/lpadmin/Makefile b/usr/src/cmd/lp/cmd/lpadmin/Makefile index 4e2333ce29..ca2753b1e2 100644 --- a/usr/src/cmd/lp/cmd/lpadmin/Makefile +++ b/usr/src/cmd/lp/cmd/lpadmin/Makefile @@ -62,7 +62,7 @@ LPLIBS= $(LIBACC) \ SYSLIBS= -lcurses -LDLIBS += -lsecdb $(LPLIBS) $(SYSLIBS) $(I18N) +LDLIBS += -lsecdb $(LPLIBS) $(SYSLIBS) $(I18N) $(LDSTACKPROTECT) LDFLAGS += $(MAPFILE.NGB:%=-Wl,-M%) PROG= lpadmin diff --git a/usr/src/cmd/lp/cmd/lpsched/Makefile b/usr/src/cmd/lp/cmd/lpsched/Makefile index c5c645ffe8..42628a4b9d 100644 --- a/usr/src/cmd/lp/cmd/lpsched/Makefile +++ b/usr/src/cmd/lp/cmd/lpsched/Makefile @@ -22,8 +22,6 @@ # Copyright 2008 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -# ident "%Z%%M% %I% %E% SMI" -# # cmd/lp/cmd/lpsched/lpsched/Makefile # @@ -102,13 +100,13 @@ LPLIBS = \ SYSLIBS= -lcurses -lgen -lcurses -lnsl -ltsol -lsecdb -lbsm -LDLIBS += $(LPLIBS) $(SYSLIBS) +LDLIBS += $(LPLIBS) $(SYSLIBS) $(LDSTACKPROTECT) POFILE= lp_cmd_lpsched.po .KEEP_STATE: -all: $(PROG) +all: $(PROG) $(PROG): $(OBJS) $(LPLIBS) $(LINK.c) $(OBJS) -o $@ $(LDLIBS) diff --git a/usr/src/cmd/lp/model/Makefile b/usr/src/cmd/lp/model/Makefile index 5da2ee6539..40840ecee0 100644 --- a/usr/src/cmd/lp/model/Makefile +++ b/usr/src/cmd/lp/model/Makefile @@ -19,8 +19,6 @@ # CDDL HEADER END # # -# ident "%Z%%M% %I% %E% SMI" -# # Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # @@ -62,8 +60,8 @@ ROOTMODELS = $(MODELS:%=$(ROOTLIBLPMODEL)/%) CPPFLAGS = -I$(LPINC) $(CPPFLAGS.master) # conditional assignments -lp.tell := LDLIBS += $(LIBMSG) $(LIBLP) -lp.set drain.output lp.cat := LDLIBS += $(LIBLP) -lcurses +lp.tell := LDLIBS += $(LIBMSG) $(LIBLP) $(LDSTACKPROTECT) +lp.set drain.output lp.cat := LDLIBS += $(LIBLP) -lcurses $(LDSTACKPROTECT) lp.tsol_separator := LDLIBS += -ltsol $(ROOTMISC) := FILEMODE = 0444 diff --git a/usr/src/cmd/mdb/Makefile.kmdb b/usr/src/cmd/mdb/Makefile.kmdb index be670d3fc6..0bbeaf5200 100644 --- a/usr/src/cmd/mdb/Makefile.kmdb +++ b/usr/src/cmd/mdb/Makefile.kmdb @@ -58,6 +58,11 @@ CFLAGS64 += $(STAND_FLAGS_64) ASFLAGS += -P -D_ASM $(INCDIRS:%=-I%) $(ARCHOPTS) +# +# kmdb has bootstrapping challenges with the stack protector. +# +STACKPROTECT = none + SUBDIR64_sparc = sparcv9 SUBDIR64_i386 = amd64 SUBDIR64 = $(SUBDIR64_$(MACH)) diff --git a/usr/src/cmd/mdb/Makefile.libstand b/usr/src/cmd/mdb/Makefile.libstand index 9668bbaafb..279194a6ef 100644 --- a/usr/src/cmd/mdb/Makefile.libstand +++ b/usr/src/cmd/mdb/Makefile.libstand @@ -65,6 +65,12 @@ INCDIRS = \ $(NOT_RELEASE_BUILD)CPPFLAGS += -DDEBUG CPPFLAGS = $(INCDIRS:%=-I%) -D_KMDB +# +# We cannot currently use the stack protector in kmdb's standalone +# environment. +# +STACKPROTECT = none + # # kmdb is a kernel module, so we'll use the kernel's build flags. CFLAGS64 += $(STAND_FLAGS_64) diff --git a/usr/src/cmd/mdb/Makefile.libstandctf b/usr/src/cmd/mdb/Makefile.libstandctf index 11e77bafcc..bab6231894 100644 --- a/usr/src/cmd/mdb/Makefile.libstandctf +++ b/usr/src/cmd/mdb/Makefile.libstandctf @@ -50,6 +50,12 @@ CPPFLAGS += -I$(SRC)/common/ctf -I../../../common -DCTF_OLD_VERSIONS -D_MDB \ CSTD = $(CSTD_GNU99) C99LMODE = -Xc99=%all +# +# We cannot currently use the stack protector in the kmdb standalone +# environment. +# +STACKPROTECT = none + # # kmdb is a kernel module, so we'll use the kernel's build flags. CFLAGS64 += $(STAND_FLAGS_64) diff --git a/usr/src/cmd/mdb/Makefile.module b/usr/src/cmd/mdb/Makefile.module index e14e8f42a6..adf248993f 100644 --- a/usr/src/cmd/mdb/Makefile.module +++ b/usr/src/cmd/mdb/Makefile.module @@ -121,6 +121,7 @@ $(MODOBJS) := CFLAGS64 += $(C_BIGPICFLAGS) $(XREGSFLAG) $(KMODOBJS) := CPPFLAGS += -D_KMDB $(KMODOBJS) := V9CODESIZE = $(CCABS32) $(KMODOBJS) := DTS_ERRNO = +$(KMODFILE) := STACKPROTECT = none # Modules aren't allowed to export symbols MAPFILE = $(SRC)/cmd/mdb/common/modules/conf/mapfile diff --git a/usr/src/cmd/picl/plugins/common/piclevent/Makefile b/usr/src/cmd/picl/plugins/common/piclevent/Makefile index 1b0ad54ea2..c1e4c4702a 100644 --- a/usr/src/cmd/picl/plugins/common/piclevent/Makefile +++ b/usr/src/cmd/picl/plugins/common/piclevent/Makefile @@ -36,7 +36,7 @@ include $(SRC)/cmd/picl/plugins/Makefile.com MODULES = picl_slm.so MOD_SRCS = picl_slm.c MOD_OBJS = picl_slm.o -MOD_LDLIBS = -L$(ROOT)/usr/lib -lsysevent -lnvpair -lc +MOD_LDLIBS = -L$(ROOT)/usr/lib -lsysevent -lnvpair -lc $(LDSTACKPROTECT) # sysevent SLM dirs SYSEVENT = sysevent diff --git a/usr/src/cmd/print/bsd-sysv-commands/Makefile b/usr/src/cmd/print/bsd-sysv-commands/Makefile index f2b8c41230..2821e90db8 100644 --- a/usr/src/cmd/print/bsd-sysv-commands/Makefile +++ b/usr/src/cmd/print/bsd-sysv-commands/Makefile @@ -60,7 +60,7 @@ CPPFLAGS += -I. CPPFLAGS += -I../../../lib/print/libpapi-common/common CPPFLAGS += -I$(ROOT)/usr/include CPPFLAGS += -I../../lp/include -LDLIBS += $(LIBLP) -lpapi -lc +LDLIBS += $(LIBLP) $(LDSTACKPROTECT) -lpapi -lc in.lpd:= CFLAGS += -DSOLARIS_PRIVATE_POST_0_9 in.lpd:= LDLIBS += -lnsl -lsocket @@ -85,14 +85,14 @@ $(ROOTUSRUCB)/%: $(ROOTUSRUCB) % $(ROOTLIBLPBIN)/%: % $(INS.file) -$(ROOTUCBSYMLINKS): +$(ROOTUCBSYMLINKS): $(RM) $@; $(SYMLINK) ../bin/$(@F) $@ # usr/lib links ROOTUSRLIBSYMLINKS = $(SBINPROGS:%=$(ROOTLIB)/%) $(ROOTLIB)/%: $(ROOTLIB) % -$(ROOTUSRLIBSYMLINKS): +$(ROOTUSRLIBSYMLINKS): $(RM) $@; $(SYMLINK) ../sbin/$(@F) $@ .KEEP_STATE: @@ -104,7 +104,7 @@ install: $(ROOTLIBLPPROGS) \ check: $(CHKMANIFEST) clean: - $(RM) $(OBJS) + $(RM) $(OBJS) CLOBBERFILES += $(BINPROGS) $(SBINPROGS) $(LIBPRINTPROGS) diff --git a/usr/src/cmd/rcm_daemon/Makefile.com b/usr/src/cmd/rcm_daemon/Makefile.com index a11c03bc4b..8267af63fc 100644 --- a/usr/src/cmd/rcm_daemon/Makefile.com +++ b/usr/src/cmd/rcm_daemon/Makefile.com @@ -135,7 +135,7 @@ SUNW_ip_rcm.so := LDLIBS_MODULES += -linetutil -ldladm -lipmp -lipadm -lnvpair - SUNW_ip_anon_rcm.so := LDLIBS_MODULES += -linetutil SUNW_bridge_rcm.so := LDLIBS_MODULES += -ldladm -lnvpair SUNW_mpxio_rcm.so := LDLIBS_MODULES += -ldevinfo -LDLIBS_MODULES += -lrcm -lc +LDLIBS_MODULES += -lrcm -lc $(LDSTACKPROTECT) LDLIBS += -lrcm -lnvpair diff --git a/usr/src/cmd/sgs/libconv/Makefile.com b/usr/src/cmd/sgs/libconv/Makefile.com index daffcfa01e..4cc0f5d8bc 100644 --- a/usr/src/cmd/sgs/libconv/Makefile.com +++ b/usr/src/cmd/sgs/libconv/Makefile.com @@ -120,3 +120,9 @@ MSGSRCS= $(COMOBJS:%.o=../common/%.c) \ SGSMSGTARG= $(BLTOBJS:%_msg.o=../common/%.msg) CLEANFILES += $(BLTDATA) bld_vernote vernote.s + +# +# Disable the stack protector due to issues with bootstrapping rtld. See +# cmd/sgs/rtld/Makefile.com for more information. +# +STACKPROTECT = none diff --git a/usr/src/cmd/sgs/rtld/Makefile.com b/usr/src/cmd/sgs/rtld/Makefile.com index 853fd5066b..4b1a9a328d 100644 --- a/usr/src/cmd/sgs/rtld/Makefile.com +++ b/usr/src/cmd/sgs/rtld/Makefile.com @@ -154,3 +154,19 @@ SRCS= $(AVLOBJ:%.o=$(VAR_AVLDIR)/%.c) \ CLEANFILES += $(CRTS) $(BLTFILES) CLOBBERFILES += $(RTLD) + +# +# We cannot currently enable the stack protector for rtld as it runs +# before libc initializes, which is where we always enable the stack +# protector values. Because rtld is likely on an alternate link map and +# links in the relevant portions of libc through libc_pic.a, there is +# probably a path to enabling an rtld specific version of the stack +# protector. +# +# As a result, this currently disables the stack protector in two +# related targets which really could use it. These are libconv and libc. +# Both of these end up building position-independent archive libraries +# that are directly linked into rtld. This situation can and should be +# improved. +# +STACKPROTECT = none diff --git a/usr/src/lib/Makefile.lib b/usr/src/lib/Makefile.lib index fb16de1a17..2dab9d92c6 100644 --- a/usr/src/lib/Makefile.lib +++ b/usr/src/lib/Makefile.lib @@ -162,6 +162,13 @@ INS.liblinkccc= -$(RM) $@; $(SYMLINK) $(LIBLINKPATH)$(LIBLINKSCCC)$(VERS) $@ INS.liblink64= -$(RM) $@; $(SYMLINK) $(LIBLINKPATH)$(LIBLINKS)$(VERS) $@ INS.liblinkccc64= -$(RM) $@; $(SYMLINK) $(LIBLINKPATH)$(LIBLINKSCCC)$(VERS) $@ +# +# Default to adding stack protection to all libraries. +# +CFLAGS += $(CCSTACKPROTECT) +CFLAGS64 += $(CCSTACKPROTECT) +LDLIBS += $(LDSTACKPROTECT) + # # If appropriate, augment POST_PROCESS_O and POST_PROCESS_SO to do CTF # processing. We'd like to just conditionally append to POST_PROCESS_O and diff --git a/usr/src/lib/libc/amd64/Makefile b/usr/src/lib/libc/amd64/Makefile index 846b260cfd..717c549329 100644 --- a/usr/src/lib/libc/amd64/Makefile +++ b/usr/src/lib/libc/amd64/Makefile @@ -1202,6 +1202,12 @@ pics/arc4random.o := CPPFLAGS += -I$(SRC)/common/crypto/chacha pics/__clock_gettime.o := CPPFLAGS += $(COMMPAGE_CPPFLAGS) pics/gettimeofday.o := CPPFLAGS += $(COMMPAGE_CPPFLAGS) +# +# Disable the stack protector due to issues with bootstrapping rtld. See +# cmd/sgs/rtld/Makefile.com for more information. +# +STACKPROTECT = none + .KEEP_STATE: all: $(LIBS) $(LIB_PIC) diff --git a/usr/src/lib/libc/i386/Makefile.com b/usr/src/lib/libc/i386/Makefile.com index a45feed38a..a1c0297112 100644 --- a/usr/src/lib/libc/i386/Makefile.com +++ b/usr/src/lib/libc/i386/Makefile.com @@ -1267,6 +1267,12 @@ pics/arc4random.o := CPPFLAGS += -I$(SRC)/common/crypto/chacha pics/__clock_gettime.o := CPPFLAGS += $(COMMPAGE_CPPFLAGS) pics/gettimeofday.o := CPPFLAGS += $(COMMPAGE_CPPFLAGS) +# +# Disable the stack protector due to issues with bootstrapping rtld. See +# cmd/sgs/rtld/Makefile.com for more information. +# +STACKPROTECT = none + .KEEP_STATE: all: $(LIBS) $(LIB_PIC) diff --git a/usr/src/lib/libc/sparc/Makefile.com b/usr/src/lib/libc/sparc/Makefile.com index b2c0c36ef7..c699befe9c 100644 --- a/usr/src/lib/libc/sparc/Makefile.com +++ b/usr/src/lib/libc/sparc/Makefile.com @@ -1318,6 +1318,12 @@ pics/arc4random.o := CPPFLAGS += -I$(SRC)/common/crypto/chacha # Files which need extra optimization pics/getenv.o := sparc_COPTFLAG = -xO4 +# +# Disable the stack protector due to issues with bootstrapping rtld. See +# cmd/sgs/rtld/Makefile.com for more information. +# +STACKPROTECT = none + .KEEP_STATE: all: $(LIBS) $(LIB_PIC) diff --git a/usr/src/lib/libc/sparcv9/Makefile.com b/usr/src/lib/libc/sparcv9/Makefile.com index a009541deb..120e164f62 100644 --- a/usr/src/lib/libc/sparcv9/Makefile.com +++ b/usr/src/lib/libc/sparcv9/Makefile.com @@ -1241,6 +1241,12 @@ pics/arc4random.o := CPPFLAGS += -I$(SRC)/common/crypto/chacha # Files which need extra optimization pics/getenv.o := sparcv9_COPTFLAG = -xO4 +# +# Disable the stack protector due to issues with bootstrapping rtld. See +# cmd/sgs/rtld/Makefile.com for more information. +# +STACKPROTECT = none + .KEEP_STATE: all: $(LIBS) $(LIB_PIC) diff --git a/usr/src/lib/libdisasm/Makefile.com b/usr/src/lib/libdisasm/Makefile.com index 2173e5bb2c..e88d62335f 100644 --- a/usr/src/lib/libdisasm/Makefile.com +++ b/usr/src/lib/libdisasm/Makefile.com @@ -124,6 +124,12 @@ CERRWARN += $(CNOWARN_UNINIT) # not linted SMATCH=off +# +# The standalone environment currently does not support the stack +# protector. +# +STACKPROTECT = none + # We want the thread-specific errno in the library, but we don't want it in # the standalone. $(DTS_ERRNO) is designed to add -D_TS_ERRNO to $(CPPFLAGS), # in order to enable this feature. Conveniently, -D_REENTRANT does the same diff --git a/usr/src/lib/libdtrace/Makefile.com b/usr/src/lib/libdtrace/Makefile.com index 1016c8e295..4b42c96cdc 100644 --- a/usr/src/lib/libdtrace/Makefile.com +++ b/usr/src/lib/libdtrace/Makefile.com @@ -140,7 +140,7 @@ SMATCH=off YYCFLAGS = LDLIBS += -lgen -lproc -lrtld_db -lnsl -lsocket -lctf -lelf -lc DRTILDLIBS = $(LDLIBS.lib) -lc -LIBDAUDITLIBS = $(LDLIBS.lib) -lmapmalloc -lc -lproc +LIBDAUDITLIBS = $(LDLIBS.lib) -lmapmalloc -lc -lproc $(LDSTACKPROTECT) yydebug := YYCFLAGS += -DYYDEBUG @@ -154,6 +154,14 @@ ROOTDLIBS = $(DLIBSRCS:%=$(ROOTDLIBDIR)/%) ROOTDOBJS = $(ROOTDLIBDIR)/$(DRTIOBJ) $(ROOTDLIBDIR)/$(LIBDAUDIT) ROOTDOBJS64 = $(ROOTDLIBDIR64)/$(DRTIOBJ) $(ROOTDLIBDIR64)/$(LIBDAUDIT) +# +# We do not build drti.o with the stack protector as otherwise +# everything that uses dtrace -G may have a surprise stack protector +# requirement right now. While in theory this could be handled by libc, +# this will make the overall default transition smoother. +# +$(DRTIOBJ) := STACKPROTECT = none + $(ROOTDLIBDIR)/%.d := FILEMODE=444 $(ROOTDLIBDIR)/%.o := FILEMODE=444 $(ROOTDLIBDIR64)/%.o := FILEMODE=444 diff --git a/usr/src/lib/libsaveargs/Makefile.com b/usr/src/lib/libsaveargs/Makefile.com index 3f23249570..6e47b2839c 100644 --- a/usr/src/lib/libsaveargs/Makefile.com +++ b/usr/src/lib/libsaveargs/Makefile.com @@ -60,6 +60,12 @@ LINKTEST_OBJ = objs/linktest_stand.o CLOBBERFILES_standalone = $(LINKTEST_OBJ) CLOBBERFILES += $(CLOBBERFILES_$(CURTYPE)) +# +# The standalone environment currently does not support the stack +# protector. +# +$(STANDLIBRARY) := STACKPROTECT = none + LIBS_standalone = $(STANDLIBRARY) LIBS_library = $(DYNLIB) LIBS = $(LIBS_$(CURTYPE)) diff --git a/usr/src/lib/libumem/Makefile.com b/usr/src/lib/libumem/Makefile.com index 876940f995..aabff24f69 100644 --- a/usr/src/lib/libumem/Makefile.com +++ b/usr/src/lib/libumem/Makefile.com @@ -155,6 +155,12 @@ CFLAGS += $(CFLAGS_$(CURTYPE)) $(CFLAGS_common) CFLAGS64_standalone = $(STAND_FLAGS_64) CFLAGS64 += $(CCVERBOSE) $(CFLAGS64_$(CURTYPE)) $(CFLAGS64_common) +# +# For the standalone environment, disable the stack protector for the +# time being. +# +$(STANDLIBRARY) := STACKPROTECT = none + # false positive for umem_alloc_sizes_add() pics/umem.o := SMOFF += index_overflow objs/umem.o := SMOFF += index_overflow diff --git a/usr/src/lib/ssp_ns/Makefile.com b/usr/src/lib/ssp_ns/Makefile.com index 5ff9bbd913..aaa9aa52a9 100644 --- a/usr/src/lib/ssp_ns/Makefile.com +++ b/usr/src/lib/ssp_ns/Makefile.com @@ -30,6 +30,12 @@ LIBS = $(LIBRARY) SRCDIR = ../common CFLAGS += $($(MACH)_C_PICFLAGS) +# +# Disable stack protection for the things providing the stack +# protection. +# +STACKPROTECT = none + CLOBBERFILES += $(LIBRARY) .KEEP_STATE: diff --git a/usr/src/stand/lib/Makefile.com b/usr/src/stand/lib/Makefile.com index 3c90551d8c..e5b9d21909 100644 --- a/usr/src/stand/lib/Makefile.com +++ b/usr/src/stand/lib/Makefile.com @@ -137,4 +137,10 @@ DHCPCPPFLAGS = -I$(CMNNETDIR)/dhcp # SOCKCPPFLAGS = -I$(STANDDIR)/lib/sock -D_SYS_STREAM_H +# +# Using Makefile.lib pulls in the stack protector. Explicitly disable it +# as it is not initialized or supported in this environment currently. +# +STACKPROTECT = none + .KEEP_STATE: diff --git a/usr/src/tools/Makefile.tools b/usr/src/tools/Makefile.tools index aeb9449af3..9fd747751d 100644 --- a/usr/src/tools/Makefile.tools +++ b/usr/src/tools/Makefile.tools @@ -63,6 +63,13 @@ LDFLAGS= $(MAPFILE.NES:%=-Wl,-M%) $(MAPFILE.NED:%=-Wl,-M%) \ # tools. GSHARED = -_cc=-G -_gcc=-shared +# +# To work around a bootstrapping problem, we don't assume that the +# compiler or environment are properly configured to make the stack +# protector work. Disable it right now for the tools. +# +STACKPROTECT = none + # Unset CW_LINKER so we run the default. We don't set LD here to avoid taking # the journey through LD_ALTEXEC unnecessarily. CW_LINKER= diff --git a/usr/src/uts/intel/Makefile.intel b/usr/src/uts/intel/Makefile.intel index 64e027fe15..dd614a82a2 100644 --- a/usr/src/uts/intel/Makefile.intel +++ b/usr/src/uts/intel/Makefile.intel @@ -128,36 +128,6 @@ CFLAGS += $(SPACEFLAG) CFLAGS += $(CCUNBOUND) CFLAGS += $(CFLAGS_uts) CFLAGS += -xstrconst - -# -# Options to control which version of stack-protector we enable. This -# gives us a bit of flexibility and is unfortunately necessary as some -# modules do not function correctly with our defaults (qede). -# -# o STACKPROTECT_ Sets the appropriate version for the compiler -# o STACKPROTECT_strong Sets us to use strong on all of the -# compilers it supports. This is the same -# as the default. -# -# o STACKPROTECT_none Disables the stack protector. -# -# o STACKPROTECT_all Enables it for everything. -# -# o STACKPROTECT_basic Enables the basic stack protector. -# -# -fstack-protector-strong is not available in our gcc4 which is why we -# have per-compiler versions below. -# -STACKPROTECT_ = -_gcc4=-fstack-protector -STACKPROTECT_ += -_gcc7=-fstack-protector-strong -STACKPROTECT_ += -_gcc8=-fstack-protector-strong -STACKPROTECT_ += -_gcc9=-fstack-protector-strong - -STACKPROTECT_strong = $(STACKPROTECT_) -STACKPROTECT_none = -_gcc=-fstack-protector-none -STACKPROTECT_all = -_gcc=-fstack-protector-all -STACKPROTECT_basic = -_gcc=-fstack-protector - CFLAGS += $(STACKPROTECT_$(STACKPROTECT)) ASFLAGS_XARCH_32 = $(i386_ASFLAGS) -- cgit v1.2.3