diff options
author | Travis Tilley <ttilley@gmail.com> | 2015-06-20 02:21:19 -0400 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-06-29 12:40:58 +0000 |
commit | e361c8797a1c947cdf4ce8a6289911521bc59cde (patch) | |
tree | df4ed9bd30c7fe299bfa7ff7a63250837b4abcbc /main/llvm | |
parent | 0ea7ee14e1c337eaf561f15e85bcdbe1d1f7c0a2 (diff) | |
download | aports-e361c8797a1c947cdf4ce8a6289911521bc59cde.tar.bz2 aports-e361c8797a1c947cdf4ce8a6289911521bc59cde.tar.xz |
main/llvm: SSP by default, use -Wl,-z,now
clang was already patched to do -Wl,-z,relro by default. now it also passes
the equivalent of -Wl,-z,now.
clang's normal behavior on linux defaults to using stack smashing protection
whenever a function defines an 8 character or more local array. this is the
equivalent of passing in -fstack-protector with no additional options in gcc.
this release patches clang's default behavior to instead behave like
-fstack-protector-strong was passed in, enabling the canary in many more
conditions without the performance impact of adding it to ALL functions as is
the case with -fstack-protector-all. these conditions include:
local variable's address used as part of right hand side of assignment
local variable's address used as function argument
local variable is an array, regardless of array type or length
same as above, but local variable is a union containing an array
uses register local variables
SSP can still be disabled by passing in -fno-stack-protector.
You can still use -fstack-protector-all to add a canary to all functions.
Diffstat (limited to 'main/llvm')
-rw-r--r-- | main/llvm/APKBUILD | 10 | ||||
-rw-r--r-- | main/llvm/clang-0010-alpine-use-z-now.patch | 16 | ||||
-rw-r--r-- | main/llvm/clang-0011-alpine-SSP-by-default.patch | 53 |
3 files changed, 78 insertions, 1 deletions
diff --git a/main/llvm/APKBUILD b/main/llvm/APKBUILD index 87bcc7ba50..da211d97f9 100644 --- a/main/llvm/APKBUILD +++ b/main/llvm/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Travis Tilley <ttilley@gmail.com> pkgname=llvm pkgver=3.6.1 -pkgrel=3 +pkgrel=4 use_svn="false" pkgdesc="low level virtual machine compiler system" arch="all" @@ -30,6 +30,8 @@ source=" clang-0007-musl-dynamic-linker-paths.patch clang-0008-alpine-PIE-by-default.patch clang-0009-pass-host-triple-to-compiler-rt.patch + clang-0010-alpine-use-z-now.patch + clang-0011-alpine-SSP-by-default.patch " if [ "${use_svn}" != "true" ]; then source="$source @@ -337,6 +339,8 @@ eab0123372fa909817ed21cfcffdbe16 clang-0001-fix-stdint.h.patch e24a82edcd6caa5e405ff67a45d6befc clang-0007-musl-dynamic-linker-paths.patch 6bc4b7047042f9afec452a97c35c2cd5 clang-0008-alpine-PIE-by-default.patch 0ae0c5939c27750c52b39158fbc7a7a9 clang-0009-pass-host-triple-to-compiler-rt.patch +26831612243302f3ef964f355bf8c409 clang-0010-alpine-use-z-now.patch +308db990bb9c1c28152fdf18dddcb6eb clang-0011-alpine-SSP-by-default.patch ebf9e97be405ae126e134d3a357cd58a llvm-3.6.1.src.tar.xz 9ff6811757735051f8651833b22ae014 cfe-3.6.1.src.tar.xz 1ad810536f0f7fefd4541a907aff83b3 clang-tools-extra-3.6.1.src.tar.xz @@ -357,6 +361,8 @@ a7c3ab756cae110887dad315b8458212830949442a491618253c79eba754b546 clang-0006-mus c7612168defefcb35cc8c988ff8b519aa983f07a62fd3b2c67f7d468459ca48a clang-0007-musl-dynamic-linker-paths.patch 39c275490e3360d50fe339406992616fad0fa9127204c9b93578ee2403ae850c clang-0008-alpine-PIE-by-default.patch ec0c2014d455040499f599dc3d690fb92e54baf6058605be5f25c2c845629cfe clang-0009-pass-host-triple-to-compiler-rt.patch +a34aca360fa52231b6c8663ee8b1103492f1c2600a08cc670616ce97d14e0ba9 clang-0010-alpine-use-z-now.patch +e8056b8fbf7dc0abc0c966c43642ffd72878453b04fa94c18bc7d92ee3e405f4 clang-0011-alpine-SSP-by-default.patch 2f00c615913aa0b56607ee1548936e60ad2aa89e6d56f23fb032a4463366fc7a llvm-3.6.1.src.tar.xz 74f92d0c93b86678b015e87655f59474b2f657769680efdeb3c0524ffbd2dad7 cfe-3.6.1.src.tar.xz f4ee70d870d550a9147ac6a548ce7daf7d9e6897348bf411f43c572966fb92b6 clang-tools-extra-3.6.1.src.tar.xz @@ -377,6 +383,8 @@ e00a05f6a599b4686d6759c844f8283360a95bc6d1f171d4ab56ba7e17e017bc244f302ba2a4191a c4365cbf9645e7aacbef2392cd7418c055a45e178e4ad956dfe45eafc90ab1db70ff620dfeeec11a4fab550ec557385f2d75f68adc0830ce74b5ece7077a3baf clang-0007-musl-dynamic-linker-paths.patch 2a217800aefbce07017b793a8c91e174dac20546343de47749b4b07b4905db9a55411ef45e482b8df93cb4dbbdf25415202c3257be36ae095a6f2de11935f80b clang-0008-alpine-PIE-by-default.patch 7628c1b12febb27d0a9ecb846205edec61044fbb963ba5e588863652bccbb05d1436febf8840ff4b47dfb326689bb142464be59a18b17bd5d30aa03bb7e76a9f clang-0009-pass-host-triple-to-compiler-rt.patch +1bec07a11885b4e1b692a1df1ca2de8075016619b4086d9114553386e4de5956fbc7da5e234075f08eb635df8c01ebf51c9e2fc33aa483f02050eddbe66e38d2 clang-0010-alpine-use-z-now.patch +23940138bf5208719ce38660d9f1a1fcf498a249243951c7e02c947780444228494a1f68380dc609093a3358273fd3d520f0b61ffe198bfccbec1de6aabd7670 clang-0011-alpine-SSP-by-default.patch fa07d0fe6c527d86c0b91b1b62597f949d777e3609e4e8ca2ea5e07931e1ebc7a363273cc705cf4a13b45e7ab00716b76de26688d077c1b51341d9dd2972de3f llvm-3.6.1.src.tar.xz a96944bccfd9341be7adafdcc40367d458e85e7e74b0d2f3a7ea18edf1454d04a232c2d0003d6449c52f81d1e235b434acc1bb63eb5f7d16f8f4a43b70826743 cfe-3.6.1.src.tar.xz 3273f8c1fa1683de231d0c0b9371d4b7537381e939fe38996e70a8005a1e6185da459ace2f260fad41df4840b459448ed1498c2fd576dd560005117a54e2ccb9 clang-tools-extra-3.6.1.src.tar.xz diff --git a/main/llvm/clang-0010-alpine-use-z-now.patch b/main/llvm/clang-0010-alpine-use-z-now.patch new file mode 100644 index 0000000000..00b7a5bcdc --- /dev/null +++ b/main/llvm/clang-0010-alpine-use-z-now.patch @@ -0,0 +1,16 @@ +diff --git i/lib/Driver/ToolChains.cpp w/lib/Driver/ToolChains.cpp +index 1e43b6c..ce2de18 100644 +--- i/lib/Driver/ToolChains.cpp ++++ w/lib/Driver/ToolChains.cpp +@@ -2944,6 +2944,11 @@ Linux::Linux(const Driver &D, const llvm::Triple &Triple, const ArgList &Args) + + Distro Distro = DetectDistro(Arch); + ++ if (Distro == AlpineLinux) { ++ ExtraOpts.push_back("-z"); ++ ExtraOpts.push_back("now"); ++ } ++ + if (IsOpenSUSE(Distro) || IsUbuntu(Distro) || Distro == AlpineLinux) { + ExtraOpts.push_back("-z"); + ExtraOpts.push_back("relro"); diff --git a/main/llvm/clang-0011-alpine-SSP-by-default.patch b/main/llvm/clang-0011-alpine-SSP-by-default.patch new file mode 100644 index 0000000000..e08efbd643 --- /dev/null +++ b/main/llvm/clang-0011-alpine-SSP-by-default.patch @@ -0,0 +1,53 @@ +diff --git i/lib/Driver/ToolChains.cpp w/lib/Driver/ToolChains.cpp +index e3ff0d7..68ed764 100644 +--- i/lib/Driver/ToolChains.cpp ++++ w/lib/Driver/ToolChains.cpp +@@ -3408,6 +3408,13 @@ bool Linux::isPIEDefault() const { + return getSanitizerArgs().requiresPIE(); + } + ++unsigned Linux::GetDefaultStackProtectorLevel(bool KernelOrKext) const { ++ StringRef VendorName = Linux::getTriple().getVendorName(); ++ if (VendorName.compare("alpine") == 0) ++ return 2; ++ return 1; ++} ++ + /// DragonFly - DragonFly tool chain which can call as(1) and ld(1) directly. + + DragonFly::DragonFly(const Driver &D, const llvm::Triple& Triple, const ArgList &Args) +diff --git i/lib/Driver/ToolChains.h w/lib/Driver/ToolChains.h +index 47fb10d..3714a6f 100644 +--- i/lib/Driver/ToolChains.h ++++ w/lib/Driver/ToolChains.h +@@ -641,6 +641,7 @@ public: + AddClangCXXStdlibIncludeArgs(const llvm::opt::ArgList &DriverArgs, + llvm::opt::ArgStringList &CC1Args) const override; + bool isPIEDefault() const override; ++ unsigned GetDefaultStackProtectorLevel(bool KernelOrKext) const override; + + std::string Linker; + std::vector<std::string> ExtraOpts; +diff --git i/test/Driver/stack-protector.c w/test/Driver/stack-protector.c +index 7fecd1b..f29cee0 100644 +--- i/test/Driver/stack-protector.c ++++ w/test/Driver/stack-protector.c +@@ -23,3 +23,18 @@ + // RUN: %clang -fstack-protector-all -### %s 2>&1 | FileCheck %s -check-prefix=SSP-ALL + // SSP-ALL: "-stack-protector" "3" + // SSP-ALL-NOT: "-stack-protector-buffer-size" ++ ++// RUN: %clang -target x86_64-alpine-linux-musl -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE ++// ALPINE: "-stack-protector" "2" ++ ++// RUN: %clang -target x86_64-alpine-linux-musl -fstack-protector -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_SPS ++// ALPINE_SPS: "-stack-protector" "2" ++ ++// RUN: %clang -target x86_64-alpine-linux-musl -fstack-protector-all -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_ALL ++// ALPINE_ALL: "-stack-protector" "3" ++// ALPINE_ALL-NOT: "-stack-protector-buffer-size" ++ ++// RUN: %clang -target x86_64-alpine-linux-musl -fno-stack-protector -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_NOSSP ++// ALPINE_NOSSP-NOT: "-stack-protector" ++// ALPINE_NOSSP-NOT: "-stack-protector-buffer-size" ++ |