LibC: Properly implement stack protectors

The shared parts are now firmly compiled into LibC instead of being defined as a static library and then being copied over manually. The non-shared ("local") parts are kept as a static library that is linked into each binary on demand. This finally allows us to support linking with the -fstack-protector flag, which now replaces the `ssp` target being linked into each binary accidentally via CMake.
Author: https://github.com/timschumi Commit: https://github.com/SerenityOS/serenity/commit/678db534ff Pull-request: https://github.com/SerenityOS/serenity/pull/15746 Issue: https://github.com/SerenityOS/serenity/issues/14376
2024-11-22 15:40:19 +00:00 · 2022-10-25 23:53:07 +02:00 · 2022-10-25 23:53:07 +02:00 · 678db534ff · 2024-07-17 08:45:34 +09:00
commit 678db534ff
parent 7834e26ddb
7 changed files with 45 additions and 21 deletions
--- a/Meta/CMake/serenity_compile_options.cmake
+++ b/Meta/CMake/serenity_compile_options.cmake
@ -26,6 +26,7 @@ add_compile_options(-fno-semantic-interposition)
 add_compile_options(-fsized-deallocation)
 add_compile_options(-fstack-clash-protection)
 add_compile_options(-fstack-protector-strong)
+add_link_options(-fstack-protector-strong)
 add_compile_options(-g1)

 if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
--- a/Meta/CMake/utils.cmake
+++ b/Meta/CMake/utils.cmake
@ -9,6 +9,15 @@ function(serenity_set_implicit_links target_name)
    # slightly outdated stub in the sysroot, but have not yet installed the freshly
    # built LibC.
    target_link_libraries(${target_name} LibC)
+
+    # Same goes for -lssp_nonshared, which is required during build time but is not
+    # yet installed in the sysroot. However, we just want to add the link directory
+    # and a dependency here, since actually linking the library is decided on by
+    # passing one of the -fstack-protector options.
+    # -lssp is contained inside LibC, so that case is handled by the above and a linker
+    # script.
+    target_link_directories(${target_name} PRIVATE "$<TARGET_FILE_DIR:ssp_nonshared>")
+    add_dependencies(${target_name} ssp_nonshared)
 endfunction()

 function(serenity_install_headers target_name)
--- a/Userland/DynamicLoader/CMakeLists.txt
+++ b/Userland/DynamicLoader/CMakeLists.txt
@ -33,8 +33,8 @@ set(SOURCES ${LOADER_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${LIBC_SOURCES1} ${LI

 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-rtti -nostdlib -pie -fpic -DNO_TLS")

-set_source_files_properties (../Libraries/LibC/ssp.cpp PROPERTIES COMPILE_FLAGS
-    "-fno-stack-protector")
+set_source_files_properties(../Libraries/LibC/ssp.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
+set_source_files_properties(../Libraries/LibC/ssp_nonshared.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
 # Prevent GCC from removing null checks by marking the `FILE*` argument non-null
 set_source_files_properties(../Libraries/LibC/stdio.cpp PROPERTIES COMPILE_FLAGS "-fno-builtin-fputc -fno-builtin-fputs -fno-builtin-fwrite")

--- a/Userland/Libraries/LibC/CMakeLists.txt
+++ b/Userland/Libraries/LibC/CMakeLists.txt
@ -46,6 +46,7 @@ set(LIBC_SOURCES
    shadow.cpp
    signal.cpp
    spawn.cpp
+    ssp.cpp
    stat.cpp
    stdio.cpp
    stdlib.cpp
@ -129,15 +130,10 @@ add_custom_command(
    COMMAND "${CMAKE_COMMAND}" -E copy $<TARGET_OBJECTS:crtn> ${CMAKE_INSTALL_PREFIX}/usr/lib/crtn.o
 )

-set_source_files_properties (ssp.cpp PROPERTIES COMPILE_FLAGS
-    "-fno-stack-protector")
-add_library(ssp STATIC ssp.cpp)
-target_link_libraries(ssp PRIVATE NoCoverage)
-add_custom_command(
-    TARGET ssp
-    COMMAND "${CMAKE_COMMAND}" -E copy $<TARGET_OBJECTS:ssp> ${CMAKE_INSTALL_PREFIX}/usr/lib/ssp.o
-)
-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libssp.a DESTINATION ${CMAKE_INSTALL_PREFIX}/usr/lib/)
+set_source_files_properties (ssp_nonshared.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
+add_library(ssp_nonshared STATIC ssp_nonshared.cpp)
+target_link_libraries(ssp_nonshared PRIVATE NoCoverage)
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libssp_nonshared.a DESTINATION ${CMAKE_INSTALL_PREFIX}/usr/lib/)

 set(SOURCES ${LIBC_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${ASM_SOURCES})

@ -149,18 +145,19 @@ if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
    set_source_files_properties(string.cpp wchar.cpp PROPERTIES COMPILE_FLAGS "-fno-tree-loop-distribution -fno-tree-loop-distribute-patterns")
 endif()

+set_source_files_properties(ssp.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
+
 add_library(LibCStaticWithoutDeps STATIC ${SOURCES})
 target_link_libraries(LibCStaticWithoutDeps PUBLIC ssp LibTimeZone PRIVATE NoCoverage)
 add_dependencies(LibCStaticWithoutDeps LibSystem LibUBSanitizer)

 add_custom_target(LibCStatic
        COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibCStaticWithoutDeps>
-        COMMAND ${CMAKE_AR} -x $<TARGET_FILE:ssp>
        COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibSystemStatic>
        COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibUBSanitizerStatic>
        COMMAND ${CMAKE_AR} -rcs ${CMAKE_CURRENT_BINARY_DIR}/libc.a *.o
        WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
-        DEPENDS LibCStaticWithoutDeps ssp LibSystemStatic LibUBSanitizerStatic
+        DEPENDS LibCStaticWithoutDeps LibSystemStatic LibUBSanitizerStatic
        )

 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libc.a DESTINATION ${CMAKE_INSTALL_PREFIX}/usr/lib/)
@ -174,7 +171,7 @@ set_property(
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -nolibc")
 serenity_libc(LibC c)
 add_dependencies(LibC crti crt0 crt0_shared crtn)
-target_link_libraries(LibC ssp LibSystem LibTimeZone)
+target_link_libraries(LibC LibSystem LibTimeZone)

 # We mark LibCStatic as a dependency of LibC because this triggers the build of the LibCStatic target
 add_dependencies(LibC LibCStatic)
@ -183,3 +180,4 @@ add_dependencies(LibC LibCStatic)
 file(WRITE "${CMAKE_STAGING_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libpthread.so" "INPUT(libc.so)")
 file(WRITE "${CMAKE_STAGING_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libdl.so" "INPUT(libc.so)")
 file(WRITE "${CMAKE_STAGING_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libm.so" "INPUT(libc.so)")
+file(WRITE "${CMAKE_STAGING_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libssp.so" "INPUT(libc.so)")
--- a/Userland/Libraries/LibC/ssp.cpp
+++ b/Userland/Libraries/LibC/ssp.cpp
@ -28,9 +28,4 @@ __attribute__((noreturn)) void __stack_chk_fail()
    abort();
 }

-__attribute__((noreturn)) void __stack_chk_fail_local()
-{
-    __stack_chk_fail();
-}
-
 } // extern "C"
--- a/Userland/Libraries/LibC/ssp_nonshared.cpp
+++ b/Userland/Libraries/LibC/ssp_nonshared.cpp
@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2021, Brian Gianforcaro <bgianf@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <sys/internals.h>
+
+#if defined __SSP__ || defined __SSP_ALL__
+#    error "file must not be compiled with stack protection enabled on it. Use -fno-stack-protector"
+#endif
+
+extern "C" {
+
+__attribute__((noreturn)) void __stack_chk_fail_local()
+{
+    __stack_chk_fail();
+}
+
+} // extern "C"
--- a/Userland/Libraries/LibSanitizer/CMakeLists.txt
+++ b/Userland/Libraries/LibSanitizer/CMakeLists.txt
@ -1,10 +1,11 @@
 set(SOURCES
    UBSanitizer.cpp
    ../LibC/ssp.cpp
+    ../LibC/ssp_nonshared.cpp
 )

-set_source_files_properties (../LibC/ssp.cpp PROPERTIES COMPILE_FLAGS
-    "-fno-stack-protector")
+set_source_files_properties(../LibC/ssp.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
+set_source_files_properties(../LibC/ssp_nonshared.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")

 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -nostdlib")
 serenity_libc(LibUBSanitizer ubsan)