LibC: Properly implement stack protectors

timschumi · linusg · commit 678db534ff77 · 2022-11-01T14:49:09.000Z
The shared parts are now firmly compiled into LibC instead of being
defined as a static library and then being copied over manually.
The non-shared ("local") parts are kept as a static library that is
linked into each binary on demand.

This finally allows us to support linking with the -fstack-protector
flag, which now replaces the `ssp` target being linked into each binary
accidentally via CMake.
diff --git a/Meta/CMake/serenity_compile_options.cmake b/Meta/CMake/serenity_compile_options.cmake
@@ -26,6 +26,7 @@ add_compile_options(-fno-semantic-interposition)
 add_compile_options(-fsized-deallocation)
 add_compile_options(-fstack-clash-protection)
 add_compile_options(-fstack-protector-strong)
+add_link_options(-fstack-protector-strong)
 add_compile_options(-g1)
 
 if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
diff --git a/Meta/CMake/utils.cmake b/Meta/CMake/utils.cmake
@@ -9,6 +9,15 @@ function(serenity_set_implicit_links target_name)
     # slightly outdated stub in the sysroot, but have not yet installed the freshly
     # built LibC.
     target_link_libraries(${target_name} LibC)
+
+    # Same goes for -lssp_nonshared, which is required during build time but is not
+    # yet installed in the sysroot. However, we just want to add the link directory
+    # and a dependency here, since actually linking the library is decided on by
+    # passing one of the -fstack-protector options.
+    # -lssp is contained inside LibC, so that case is handled by the above and a linker
+    # script.
+    target_link_directories(${target_name} PRIVATE "$<TARGET_FILE_DIR:ssp_nonshared>")
+    add_dependencies(${target_name} ssp_nonshared)
 endfunction()
 
 function(serenity_install_headers target_name)
diff --git a/Userland/DynamicLoader/CMakeLists.txt b/Userland/DynamicLoader/CMakeLists.txt
@@ -33,8 +33,8 @@ set(SOURCES ${LOADER_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${LIBC_SOURCES1} ${LI
 
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-rtti -nostdlib -pie -fpic -DNO_TLS")
 
-set_source_files_properties (../Libraries/LibC/ssp.cpp PROPERTIES COMPILE_FLAGS
-    "-fno-stack-protector")
+set_source_files_properties(../Libraries/LibC/ssp.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
+set_source_files_properties(../Libraries/LibC/ssp_nonshared.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
 # Prevent GCC from removing null checks by marking the `FILE*` argument non-null
 set_source_files_properties(../Libraries/LibC/stdio.cpp PROPERTIES COMPILE_FLAGS "-fno-builtin-fputc -fno-builtin-fputs -fno-builtin-fwrite")
 
diff --git a/Userland/Libraries/LibC/CMakeLists.txt b/Userland/Libraries/LibC/CMakeLists.txt
@@ -46,6 +46,7 @@ set(LIBC_SOURCES
     shadow.cpp
     signal.cpp
     spawn.cpp
+    ssp.cpp
     stat.cpp
     stdio.cpp
     stdlib.cpp
@@ -129,15 +130,10 @@ add_custom_command(
     COMMAND "${CMAKE_COMMAND}" -E copy $<TARGET_OBJECTS:crtn> ${CMAKE_INSTALL_PREFIX}/usr/lib/crtn.o
 )
 
-set_source_files_properties (ssp.cpp PROPERTIES COMPILE_FLAGS
-    "-fno-stack-protector")
-add_library(ssp STATIC ssp.cpp)
-target_link_libraries(ssp PRIVATE NoCoverage)
-add_custom_command(
-    TARGET ssp
-    COMMAND "${CMAKE_COMMAND}" -E copy $<TARGET_OBJECTS:ssp> ${CMAKE_INSTALL_PREFIX}/usr/lib/ssp.o
-)
-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libssp.a DESTINATION ${CMAKE_INSTALL_PREFIX}/usr/lib/)
+set_source_files_properties (ssp_nonshared.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
+add_library(ssp_nonshared STATIC ssp_nonshared.cpp)
+target_link_libraries(ssp_nonshared PRIVATE NoCoverage)
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libssp_nonshared.a DESTINATION ${CMAKE_INSTALL_PREFIX}/usr/lib/)
 
 set(SOURCES ${LIBC_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${ASM_SOURCES})
 
@@ -149,18 +145,19 @@ if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
     set_source_files_properties(string.cpp wchar.cpp PROPERTIES COMPILE_FLAGS "-fno-tree-loop-distribution -fno-tree-loop-distribute-patterns")
 endif()
 
+set_source_files_properties(ssp.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
+
 add_library(LibCStaticWithoutDeps STATIC ${SOURCES})
 target_link_libraries(LibCStaticWithoutDeps PUBLIC ssp LibTimeZone PRIVATE NoCoverage)
 add_dependencies(LibCStaticWithoutDeps LibSystem LibUBSanitizer)
 
 add_custom_target(LibCStatic
         COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibCStaticWithoutDeps>
-        COMMAND ${CMAKE_AR} -x $<TARGET_FILE:ssp>
         COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibSystemStatic>
         COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibUBSanitizerStatic>
         COMMAND ${CMAKE_AR} -rcs ${CMAKE_CURRENT_BINARY_DIR}/libc.a *.o
         WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
-        DEPENDS LibCStaticWithoutDeps ssp LibSystemStatic LibUBSanitizerStatic
+        DEPENDS LibCStaticWithoutDeps LibSystemStatic LibUBSanitizerStatic
         )
 
 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libc.a DESTINATION ${CMAKE_INSTALL_PREFIX}/usr/lib/)
@@ -174,7 +171,7 @@ set_property(
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -nolibc")
 serenity_libc(LibC c)
 add_dependencies(LibC crti crt0 crt0_shared crtn)
-target_link_libraries(LibC ssp LibSystem LibTimeZone)
+target_link_libraries(LibC LibSystem LibTimeZone)
 
 # We mark LibCStatic as a dependency of LibC because this triggers the build of the LibCStatic target
 add_dependencies(LibC LibCStatic)
@@ -183,3 +180,4 @@ add_dependencies(LibC LibCStatic)
 file(WRITE "${CMAKE_STAGING_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libpthread.so" "INPUT(libc.so)")
 file(WRITE "${CMAKE_STAGING_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libdl.so" "INPUT(libc.so)")
 file(WRITE "${CMAKE_STAGING_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libm.so" "INPUT(libc.so)")
+file(WRITE "${CMAKE_STAGING_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libssp.so" "INPUT(libc.so)")
diff --git a/Userland/Libraries/LibC/ssp.cpp b/Userland/Libraries/LibC/ssp.cpp
@@ -28,9 +28,4 @@ __attribute__((noreturn)) void __stack_chk_fail()
     abort();
 }
 
-__attribute__((noreturn)) void __stack_chk_fail_local()
-{
-    __stack_chk_fail();
-}
-
 } // extern "C"
diff --git a/Userland/Libraries/LibC/ssp_nonshared.cpp b/Userland/Libraries/LibC/ssp_nonshared.cpp
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2021, Brian Gianforcaro <bgianf@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <sys/internals.h>
+
+#if defined __SSP__ || defined __SSP_ALL__
+#    error "file must not be compiled with stack protection enabled on it. Use -fno-stack-protector"
+#endif
+
+extern "C" {
+
+__attribute__((noreturn)) void __stack_chk_fail_local()
+{
+    __stack_chk_fail();
+}
+
+} // extern "C"
diff --git a/Userland/Libraries/LibSanitizer/CMakeLists.txt b/Userland/Libraries/LibSanitizer/CMakeLists.txt
@@ -1,10 +1,11 @@
 set(SOURCES
     UBSanitizer.cpp
     ../LibC/ssp.cpp
+    ../LibC/ssp_nonshared.cpp
 )
 
-set_source_files_properties (../LibC/ssp.cpp PROPERTIES COMPILE_FLAGS
-    "-fno-stack-protector")
+set_source_files_properties(../LibC/ssp.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
+set_source_files_properties(../LibC/ssp_nonshared.cpp PROPERTIES COMPILE_FLAGS "-fno-stack-protector")
 
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -nostdlib")
 serenity_libc(LibUBSanitizer ubsan)

Original file line number	Diff line number	Diff line change
`@@ -28,9 +28,4 @@ __attribute__((noreturn)) void __stack_chk_fail()`
`28`	`28`	`abort();`
`29`	`29`	`}`
`30`	`30`
`31`		`-__attribute__((noreturn)) void __stack_chk_fail_local()`
`32`		`-{`
`33`		`- __stack_chk_fail();`
`34`		`-}`
`35`		`-`
`36`	`31`	`} // extern "C"`