espf-gcc-4.4.3/30_all_gcc44_espf.h.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

2010-04-09		Magnus Granberg		<zorry@gentoo.org>

		* gcc/espf.h	New file to support --enable-espf
		Version 20100409.1

--- gcc/espf.h	2010-04-09 16:14:00.000000000 +0200
+++ gcc/espf.h	2010-04-09 16:24:01.000000000 +0200
@@ -0,0 +1,148 @@
+/* License terms see GNU GENERAL PUBLIC LICENSE Version 3.
+ * Version 20100409.1
+ * Magnus Granberg (Zorry) <zorry@gentoo.org>  */
+#ifndef GCC_ESPF_H
+#define GCC_ESPF_H
+
+/*	This file will add -fstack-protector, -fPIE, -pie -D_FORTIFY_SOURCES=2 -z,relro and -z,now 
+	as default if the defines and the spec allow it.
+	
+	On Gentoo
+	Added a hack for gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass
+	to support older hardened GCC patches and we don't need to change the code on gcc-specs-* and _filter-hardened.
+	We use -fstack-protector-all instead of -fstack-protector
+	This will add some unsupported upstream commands options as -nopie.
+	-D__KERNEL__ is added so we don't have -fPIE and -fstack-protector-all when building kernels.
+	ESPF_CC1_SPEC is added to CC1_SPEC.
+	-D_FORTIFY_SOURCES=2 is added with gentoo's patchset as default so no need to set it hear.
+	ESPF_LINK_SPEC will not add -z,relro as it default on with binutils.
+	ESPF_CC1_STRICT_SPEC is added so we don't use gcc/opts.c to disable it.
+	ESPF_OPTIONS_PIE_CHECK_SPEC check for -pie, -p, -pg, -profile, -static and -shared.
+	ENABLE_CRTBEGINTS add support for crtbeginTS.o, build -static with -fPIE or -fpie.
+*/
+#ifdef ENABLE_ESPF
+	
+	/* Hack to support gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass  */
+	#define ESPF_CC1_SPEC " %(espf_cc1_ssp) %(espf_cc1_pie) %(espf_cc1_strict)"
+	#ifdef HAVE_GCC_SSP
+		#define ESPF_CC1_SSP_SPEC "%{!fno-stack-protector: %{!fno-stack-protector-all: }}"
+	#else
+		#define ESPF_CC1_SSP_SPEC ""
+	#endif
+	#define ESPF_CC1_PIE_SPEC "%{!nopie: }"
+	#define ESPF_CC1_STRICT_SPEC "%{!fstrict-overflow:%{!fno-strict-overflow: -fno-strict-overflow}}"
+
+	/*	ESPF_LINK_SPEC is added to LINK_PIE_SPEC if espf is enable
+		-z now will be added if we don't have -vanilla spec  */
+	#define ESPF_LINK_SPEC "%(espf_link_now)"
+	#define ESPF_LINK_NOW_SPEC "%{!now:-z now}"
+	
+	/*	ESPF_OPTIONS_SPEC is added to the compiler spec in gcc/gcc.c  */
+	#define ESPF_OPTIONS_SPEC "%(espf_options_ssp)"
+
+	/*	ESPF_CPP_OPTIONS_SPEC is added to the cpp_options spec in gcc/gcc.c  
+		For precompiling headers.  */
+	#define ESPF_CPP_OPTIONS_SPEC "%(espf_options_ssp)"
+
+	/*  This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector
+		-fstack-protector-all and we have TARGET_LIBC_PROVIDES_SSP and HAVE_GCC_SSP defined.  */
+	#ifdef HAVE_GCC_SSP
+		#define ESPF_OPTIONS_SSP_SPEC \
+			"%{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector: \
+			%{!fstack-protector:%{!fstack-protector-all:-fstack-protector-all}}}}}}"
+	#else
+		#define ESPF_OPTIONS_SSP_SPEC ""
+	#endif
+
+	/* If HAVE_LD_PIE not defined we will not add any -fPIE -pie  */
+	#ifdef HAVE_LD_PIE
+
+		/*	We use ESPF_COMMAND_OPTIONS_SPEC to add pie command-line options.  */
+		#define ESPF_COMMAND_OPTIONS_SPEC "%{!D__KERNEL__:%{!nopie:%(espf_options_pie) %(espf_link_pie)}}"
+
+		/*  This will add -fPIE if we don't have -pie -fpic -fPIC -fpie -fPIE -fno-pic -fno-PIC -fno-pie -fno-PIE -shared -static
+			-nostdlib -nostartfiles.  */
+		/*  With ENABLE_CRTBEGINTS we don't need to check for -static  */
+		#ifdef ENABLE_CRTBEGINTS
+			#define ESPF_OPTIONS_PIE_SPEC \
+				"%{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: \
+				%{!shared: %{!nostdlib: %{!nostartfiles:-fPIE}} } }}}} }}}} }"
+		#else
+			#define ESPF_OPTIONS_PIE_SPEC \
+				"%{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: \
+				%{!shared: %{!static: %{!nostdlib: %{!nostartfiles:-fPIE}} } }}}} }}}} }}"
+		#endif
+
+		/*  This will add -pie if we don't have -pie -A -fno-pic -fno-PIC -fno-pie -fno-PIE -shared -static -r -nostdlib 
+			-nostartfiles  */
+		/*  With ENABLE_CRTBEGINTS we don't need to check for -static
+			and we add -pie only to get the start and endfiles. -pie will not go to the linker. */
+		#ifdef ENABLE_CRTBEGINTS
+			#define ESPF_LINK_PIE_SPEC \
+				"%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!r: \
+				%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}"
+		#else
+			#define ESPF_LINK_PIE_SPEC \
+				"%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r: \
+				%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}"
+		#endif
+		
+		/*  This will check if shared is set when -static -pie -fPIE -fpie -fno-PIC -fno-pic, -pie is set when -static -pg -p -profile.  
+			If set it will make gcc print out "-shared and -static|pie|fPIE|fpie|fno-PIC|fno-pic are incompatible" or
+			"-pie and pg|p|profile are incompatible"  */
+		/*  With ENABLE_CRTBEGINTS we don't need to check for -static  */
+		#ifdef ENABLE_CRTBEGINTS
+			#define ESPF_OPTIONS_PIE_CHECK_SPEC \
+				"%{shared:%{static|pie|fPIE|fpie|fno-PIC|fno-pic:%e-shared and -static|pie|fPIE|fpie|fno-PIC|fno-pic are incompatible}} \
+				%{pie:%{pg|p|profile:%e-pie and -pg|p|profile are incompatible}}"
+		#else
+			#define ESPF_OPTIONS_PIE_CHECK_SPEC \
+				"%{shared:%{static|pie|fPIE|fpie|fno-PIC|fno-pic:%e-shared and -static|pie|fPIE|fpie|fno-PIC|fno-pic are incompatible}} \
+				%{pie:%{static|pg|p|profile:%e-pie and -static|pg|p|profile are incompatible}}"
+		#endif
+
+		/*  We don't pass -pie to the linker when -static  */
+		#ifdef ENABLE_CRTBEGINTS
+			#define LINK_PIE_SPEC "%{!static:%{pie:-pie}} %(espf_link) "
+		#else
+			#define LINK_PIE_SPEC "%{pie:-pie} %(espf_link) "
+		#endif
+
+	#else
+		#define ESPF_OPTIONS_PIE_SPEC ""
+		#define ESPF_OPTIONS_PIE_CHECK_SPEC ""
+		#define ESPF_LINK_PIE_SPEC ""
+		#define LINK_PIE_SPEC "%{pie:-pie} %(espf_link) "
+	#endif
+
+	/*  We add extra spec name's to the EXTRA_SPECS list  */
+	#define ESPF_EXTRA_SPECS \
+		{ "espf_cc1",								ESPF_CC1_SPEC },					\
+		{ "espf_cc1_pie",							ESPF_CC1_PIE_SPEC },				\
+		{ "espf_cc1_ssp",							ESPF_CC1_SSP_SPEC },				\
+		{ "espf_cc1_strict",						ESPF_CC1_STRICT_SPEC },				\
+		{ "espf_link",								ESPF_LINK_SPEC },					\
+		{ "espf_link_now",							ESPF_LINK_NOW_SPEC },				\
+		{ "espf_link_pie",							ESPF_LINK_PIE_SPEC },				\
+		{ "espf_command_options",					ESPF_COMMAND_OPTIONS_SPEC },		\
+		{ "espf_cpp_options",						ESPF_CPP_OPTIONS_SPEC },			\
+		{ "espf_options",							ESPF_OPTIONS_SPEC },				\
+		{ "espf_options_pie",						ESPF_OPTIONS_PIE_SPEC },			\
+		{ "espf_options_pie_check",					ESPF_OPTIONS_PIE_CHECK_SPEC },		\
+		{ "espf_options_ssp",						ESPF_OPTIONS_SSP_SPEC }
+
+	static const char *espf_command_options_spec = ESPF_COMMAND_OPTIONS_SPEC;
+	static const char *cc1_spec = CC1_SPEC ESPF_CC1_SPEC;
+
+#else /* If not ESPF_ENABLE defined do this.  */
+
+	#define ESPF_OPTIONS_SPEC ""
+	#define ESPF_CPP_OPTIONS_SPEC ""
+
+	/*  We add extra spec name's to the EXTRA_SPECS list  */
+	#define ESPF_EXTRA_SPECS \
+		{ "espf_options",				ESPF_OPTIONS_SPEC },			\
+		{ "espf_cpp_options",			ESPF_CPP_OPTIONS_SPEC }
+
+#endif
+#endif /* End GCC_ESPF_H */