Differential D15687
libssp is part of GCC, not an independent library. Authored by pfg on Jun 7 2018, 5:36 AM. Tags None Referenced Files
Details libssp is one of the GNU removal show stoppers: it is used for stack Checking r333398 and r333399 have dropped the requirement to build rtld This is passing a tinderbox build. I am unsure if it is correct or if we
Diff Detail
Event TimelineComment Actions For the record: the compiler libssp is not the same as libssp as in NetBSD and bionic's libc, which implements the libc support for FORTIFY_SOURCE. Comment Actions In terms of exposed symbols (see objdump -T), libssp definitely is a FORTIFY_SOURCE implementation. I've not looked at the code to avoid contamination in case we need a cleanroom one. Comment Actions Well,libssp is not functional as-is on FreeBSD: we are missing wrappers that translate regular C functions into the libssp calls when defining FORTIFY_SOURCE. I think we can safely remove it. NetBSD has a clean implementation but the feature is pretty much GCC dependent. We also have a GSoC2015 implementation based on early Bionic sources but IMHO we shouldn't implement it at all. Comment Actions That makes sense. If in fact nothing ever linked to it then we should just relegate it to the compat11 port and kill it along with gcc. Comment Actions For reference, BSDL __stack_chk_fail in Android https://android.googlesource.com/platform/bionic/+/ics-mr1-release/libc/bionic/ssp.c and NetBSD http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/misc/stack_protector.c?annotate=1.9&only_with_tag=MAIN. The libssp subdir should be added only if both MK_SSP and MK_GCC are true; someone who sets WITHOUT_SSP but WITH_GCC should not get it. Also, it seems there are other MK_SSP conditionals that need to be investigated in other Makefiles and share/mk. Comment Actions In NetBSD SSP stands for two different things: the stack protector and FORTIFY_SOURCE. Our stack protector is based on the NetBSD but we never really brought the FORTIFY_SOURCE stuff, in particular the headers trickery. The GSoC 2015 did an implementation of FORTIFY_SOURCE based on NetBSD implementation but extended it with the old Bionic stuff. theraven@ pointed out many issues and It never worked very well on clang, plus newer technologies have rendered it obsolete. AFAICT NetBSD doesn't use the GCC libssp in their libc. If GCC's libssp is effectively only FORTIFY_SOURCE, it could be removed, but I also admit I haven't looked at it at all. What I will do next is a ports exp-run to make sure we are not linking the libssp stuff in ports. Comment Actions Hrm, I think I'm wrong here: MK_SSP is documented (in src.conf) as controlling whether the world should be built with ssp or not, so I think the change is fine (pending the outcome of your exp-run and other experiments). Comment Actions Thanks, Quoting PR 229348:
Part of the idea to test this change originally was indeed to see where we need libssp. Comment Actions I fail to understand this. What is built instead of libssp when MK_GCC is NO ? If the answer is nothing, then you get non-functional system. So what is the point of this patch ? Comment Actions The answer is indeed nothing. Why is the system non-functional? Why do we need libssp and is there documentation to replace it?
The point is that libssp is part of GCC so we need to know what we need to replace it with (without looking insidie since its GPLd). Comment Actions Because you need to satisfy the ssp symbols to get working binaries.
I am even more confused now. Why did not you answered this question for yourself before even proposing to remove libssp by the switch ? Goal is to have the functional system, and to have it GPL-free is somewhere in the second line.
Comment Actions Well, that was the question I was asking myself. I moved libssp along with the other libgcc libs (where it came from) and buildworld still works, I get no missing symbols anywhere. Ports are working still on my machine (11-stable), after building without libssp: file /usr/lib/libssp_nonshared.a: /usr/lib/libssp_nonshared.a:: cannot open `/usr/lib/libssp_nonshared.a:' (No such file or directory)
Yes, I am just trying to identify why current is non-functional without the GPL'd piece. The patch was not really a proposal, I was hoping to understand better the problem so someone more involved with it could find it easier to solve. Comment Actions If you do not provide libssp(_nonshared.a), then you should disable -f option for ssp, which is probably enabled by default in the spec for gcc, and somewhere in c++ for clang.
Comment Actions Thanks, that is a good hint. Hmm... that just makes things ugly/complex though: libssp is part of gcclibs so GCC should carry its own and somehow just work. We shouldn't have to touch the specs on GCC (in particularly not in ports). This just got out of my league. Hope someone else find the experiment useful. Thanks again. Comment Actions Abandon: it does seem like we can just remove libssp but I don't have time to dig deeper. Comment Actions I think the problem in libssp_nonshared.a is brought in bogusly by the I did a small update and added some changes for share.mk as we should There is still a mysterious failure on powerpc (libcom_err). Comment Actions No, thanks for the link. Two quick notes:
My tinderbox build on i386 completed well: tests/sys/vm (all)etc (all)etc/sendmail (all)usr.bin/clang/lldb (all)usr.bin/clang/llvm-cov (all)usr.bin/clang/llvm-profdata (all)World build completed on Sat Aug 3 21:36:54 UTC 2019 The only way to be sure is running the code in a VM though. |