Patch to enable -fPIE and -fstack-protector by default on OpenBSD

Tue Jun 4 06:49:27 PDT 2013

LGTM

On 4 June 2013 01:59, Matthew Dempsky <matthew at dempsky.org> wrote:
> On Tue, Jun 04, 2013 at 12:53:56AM -0400, Rafael Esp??ndola wrote:
>> needs a testcase.
>
> Done.
>
> I also realized OpenBSD wants -nopie to override the fact that the
> linker defaults to emitting PIE, so that's included in the diff below
> too.
>
> Lastly, OpenBSD only defaults to -fPIE on alpha, powerpc, and sparc64;
> on other architectures, it defaults to -fpie.  But Driver/Tools.cpp
> doesn't seem able to represent this cleanly.  I'll look into a
> followup patch to improve this, but that shouldn't block this one IMO.
>
>
> Index: include/clang/Driver/Options.td
> ===================================================================
> --- include/clang/Driver/Options.td     (revision 183062)
> +++ include/clang/Driver/Options.td     (working copy)
> @@ -1007,6 +1007,7 @@
>  def nofixprebinding : Flag<["-"], "nofixprebinding">;
>  def nolibc : Flag<["-"], "nolibc">;
>  def nomultidefs : Flag<["-"], "nomultidefs">;
> +def nopie : Flag<["-"], "nopie">;
>  def noprebind : Flag<["-"], "noprebind">;
>  def noseglinkedit : Flag<["-"], "noseglinkedit">;
>  def nostartfiles : Flag<["-"], "nostartfiles">;
> Index: lib/Driver/ToolChains.h
> ===================================================================
> --- lib/Driver/ToolChains.h     (revision 183062)
> +++ lib/Driver/ToolChains.h     (working copy)
> @@ -427,7 +427,12 @@
>
>    virtual bool IsMathErrnoDefault() const { return false; }
>    virtual bool IsObjCNonFragileABIDefault() const { return true; }
> +  virtual bool isPIEDefault() const { return true; }
>
> +  virtual unsigned GetDefaultStackProtectorLevel(bool KernelOrKext) const {
> +    return 1;
> +  }
> +
>  protected:
>    virtual Tool *buildAssembler() const;
>    virtual Tool *buildLinker() const;
> Index: lib/Driver/Tools.cpp
> ===================================================================
> --- lib/Driver/Tools.cpp        (revision 183062)
> +++ lib/Driver/Tools.cpp        (working copy)
> @@ -5165,6 +5165,9 @@
>      }
>    }
>
> +  if (Args.hasArg(options::OPT_nopie))
> +    CmdArgs.push_back("-nopie");
> +
>    if (Output.isFilename()) {
>      CmdArgs.push_back("-o");
>      CmdArgs.push_back(Output.getFilename());
> Index: test/Driver/pic.c
> ===================================================================
> --- test/Driver/pic.c   (revision 183062)
> +++ test/Driver/pic.c   (working copy)
> @@ -24,6 +24,8 @@
>  // CHECK-PIE-LD: "Scrt1.o" "crti.o" "crtbeginS.o"
>  // CHECK-PIE-LD: "crtendS.o" "crtn.o"
>  //
> +// CHECK-NOPIE-LD: "-nopie"
> +//
>  // CHECK-DYNAMIC-NO-PIC-32: "-mrelocation-model" "dynamic-no-pic"
>  // CHECK-DYNAMIC-NO-PIC-32-NOT: "-pic-level"
>  // CHECK-DYNAMIC-NO-PIC-32-NOT: "-pie-level"
> @@ -197,3 +199,13 @@
>  // RUN:   | FileCheck %s --check-prefix=CHECK-NO-PIC
>  // RUN: %clang -c %s -target armv7-apple-ios -fapple-kext -miphoneos-version-min=6.0.0 -static -### 2>&1 \
>  // RUN:   | FileCheck %s --check-prefix=CHECK-NO-PIC
> +//
> +// On OpenBSD, PIE is enabled by default, but can be disabled.
> +// RUN: %clang -c %s -target i386-pc-openbsd -### 2>&1 \
> +// RUN:   | FileCheck %s --check-prefix=CHECK-PIE2
> +// RUN: %clang -c %s -target i386-pc-openbsd -fno-pie -### 2>&1 \
> +// RUN:   | FileCheck %s --check-prefix=CHECK-NO-PIC
> +//
> +// On OpenBSD, -nopie needs to be passed through to the linker.
> +// RUN: %clang %s -target i386-pc-openbsd -nopie -### 2>&1 \
> +// RUN:   | FileCheck %s --check-prefix=CHECK-NOPIE-LD
> Index: test/Driver/stack-protector.c
> ===================================================================
> --- test/Driver/stack-protector.c       (revision 183062)
> +++ test/Driver/stack-protector.c       (working copy)
> @@ -9,3 +9,9 @@
>  // RUN: %clang -fstack-protector --param ssp-buffer-size=16 -### %s 2>&1 | FileCheck %s -check-prefix=SSP-BUF
>  // SSP-BUF: "-stack-protector" "1"
>  // SSP-BUF: "-stack-protector-buffer-size" "16"
> +
> +// RUN: %clang -target i386-pc-openbsd -### %s 2>&1 | FileCheck %s -check-prefix=OPENBSD
> +// OPENBSD: "-stack-protector" "1"
> +
> +// RUN: %clang -target i386-pc-openbsd -fno-stack-protector -### %s 2>&1 | FileCheck %s -check-prefix=OPENBSD_OFF
> +// OPENBSD_OFF-NOT: "-stack-protector"