https://gcc.gnu.org/g:88ca0670c79f123cc84928f78cd3d5eb46b91338
commit r14-11307-g88ca0670c79f123cc84928f78cd3d5eb46b91338
Author: Marek Polacek <pola...@redhat.com>
Date: Tue Nov 26 14:37:21 2024 -0500
driver: -fhardened and -z lazy/-z norelro [PR117739]
As the manual states, using "-fhardened -fstack-protector" will produce
a warning because -fhardened wants to enable -fstack-protector-strong,
but it can't since it's been overriden by the weaker -fstack-protector.
-fhardened also attempts to enable -Wl,-z,relro,-z,now. By the same
logic as above, "-fhardened -z norelro" or "-fhardened -z lazy" should
produce the same warning. But we don't detect this combination, so
this patch fixes it. I also renamed a variable to better reflect its
purpose.
Also don't check warn_hardened in process_command, since it's always
true there.
Also tweak wording in the manual as Jon Wakely suggested on IRC.
PR driver/117739
gcc/ChangeLog:
* doc/invoke.texi: Tweak wording for -Whardened.
* gcc.cc (driver_handle_option): If -z lazy or -z norelro was
specified, don't enable linker hardening.
(process_command): Don't check warn_hardened.
gcc/testsuite/ChangeLog:
* c-c++-common/fhardened-16.c: New test.
* c-c++-common/fhardened-17.c: New test.
* c-c++-common/fhardened-18.c: New test.
* c-c++-common/fhardened-19.c: New test.
* c-c++-common/fhardened-20.c: New test.
* c-c++-common/fhardened-21.c: New test.
Reviewed-by: Jakub Jelinek <ja...@redhat.com>
(cherry picked from commit a134dcd8a010744a0097d190f73a4efc2e381531)
Diff:
---
gcc/doc/invoke.texi | 4 ++--
gcc/gcc.cc | 20 ++++++++++++++------
gcc/testsuite/c-c++-common/fhardened-16.c | 5 +++++
gcc/testsuite/c-c++-common/fhardened-17.c | 5 +++++
gcc/testsuite/c-c++-common/fhardened-18.c | 5 +++++
gcc/testsuite/c-c++-common/fhardened-19.c | 5 +++++
gcc/testsuite/c-c++-common/fhardened-20.c | 5 +++++
gcc/testsuite/c-c++-common/fhardened-21.c | 5 +++++
8 files changed, 46 insertions(+), 8 deletions(-)
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index b575e2b96632..6a94c7b70a5f 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -6974,8 +6974,8 @@ This warning is enabled by @option{-Wall}.
Warn when @option{-fhardened} did not enable an option from its set (for
which see @option{-fhardened}). For instance, using @option{-fhardened}
and @option{-fstack-protector} at the same time on the command line causes
-@option{-Whardened} to warn because @option{-fstack-protector-strong} is
-not enabled by @option{-fhardened}.
+@option{-Whardened} to warn because @option{-fstack-protector-strong} will
+not be enabled by @option{-fhardened}.
This warning is enabled by default and has effect only when @option{-fhardened}
is enabled.
diff --git a/gcc/gcc.cc b/gcc/gcc.cc
index 728332b81538..8690f15a8c9a 100644
--- a/gcc/gcc.cc
+++ b/gcc/gcc.cc
@@ -302,9 +302,10 @@ static size_t dumpdir_length = 0;
driver added to dumpdir after dumpbase or linker output name. */
static bool dumpdir_trailing_dash_added = false;
-/* True if -r, -shared, -pie, or -no-pie were specified on the command
- line. */
-static bool any_link_options_p;
+/* True if -r, -shared, -pie, -no-pie, -z lazy, or -z norelro were
+ specified on the command line, and therefore -fhardened should not
+ add -z now/relro. */
+static bool avoid_linker_hardening_p;
/* True if -static was specified on the command line. */
static bool static_p;
@@ -4413,10 +4414,17 @@ driver_handle_option (struct gcc_options *opts,
}
/* Record the part after the last comma. */
add_infile (arg + prev, "*");
+ if (strcmp (arg, "-z,lazy") == 0 || strcmp (arg, "-z,norelro") == 0)
+ avoid_linker_hardening_p = true;
}
do_save = false;
break;
+ case OPT_z:
+ if (strcmp (arg, "lazy") == 0 || strcmp (arg, "norelro") == 0)
+ avoid_linker_hardening_p = true;
+ break;
+
case OPT_Xlinker:
add_infile (arg, "*");
do_save = false;
@@ -4616,7 +4624,7 @@ driver_handle_option (struct gcc_options *opts,
case OPT_r:
case OPT_shared:
case OPT_no_pie:
- any_link_options_p = true;
+ avoid_linker_hardening_p = true;
break;
case OPT_static:
@@ -5000,7 +5008,7 @@ process_command (unsigned int decoded_options_count,
/* TODO: check if -static -pie works and maybe use it. */
if (flag_hardened)
{
- if (!any_link_options_p && !static_p)
+ if (!avoid_linker_hardening_p && !static_p)
{
#if defined HAVE_LD_PIE && defined LD_PIE_SPEC
save_switch (LD_PIE_SPEC, 0, NULL, /*validated=*/true,
/*known=*/false);
@@ -5019,7 +5027,7 @@ process_command (unsigned int decoded_options_count,
}
}
/* We can't use OPT_Whardened yet. Sigh. */
- else if (warn_hardened)
+ else
warning_at (UNKNOWN_LOCATION, 0,
"linker hardening options not enabled by %<-fhardened%> "
"because other link options were specified on the command "
diff --git a/gcc/testsuite/c-c++-common/fhardened-16.c
b/gcc/testsuite/c-c++-common/fhardened-16.c
new file mode 100644
index 000000000000..7a50ad03e17d
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fhardened-16.c
@@ -0,0 +1,5 @@
+/* PR driver/117739 */
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-options "-fhardened -O -Wl,-z,lazy -Whardened" } */
+
+/* { dg-warning "linker hardening options not enabled" "" { target *-*-* } 0 }
*/
diff --git a/gcc/testsuite/c-c++-common/fhardened-17.c
b/gcc/testsuite/c-c++-common/fhardened-17.c
new file mode 100644
index 000000000000..acef8c64a9f9
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fhardened-17.c
@@ -0,0 +1,5 @@
+/* PR driver/117739 */
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-options "-fhardened -O -z lazy -Whardened" } */
+
+/* { dg-warning "linker hardening options not enabled" "" { target *-*-* } 0 }
*/
diff --git a/gcc/testsuite/c-c++-common/fhardened-18.c
b/gcc/testsuite/c-c++-common/fhardened-18.c
new file mode 100644
index 000000000000..1a9a34bd7d88
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fhardened-18.c
@@ -0,0 +1,5 @@
+/* PR driver/117739 */
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-options "-Wl,-z,lazy -fhardened -O -Whardened" } */
+
+/* { dg-warning "linker hardening options not enabled" "" { target *-*-* } 0 }
*/
diff --git a/gcc/testsuite/c-c++-common/fhardened-19.c
b/gcc/testsuite/c-c++-common/fhardened-19.c
new file mode 100644
index 000000000000..a871702fd2d1
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fhardened-19.c
@@ -0,0 +1,5 @@
+/* PR driver/117739 */
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-options "-z lazy -fhardened -O -Whardened" } */
+
+/* { dg-warning "linker hardening options not enabled" "" { target *-*-* } 0 }
*/
diff --git a/gcc/testsuite/c-c++-common/fhardened-20.c
b/gcc/testsuite/c-c++-common/fhardened-20.c
new file mode 100644
index 000000000000..c9f2d89e6531
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fhardened-20.c
@@ -0,0 +1,5 @@
+/* PR driver/117739 */
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-options "-fhardened -O -Wl,-z,norelro -Whardened" } */
+
+/* { dg-warning "linker hardening options not enabled" "" { target *-*-* } 0 }
*/
diff --git a/gcc/testsuite/c-c++-common/fhardened-21.c
b/gcc/testsuite/c-c++-common/fhardened-21.c
new file mode 100644
index 000000000000..07b7ee10e043
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fhardened-21.c
@@ -0,0 +1,5 @@
+/* PR driver/117739 */
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-options "-fhardened -O -z norelro -Whardened" } */
+
+/* { dg-warning "linker hardening options not enabled" "" { target *-*-* } 0 }
*/
