Bug#989521: gcc-N: make ssp linking work on musl

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#989521: gcc-N: make ssp linking work on musl
From: Helmut Grohne <helmut@subdivi.de>
Date: Sun, 6 Jun 2021 08:00:05 +0200
Message-id: <[🔎] YLxkZXIjSBj7Amiq@alf.mars>
Reply-to: Helmut Grohne <helmut@subdivi.de>, 989521@bugs.debian.org

Source: gcc-11
Version: 11.1.0-2
Tags: patch
X-Debbugs-Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>, Rich Felker <dalias@libc.org>

I was looking into making the Debian packaging of gcc work with musl and
ran into issues with musl. Once enabling -fstack-protector-something,
linking tends to fail with missing symbols.

The reason is that musl enables TARGET_LIBC_PROVIDES_SSP, because its
libc.so provides the relevant ssp functions. No extra library needs to
be linked. What it does not provide though is libssp_nonshared.a. The
upstream gcc does not handle this situation and considers their presence
interlocked.

More background on this can be found at
https://www.openwall.com/lists/musl/2014/11/05/3.

Another issue is that any object compiled with
-fstack-protector-something makes it use a symbol from
libssp_nonshared.a, so the resulting link has to include -lssp_nonshared
regardless of whether a -fstack-protector-something is given.

The solution chosen by Alpine is changing LINK_SSP_SPEC to
unconditionally link "-lssp_nonshared", see
https://git.alpinelinux.org/aports/commit/?id=d307f133de1f8a9993ab0d6fd51176b9373df4c3.
Since Alpine is the largest musl user, following their lead seems
natural.

Once doing so, bootstrapping fails, because libbacktrace is built before
libssp and at that time there is no libssp_nonshared.a. However, it
isn't actually needed during bootstrap, because it's not built with
-fstack-protector-something. An empty libssp_nonshared.a would to to
make -lssp_nonshared happy there. So I propose injecting such an empty
library before the build. When someone enables ssp on gcc libraries,
this approach will break of course, but the breakage is already there
due to the missing ordering. Once the ordering is fixed upstream, my
workaround can be dropped without replacement.

Please consider applying the attached patch.

Helmut

diff --minimal -Nru gcc-11-11.1.0/debian/changelog gcc-11-11.1.0/debian/changelog
--- gcc-11-11.1.0/debian/changelog	2021-05-08 13:50:11.000000000 +0200
+++ gcc-11-11.1.0/debian/changelog	2021-06-04 18:14:22.000000000 +0200
@@ -1,3 +1,10 @@
+gcc-11 (11.1.0-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix -fstack-protector on musl. (Closes: #-1)
+
+ -- Helmut Grohne <helmut@subdivi.de>  Fri, 04 Jun 2021 18:14:22 +0200
+
 gcc-11 (11.1.0-2) experimental; urgency=medium
 
   * Update to git 20210508 from the gcc-11 branch.
diff --minimal -Nru gcc-11-11.1.0/debian/patches/musl-ssp.diff gcc-11-11.1.0/debian/patches/musl-ssp.diff
--- gcc-11-11.1.0/debian/patches/musl-ssp.diff	1970-01-01 01:00:00.000000000 +0100
+++ gcc-11-11.1.0/debian/patches/musl-ssp.diff	2021-06-04 18:14:16.000000000 +0200
@@ -0,0 +1,21 @@
+See https://git.alpinelinux.org/aports/commit/?id=d307f133de1f8a9993ab0d6fd51176b9373df4c3
+and https://www.openwall.com/lists/musl/2014/11/05/3
+
+--- gcc-11-11.1.0.orig/src/gcc/gcc.c
++++ gcc-11-11.1.0/src/gcc/gcc.c
+@@ -1087,8 +1087,15 @@
+ 
+ #ifndef LINK_SSP_SPEC
+ #ifdef TARGET_LIBC_PROVIDES_SSP
++#if DEFAULT_LIBC == LIBC_MUSL
++/* When linking without -fstack-protector-something but including objects that
++   were built with -fstack-protector-something, calls to __stack_chk_fail_local
++   can be emitted. Thus -lssp_nonshared must be linked unconditionally.  */
++#define LINK_SSP_SPEC "-lssp_nonshared"
++#else
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+ 		       "|fstack-protector-strong|fstack-protector-explicit:}"
++#endif
+ #else
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+ 		       "|fstack-protector-strong|fstack-protector-explicit" \
diff --minimal -Nru gcc-11-11.1.0/debian/rules.patch gcc-11-11.1.0/debian/rules.patch
--- gcc-11-11.1.0/debian/rules.patch	2021-05-02 09:17:25.000000000 +0200
+++ gcc-11-11.1.0/debian/rules.patch	2021-06-04 18:11:17.000000000 +0200
@@ -61,6 +61,7 @@
 	pr87808 \
 	pr94253 \
 	gcc-arm-disable-guality-tests \
+	musl-ssp \
 
 ifneq (,$(filter $(distrelease),precise xenial bionic focal groovy hirsute))
   debian_patches += pr100067-revert
diff --minimal -Nru gcc-11-11.1.0/debian/rules2 gcc-11-11.1.0/debian/rules2
--- gcc-11-11.1.0/debian/rules2	2021-05-02 09:26:04.000000000 +0200
+++ gcc-11-11.1.0/debian/rules2	2021-06-04 18:10:24.000000000 +0200
@@ -1191,6 +1191,14 @@
 	rm -rf $(builddir)
 	mkdir $(builddir)
 
+ifneq (,$(filter musl-%,$(DEB_TARGET_ARCH)))
+	# We have to unconditionally link -lssp_nonshared on musl (see
+	# musl-ssp.diff). While gcc provides it, it comes a little late in the
+	# build for bootstrapping so we provide an empty one.
+	mkdir $(builddir)/gcc
+	ar rcs $(builddir)/gcc/libssp_nonshared.a
+endif
+
 	: # some tools like gettext are built with a newer libstdc++
 	mkdir -p bin
 	for i in msgfmt; do \

Reply to:

Prev by Date: Bug#989453: Debian: gcc: add support for ARC
Next by Date: Processed: tag gcc issue
Previous by thread: Results for 9.4.0 (Debian 9.4.0-1) testsuite on arm-unknown-linux-gnueabi
Next by thread: Processed: tag gcc issue
Index(es):
- Date
- Thread