From 6ad35e463cbd086b4d4e7bb5aca1da6b73e614c8 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Tue, 20 Jul 2021 21:08:31 +0200 Subject: [PATCH 1/6] Gentoo: gold/ld: add support for poisoned system directories MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is based on the old CodeSourcery patch written by Joseph Myers to add support to the link for detecting & rejecting bad -L paths when using a cross-compiler. The differences here: * The command line flags are always available. * We can turn on & off the warning via the command line. * The configure option controls the default warning behavior. * Add support for gold. It is not currently upstream, nor has it been submitted at all. There are no plans to do so currently either. BUG=chromium:488360 TEST=`cbuildbot chromiumos-sdk` passes # tests arm/amd64/mipsel/x86 TEST=`cbuildbot panther_moblab-full whirlwind-release` pass TEST=`cbuildbot {x32,arm64}-generic-full` has no new failures TEST=x86_64-cros-linux-gnu-ld throws warnings when using -L/lib (gold & bfd) Reviewed-on: https://chromium-review.googlesource.com/272083 (cherry picked from commit f92dbf35c00ab13cee36f6be8ae5ca46454d9000) Ported to binutils 2.37 by Andreas K. Hüttel Ported to binutils 2.39 by WANG Xuerui --- gold/options.cc | 33 +++++++++++++++++++++++++++++++++ gold/options.h | 7 +++++++ ld/config.in | 3 +++ ld/configure | 20 ++++++++++++++++++-- ld/configure.ac | 10 ++++++++++ ld/ld.h | 7 +++++++ ld/ld.texi | 18 ++++++++++++++++++ ld/ldfile.c | 20 ++++++++++++++++++++ ld/ldlex.h | 3 +++ ld/ldmain.c | 7 +++++++ ld/lexsup.c | 24 ++++++++++++++++++++++++ 11 files changed, 150 insertions(+), 2 deletions(-) diff --git a/gold/options.cc b/gold/options.cc index 04be98a3e39..64439f8af7a 100644 --- a/gold/options.cc +++ b/gold/options.cc @@ -1355,6 +1355,39 @@ General_options::finalize() // in the path, as appropriate. this->add_sysroot(); + // Now check if library_path is poisoned. + if (this->warn_poison_system_directories()) + { + std::vector bad_paths; + + bad_paths.push_back("/lib"); + // TODO: This check is disabled for now due to a bunch of packages that + // use libtool and relink with -L/usr/lib paths (albeit after the right + // sysroot path). Once those are fixed we can enable. + // We also need to adjust it so it only rejects one or two levels deep. + // Gcc's internal paths also live below /usr/lib. + // http://crbug.com/488360 + // bad_paths.push_back("/usr/lib"); + bad_paths.push_back("/usr/local/lib"); + bad_paths.push_back("/usr/X11R6/lib"); + + for (std::vector::const_iterator b = bad_paths.begin(); + b != bad_paths.end(); + ++b) + for (Dir_list::iterator p = this->library_path_.value.begin(); + p != this->library_path_.value.end(); + ++p) + if (!p->name().compare(0, b->size(), *b)) + { + if (this->error_poison_system_directories()) + gold_fatal(_("library search path \"%s\" is unsafe for " + "cross-compilation"), p->name().c_str()); + else + gold_warning(_("library search path \"%s\" is unsafe for " + "cross-compilation"), p->name().c_str()); + } + } + // Now that we've normalized the options, check for contradictory ones. if (this->shared() && this->is_static()) gold_fatal(_("-shared and -static are incompatible")); diff --git a/gold/options.h b/gold/options.h index 9509a445e8e..a3d76b294cd 100644 --- a/gold/options.h +++ b/gold/options.h @@ -1394,6 +1394,13 @@ class General_options DEFINE_bool(warn_multiple_gp, options::TWO_DASHES, '\0', false, N_("Ignored"), NULL); + DEFINE_bool(warn_poison_system_directories, options::TWO_DASHES, '\0', false, + N_("Warn for -L options using system directories"), + N_("Do not warn for -L options using system directories")); + DEFINE_bool(error_poison_system_directories, options::TWO_DASHES, '\0', false, + N_("Give an error for -L options using system directories"), + NULL); + DEFINE_bool(warn_search_mismatch, options::TWO_DASHES, '\0', true, N_("Warn when skipping an incompatible library"), N_("Don't warn when skipping an incompatible library")); diff --git a/ld/config.in b/ld/config.in index 0ccd79d59cd..5e39814bce0 100644 --- a/ld/config.in +++ b/ld/config.in @@ -55,6 +55,9 @@ language is requested. */ #undef ENABLE_NLS +/* Define to warn for use of native system library directories */ +#undef ENABLE_POISON_SYSTEM_DIRECTORIES + /* Additional extension a shared object might have. */ #undef EXTRA_SHLIB_EXTENSION diff --git a/ld/configure b/ld/configure index 1c2b64870b1..46b5789c77e 100755 --- a/ld/configure +++ b/ld/configure @@ -836,6 +836,7 @@ with_lib_path enable_targets enable_64_bit_bfd with_sysroot +enable_poison_system_directories enable_gold enable_got enable_compressed_debug_sections @@ -1514,6 +1515,8 @@ Optional Features: --enable-checking enable run-time checks --enable-targets alternative target configurations --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes) + --enable-poison-system-directories + warn for use of native system library directories --enable-gold[=ARG] build gold [ARG={default,yes,no}] --enable-got= GOT handling scheme (target, single, negative, multigot) @@ -11491,7 +11494,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11494 "configure" +#line 11497 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11597,7 +11600,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11600 "configure" +#line 11603 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -15349,6 +15352,19 @@ fi +# Check whether --enable-poison-system-directories was given. +if test "${enable_poison_system_directories+set}" = set; then : + enableval=$enable_poison_system_directories; +else + enable_poison_system_directories=no +fi + +if test "x${enable_poison_system_directories}" = "xyes"; then + +$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h + +fi + # Check whether --enable-gold was given. if test "${enable_gold+set}" = set; then : enableval=$enable_gold; case "${enableval}" in diff --git a/ld/configure.ac b/ld/configure.ac index eb55904c090..0844c2364c5 100644 --- a/ld/configure.ac +++ b/ld/configure.ac @@ -102,6 +102,16 @@ AC_SUBST(use_sysroot) AC_SUBST(TARGET_SYSTEM_ROOT) AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE) +AC_ARG_ENABLE([poison-system-directories], + AS_HELP_STRING([--enable-poison-system-directories], + [warn for use of native system library directories]),, + [enable_poison_system_directories=no]) +if test "x${enable_poison_system_directories}" = "xyes"; then + AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES], + [1], + [Define to warn for use of native system library directories]) +fi + dnl Use --enable-gold to decide if this linker should be the default. dnl "install_as_default" is set to false if gold is the default linker. dnl "installed_linker" is the installed BFD linker name. diff --git a/ld/ld.h b/ld/ld.h index f3086bf30de..90cf1ca51e5 100644 --- a/ld/ld.h +++ b/ld/ld.h @@ -162,6 +162,13 @@ typedef struct in the linker script. */ bool force_group_allocation; + /* If true warn for uses of system directories when cross linking. */ + bool warn_poison_system_directories; + + /* If true (default false) give an error for uses of system + directories when cross linking instead of a warning. */ + bool error_poison_system_directories; + /* Big or little endian as set on command line. */ enum endian_enum endian; diff --git a/ld/ld.texi b/ld/ld.texi index eabbec8faa9..45f4858526c 100644 --- a/ld/ld.texi +++ b/ld/ld.texi @@ -2947,6 +2947,24 @@ creation of the metadata note, if one had been enabled by an earlier occurrence of the --package-metdata option. If the linker has been built with libjansson, then the JSON string will be validated. + +@kindex --warn-poison-system-directories +@item --warn-poison-system-directories +Warn for @option{-L} options using system directories such as +@file{/usr/lib} when cross linking. This option is intended for use +in environments that want to detect and reject incorrect link settings. + +@kindex --no-warn-poison-system-directories +@item --no-warn-poison-system-directories +Do not warn for @option{-L} options using system directories such as +@file{/usr/lib} when cross linking. This option is intended for use +in chroot environments when such directories contain the correct +libraries for the target system rather than the host. + +@kindex --error-poison-system-directories +@item --error-poison-system-directories +Give an error instead of a warning for @option{-L} options using +system directories when cross linking. @end table @c man end diff --git a/ld/ldfile.c b/ld/ldfile.c index 731ae5f7aed..6b67e29041b 100644 --- a/ld/ldfile.c +++ b/ld/ldfile.c @@ -117,6 +117,26 @@ ldfile_add_library_path (const char *name, bool cmdline) new_dirs->name = concat (ld_sysroot, name + strlen ("$SYSROOT"), (const char *) NULL); else new_dirs->name = xstrdup (name); + + if (command_line.warn_poison_system_directories + && (!strncmp (name, "/lib", 4) + /* TODO: This check is disabled for now due to a bunch of packages that + * use libtool and relink with -L/usr/lib paths (albeit after the right + * sysroot path). Once those are fixed we can enable. + * We also need to adjust it so it only rejects one or two levels deep. + * Gcc's internal paths also live below /usr/lib. + * http://crbug.com/488360 */ + /* || !strncmp (name, "/usr/lib", 8) */ + || !strncmp (name, "/usr/local/lib", 14) + || !strncmp (name, "/usr/X11R6/lib", 14))) + { + if (command_line.error_poison_system_directories) + einfo (_("%X%P: error: library search path \"%s\" is unsafe for " + "cross-compilation\n"), name); + else + einfo (_("%P: warning: library search path \"%s\" is unsafe for " + "cross-compilation\n"), name); + } } /* Try to open a BFD for a lang_input_statement. */ diff --git a/ld/ldlex.h b/ld/ldlex.h index 57ade1f754b..b35a6122e09 100644 --- a/ld/ldlex.h +++ b/ld/ldlex.h @@ -149,6 +149,9 @@ enum option_values OPTION_PRINT_OUTPUT_FORMAT, OPTION_PRINT_SYSROOT, OPTION_IGNORE_UNRESOLVED_SYMBOL, + OPTION_WARN_POISON_SYSTEM_DIRECTORIES, + OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES, + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES, OPTION_PUSH_STATE, OPTION_POP_STATE, OPTION_DISABLE_MULTIPLE_DEFS_ABS, diff --git a/ld/ldmain.c b/ld/ldmain.c index ea72b14a301..706ec9ce26e 100644 --- a/ld/ldmain.c +++ b/ld/ldmain.c @@ -321,6 +321,13 @@ main (int argc, char **argv) command_line.warn_mismatch = true; command_line.warn_search_mismatch = true; command_line.check_section_addresses = -1; + command_line.warn_poison_system_directories = +#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES + true; +#else + false; +#endif + command_line.error_poison_system_directories = false; /* We initialize DEMANGLING based on the environment variable COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the diff --git a/ld/lexsup.c b/ld/lexsup.c index 9225f71b3ce..db5b170bc7c 100644 --- a/ld/lexsup.c +++ b/ld/lexsup.c @@ -579,6 +579,18 @@ static const struct ld_option ld_options[] = OPTION_IGNORE_UNRESOLVED_SYMBOL}, '\0', N_("SYMBOL"), N_("Unresolved SYMBOL will not cause an error or warning"), TWO_DASHES }, + { {"warn-poison-system-directories", no_argument, NULL, + OPTION_WARN_POISON_SYSTEM_DIRECTORIES}, + '\0', NULL, N_("Warn for -L options using system directories"), + TWO_DASHES }, + { {"no-warn-poison-system-directories", no_argument, NULL, + OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES}, + '\0', NULL, N_("Do not warn for -L options using system directories"), + TWO_DASHES }, + { {"error-poison-system-directories", no_argument, NULL, + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES}, + '\0', NULL, N_("Give an error for -L options using system directories"), + TWO_DASHES }, { {"push-state", no_argument, NULL, OPTION_PUSH_STATE}, '\0', NULL, N_("Push state of flags governing input file handling"), TWO_DASHES }, @@ -1679,6 +1691,18 @@ parse_args (unsigned argc, char **argv) } break; + case OPTION_WARN_POISON_SYSTEM_DIRECTORIES: + command_line.warn_poison_system_directories = true; + break; + + case OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES: + command_line.warn_poison_system_directories = false; + break; + + case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES: + command_line.error_poison_system_directories = true; + break; + case OPTION_PUSH_STATE: input_flags.pushed = xmemdup (&input_flags, sizeof (input_flags), -- 2.35.1