Clean up readme; improve toolchain-funcs specs parsing

svn path=/; revision=170

2 files changed, 89 insertions, 66 deletions

diff --git a/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass b/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass
index 2055b35..de346c6 100644
--- a/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass
+++ b/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass
@@ -187,8 +187,12 @@ gcc-specs-exists() {
 # Note; later specs normally overwrite earlier ones; however if a later
 # spec starts with '+' then it appends.
 # gcc -dumpspecs is parsed first, followed by files listed by "gcc -v"
-# as "Reading <file>", in order.
-gcc-specs-directive() {
+# as "Reading <file>", in order.  Strictly speaking, if there's a
+# $(gcc_install_dir)/specs, the built-in specs aren't read, however by
+# the same token anything from 'gcc -dumpspecs' is overridden by
+# the contents of $(gcc_install_dir)/specs so the result is the
+# same either way.
+gcc-specs-directive_raw() {
 	local cc=$(tc-getCC)
 	local specfiles=$(LC_ALL=C ${cc} -v 2>&1 | awk '$1=="Reading" {print $NF}')
 	${cc} -dumpspecs 2> /dev/null | cat - ${specfiles} | awk -v directive=$1 \
@@ -201,40 +205,53 @@ END	{ print spec }'
 	return 0
 }
 
+# Return the requested gcc specs directive, with all included
+# specs expanded.
+# Note, it does not check for inclusion loops, which cause it
+# to never finish - but such loops are invalid for gcc and we're
+# assuming gcc is operational.
+gcc-specs-directive() {
+	local directive subdname subdirective
+	directive="$(gcc-specs-directive_raw $1)"
+	while [[ ${directive} == *%\(*\)* ]]; do
+		subdname=${d/*%\(}
+		subdname=${subdname/\)*}
+		subdirective="$(gcc-specs-directive_raw ${subdname})"
+		directive="${directive//\%(${subname})/${subdirective}}"
+	done
+	echo "${directive}"
+	return 0
+}
+
 # Returns true if the toolchain sets relro
 gcc-specs-relro() {
 	local directive
-	directive=$(gcc-specs-directive link_relro)
-	[[ -z ${directive} ]] && directive=$(gcc-specs-directive link_command)
+	directive=$(gcc-specs-directive link_command)
 	return $([[ ${directive/\{!norelro:} != ${directive} ]])
 }
 # Returns true if the toolchain sets now
 gcc-specs-now() {
 	local directive
-	directive=$(gcc-specs-directive link_now)
-	[[ -z ${directive} ]] && directive=$(gcc-specs-directive link_command)
+	directive=$(gcc-specs-directive link_command)
 	return $([[ ${directive/\{!nonow:} != ${directive} ]])
 }
 # Returns true if gcc builds PIEs
 gcc-specs-pie() {
 	local directive
-	directive=$(gcc-specs-directive cc1_pie)
-	[[ -z ${directive} ]] && directive=$(gcc-specs-directive cc1)
+	directive=$(gcc-specs-directive cc1)
 	return $([[ ${directive/\{!nopie:} != ${directive} ]])
 }
 # Returns true if gcc builds with the stack protector
 gcc-specs-ssp() {
 	local directive
-	directive=$(gcc-specs-directive cc1_ssp)
-	[[ -z ${directive} ]] && directive=$(gcc-specs-directive cc1)
+	directive=$(gcc-specs-directive cc1)
 	return $([[ ${directive/\{!fno-stack-protector:} != ${directive} ]])
 }
 # Returns true if gcc upgrades fstack-protector to fstack-protector-all
 gcc-specs-ssp-to-all() {
 	local directive
 	gcc-specs-ssp || return 1
-	directive=$(gcc-specs-directive cc1_ssp_all)
-	[[ -z ${directive} ]] && directive=$(gcc-specs-directive cc1)
+	directive=$(gcc-specs-directive cc1)
 	return $([[ ${directive/\{!fno-stack-protector-all:} != ${directive} ]])
 }
 
@@ -289,9 +306,6 @@ _tc_gen_usr_ldscript() {
 gen_usr_ldscript() { _tc_gen_usr_ldscript "$@" ; }
 
 
-# NOTE: This function should probably be in a different eclass - 
-# to be resolved before being committed to the main tree.
-#
 # Much assembly code is written conditional on preprocessor macro
 # PIC, which is a libtool convention and not something the toolchain
 # itself sets.  GCC has set __PIC__ for the longest time when buildling
@@ -311,18 +325,19 @@ gen_usr_ldscript() { _tc_gen_usr_ldscript "$@" ; }
 #     fixup_DPIC [-style edit|prepend] <directory> <filename match>
 #
 # Default is to try all files recursively from ${S}
-# With -edit, replaces:
-#   #ifdef PIC  ->  #if defined PIC || defined __PIC__
-#   #ifndef PIC  ->  #if !defined PIC && !defined __PIC__
-#   #if ... defined PIC ... -> #if ... (defined PIC || defined __PIC__) ...
-#   #if ... !defined PIC ... -> #if ... (!defined PIC && !defined __PIC__) ...
 #
-# With -prepend, it prepends the following:
+# With -style prepend, it prepends the following:
 #   #if (defined __PIC__ && !defined PIC)
 #   # define PIC
 #   #endif
 # to the top of any source file containing /#[[:space:]]*if.*PIC/
 #
+# With -style edit, replaces:
+#   #ifdef PIC  ->  #if defined PIC || defined __PIC__
+#   #ifndef PIC  ->  #if !defined PIC && !defined __PIC__
+#   #if ... defined PIC ... -> #if ... (defined PIC || defined __PIC__) ...
+#   #if ... !defined PIC ... -> #if ... (!defined PIC && !defined __PIC__) ...
+#
 # -prepend is the default.
 fixup_DPIC() {
 	local style="prepend"
@@ -340,15 +355,6 @@ fixup_DPIC() {
 	[[ -z ${findmatch} ]] && findop=""
 
 	case ${style} in
-	"edit") # this path untested
-	find "${sourceroot}" ${findop} "${findmatch}" | \
-		xargs grep -l '^[[:space:]]*#[[:space:]]*if.*\bPIC\b' | \
-		xargs sed -s -i -n \
-		-e 's/\(#[[:space:]]\+\)ifdef[[:space:]]\+PIC\b/\1if (defined PIC || defined __PIC__)/' \
-		-e 's/\(#[[:space:]]\+\)ifndef[[:space:]]\+PIC\b/\1if (!defined PIC && !defined __PIC__)/' \
-		-e 's/\(#[[:space:]]\+if[[:space:]]\+\)defined[[:space:]]\+PIC\b\(.*$\)/\1(defined PIC || defined __PIC__)/' \
-		-e 's/\(#[[:space:]]\+if[[:space:]]\+\)![[:space:]]\+defined[[:space:]]\+PIC\b\(.*$\)/\1(!defined PIC && !defined __PIC__)/'
-		;;
 	"prepend")
 		einfo "Prepending PIC fixup"
 		find "${sourceroot}" ${findop} "${findmatch}" | \
@@ -358,6 +364,15 @@ fixup_DPIC() {
 #endif\
 '
 		;;
+	"edit") # this path untested
+		find "${sourceroot}" ${findop} "${findmatch}" | \
+		xargs grep -l '^[[:space:]]*#[[:space:]]*if.*\bPIC\b' | \
+		xargs sed -s -i -n \
+		-e 's/\(#[[:space:]]+\)ifdef[[:space:]]+PIC\b/\1if (defined PIC || defined __PIC__)/' \
+		-e 's/\(#[[:space:]]+\)ifndef[[:space:]]+PIC\b/\1if (!defined PIC && !defined __PIC__)/' \
+		-e 's/\(#[[:space:]]+if[[:space:]]+.*\)defined[[:space:]]+PIC\b\(.*$\)/\1(defined PIC || defined __PIC__)/' \
+		-e 's/\(#[[:space:]]+if[[:space:]]+.*\)![[:space:]]*defined[[:space:]]+PIC\b/\1(!defined PIC && !defined __PIC__)/'
+		;;
 	*)
 		die "Unknown DPIC fixup style ${style}"
 		;;
diff --git a/hardened/toolchain/branches/pieworld/pieworld.README b/hardened/toolchain/branches/pieworld/pieworld.README
index ada2e54..5ab02b1 100644
--- a/hardened/toolchain/branches/pieworld/pieworld.README
+++ b/hardened/toolchain/branches/pieworld/pieworld.README
@@ -133,44 +133,52 @@ Note also - ppc64 and sparc64 can't have linuxthreads as it doesn't
 compile (some changes that are in for nptl have not been back-ported).
 
 
-Kernel ->				x86		x86h	ppc		ppch	amd64	amd64h	sparc	sparch	ppc64	ppc64h	Reason
-NPTL Test v																								(? segfault)
-libio/tst-wmemstream1									X												(? segfault)
-libio/tst-wmemstream2									X												(? segfault)
-libio/bug-wmemstream1									X												(? segfault)
-math/test-fenv															X								(?)
-dlfcn/default									X		X				X				X				(?)
-posix/annexc									X		X				X				X				(expected)
-misc/tst-pselect																		X				(?)
-nptl/tst-execstack								X														(PaX)
-nptl/tst-cancel1										X												(expected)
-nptl/rt/tst-cpuclock2									X												(?)
-nptl/tst-eintr1															X								(?)
-nptl/tst-cancel20														X								(?)
-nptl/tst-cancelx20														X								(?)
-elf/tst-tls1									X		X				X				X				(local-exec TLS)
-elf/tst-tls2									X		X				X				X				(local-exec TLS)
-elf/tst-tls1-static								X		X				X				X				(local-exec TLS)
-elf/tst-tls2-static								X		X				X				X				(local-exec TLS)
-elf/resolvfail									X		X				X				X				(BIND_NOW)
-elf/constload1									X		X				X				X				(BIND_NOW)
-elf/order										X		X				X				X				(BIND_NOW)
-elf/lateglobal									X		X				X				X				(BIND_NOW)
-elf/dblload										X		X				X				X				(BIND_NOW)
-elf/dblunload									X		X				X				X				(BIND_NOW)
-elf/reldep6										X		X				X				X				(BIND_NOW)
-elf/circleload1									X		X				X				X				(BIND_NOW) elf/tst-tls3									X						X								(?)
-elf/tst-tls10									X		X								X				(local-exec TLS)
-elf/tst-tls14											X												(local-exec TLS)
-elf/tst-execstack								X														(PaX)
-elf/tst-execstack-needed						X														(PaX)
-elf//tst-execstack-prog							X														(PaX)
-elf/tst-global1									X		X				X				X				(BIND_NOW)
-elf/tst-audit2									X		X								X				(local-exec TLS)
-
+H: hardened on hardened kernel, h: hardened on vanilla kernel, V: vanilla,
+Arch (HhV)->				x86		ppc		amd64	sparc	ppc64
+NPTL Test v
+iconvdata/iconv-test		...		-..		..X		.-.		...		(? segfault)
+libio/tst-wmemstream1		...		-..		.X-		.-.		...		(? segfault)
+libio/tst-wmemstream2		...		-..		.X-		.-.		...		(? segfault)
+libio/bug-wmemstream1		...		-..		.X-		.-.		...		(? segfault)
+malloc/tst-mtrace			...		-..		.-X		.-.		...		
+grp/tst_fgetgrent			...		-..		.-X		.-.		...		
+math/test-fenv				...		-..		.--		.X.		...		(?)
+dlfcn/default				...		X..		.X-		.X.		.X.		(?)
+posix/globtest				...		-..		.-X		.-.		...		
+posix/annexc				...		X..		.XX		.X.		.X.		(expected)
+io/ftwtest					...		-..		.-X		.-.		...		
+misc/tst-pselect			...		-..		.--		.-.		...		(?)
+nptl/tst-execstack			...		X..		.--		.-.		...		(PaX)
+nptl/tst-cancel1			...		-..		.XX		.-.		...		(expected)
+nptl/rt/tst-cpuclock2		...		-..		.X-		.-.		...		(?)
+nptl/tst-eintr1				...		-..		.--		.X.		...		(?)
+nptl/tst-cancel20			...		-..		.--		.X.		...		(?)
+nptl/tst-cancelx20			...		-..		.--		.X.		...		(?)
+elf/tst-tls1				...		X..		.X-		.X.		.X.		(local-exec TLS)
+elf/tst-tls2				...		X..		.X-		.X.		.X.		(local-exec TLS)
+elf/tst-tls1-static			...		X..		.X-		.X.		.X.		(local-exec TLS)
+elf/tst-tls2-static			...		X..		.X-		.X.		.X.		(local-exec TLS)
+elf/resolvfail				...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/constload1				...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/order					...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/lateglobal				...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/dblload					...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/dblunload				...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/reldep6					...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/circleload1				...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/tst-tls3				...		X..		.--		.X.		...		(?)
+elf/tst-tls10				...		X..		.X-		.-.		.X.		(local-exec TLS)
+elf/tst-tls14				...		-..		.X-		.-.		...		(local-exec TLS)
+elf/tst-execstack			...		X..		.--		.-.		...		(PaX)
+elf/tst-execstack-needed	...		X..		.--		.-.		...		(PaX)
+elf/tst-execstack-prog		...		X..		.--		.-.		...		(PaX)
+elf/tst-global1				...		X..		.X-		.X.		.X.		(BIND_NOW)
+elf/tst-audit2				...		X..		.X-		.-.		.X.		(local-exec TLS)
+
+X => test failure
 PaX: PaX kernel causes execstack behaviour to fail (a good thing, where PaX is concerned).
 BIND_NOW: These tests require that some of their links be -Wl,-z,lazy (perhaps we could add this explicitly)
-local-exec TLS: The local-exec TLS model is not compatible with PIC (and PIE)
+local-exec TLS: The local-exec TLS model is not compatible with PIC (and therefore PIE)
 
 posix/annexc is ignored upstream (http://sourceware.org/ml/libc-hacker/1998-11/msg00207.html)