* common.opt (fstack-protector): Initialize to -1.

        (fstack-protector-all): Likewise.
        (fstack-protector-strong): Likewise.
        (fstack-protector-explicit): Likewise.
        * configure.ac: Add --enable-default-ssp.
        * defaults.h (DEFAULT_FLAG_SSP): New.  Default SSP to strong.
        * opts.c (finish_options): Update opts->x_flag_stack_protect if it is
        -1.
        * doc/install.texi: Document --enable-default-ssp.
        * config.in: Regenerated.
        * configure: Likewise.

        * lib/target-supports.exp
        (check_effective_target_fstack_protector_enabled): New test.
        * gcc.target/i386/ssp-default.c: New test.

git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@227017 138bc75d-0d04-0410-961f-82ee72b054a4

11 files changed, 130 insertions, 5 deletions

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 567d440fd68..14446bc6795 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,17 @@
+2015-08-19  Magnus Granberg  <zorry@gentoo.org>
+
+	* common.opt (fstack-protector): Initialize to -1.
+	(fstack-protector-all): Likewise.
+	(fstack-protector-strong): Likewise.
+	(fstack-protector-explicit): Likewise.
+	* configure.ac: Add --enable-default-ssp.
+	* defaults.h (DEFAULT_FLAG_SSP): New.  Default SSP to strong.
+	* opts.c (finish_options): Update opts->x_flag_stack_protect if it is
+	-1.
+	* doc/install.texi: Document --enable-default-ssp.
+	* config.in: Regenerated.
+	* configure: Likewise.
+
 2015-08-19  Alexandre Oliva <aoliva@redhat.com>
 
 	PR rtl-optimization/64164
diff --git a/gcc/common.opt b/gcc/common.opt
index dd59ff337e6..4dcd51807af 100644
--- a/gcc/common.opt
+++ b/gcc/common.opt
@@ -2124,15 +2124,15 @@ Common RejectNegative Joined Var(common_deferred_options) Defer
 -fstack-limit-symbol=<name>	Trap if the stack goes past symbol <name>
 
 fstack-protector
-Common Report Var(flag_stack_protect, 1)
+Common Report Var(flag_stack_protect, 1) Init(-1)
 Use propolice as a stack protection method
 
 fstack-protector-all
-Common Report RejectNegative Var(flag_stack_protect, 2)
+Common Report RejectNegative Var(flag_stack_protect, 2) Init(-1)
 Use a stack protection method for every function
 
 fstack-protector-strong
-Common Report RejectNegative Var(flag_stack_protect, 3)
+Common Report RejectNegative Var(flag_stack_protect, 3) Init(-1)
 Use a smart stack protection method for certain functions
 
 fstack-protector-explicit
diff --git a/gcc/config.in b/gcc/config.in
index 541963a727a..22a4e6b7cb2 100644
--- a/gcc/config.in
+++ b/gcc/config.in
@@ -95,6 +95,13 @@
 #endif
 
 
+/* Define if your target supports default stack protector and it is enabled.
+   */
+#ifndef USED_FOR_TARGET
+#undef ENABLE_DEFAULT_SSP
+#endif
+
+
 /* Define if you want more run-time sanity checks for dataflow. */
 #ifndef USED_FOR_TARGET
 #undef ENABLE_DF_CHECKING
diff --git a/gcc/configure b/gcc/configure
index 8e89dd9c6eb..cf685f29ea6 100755
--- a/gcc/configure
+++ b/gcc/configure
@@ -678,6 +678,7 @@ MAINT
 zlibinc
 zlibdir
 HOST_LIBS
+enable_default_ssp
 libgcc_visibility
 gcc_cv_readelf
 gcc_cv_objdump
@@ -930,6 +931,7 @@ enable_fix_cortex_a53_843419
 with_glibc_version
 enable_gnu_unique_object
 enable_linker_build_id
+enable_default_ssp
 with_long_double_128
 with_gc
 with_system_zlib
@@ -1666,6 +1668,7 @@ Optional Features:
                           extension on glibc systems
   --enable-linker-build-id
                           compiler will always pass --build-id to linker
+  --enable-default-ssp    enable Stack Smashing Protection as default
   --enable-maintainer-mode
                           enable make rules and dependencies not useful (and
                           sometimes confusing) to the casual installer
@@ -18341,7 +18344,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 18344 "configure"
+#line 18347 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -18447,7 +18450,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 18450 "configure"
+#line 18453 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -28047,6 +28050,29 @@ $as_echo "#define TARGET_LIBC_PROVIDES_SSP 1" >>confdefs.h
 
 fi
 
+# Check whether --enable-default-ssp was given.
+# Check whether --enable-default-ssp was given.
+if test "${enable_default_ssp+set}" = set; then :
+  enableval=$enable_default_ssp;
+if test x$gcc_cv_libc_provides_ssp = xyes; then
+  case "$target" in
+    ia64*-*-*) enable_default_ssp=no ;;
+    *) enable_default_ssp=$enableval ;;
+  esac
+else
+  enable_default_ssp=no
+fi
+else
+  enable_default_ssp=no
+fi
+
+if test x$enable_default_ssp == xyes ; then
+
+$as_echo "#define ENABLE_DEFAULT_SSP 1" >>confdefs.h
+
+fi
+
+
 # Test for <sys/sdt.h> on the target.
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking sys/sdt.h in the target C library" >&5
diff --git a/gcc/configure.ac b/gcc/configure.ac
index c7d5d327a2e..d3c1449516d 100644
--- a/gcc/configure.ac
+++ b/gcc/configure.ac
@@ -5329,6 +5329,25 @@ if test x$gcc_cv_libc_provides_ssp = xyes; then
 	    [Define if your target C library provides stack protector support])
 fi
 
+# Check whether --enable-default-ssp was given.
+AC_ARG_ENABLE(default-ssp,
+[AS_HELP_STRING([--enable-default-ssp],
+  [enable Stack Smashing Protection as default])],[
+if test x$gcc_cv_libc_provides_ssp = xyes; then
+  case "$target" in
+    ia64*-*-*) enable_default_ssp=no ;;
+    *) enable_default_ssp=$enableval ;;
+  esac
+else
+  enable_default_ssp=no
+fi],
+enable_default_ssp=no)
+if test x$enable_default_ssp == xyes ; then
+  AC_DEFINE(ENABLE_DEFAULT_SSP, 1,
+      [Define if your target supports default stack protector and it is enabled.])
+fi
+AC_SUBST([enable_default_ssp])
+
 # Test for <sys/sdt.h> on the target.
 GCC_TARGET_TEMPLATE([HAVE_SYS_SDT_H])
 AC_MSG_CHECKING(sys/sdt.h in the target C library)
diff --git a/gcc/defaults.h b/gcc/defaults.h
index 713ca077c79..4fe8eb17f48 100644
--- a/gcc/defaults.h
+++ b/gcc/defaults.h
@@ -1359,6 +1359,18 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
 #define STACK_SIZE_MODE word_mode
 #endif
 
+/* Default value for flag_stack_protect when flag_stack_protect is initialized to -1:
+   --enable-default-ssp: Default flag_stack_protect to -fstack-protector-strong.
+   --disable-default-ssp: Default flag_stack_protect to 0.
+ */
+#ifdef ENABLE_DEFAULT_SSP
+# ifndef DEFAULT_FLAG_SSP
+#  define DEFAULT_FLAG_SSP 3
+# endif
+#else
+# define DEFAULT_FLAG_SSP 0
+#endif
+
 /* Provide default values for the macros controlling stack checking.  */
 
 /* The default is neither full builtin stack checking...  */
diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi
index 360b0666b69..6ba0fb97058 100644
--- a/gcc/doc/install.texi
+++ b/gcc/doc/install.texi
@@ -1642,6 +1642,9 @@ Using the GNU Compiler Collection (GCC)},
 See ``RS/6000 and PowerPC Options'' in the main manual
 @end ifhtml
 
+@item --enable-default-ssp
+Turn on @option{-fstack-protector-strong} by default.
+
 @item --enable-cld
 This option enables @option{-mcld} by default for 32-bit x86 targets.
 @ifnothtml
diff --git a/gcc/opts.c b/gcc/opts.c
index 32de605314f..f1a9acd7ba0 100644
--- a/gcc/opts.c
+++ b/gcc/opts.c
@@ -754,6 +754,11 @@ finish_options (struct gcc_options *opts, struct gcc_options *opts_set,
       opts->x_flag_opts_finished = true;
     }
 
+  /* We initialize opts->x_flag_stack_protect to -1 so that targets
+     can set a default value.  */
+  if (opts->x_flag_stack_protect == -1)
+    opts->x_flag_stack_protect = DEFAULT_FLAG_SSP;
+
   if (opts->x_optimize == 0)
     {
       /* Inlining does not work if not optimizing,
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index e162dd26d78..9654cc34089 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,9 @@
+2015-08-19  Magnus Granberg  <zorry@gentoo.org>
+
+	* lib/target-supports.exp
+	(check_effective_target_fstack_protector_enabled): New test.
+	* gcc.target/i386/ssp-default.c: New test.
+
 2015-08-19  Mikael Morin  <mikael@gcc.gnu.org>
 
 	PR fortran/66929
diff --git a/gcc/testsuite/gcc.target/i386/ssp-default.c b/gcc/testsuite/gcc.target/i386/ssp-default.c
new file mode 100644
index 00000000000..3f65ed8a80d
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/ssp-default.c
@@ -0,0 +1,22 @@
+/* { dg-do run { target native } } */
+/* { dg-require-effective-target fstack_protector_enabled } */
+
+#include <stdlib.h>
+
+void
+__stack_chk_fail (void)
+{
+  exit (0); /* pass */
+}
+
+int main ()
+{
+  int i;
+  char foo[255];
+
+  /* smash stack */
+  for (i = 0; i <= 400; i++)
+    foo[i] = 42;
+
+  return 1; /* fail */
+}
diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp
index 1988301045b..b6551e834d0 100644
--- a/gcc/testsuite/lib/target-supports.exp
+++ b/gcc/testsuite/lib/target-supports.exp
@@ -1145,6 +1145,17 @@ proc check_effective_target_pie_enabled { } {
     }]
 }
 
+# Return 1 if the target generates -fstack-protector by default.
+
+proc check_effective_target_fstack_protector_enabled {} {
+    return [ check_no_compiler_messages fstack_protector_enabled assembly {
+    #if !defined(__SSP__) && !defined(__SSP_ALL__) && \
+      !defined(__SSP_STRONG__) && !defined(__SSP_EXPICIT__)
+    #error unsupported
+    #endif
+    }]
+}
+
 # Return 1 if the target does not use a status wrapper.
 
 proc check_effective_target_unwrapped { } {