From 3f374d472dcabee161e01ff85eb915a7b507c26f Mon Sep 17 00:00:00 2001
From: Marek Polacek <polacek@redhat.com>
Date: Thu, 12 Aug 2021 15:13:40 -0400
Subject: [PATCH] Apply tsan fix.  Harden more libraries.

Resolves: #1988450
---
 gcc.spec                    | 14 +++++++++++---
 gcc11-libgcc-hardened.patch | 14 ++++++++++++++
 gcc11-tsan-sigstksz.patch   | 38 +++++++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+), 3 deletions(-)
 create mode 100644 gcc11-libgcc-hardened.patch
 create mode 100644 gcc11-tsan-sigstksz.patch

diff --git a/gcc.spec b/gcc.spec
index 65ef20c..ef101c5 100644
--- a/gcc.spec
+++ b/gcc.spec
@@ -118,7 +118,7 @@
 Summary: Various compilers (C, C++, Objective-C, ...)
 Name: gcc
 Version: %{gcc_version}
-Release: %{gcc_release}.1%{?dist}
+Release: %{gcc_release}.2%{?dist}
 # libgcc, libgfortran, libgomp, libstdc++ and crtstuff have
 # GCC Runtime Exception.
 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD
@@ -263,6 +263,8 @@ Patch9: gcc11-foffload-default.patch
 Patch10: gcc11-Wno-format-security.patch
 Patch11: gcc11-rh1574936.patch
 Patch12: gcc11-d-shared-libphobos.patch
+Patch13: gcc11-libgcc-hardened.patch
+Patch14: gcc11-tsan-sigstksz.patch
 
 Patch100: gcc11-fortran-fdec-duplicates.patch
 Patch101: gcc11-fortran-flogical-as-integer.patch
@@ -785,6 +787,8 @@ to NVidia PTX capable devices if available.
 %patch11 -p0 -b .rh1574936~
 %endif
 %patch12 -p0 -b .d-shared-libphobos~
+%patch13 -p0 -b .libgcc-hardened~
+%patch14 -p1 -b .tsan-sigstksz~
 
 %if 0%{?rhel} >= 9
 %patch100 -p1 -b .fortran-fdec-duplicates~
@@ -1089,9 +1093,9 @@ CC="$CC" CXX="$CXX" CFLAGS="$OPT_FLAGS" \
 	$CONFIGURE_OPTS
 
 %ifarch sparc sparcv9 sparc64
-make %{?_smp_mflags} BOOT_CFLAGS="$OPT_FLAGS" bootstrap
+make %{?_smp_mflags} BOOT_CFLAGS="$OPT_FLAGS" LDFLAGS_FOR_TARGET="-Wl,-z,relro,-z,now" bootstrap
 %else
-make %{?_smp_mflags} BOOT_CFLAGS="$OPT_FLAGS" profiledbootstrap
+make %{?_smp_mflags} BOOT_CFLAGS="$OPT_FLAGS" LDFLAGS_FOR_TARGET="-Wl,-z,relro,-z,now" profiledbootstrap
 %endif
 
 CC="`%{gcc_target_platform}/libstdc++-v3/scripts/testsuite_flags --build-cc`"
@@ -3130,6 +3134,10 @@ end
 %endif
 
 %changelog
+* Thu Aug 12 2021 Marek Polacek <polacek@redhat.com> 11.2.1-2.2
+- bootstrap with -Wl,-z,relro,-z,now, apply libgcc hardening patch (#1988450)
+- fix libsanitizer with non-constant SIGSTKSZ (#1992727)
+
 * Fri Jul 30 2021 Marek Polacek <polacek@redhat.com> 11.2.1-2.1
 - enable LTO profiledbootstrap on all arches (#1986141)
 
diff --git a/gcc11-libgcc-hardened.patch b/gcc11-libgcc-hardened.patch
new file mode 100644
index 0000000..51f6c39
--- /dev/null
+++ b/gcc11-libgcc-hardened.patch
@@ -0,0 +1,14 @@
+--- libgcc/config/t-slibgcc.mp	2018-10-03 16:07:00.336990246 -0400
++++ libgcc/config/t-slibgcc	2018-10-03 16:06:26.719946740 -0400
+@@ -30,9 +30,10 @@ SHLIB_LC = -lc
+ SHLIB_MAKE_SOLINK = $(LN_S) $(SHLIB_SONAME) $(SHLIB_DIR)/$(SHLIB_SOLINK)
+ SHLIB_INSTALL_SOLINK = $(LN_S) $(SHLIB_SONAME) \
+ 	$(DESTDIR)$(slibdir)$(SHLIB_SLIBDIR_QUAL)/$(SHLIB_SOLINK)
++SHLIB_EXTRA_LDFLAGS = -Wl,-z,relro  -Wl,-z,now
+ 
+ SHLIB_LINK = $(CC) $(LIBGCC2_CFLAGS) -shared -nodefaultlibs \
+-	$(SHLIB_LDFLAGS) \
++	$(SHLIB_LDFLAGS) $(SHLIB_EXTRA_LDFLAGS) \
+ 	-o $(SHLIB_DIR)/$(SHLIB_SONAME).tmp @multilib_flags@ \
+ 	$(SHLIB_OBJS) $(SHLIB_LC) && \
+ 	rm -f $(SHLIB_DIR)/$(SHLIB_SOLINK) && \
diff --git a/gcc11-tsan-sigstksz.patch b/gcc11-tsan-sigstksz.patch
new file mode 100644
index 0000000..80e23f6
--- /dev/null
+++ b/gcc11-tsan-sigstksz.patch
@@ -0,0 +1,38 @@
+From 91f8a7a34cf29ae7c465603a801326767f1cc7e9 Mon Sep 17 00:00:00 2001
+From: Martin Liska <mliska@suse.cz>
+Date: Thu, 5 Aug 2021 10:43:17 +0200
+Subject: [PATCH] sanitizer: cherry pick
+ 414482751452e54710f16bae58458c66298aaf69
+
+The patch is needed in order to support recent glibc (2.34).
+
+libsanitizer/ChangeLog:
+
+	PR sanitizer/101749
+	* sanitizer_common/sanitizer_posix_libcdep.cpp: Prevent
+	generation of dependency on _cxa_guard for static
+	initialization.
+---
+ libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp b/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp
+index 7ff48c35851..a65b16f5290 100644
+--- a/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp
++++ b/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp
+@@ -166,9 +166,10 @@ bool SupportsColoredOutput(fd_t fd) {
+ #if !SANITIZER_GO
+ // TODO(glider): different tools may require different altstack size.
+ static uptr GetAltStackSize() {
+-  // SIGSTKSZ is not enough.
+-  static const uptr kAltStackSize = SIGSTKSZ * 4;
+-  return kAltStackSize;
++  // Note: since GLIBC_2.31, SIGSTKSZ may be a function call, so this may be
++  // more costly that you think. However GetAltStackSize is only call 2-3 times
++  // per thread so don't cache the evaluation.
++  return SIGSTKSZ * 4;
+ }
+ 
+ void SetAlternateSignalStack() {
+-- 
+2.27.0