From patchwork Wed Aug 28 06:35:29 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Petazzoni X-Patchwork-Id: 270370 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from fraxinus.osuosl.org (fraxinus.osuosl.org [140.211.166.137]) by ozlabs.org (Postfix) with ESMTP id 74BF72C009E for ; Wed, 28 Aug 2013 16:36:09 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2AC2F8B975; Wed, 28 Aug 2013 06:36:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ey6NTWOovrq; Wed, 28 Aug 2013 06:35:59 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 52C588B94B; Wed, 28 Aug 2013 06:35:53 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (silver.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id D8C4A1CE5AB for ; Wed, 28 Aug 2013 06:35:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 5591320167 for ; Wed, 28 Aug 2013 06:35:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zGzohTBr1ofL for ; Wed, 28 Aug 2013 06:35:33 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.free-electrons.com (top.free-electrons.com [176.31.233.9]) by silver.osuosl.org (Postfix) with ESMTP id 27AE120541 for ; Wed, 28 Aug 2013 06:35:33 +0000 (UTC) Received: by mail.free-electrons.com (Postfix, from userid 106) id 3C501818; Wed, 28 Aug 2013 08:35:51 +0200 (CEST) Received: from localhost (AToulouse-651-1-237-65.w90-38.abo.wanadoo.fr [90.38.172.65]) by mail.free-electrons.com (Postfix) with ESMTPSA id C5043844 for ; Wed, 28 Aug 2013 08:35:50 +0200 (CEST) From: Thomas Petazzoni To: buildroot@uclibc.org Date: Wed, 28 Aug 2013 08:35:29 +0200 Message-Id: <1377671731-28656-11-git-send-email-thomas.petazzoni@free-electrons.com> X-Mailer: git-send-email 1.8.1.2 In-Reply-To: <1377671731-28656-1-git-send-email-thomas.petazzoni@free-electrons.com> References: <1377671731-28656-1-git-send-email-thomas.petazzoni@free-electrons.com> Subject: [Buildroot] [PATCH 10/12] toolchain: refactor Stack Smashing Protection support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: buildroot-bounces@busybox.net This commit refactors how Stack Smashing Protection support is handled in Buildroot: *) It turns the BR2_TOOLCHAIN_BUILDROOT_USE_SSP option into an option that only enables the SSP support in uClibc, when using the internal toolchain backend. *) It adds an hidden BR2_TOOLCHAIN_HAS_SSP option that gets enabled when the toolchain has SSP support. Here we have the usual dance: glibc/eglibc in internal/external backend always select this option, in the case of uClibc/internal, it gets selected when BR2_TOOLCHAIN_BUILDROOT_USE_SSP is enabled, in the case of uClibc/external, there is a new configuration option that the user must select (or not) depending on whether the toolchain has SSP support. *) It adds a new options BR2_ENABLE_SSP in the "Build options" menu, to enable the usage of SSP support, by adding -fstack-protector-all to the CFLAGS. Signed-off-by: Thomas Petazzoni --- Config.in | 17 +++++++++++++++++ package/Makefile.in | 2 +- package/psmisc/psmisc.mk | 2 +- package/uclibc/Config.in | 10 ++++++++++ toolchain/Config.in | 1 + toolchain/helpers.mk | 3 ++- toolchain/toolchain-buildroot/Config.in.2 | 9 --------- toolchain/toolchain-common.in | 3 +++ toolchain/toolchain-external/Config.in | 9 +++++++++ 9 files changed, 44 insertions(+), 12 deletions(-) diff --git a/Config.in b/Config.in index 78dea3b..590c013 100644 --- a/Config.in +++ b/Config.in @@ -398,6 +398,23 @@ config BR2_OPTIMIZE_S endchoice +config BR2_ENABLE_SSP + bool "build code with Stack Smashing Protection" + depends on BR2_TOOLCHAIN_HAS_SSP + help + Enable stack smashing protection support using GCCs + -fstack-protector-all option. + + See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt + for details. + + Note that this requires the toolchain to have SSP + support. This is always the case for glibc and eglibc + toolchain, but is optional in uClibc toolchains. + +comment "enabling Stack Smashing Protection requires support in the toolchain" + depends on !BR2_TOOLCHAIN_HAS_SSP + config BR2_PREFER_STATIC_LIB bool "prefer static libraries" help diff --git a/package/Makefile.in b/package/Makefile.in index 0b1c33a..3eaa2b2 100644 --- a/package/Makefile.in +++ b/package/Makefile.in @@ -129,7 +129,7 @@ TARGET_CFLAGS += -msep-data TARGET_CXXFLAGS += -msep-data endif -ifeq ($(BR2_TOOLCHAIN_BUILDROOT_USE_SSP),y) +ifeq ($(BR2_ENABLE_SSP),y) TARGET_CFLAGS += -fstack-protector-all TARGET_CXXFLAGS += -fstack-protector-all endif diff --git a/package/psmisc/psmisc.mk b/package/psmisc/psmisc.mk index 1340ee6..61faeab 100644 --- a/package/psmisc/psmisc.mk +++ b/package/psmisc/psmisc.mk @@ -10,7 +10,7 @@ PSMISC_LICENSE = GPLv2 PSMISC_LICENSE_FILES = COPYING PSMISC_DEPENDENCIES = ncurses $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext) -ifneq ($(BR2_TOOLCHAIN_BUILDROOT_USE_SSP),y) +ifneq ($(BR2_ENABLE_SSP),y) # Don't force -fstack-protector PSMISC_CONF_OPT = --disable-harden-flags endif diff --git a/package/uclibc/Config.in b/package/uclibc/Config.in index 037ca01..eeb3b83 100644 --- a/package/uclibc/Config.in +++ b/package/uclibc/Config.in @@ -130,6 +130,16 @@ config BR2_PTHREAD_DEBUG help Build the thread library with debugging enabled. +config BR2_TOOLCHAIN_BUILDROOT_USE_SSP + bool "Enable stack protection support" + select BR2_TOOLCHAIN_HAS_SSP + help + Enable stack smashing protection support using GCCs + -fstack-protector-all option in uClibc. + + See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt + for details. + config BR2_UCLIBC_INSTALL_UTILS bool "Compile and install uClibc utilities" depends on !BR2_bfin diff --git a/toolchain/Config.in b/toolchain/Config.in index 64cdf81..da9cd68 100644 --- a/toolchain/Config.in +++ b/toolchain/Config.in @@ -18,6 +18,7 @@ config BR2_TOOLCHAIN_USES_GLIBC select BR2_TOOLCHAIN_HAS_THREADS select BR2_TOOLCHAIN_HAS_THREADS_DEBUG select BR2_TOOLCHAIN_HAS_SHADOW_PASSWORDS + select BR2_TOOLCHAIN_HAS_SSP select BR2_TOOLCHAIN_LIBC_NEEDS_THREE_STAGE_BUILD config BR2_TOOLCHAIN_USES_UCLIBC diff --git a/toolchain/helpers.mk b/toolchain/helpers.mk index 4c988a5..262c052 100644 --- a/toolchain/helpers.mk +++ b/toolchain/helpers.mk @@ -269,7 +269,8 @@ check_uclibc = \ $(call check_uclibc_feature,__UCLIBC_HAS_LOCALE__,BR2_ENABLE_LOCALE,$${UCLIBC_CONFIG_FILE},Locale support) ;\ $(call check_uclibc_feature,__UCLIBC_HAS_WCHAR__,BR2_USE_WCHAR,$${UCLIBC_CONFIG_FILE},Wide char support) ;\ $(call check_uclibc_feature,__UCLIBC_HAS_THREADS__,BR2_TOOLCHAIN_HAS_THREADS,$${UCLIBC_CONFIG_FILE},Thread support) ;\ - $(call check_uclibc_feature,__PTHREADS_DEBUG_SUPPORT__,BR2_TOOLCHAIN_HAS_THREADS_DEBUG,$${UCLIBC_CONFIG_FILE},Thread debugging support) + $(call check_uclibc_feature,__PTHREADS_DEBUG_SUPPORT__,BR2_TOOLCHAIN_HAS_THREADS_DEBUG,$${UCLIBC_CONFIG_FILE},Thread debugging support) ;\ + $(call check_uclibc_feature,__UCLIBC_HAS_SSP__,BR2_TOOLCHAIN_HAS_SSP,$${UCLIBC_CONFIG_FILE},Stack Smashing Protection support) # # Check that the Buildroot configuration of the ABI matches the diff --git a/toolchain/toolchain-buildroot/Config.in.2 b/toolchain/toolchain-buildroot/Config.in.2 index 1371c31..df26079 100644 --- a/toolchain/toolchain-buildroot/Config.in.2 +++ b/toolchain/toolchain-buildroot/Config.in.2 @@ -4,15 +4,6 @@ if BR2_TOOLCHAIN_BUILDROOT comment "Toolchain Options" -config BR2_TOOLCHAIN_BUILDROOT_USE_SSP - bool "Enable stack protection support" - help - Enable stack smashing protection support using GCCs - -fstack-protector-all option. - - See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt - for details. - source "package/elf2flt/Config.in.host" endif diff --git a/toolchain/toolchain-common.in b/toolchain/toolchain-common.in index dc3bd2a..1085fb3 100644 --- a/toolchain/toolchain-common.in +++ b/toolchain/toolchain-common.in @@ -32,6 +32,9 @@ config BR2_TOOLCHAIN_HAS_THREADS_DEBUG config BR2_TOOLCHAIN_HAS_SHADOW_PASSWORDS bool +config BR2_TOOLCHAIN_HAS_SSP + bool + config BR2_ENABLE_LOCALE_PURGE bool "Purge unwanted locales" help diff --git a/toolchain/toolchain-external/Config.in b/toolchain/toolchain-external/Config.in index ad1f203..11edc98 100644 --- a/toolchain/toolchain-external/Config.in +++ b/toolchain/toolchain-external/Config.in @@ -921,6 +921,15 @@ config BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG debugging support. If you don't know, leave the default value, Buildroot will tell you if it's correct or not. +config BR2_TOOLCHAIN_EXTERNAL_HAS_SSP + bool "Toolchain has SSP support?" + select BR2_TOOLCHAIN_HAS_SSP + help + Selection this option if your external toolchain has Stack + Smashing Protection support enabled. If you don't know, + leave the default value, Buildroot will tell you if it's + correct or not. + endif # BR2_TOOLCHAIN_EXTERNAL_CUSTOM_UCLIBC config BR2_TOOLCHAIN_EXTERNAL_INET_RPC