From patchwork Sun Jun 10 16:33:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Naour X-Patchwork-Id: 927389 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Agr7xNmw"; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 413hXT1dh4z9s01 for ; Mon, 11 Jun 2018 02:33:13 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 932DB22796; Sun, 10 Jun 2018 16:33:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6c9SFhwDuPBh; Sun, 10 Jun 2018 16:33:07 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id A0A6E2278E; Sun, 10 Jun 2018 16:33:07 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id D434B1C0186 for ; Sun, 10 Jun 2018 16:33:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id D1CC287ACF for ; Sun, 10 Jun 2018 16:33:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ec5w9BbNEPfK for ; Sun, 10 Jun 2018 16:33:05 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr0-f195.google.com (mail-wr0-f195.google.com [209.85.128.195]) by hemlock.osuosl.org (Postfix) with ESMTPS id D5D4F87ABE for ; Sun, 10 Jun 2018 16:33:04 +0000 (UTC) Received: by mail-wr0-f195.google.com with SMTP id d2-v6so17889010wrm.10 for ; Sun, 10 Jun 2018 09:33:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=bSZhH6BeI+2Oq37YIIKrfA1GiMVPo5Zkz5XeYtgFmRE=; b=Agr7xNmwo9+n5ld9x8R/SqfDaanEBeeEhxnQlZ8N3AuAp7gmdZB+ANFnH8JsuBcNz0 iQ0YchUkPykvIqWofneOLI/lcJ222xVytfUrLzeC1amhKiPt7JZkYfAAL+Z011VOgS4Q 6UjbpHct0/zo+KmJurlvBIevvMaexTnVdsHsq4uCLsmKBGwFbFVfertICbrj/YLENbO3 0vE1qWnqjEUcOxTshbpC1uKjt0Nf2gfeCi1vHDkjYzABYYwvxCYPQYibVetAWuwNdPiZ fcDzjxsggiu+FuVdgO3FVSyZmySK7Y8JoEylKvxN19UH/0hSDVR7AM3dQKAu62IqQDEF UI1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=bSZhH6BeI+2Oq37YIIKrfA1GiMVPo5Zkz5XeYtgFmRE=; b=lclEGZw2317ZDXZTPCvGPm5GGDslRretSVXQz4xxS3S1x36Rk9S4mL3xrnl3OYa+Sd 638PZ2bAupsEUci489VxZ2ZlSYi4dOgWZtH5dhtltUl5vvnRX+2Bn0DhJwGttFZLJN2j H6PbxFK1t9Xc8LmdwUFcqLStG5S6TeAsLjlzo1S66qV4l3CHkhFCJlBeBhgW1x3Tw516 d70yTHCYZqkIJxyGnChkPdTrMQ8Dq6EMrb+X02BkXgFwEgQitJrmLRSiVSE05klcrRhJ uN61N3R4f/kgmdIylpMTMqNUersGt73wOWdiufSSzGCpC5LSFvsAyp5L8SmPqlMmGeOu +ZrA== X-Gm-Message-State: APt69E3OQhf06osWpVurWyw8hIAB0G1wKwUrr07hXvAv79Pklvl17b4e M/NKLANb52aKWO9hCWzFGjhXaYkW X-Google-Smtp-Source: ADUXVKL8i+bXON97AXNJBnKOAglCZeNQfIPTCKzh5PscLxB4G7VelRl/pE9VaV0dn3IId8QTA+dXFA== X-Received: by 2002:adf:9f0f:: with SMTP id l15-v6mr7840640wrf.206.1528648382689; Sun, 10 Jun 2018 09:33:02 -0700 (PDT) Received: from adeos.home (2a01cb00054978001a46adb371a118d7.ipv6.abo.wanadoo.fr. [2a01:cb00:549:7800:1a46:adb3:71a1:18d7]) by smtp.gmail.com with ESMTPSA id i193-v6sm7093436wmf.13.2018.06.10.09.33.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 10 Jun 2018 09:33:02 -0700 (PDT) From: Romain Naour To: buildroot@buildroot.org Date: Sun, 10 Jun 2018 18:33:00 +0200 Message-Id: <20180610163300.6440-1-romain.naour@gmail.com> X-Mailer: git-send-email 2.14.4 Subject: [Buildroot] [PATCH] SSP: disable ssp support on microblaze X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Romain Naour , Thomas Petazzoni MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" As reported by [1], SSP support is missing in the Buildroot toolchain for microblaze even if it's requested by selecting BR2_TOOLCHAIN_HAS_SSP config option. In Buildroot, we are using libssp provided by the C library (Glibc, musl, uClibc-ng) when available. We are not using libssp from gcc. So for a microblaze glibc based toolchain, the SSP support is enabled unconditionally by a select BR2_TOOLCHAIN_HAS_SSP. BR2_microblazeel=y BR2_TOOLCHAIN_BUILDROOT_GLIBC=y BR2_KERNEL_HEADERS_4_14=y BR2_BINUTILS_VERSION_2_30_X=y BR2_GCC_VERSION_8_X=y BR2_TOOLCHAIN_BUILDROOT_CXX=y While building the toolchain, we are building host-binutils which provide "as" (assembler) and host-gcc-initial wich provide a minimal cross gcc (C only cross-compiler without any C library). When SSP support is requested, gcc_cv_libc_provides_ssp=yes is added to the make command line (see [2] for full details) With this setting, the SSP support is requested but it's not available in the end and the toochain build succeed. When the microblaze toolchain is imported to Biuldroot (2018.05) as external toolchain with BR2_TOOLCHAIN_EXTERNAL_HAS_SSP set, the build stop with : "SSP support not available in this toolchain, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_SSP" The test is doing the following command line: echo 'void main(){}' | [...]/host/bin/microblazeel-linux-gcc.br_real -Werror -fstack-protector -x c - -o [...]/build/.br-toolchain-test.tmp cc1: error: -fstack-protector not supported for this target [-Werror] When we look at the gcc-final log file (config.log) we can see this error several time when using the minimal gcc (from host-gcc-initial). So Why the minimal gcc doesn't support SSP? When we look at the gcc-initial log file (config.log) we can see an error with 'as': configure:23194: checking assembler for cfi directives configure:23209: [...]microblazeel-buildroot-linux-gnu/bin/as -o conftest.o conftest.s >&5 conftest.s: Assembler messages: conftest.s:2: Error: CFI is not supported for this target conftest.s:3: Error: CFI is not supported for this target conftest.s:4: Error: CFI is not supported for this target conftest.s:5: Error: CFI is not supported for this target conftest.s:6: Error: CFI is not supported for this target conftest.s:7: Error: CFI is not supported for this target configure:23212: $? = 1 configure: failed program was .text .cfi_startproc .cfi_offset 0, 0 .cfi_same_value 1 .cfi_def_cfa 1, 2 .cfi_escape 1, 2, 3, 4, 5 .cfi_endproc This is the only relevant difference compared to a nios2 toolchain where libssp is enabled and available (nios2 is an example). "CFI" stand for "Control Flow Integrity" and it seems that SSP support requires CFI target support (see [3] for some explanation). The SSP support seems to depends on CFI support, but the toolchain infrastructure is not detailed enough to handle the CFI dependency. In the other hand, microblaze is the only architecture where CFI support is missing. Disable SSP support for microblaze entirely. Fixes: https://gitlab.com/free-electrons/toolchains-builder/-/jobs/72006389 [1] https://gitlab.com/free-electrons/toolchains-builder/issues/1 [2] https://git.buildroot.net/buildroot/tree/package/gcc/gcc.mk?h=2018.05#n275 [3] https://grsecurity.net/rap_faq.php Signed-off-by: Romain Naour Cc: Thomas Petazzoni --- package/glibc/Config.in | 3 ++- package/musl/Config.in | 3 ++- package/uclibc/Config.in | 1 + toolchain/Config.in | 3 +++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/package/glibc/Config.in b/package/glibc/Config.in index 57a2e833d2..7adf76699d 100644 --- a/package/glibc/Config.in +++ b/package/glibc/Config.in @@ -4,6 +4,7 @@ config BR2_PACKAGE_GLIBC bool default y select BR2_PACKAGE_LINUX_HEADERS - select BR2_TOOLCHAIN_HAS_SSP + # SSP not supported on microblaze + select BR2_TOOLCHAIN_HAS_SSP if !BR2_microblaze endif diff --git a/package/musl/Config.in b/package/musl/Config.in index bedc50cd45..4e0d6f4ef1 100644 --- a/package/musl/Config.in +++ b/package/musl/Config.in @@ -4,6 +4,7 @@ config BR2_PACKAGE_MUSL depends on BR2_TOOLCHAIN_USES_MUSL select BR2_PACKAGE_LINUX_HEADERS # SSP broken on i386/ppc: http://www.openwall.com/lists/musl/2016/12/04/2 - select BR2_TOOLCHAIN_HAS_SSP if !(BR2_i386 || BR2_powerpc) + # SSP not supported on microblaze + select BR2_TOOLCHAIN_HAS_SSP if !(BR2_i386 || BR2_microblaze || BR2_powerpc) # Compatibility headers: cdefs.h, queue.h select BR2_PACKAGE_MUSL_COMPAT_HEADERS diff --git a/package/uclibc/Config.in b/package/uclibc/Config.in index a566881852..0161954076 100644 --- a/package/uclibc/Config.in +++ b/package/uclibc/Config.in @@ -70,6 +70,7 @@ config BR2_PTHREAD_DEBUG config BR2_TOOLCHAIN_BUILDROOT_USE_SSP bool "Enable stack protection support" + depends on !BR2_microblaze # SSP not supported on microblaze select BR2_TOOLCHAIN_HAS_SSP help Enable stack smashing protection support using GCCs diff --git a/toolchain/Config.in b/toolchain/Config.in index 3a53a32a6d..1bf71a6d52 100644 --- a/toolchain/Config.in +++ b/toolchain/Config.in @@ -122,6 +122,9 @@ config BR2_TOOLCHAIN_HAS_THREADS_NPTL config BR2_TOOLCHAIN_HAS_SSP bool + # SSP support require CFI architecture support. + # https://gitlab.com/free-electrons/toolchains-builder/issues/1 + depends on !BR2_microblaze # missing CFI support in "gas" config BR2_TOOLCHAIN_SUPPORTS_PIE bool