From patchwork Wed Sep 23 15:29:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 1369910 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=rockwellcollins.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=rockwellcollins.com header.i=@rockwellcollins.com header.a=rsa-sha256 header.s=hrcrc2020 header.b=f3VA6c4B; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BxMXy1Nkdz9ryj for ; Thu, 24 Sep 2020 01:29:19 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 9BB2C230FB; Wed, 23 Sep 2020 15:29:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WgJ3VGj2TFq0; Wed, 23 Sep 2020 15:29:13 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 2464322DEC; Wed, 23 Sep 2020 15:29:13 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 01A8E1BF38A for ; Wed, 23 Sep 2020 15:29:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id E681A87070 for ; Wed, 23 Sep 2020 15:29:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UgBTRKCnHxtR for ; Wed, 23 Sep 2020 15:29:10 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from da1vs04.rockwellcollins.com (da1vs04.rockwellcollins.com [205.175.227.52]) by hemlock.osuosl.org (Postfix) with ESMTPS id 9CD688705B for ; Wed, 23 Sep 2020 15:29:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rockwellcollins.com; s=hrcrc2020; h=from:to:cc:subject:date:message-id; bh=XMxLMvYOQ5Bcdi+fsf0DUgHArlXHBVAej6GJL5ysPms=; b=f3VA6c4B2ZmejxPc3RvfZSygSU35nnF+c/IcfJovqzCqhvwyRqLngC4k pC/2FbooBbBbT3FFeS5PsiC+hHy0uHeND1PiEH3/tjiFEQz2xpCsJc3pL wkWtJ8moZUQHk33y3tg8QI5Sjpni+m5/ToXjIeh0A7VPEE+Z86wP970AF UP/zqEVnzfZTROC3PBFPsa+zZE1BrT/+Lxo5WFubXhzA72x8qRh6ct88O ilP4vjJm4eg5ZCE8JmrXlyBPYZfIxl2UF9JSyd5pgaw19IQYX1WXVsJjK 94hHQ93Hl4T52eyetpa9xKP9BYXSlpR89hLnGux5MCxsNKrDEigPEHE+d w==; IronPort-SDR: qEREpKf3qpG0lgcUDpcQ/EN4MK6LPDlCREYIku98JZdYDPv/bKiuihRoCWYOz0480r5a24Udj9 1Jo/iCYd24x3eFy9MWny8MvH1pEVxtLb5EVdk5uPGATcj95I9HdpDy9B89tFI1mkMZrKwgEUfc PI8GWYwrC7xUgj93SSPKpP7c80QAXdMXo3tgYfWj2CYCBQjotAfaHMrdo0HcfLmnU0w2Y8TmAW xmj89JmjLFS3aHsHylRzWkyD+DaCAzDccNL0Bfh2Ye/gNNMZwdUjXl2IH9VsV/e6PLaf++bRUX O9U= Received: from ofwda1n02.rockwellcollins.com (HELO dtulimr02.rockwellcollins.com) ([205.175.227.14]) by da1vs04.rockwellcollins.com with ESMTP; 23 Sep 2020 10:29:10 -0500 X-Received: from biscuits.rockwellcollins.com (biscuits.rockwellcollins.lab [10.148.119.137]) by dtulimr02.rockwellcollins.com (Postfix) with ESMTP id ABB0020098; Wed, 23 Sep 2020 10:29:09 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Wed, 23 Sep 2020 10:29:08 -0500 Message-Id: <20200923152908.21153-1-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 2.17.1 Subject: [Buildroot] [PATCH] gcc: powerpc32 transition to secureplt X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" PowerPC has two PLT models: BSS-PLT and Secure-PLT. BSS-PLT uses runtime code generation to generate the PLT stubs. Secure-PLT was introduced with GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and Binutils 2.17), and is a more secure PLT format, using a read-only linkage table, with the dynamic linker populating a non-executable index table. Ref to other distro/BSD transitions https://patchwork.openembedded.org/patch/106621/ https://reviews.freebsd.org/D20598 Fixes a bug observed when creating SELinux policy where all apps require execmem because the heap requires execute before this change. Signed-off-by: Matthew Weber --- package/gcc/gcc.mk | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/package/gcc/gcc.mk b/package/gcc/gcc.mk index b834269adc..df5bf22b96 100644 --- a/package/gcc/gcc.mk +++ b/package/gcc/gcc.mk @@ -223,6 +223,13 @@ HOST_GCC_COMMON_CONF_OPTS += \ --with-long-double-128 endif +# Set default to Secure-PLT to prevent run-time +# generation of PLT stubs (supports RELRO and +# SELinux non-exemem capabilities) +ifeq ($(BR2_powerpc),y) +HOST_GCC_COMMON_CONF_OPTS += --enable-secureplt +endif + # PowerPC64 big endian by default uses the elfv1 ABI, and PowerPC 64 # little endian by default uses the elfv2 ABI. However, musl has # decided to use the elfv2 ABI for both, so we force the elfv2 ABI for