| Message ID | 20230211163202.25627-1-ps.report@gmx.net |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [v1] package/ntpsec: fix Stack Smashing Protection detection | expand |
Peter, All, On 2023-02-11 17:32 +0100, Peter Seiderer spake thusly: > Fix SSP missdetection (compiler supports '-fstack-protector-all' command > line argument but selected libc/toolchain does not support SSP, > e.g. i686-musl. > > Fixes: > > - http://autobuild.buildroot.net/results/ded9ad5badbcfa6552443d3ce0866722becfefbd > > [...] > Checking if C compiler supports -fstack-protector-all : yes > [...] > Checking for type struct timex : no > The configuration failed > (complete log in .../build/ntpsec-1_2_2/build/config.log) > > And from build/ntpsec-1_2_2/build/config.log: > > err: .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: test.c.1.o: in function `main': > test.c:(.text.startup+0x2a): undefined reference to `__stack_chk_fail_local' > .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: .../build/ntpsec-1_2_2/build/.conf_check_01f3f794d5b6ffb7add7ce130581ae04/testbuild/main/testprog: hidden symbol `__stack_chk_fail_local' isn't defined > .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: final link failed: bad value > collect2: error: ld returned 1 exit status > > Signed-off-by: Peter Seiderer <ps.report@gmx.net> > --- > package/ntpsec/ntpsec.mk | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk > index c7fa2f85a8..18a8353900 100644 > --- a/package/ntpsec/ntpsec.mk > +++ b/package/ntpsec/ntpsec.mk > @@ -30,6 +30,15 @@ NTPSEC_DEPENDENCIES = \ > libcap \ > openssl > > +# prevent '-fstack-protector-all' compiler flag detection without > +# ssp support (e.g. i686-musl) > +ifeq ($(BR2_TOOLCHAIN_HAS_SSP),) > +define NTPSEC_FORCE_DISABLE_SSP > + $(SED) s/fstack-protector-all/fstack-protector-all-disabled/g $(@D)/wscript > +endef > +endif > +NTPSEC_PRE_CONFIGURE_HOOKS += NTPSEC_FORCE_DISABLE_SSP Assigning to hooks should be done in the conditional if-block, not outside. But in Buildroot, the SSP flags are automatically handled by the wrapper, so we should just unconditionally remove said flags as set by the package, like was done in 50cbac5099b1 (package/sysvinit: add patch to fix compile without stack-protector support) for example (and no, that commit was not chosen totally at random ;-) ). Regards, Yann E. MORIN. > # CC="$(HOSTCC)" is strange but needed to build some host tools, the > # cross-compiler will properly be used to build target code thanks to > # --cross-compiler > -- > 2.39.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
Hello Yann, *, On Sat, 11 Feb 2023 17:49:26 +0100, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote: > Peter, All, > > On 2023-02-11 17:32 +0100, Peter Seiderer spake thusly: > > Fix SSP missdetection (compiler supports '-fstack-protector-all' command > > line argument but selected libc/toolchain does not support SSP, > > e.g. i686-musl. > > > > Fixes: > > > > - http://autobuild.buildroot.net/results/ded9ad5badbcfa6552443d3ce0866722becfefbd > > > > [...] > > Checking if C compiler supports -fstack-protector-all : yes > > [...] > > Checking for type struct timex : no > > The configuration failed > > (complete log in .../build/ntpsec-1_2_2/build/config.log) > > > > And from build/ntpsec-1_2_2/build/config.log: > > > > err: .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: test.c.1.o: in function `main': > > test.c:(.text.startup+0x2a): undefined reference to `__stack_chk_fail_local' > > .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: .../build/ntpsec-1_2_2/build/.conf_check_01f3f794d5b6ffb7add7ce130581ae04/testbuild/main/testprog: hidden symbol `__stack_chk_fail_local' isn't defined > > .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: final link failed: bad value > > collect2: error: ld returned 1 exit status > > > > Signed-off-by: Peter Seiderer <ps.report@gmx.net> > > --- > > package/ntpsec/ntpsec.mk | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk > > index c7fa2f85a8..18a8353900 100644 > > --- a/package/ntpsec/ntpsec.mk > > +++ b/package/ntpsec/ntpsec.mk > > @@ -30,6 +30,15 @@ NTPSEC_DEPENDENCIES = \ > > libcap \ > > openssl > > > > +# prevent '-fstack-protector-all' compiler flag detection without > > +# ssp support (e.g. i686-musl) > > +ifeq ($(BR2_TOOLCHAIN_HAS_SSP),) > > +define NTPSEC_FORCE_DISABLE_SSP > > + $(SED) s/fstack-protector-all/fstack-protector-all-disabled/g $(@D)/wscript > > +endef > > +endif > > +NTPSEC_PRE_CONFIGURE_HOOKS += NTPSEC_FORCE_DISABLE_SSP > > Assigning to hooks should be done in the conditional if-block, not > outside. > > But in Buildroot, the SSP flags are automatically handled by the > wrapper, so we should just unconditionally remove said flags as set by > the package, like was done in 50cbac5099b1 (package/sysvinit: add patch > to fix compile without stack-protector support) for example (and no, > that commit was not chosen totally at random ;-) ). Nice reference ;-), do you prefer the above sed hack unconditionally (not sure if the wscript will add additional -lssp/-lssp_nonshared if available) or a patch removing the whole -fstack-protector-all/-lssp/-lssp_nonshared handling? Regards, Peter > > Regards, > Yann E. MORIN. > > > # CC="$(HOSTCC)" is strange but needed to build some host tools, the > > # cross-compiler will properly be used to build target code thanks to > > # --cross-compiler > > -- > > 2.39.1 > > > > _______________________________________________ > > buildroot mailing list > > buildroot@buildroot.org > > https://lists.buildroot.org/mailman/listinfo/buildroot >
diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk index c7fa2f85a8..18a8353900 100644 --- a/package/ntpsec/ntpsec.mk +++ b/package/ntpsec/ntpsec.mk @@ -30,6 +30,15 @@ NTPSEC_DEPENDENCIES = \ libcap \ openssl +# prevent '-fstack-protector-all' compiler flag detection without +# ssp support (e.g. i686-musl) +ifeq ($(BR2_TOOLCHAIN_HAS_SSP),) +define NTPSEC_FORCE_DISABLE_SSP + $(SED) s/fstack-protector-all/fstack-protector-all-disabled/g $(@D)/wscript +endef +endif +NTPSEC_PRE_CONFIGURE_HOOKS += NTPSEC_FORCE_DISABLE_SSP + # CC="$(HOSTCC)" is strange but needed to build some host tools, the # cross-compiler will properly be used to build target code thanks to # --cross-compiler
Fix SSP missdetection (compiler supports '-fstack-protector-all' command line argument but selected libc/toolchain does not support SSP, e.g. i686-musl. Fixes: - http://autobuild.buildroot.net/results/ded9ad5badbcfa6552443d3ce0866722becfefbd [...] Checking if C compiler supports -fstack-protector-all : yes [...] Checking for type struct timex : no The configuration failed (complete log in .../build/ntpsec-1_2_2/build/config.log) And from build/ntpsec-1_2_2/build/config.log: err: .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: test.c.1.o: in function `main': test.c:(.text.startup+0x2a): undefined reference to `__stack_chk_fail_local' .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: .../build/ntpsec-1_2_2/build/.conf_check_01f3f794d5b6ffb7add7ce130581ae04/testbuild/main/testprog: hidden symbol `__stack_chk_fail_local' isn't defined .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: final link failed: bad value collect2: error: ld returned 1 exit status Signed-off-by: Peter Seiderer <ps.report@gmx.net> --- package/ntpsec/ntpsec.mk | 9 +++++++++ 1 file changed, 9 insertions(+)