From patchwork Tue Mar 12 12:09:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 1055347 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=orange.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44JYjP0cLLz9s9T for ; Tue, 12 Mar 2019 23:11:20 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 60E7F8560C; Tue, 12 Mar 2019 12:11:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SNjsUdwYZhcE; Tue, 12 Mar 2019 12:11:16 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9ECF285FCB; Tue, 12 Mar 2019 12:11:16 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 00F9C1BF2A9 for ; Tue, 12 Mar 2019 12:11:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id F28F285C9D for ; Tue, 12 Mar 2019 12:11:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FC9H1eoNBn83 for ; Tue, 12 Mar 2019 12:11:15 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) by fraxinus.osuosl.org (Postfix) with ESMTPS id BBD1B850A8 for ; Tue, 12 Mar 2019 12:09:44 +0000 (UTC) Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 44JYgV4JNmz5vpp; Tue, 12 Mar 2019 13:09:42 +0100 (CET) Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.54]) by opfednr03.francetelecom.fr (ESMTP service) with ESMTP id 44JYgV3YKPzDq80; Tue, 12 Mar 2019 13:09:42 +0100 (CET) Received: from OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) by OPEXCAUBM7D.corporate.adroot.infra.ftgroup (10.114.13.54) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 12 Mar 2019 13:09:42 +0100 Received: from r-lnx-nyma7486-2.rd.francetelecom.fr (10.168.234.2) by OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) with Microsoft SMTP Server id 14.3.439.0; Tue, 12 Mar 2019 13:09:36 +0100 From: To: Date: Tue, 12 Mar 2019 13:09:32 +0100 X-Mailer: git-send-email 2.17.1 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.168.234.2] Message-ID: <17089_1552392582_5C87A186_17089_129_1_a5ce0b38-3ef0-45ac-a336-7985a6490f2b@OPEXCLILM6F.corporate.adroot.infra.ftgroup> Subject: [Buildroot] [PATCH 1/5 v2] toolchain: prepare to pass more additional CFLAGS via the wrapper X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Yann E. MORIN" , Thomas De Schampheleire , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: "Yann E. MORIN" Currently, we pass the user-supplied so-called target optimisation flags to the wrapper. We're going to have additional such CFLAGS to pass, so push-back the formatting loop to quote the options at the last moment. Reported-by: Arnout Vandecappelle Signed-off-by: "Yann E. MORIN" Cc: Arnout Vandecappelle Cc: Thomas Petazzoni Cc: Thomas De Schampheleire --- toolchain/toolchain-wrapper.mk | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/toolchain/toolchain-wrapper.mk b/toolchain/toolchain-wrapper.mk index 613f5f6c56..c9e6fd3f3d 100644 --- a/toolchain/toolchain-wrapper.mk +++ b/toolchain/toolchain-wrapper.mk @@ -16,11 +16,13 @@ endif TOOLCHAIN_WRAPPER_ARGS = $($(PKG)_TOOLCHAIN_WRAPPER_ARGS) TOOLCHAIN_WRAPPER_ARGS += -DBR_SYSROOT='"$(STAGING_SUBDIR)"' +TOOLCHAIN_WRAPPER_OPTS = \ + $(call qstrip,$(BR2_TARGET_OPTIMIZATION)) + # We create a list like '"-mfoo", "-mbar", "-mbarfoo"' so that each flag is a # separate argument when used in execv() by the toolchain wrapper. -TOOLCHAIN_WRAPPER_OPTS = \ - $(foreach f,$(call qstrip,$(BR2_TARGET_OPTIMIZATION)),"$(f)"$(comma)) -TOOLCHAIN_WRAPPER_ARGS += -DBR_ADDITIONAL_CFLAGS='$(TOOLCHAIN_WRAPPER_OPTS)' +TOOLCHAIN_WRAPPER_ARGS += \ + -DBR_ADDITIONAL_CFLAGS='$(foreach f,$(TOOLCHAIN_WRAPPER_OPTS),"$(f)"$(comma))' ifeq ($(BR2_CCACHE),y) TOOLCHAIN_WRAPPER_ARGS += -DBR_CCACHE From patchwork Tue Mar 12 12:09:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 1055345 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=orange.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44JYh954q8z9s70 for ; Tue, 12 Mar 2019 23:10:17 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 41F3187535; Tue, 12 Mar 2019 12:10:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QI-vxUexNrdG; Tue, 12 Mar 2019 12:10:01 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 7EFD287568; Tue, 12 Mar 2019 12:09:55 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id BB7261BF419 for ; Tue, 12 Mar 2019 12:09:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id B8D04241AE for ; Tue, 12 Mar 2019 12:09:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCekNhSDGojj for ; Tue, 12 Mar 2019 12:09:44 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) by silver.osuosl.org (Postfix) with ESMTPS id 931CE228B3 for ; Tue, 12 Mar 2019 12:09:44 +0000 (UTC) Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 44JYgV5c7nz5vq3; Tue, 12 Mar 2019 13:09:42 +0100 (CET) Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.54]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 44JYgV4RZqzDq78; Tue, 12 Mar 2019 13:09:42 +0100 (CET) Received: from OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) by OPEXCAUBM7D.corporate.adroot.infra.ftgroup (10.114.13.54) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 12 Mar 2019 13:09:42 +0100 Received: from r-lnx-nyma7486-2.rd.francetelecom.fr (10.168.234.2) by OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) with Microsoft SMTP Server id 14.3.439.0; Tue, 12 Mar 2019 13:09:37 +0100 From: To: Date: Tue, 12 Mar 2019 13:09:33 +0100 X-Mailer: git-send-email 2.17.1 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.168.234.2] Message-ID: <6137_1552392582_5C87A186_6137_469_1_14193bcc-af2f-41d0-987f-c3154c37b38c@OPEXCLILM6F.corporate.adroot.infra.ftgroup> Subject: [Buildroot] [PATCH 2/5 v2] toolchain: set the ssp gcc option in kconfig X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Yann E. MORIN" , Thomas De Schampheleire , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: "Yann E. MORIN" Currently, we repeat all the SSP level selection deep down to the toolchain wrapper itself, where we eventually translate it to the actual SSP option to use. This is a bit redundant. Additionally, we will want to check that the toolchain actually supports that option (for those toolchain where it was backported). So, move the translation into kconfig, and add the qstrip'ed value to the additional flags passed to the wrapper. Add it before user-supplied opitons, to keep the previous behaviour (and allow anyone crazy-enough to override it with BR2_TARGET_OPTIMIZATION). Signed-off-by: "Yann E. MORIN" Cc: Matt Weber Cc: Thomas Petazzoni Cc: Thomas De Schampheleire Reviewed-by: Matthew Weber --- Changes v1 -> v2: - use TOOLCHAIN_WRAPPER_OPTS (Arnout) --- Config.in | 6 ++++++ toolchain/toolchain-wrapper.c | 9 --------- toolchain/toolchain-wrapper.mk | 9 +-------- 3 files changed, 7 insertions(+), 17 deletions(-) diff --git a/Config.in b/Config.in index d58d8dc04a..757ad1ca40 100644 --- a/Config.in +++ b/Config.in @@ -764,6 +764,12 @@ config BR2_SSP_ALL endchoice +config BR2_SSP_OPTION + string + default "-fstack-protector" if BR2_SSP_REGULAR + default "-fstack-protector-strong" if BR2_SSP_STRONG + default "-fstack-protector-all" if BR2_SSP_ALL + comment "Stack Smashing Protection needs a toolchain w/ SSP" depends on !BR2_TOOLCHAIN_HAS_SSP diff --git a/toolchain/toolchain-wrapper.c b/toolchain/toolchain-wrapper.c index e9c5cd9d32..c73a0cc079 100644 --- a/toolchain/toolchain-wrapper.c +++ b/toolchain/toolchain-wrapper.c @@ -98,15 +98,6 @@ static char *predef_args[] = { #if defined(BR_MIPS_TARGET_BIG_ENDIAN) || defined(BR_ARC_TARGET_BIG_ENDIAN) "-EB", #endif -#ifdef BR_SSP_REGULAR - "-fstack-protector", -#endif -#ifdef BR_SSP_STRONG - "-fstack-protector-strong", -#endif -#ifdef BR_SSP_ALL - "-fstack-protector-all", -#endif #ifdef BR_ADDITIONAL_CFLAGS BR_ADDITIONAL_CFLAGS #endif diff --git a/toolchain/toolchain-wrapper.mk b/toolchain/toolchain-wrapper.mk index c9e6fd3f3d..ca66fa7ba4 100644 --- a/toolchain/toolchain-wrapper.mk +++ b/toolchain/toolchain-wrapper.mk @@ -17,6 +17,7 @@ TOOLCHAIN_WRAPPER_ARGS = $($(PKG)_TOOLCHAIN_WRAPPER_ARGS) TOOLCHAIN_WRAPPER_ARGS += -DBR_SYSROOT='"$(STAGING_SUBDIR)"' TOOLCHAIN_WRAPPER_OPTS = \ + $(call qstrip,$(BR2_SSP_OPTION)) \ $(call qstrip,$(BR2_TARGET_OPTIMIZATION)) # We create a list like '"-mfoo", "-mbar", "-mbarfoo"' so that each flag is a @@ -53,14 +54,6 @@ else ifeq ($(BR2_RELRO_FULL),y) TOOLCHAIN_WRAPPER_ARGS += -DBR2_RELRO_FULL endif -ifeq ($(BR2_SSP_REGULAR),y) -TOOLCHAIN_WRAPPER_ARGS += -DBR_SSP_REGULAR -else ifeq ($(BR2_SSP_STRONG),y) -TOOLCHAIN_WRAPPER_ARGS += -DBR_SSP_STRONG -else ifeq ($(BR2_SSP_ALL),y) -TOOLCHAIN_WRAPPER_ARGS += -DBR_SSP_ALL -endif - define TOOLCHAIN_WRAPPER_BUILD $(HOSTCC) $(HOST_CFLAGS) $(TOOLCHAIN_WRAPPER_ARGS) \ -s -Wl,--hash-style=$(TOOLCHAIN_WRAPPER_HASH_STYLE) \ From patchwork Tue Mar 12 12:09:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 1055343 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=orange.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44JYgn3wSwz9sBr for ; Tue, 12 Mar 2019 23:09:57 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 42E4C86ECC; Tue, 12 Mar 2019 12:09:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7TNwU6MmUXHb; Tue, 12 Mar 2019 12:09:53 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 1624A86EDA; Tue, 12 Mar 2019 12:09:53 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 1F05E1BF947 for ; Tue, 12 Mar 2019 12:09:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 132A486ECC for ; Tue, 12 Mar 2019 12:09:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eu5FhTXXrD+Q for ; Tue, 12 Mar 2019 12:09:44 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) by whitealder.osuosl.org (Postfix) with ESMTPS id 881A986EDA for ; Tue, 12 Mar 2019 12:09:44 +0000 (UTC) Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 44JYgW1LGcz5vpl; Tue, 12 Mar 2019 13:09:43 +0100 (CET) Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.54]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 44JYgW00l9zDq78; Tue, 12 Mar 2019 13:09:43 +0100 (CET) Received: from OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) by OPEXCAUBM7D.corporate.adroot.infra.ftgroup (10.114.13.54) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 12 Mar 2019 13:09:42 +0100 Received: from r-lnx-nyma7486-2.rd.francetelecom.fr (10.168.234.2) by OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) with Microsoft SMTP Server id 14.3.439.0; Tue, 12 Mar 2019 13:09:38 +0100 From: To: Date: Tue, 12 Mar 2019 13:09:34 +0100 X-Mailer: git-send-email 2.17.1 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.168.234.2] Message-ID: <6137_1552392583_5C87A187_6137_470_1_3090e77d-fd75-49ec-8643-3a89ee5ea133@OPEXCLILM6F.corporate.adroot.infra.ftgroup> Subject: [Buildroot] [PATCH 3/5 v2] toolchain: check the SSP option is known X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Yann E. MORIN" , Thomas De Schampheleire , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: "Yann E. MORIN" Some toolchain vendors may have backported those options to older gcc versions, and we have no way to know, so we have to check that the user's selection is acceptable. Extend the macro that currently checks for SSP in the toolchain, with a new test that the actual SSP option is recognised and accepted. Note that the SSP option is either totaly empty, or an already-quoted string, so we can safely and easily assign it to a shell variable to test and use it. Note that we do not introduce BR2_TOOLCHAIN_HAS_SSP_STRONG, because: - our internal toolchain infra only supports gcc >= 4.9, so it has SSP strong; - of the external pre-built toolchains, only the codesourcery-arm one has a gcc-4.8 which lacks SSP strong, all the others have a gcc >= 4.9; - we'd still have to do the actual check for custom external toolchains anyway. So, we're not adding BR2_TOOLCHAIN_HAS_SSP_STRONG just for a single case. Signed-off-by: "Yann E. MORIN" Cc: Matt Weber Cc: Thomas Petazzoni Cc: Thomas De Schampheleire Cc: Arnout Vandecappelle --- Changes v1 -> v2: - expand the commit log to explain why we're not adding BR2_TOOLCHAIN_HAS_SSP_STRONG (Arnout) --- toolchain/helpers.mk | 8 ++++++++ toolchain/toolchain-external/pkg-toolchain-external.mk | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/toolchain/helpers.mk b/toolchain/helpers.mk index e5520c00c3..ba097e83cf 100644 --- a/toolchain/helpers.mk +++ b/toolchain/helpers.mk @@ -415,6 +415,7 @@ check_unusable_toolchain = \ # Check if the toolchain has SSP (stack smashing protector) support # # $1: cross-gcc path +# $2: gcc ssp option # check_toolchain_ssp = \ __CROSS_CC=$(strip $1) ; \ @@ -427,6 +428,13 @@ check_toolchain_ssp = \ echo "SSP support not available in this toolchain, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_SSP" ; \ exit 1 ; \ fi ; \ + __SSP_OPTION=$(2); \ + if [ -n "$${__SSP_OPTION}" ] ; then \ + if ! echo 'void main(){}' | $${__CROSS_CC} -Werror $${__SSP_OPTION} -x c - -o $(BUILD_DIR)/.br-toolchain-test.tmp >/dev/null 2>&1 ; then \ + echo "SSP option $${__SSP_OPTION} not available in this toolchain, please select another SSP level" ; \ + exit 1 ; \ + fi; \ + fi; \ rm -f $(BUILD_DIR)/.br-toolchain-test.tmp* # diff --git a/toolchain/toolchain-external/pkg-toolchain-external.mk b/toolchain/toolchain-external/pkg-toolchain-external.mk index db3570d96f..00cbd7b17a 100644 --- a/toolchain/toolchain-external/pkg-toolchain-external.mk +++ b/toolchain/toolchain-external/pkg-toolchain-external.mk @@ -549,7 +549,7 @@ define $(2)_CONFIGURE_CMDS else \ $$(call check_glibc,$$$${SYSROOT_DIR}) ; \ fi - $$(Q)$$(call check_toolchain_ssp,$$(TOOLCHAIN_EXTERNAL_CC)) + $$(Q)$$(call check_toolchain_ssp,$$(TOOLCHAIN_EXTERNAL_CC),$(BR2_SSP_OPTION)) endef $(2)_TOOLCHAIN_WRAPPER_ARGS += $$(TOOLCHAIN_EXTERNAL_TOOLCHAIN_WRAPPER_ARGS) From patchwork Tue Mar 12 12:09:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 1055346 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=orange.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44JYh95jbwz9sBp for ; Tue, 12 Mar 2019 23:10:17 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 6DDE887C3F; Tue, 12 Mar 2019 12:10:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id la5-h7itBEwg; Tue, 12 Mar 2019 12:10:06 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id B6F098757D; Tue, 12 Mar 2019 12:10:05 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id BD7AE1BF419 for ; Tue, 12 Mar 2019 12:09:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id B22F8872E8 for ; Tue, 12 Mar 2019 12:09:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BIOY27NKXu9K for ; Tue, 12 Mar 2019 12:09:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) by hemlock.osuosl.org (Postfix) with ESMTPS id 3459486963 for ; Tue, 12 Mar 2019 12:09:44 +0000 (UTC) Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) by opfednr27.francetelecom.fr (ESMTP service) with ESMTP id 44JYgV63Bkz4wdn; Tue, 12 Mar 2019 13:09:42 +0100 (CET) Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.54]) by opfednr03.francetelecom.fr (ESMTP service) with ESMTP id 44JYgV5KL1zDq80; Tue, 12 Mar 2019 13:09:42 +0100 (CET) Received: from OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) by OPEXCAUBM7D.corporate.adroot.infra.ftgroup (10.114.13.54) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 12 Mar 2019 13:09:42 +0100 Received: from r-lnx-nyma7486-2.rd.francetelecom.fr (10.168.234.2) by OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) with Microsoft SMTP Server id 14.3.439.0; Tue, 12 Mar 2019 13:09:40 +0100 From: To: Date: Tue, 12 Mar 2019 13:09:35 +0100 X-Mailer: git-send-email 2.17.1 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.168.234.2] Message-ID: <17089_1552392582_5C87A186_17089_130_1_f6f2aff0-c673-4b8c-9779-7e671921c77f@OPEXCLILM6F.corporate.adroot.infra.ftgroup> Subject: [Buildroot] [PATCH 4/5 v2] toolchain: -fstack-protector-strong can be back-ported X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Yann E. MORIN" , Thomas De Schampheleire , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: "Yann E. MORIN" Currently, use of -fstack-protector-strong is only available for gcc starting with 4.9, on the assumption that it appeared with that version. Although this is true, it happens that quite a few vendors will have back-ported -fstack-protector-strong to older gcc versions (at least 4.8 seen in the wild). Remove the guard against gcc>=4.9, and expand the help text. Signed-off-by: "Yann E. MORIN" Cc: Matt Weber Cc: Thomas Petazzoni Cc: Thomas De Schampheleire --- Notes: We could have changed the guard to something like: depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || BR2_TOOLCHAIN_EXTERNAL However, the latest gcc we support in the internal toolchain *is* gcc-4.9, so the condition would have always been true. Hence, we just drop the condition. --- Config.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Config.in b/Config.in index 757ad1ca40..d5a0460f98 100644 --- a/Config.in +++ b/Config.in @@ -746,14 +746,14 @@ config BR2_SSP_REGULAR config BR2_SSP_STRONG bool "-fstack-protector-strong" - depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 help Like -fstack-protector but includes additional functions to be protected - those that have local array definitions, or have references to local frame addresses. -comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9" - depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + -fstack-protector-strong officially appeared in gcc 4.9, but + some vendors have backported -fstack-protector-strong to older + versions of gcc. config BR2_SSP_ALL bool "-fstack-protector-all" From patchwork Tue Mar 12 12:09:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 1055344 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=orange.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44JYgv106Yz9sBr for ; Tue, 12 Mar 2019 23:10:02 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 9AFE2875BB; Tue, 12 Mar 2019 12:09:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id siFtwfC0DATC; Tue, 12 Mar 2019 12:09:50 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id BD54E8751C; Tue, 12 Mar 2019 12:09:49 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 2A59D1BF94B for ; Tue, 12 Mar 2019 12:09:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 23277279B9 for ; Tue, 12 Mar 2019 12:09:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UUDVxFxBqQLP for ; Tue, 12 Mar 2019 12:09:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from orange.com (mta239.mail.business.static.orange.com [80.12.66.39]) by silver.osuosl.org (Postfix) with ESMTPS id F21CC22D24 for ; Tue, 12 Mar 2019 12:09:44 +0000 (UTC) Received: from opfedar00.francetelecom.fr (unknown [xx.xx.xx.11]) by opfedar24.francetelecom.fr (ESMTP service) with ESMTP id 44JYgW0vLcz5w8H; Tue, 12 Mar 2019 13:09:43 +0100 (CET) Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.54]) by opfedar00.francetelecom.fr (ESMTP service) with ESMTP id 44JYgV68JGzCqjy; Tue, 12 Mar 2019 13:09:42 +0100 (CET) Received: from OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) by OPEXCAUBM7D.corporate.adroot.infra.ftgroup (10.114.13.54) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 12 Mar 2019 13:09:42 +0100 Received: from r-lnx-nyma7486-2.rd.francetelecom.fr (10.168.234.2) by OPEXCLILM6F.corporate.adroot.infra.ftgroup (10.114.31.34) with Microsoft SMTP Server id 14.3.439.0; Tue, 12 Mar 2019 13:09:41 +0100 From: To: Date: Tue, 12 Mar 2019 13:09:36 +0100 X-Mailer: git-send-email 2.17.1 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.168.234.2] Message-ID: <16391_1552392582_5C87A186_16391_281_1_704ea354-404e-4e6b-af91-9e63897e78c9@OPEXCLILM6F.corporate.adroot.infra.ftgroup> Subject: [Buildroot] [PATCH 5/5 v2] toolchain: allow PIC/PIE without RELRO X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Yann E. MORIN" , Thomas De Schampheleire , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: "Yann E. MORIN" In commit 7484c1c3b806 (toolchain/toolchain-wrapper: add BR2_RELRO_), we added the PIC/PIE flags, but based on the RELRO_FULL condition. It is however totally possible to do a PIC/PIE executable without RELRO_FULL, as it is also valid to do a PIC/PIE build with RELRO_PARTIAL. Add a new option that now governs the PIC/PIE flags. Note: it is unknown if RELRO_FULL really needs PIC/PIE or not, so we keep the current situation, where RELRO-FULL forces PIC/PIE compilation. Decoupling can come later from an interested party. Signed-off-by: "Yann E. MORIN" Cc: Matt Weber Cc: Thomas Petazzoni Cc: Thomas De Schampheleire Reviewed-by: Matthew Weber --- Config.in | 8 ++++++++ toolchain/toolchain-wrapper.c | 2 +- toolchain/toolchain-wrapper.mk | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Config.in b/Config.in index d5a0460f98..31fea3ab34 100644 --- a/Config.in +++ b/Config.in @@ -712,6 +712,13 @@ endmenu comment "Security Hardening Options" +config BR2_PIC_PIE + bool "Build code with PIC/PIE" + depends on BR2_SHARED_LIBS + help + Generate Position-Independent Code (PIC) and link + Position-Independent Executables (PIE). + choice bool "Stack Smashing Protection" default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy @@ -794,6 +801,7 @@ config BR2_RELRO_PARTIAL config BR2_RELRO_FULL bool "Full" + select BR2_PIC_PIE help This option includes the partial configuration, but also marks the GOT as read-only at the cost of initialization time during diff --git a/toolchain/toolchain-wrapper.c b/toolchain/toolchain-wrapper.c index c73a0cc079..7a4b9c4007 100644 --- a/toolchain/toolchain-wrapper.c +++ b/toolchain/toolchain-wrapper.c @@ -367,7 +367,7 @@ int main(int argc, char **argv) *cur++ = "-Wno-builtin-macro-redefined"; } -#ifdef BR2_RELRO_FULL +#ifdef BR2_PIC_PIE /* Patterned after Fedora/Gentoo hardening approaches. * https://fedoraproject.org/wiki/Changes/Harden_All_Packages * https://wiki.gentoo.org/wiki/Hardened/Toolchain#Position_Independent_Executables_.28PIEs.29 diff --git a/toolchain/toolchain-wrapper.mk b/toolchain/toolchain-wrapper.mk index ca66fa7ba4..3c42146cea 100644 --- a/toolchain/toolchain-wrapper.mk +++ b/toolchain/toolchain-wrapper.mk @@ -48,6 +48,10 @@ ifeq ($(BR2_CCACHE_USE_BASEDIR),y) TOOLCHAIN_WRAPPER_ARGS += -DBR_CCACHE_BASEDIR='"$(BASE_DIR)"' endif +ifeq ($(BR2_PIC_PIE),y) +TOOLCHAIN_WRAPPER_ARGS += -DBR2_PIC_PIE +endif + ifeq ($(BR2_RELRO_PARTIAL),y) TOOLCHAIN_WRAPPER_ARGS += -DBR2_RELRO_PARTIAL else ifeq ($(BR2_RELRO_FULL),y)