dumalogiya
/
openwrt
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

toolchain: remove gcc libssp and use libc variant

Browse Source 
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.

Stack smashing protection configuration options are now uniform
across all supported libc variants.

This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.

Signed-off-by: Ian Cooper <iancooper@hotmail.com>
master
Ian Cooper 4 years ago committed by Hauke Mehrtens
parent ba7ddae9a9
commit b933f9cf0c
7 changed files with 5 additions and 64 deletions
Show Stats Download Patch File Download Diff File

4
config/Config-build.in
Unescape Escape View File

@ -249,7 +249,6 @@ menu "Global build settings"
choice choice
prompt "User space Stack-Smashing Protection" prompt "User space Stack-Smashing Protection"
depends on USE_MUSL
default PKG_CC_STACKPROTECTOR_REGULAR default PKG_CC_STACKPROTECTOR_REGULAR
help help
Enable GCC Stack Smashing Protection (SSP) for userspace applications Enable GCC Stack Smashing Protection (SSP) for userspace applications
@ -257,18 +256,15 @@ menu "Global build settings"
bool "None" bool "None"
config PKG_CC_STACKPROTECTOR_REGULAR config PKG_CC_STACKPROTECTOR_REGULAR
bool "Regular" bool "Regular"
select GCC_LIBSSP if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_REGULAR depends on KERNEL_CC_STACKPROTECTOR_REGULAR
config PKG_CC_STACKPROTECTOR_STRONG config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong" bool "Strong"
select GCC_LIBSSP if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_STRONG depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice endchoice
choice choice
prompt "Kernel space Stack-Smashing Protection" prompt "Kernel space Stack-Smashing Protection"
default KERNEL_CC_STACKPROTECTOR_REGULAR default KERNEL_CC_STACKPROTECTOR_REGULAR
depends on USE_MUSL || !(x86_64 || i386)
help help
Enable GCC Stack-Smashing Protection (SSP) for the kernel Enable GCC Stack-Smashing Protection (SSP) for the kernel
config KERNEL_CC_STACKPROTECTOR_NONE config KERNEL_CC_STACKPROTECTOR_NONE

2
include/package-defaults.mk
Unescape Escape View File

@ -5,7 +5,7 @@
# See /LICENSE for more information. # See /LICENSE for more information.
# #
PKG_DEFAULT_DEPENDS = +libc +GCC_LIBSSP:libssp +USE_GLIBC:librt +USE_GLIBC:libpthread PKG_DEFAULT_DEPENDS = +libc +USE_GLIBC:librt +USE_GLIBC:libpthread
ifneq ($(PKG_NAME),toolchain) ifneq ($(PKG_NAME),toolchain)
PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2))) PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))

41
package/libs/toolchain/Makefile
Unescape Escape View File

@ -83,33 +83,6 @@ define Package/libatomic/config
endmenu endmenu
endef endef
define Package/libssp
$(call Package/gcc/Default)
DEPENDS+=@GCC_LIBSSP
TITLE:=GCC support library
endef
define Package/libssp/config
menu "Configuration"
depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
config LIBSSP_ROOT_DIR
string
prompt "libssp shared library base directory"
depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
default TOOLCHAIN_ROOT if !NATIVE_TOOLCHAIN
default "/" if NATIVE_TOOLCHAIN
config LIBSSP_FILE_SPEC
string
prompt "libssp shared library files (use wildcards)"
depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
default "./lib/libssp.so.*"
endmenu
endef
define Package/libstdcpp define Package/libstdcpp
$(call Package/gcc/Default) $(call Package/gcc/Default)
NAME:=libstdc++ NAME:=libstdc++
@ -519,11 +492,6 @@ ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
$(CP) $(TOOLCHAIN_DIR)/lib/libgfortran.so.* $(1)/usr/lib/ $(CP) $(TOOLCHAIN_DIR)/lib/libgfortran.so.* $(1)/usr/lib/
endef endef
define Package/libssp/install
$(INSTALL_DIR) $(1)/lib
$(CP) $(TOOLCHAIN_DIR)/lib/libssp.so.* $(1)/lib/
endef
define Package/libstdcpp/install define Package/libstdcpp/install
$(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DIR) $(1)/usr/lib
$(CP) $(TOOLCHAIN_DIR)/lib/libstdc++.so.* $(1)/usr/lib/ $(CP) $(TOOLCHAIN_DIR)/lib/libstdc++.so.* $(1)/usr/lib/
@ -670,14 +638,6 @@ else
done done
endef endef
define Package/libssp/install
for file in $(call qstrip,$(CONFIG_LIBSSP_FILE_SPEC)); do \
$(INSTALL_DIR) $(1)/lib ; \
$(CP) $(call qstrip,$(CONFIG_LIBSSP_ROOT_DIR))/$$$$file $(1)/lib/ ; \
done ; \
exit 0
endef
define Package/libstdcpp/install define Package/libstdcpp/install
for file in $(call qstrip,$(CONFIG_LIBSTDCPP_FILE_SPEC)); do \ for file in $(call qstrip,$(CONFIG_LIBSTDCPP_FILE_SPEC)); do \
$(INSTALL_DIR) $(1)/lib ; \ $(INSTALL_DIR) $(1)/lib ; \
@ -789,7 +749,6 @@ endif
$(eval $(call BuildPackage,libc)) $(eval $(call BuildPackage,libc))
$(eval $(call BuildPackage,libgcc)) $(eval $(call BuildPackage,libgcc))
$(eval $(call BuildPackage,libatomic)) $(eval $(call BuildPackage,libatomic))
$(eval $(call BuildPackage,libssp))
$(eval $(call BuildPackage,libstdcpp)) $(eval $(call BuildPackage,libstdcpp))
$(eval $(call BuildPackage,libasan)) $(eval $(call BuildPackage,libasan))
$(eval $(call BuildPackage,libtsan)) $(eval $(call BuildPackage,libtsan))

2
toolchain/Config.in
Unescape Escape View File

@ -284,7 +284,7 @@ config USE_MUSL
bool bool
config SSP_SUPPORT config SSP_SUPPORT
default y if USE_MUSL || GCC_LIBSSP default y if !PKG_CC_STACKPROTECTOR_NONE
bool bool
config USE_EXTERNAL_LIBC config USE_EXTERNAL_LIBC

8
toolchain/gcc/Config.in
Unescape Escape View File

@ -47,14 +47,6 @@ config GCC_DEFAULT_SSP
help help
Use gcc configure option --enable-default-ssp to turn on -fstack-protector-strong by default. Use gcc configure option --enable-default-ssp to turn on -fstack-protector-strong by default.
config GCC_LIBSSP
bool
prompt "Build gcc libssp" if TOOLCHAINOPTS
depends on !USE_MUSL
default y if !USE_MUSL
help
Enable Stack-Smashing Protection support
config SJLJ_EXCEPTIONS config SJLJ_EXCEPTIONS
bool bool
prompt "Use setjump()/longjump() exceptions" if TOOLCHAINOPTS prompt "Use setjump()/longjump() exceptions" if TOOLCHAINOPTS

9
toolchain/gcc/common.mk
Unescape Escape View File

@ -104,6 +104,7 @@ GCC_CONFIGURE:= \
--disable-multilib \ --disable-multilib \
--disable-libmpx \ --disable-libmpx \
--disable-nls \ --disable-nls \
--disable-libssp \
$(GRAPHITE_CONFIGURE) \ $(GRAPHITE_CONFIGURE) \
--with-host-libstdcxx=-lstdc++ \ --with-host-libstdcxx=-lstdc++ \
$(SOFT_FLOAT_CONFIG_OPTION) \ $(SOFT_FLOAT_CONFIG_OPTION) \
@ -131,14 +132,6 @@ ifneq ($(CONFIG_GCC_DEFAULT_SSP),)
--enable-default-ssp --enable-default-ssp
endif endif
ifneq ($(CONFIG_GCC_LIBSSP),)
GCC_CONFIGURE+= \
--enable-libssp
else
GCC_CONFIGURE+= \
--disable-libssp
endif
ifneq ($(CONFIG_EXTRA_TARGET_ARCH),) ifneq ($(CONFIG_EXTRA_TARGET_ARCH),)
GCC_CONFIGURE+= \ GCC_CONFIGURE+= \
--enable-biarch \ --enable-biarch \

3
toolchain/glibc/common.mk
Unescape Escape View File

@ -39,7 +39,6 @@ ifeq ($(ARCH),mips64)
endif endif
endif endif
# -Os miscompiles w. 2.24 gcc5/gcc6 # -Os miscompiles w. 2.24 gcc5/gcc6
# only -O2 tested by upstream changeset # only -O2 tested by upstream changeset
# "Optimize i386 syscall inlining for GCC 5" # "Optimize i386 syscall inlining for GCC 5"
@ -61,6 +60,8 @@ GLIBC_CONFIGURE:= \
--without-cvs \ --without-cvs \
--enable-add-ons \ --enable-add-ons \
--$(if $(CONFIG_SOFT_FLOAT),without,with)-fp \ --$(if $(CONFIG_SOFT_FLOAT),without,with)-fp \
$(if $(CONFIG_PKG_CC_STACKPROTECTOR_REGULAR),--enable-stack-protector=yes) \
$(if $(CONFIG_PKG_CC_STACKPROTECTOR_STRONG),--enable-stack-protector=strong) \
--enable-kernel=4.14.0 --enable-kernel=4.14.0
export libc_cv_ssp=no export libc_cv_ssp=no

Write Preview
Loading…
Cancel
Save