[Buildroot] [PATCH v2 1/1] qemu: add patch to fix SSP support detection

Fri Nov 13 07:10:05 UTC 2015

On 12-11-15 16:04, Rodrigo Rebello wrote:
> Arnout, All
> 
> 2015-11-12 6:19 GMT-02:00 Arnout Vandecappelle <arnout at mind.be>:
>>
>>
>> On 12-11-15 00:49, Rodrigo Rebello wrote:
>>> Arnout,
>>>
>>> 2015-11-11 21:30 GMT-02:00 Arnout Vandecappelle <arnout at mind.be>:
>>>> On 11-11-15 23:18, Rodrigo Rebello wrote:
>> [snip]
>>>>> +diff --git a/configure b/configure
>>>>> +index cd219d8..a6f4101 100755
>>>>> +--- a/configure
>>>>> ++++ b/configure
>>>>> +@@ -1471,6 +1471,24 @@ for flag in $gcc_flags; do
>>>>> + done
>>>>> +
>>>>> + if test "$stack_protector" != "no"; then
>>>>> ++  cat > $TMPC << EOF
>>>>> ++void foo(const char *c);
>>>>
>>>>  This declaration is unnecessary.
>>>>
>>>
>>> Actually it is necessary, otherwise compiling the test code fails with:
>>>
>>> config-temp/qemu-conf.c:3:6: error: no previous prototype for ‘foo’
>>> [-Werror=missing-prototypes]
>>>  void foo(const char *c)
>>>       ^
>>>
>>> Because in configure, line 410, -Wmissing-prototypes is added to
>>> QEMU_FLAGS (used in every compile test), and tests are run with
>>> -Werror by default, unless --disable-werror is passed to the configure
>>> script.
>>
>>  Right. And I guess declaring it static means that the whole function could be
>> elided so still no stack protection.
>>
>>  I wonder what would happen if LTO were enabled, since in that case the function
>> could be elided again...
>>
> 
> Indeed, I've run a test with LTO enabled and no stack protection code
> gets emitted due to the optimizations. Finding a test code fragment
> that works for all possibilities isn't so simple after all.
> 
> Maybe we should stick to the original v1 of this patch which disables
> SSP detection when it's known to be unsupported in the toolchain? Far
> from perfect, but at least it's more robust.

 It would be nicer to find a fundamental upstreamable solution, but yes, the
original solution was more robust.

> 
>>  To solve this fundamentally in buildroot, perhaps we should patch the gcc
>> wrapper to fail when -fstack-protector-* is passed when SSP is not enabled.
>>
> 
> Yes, that would be nice since it would serve as a solution to many
> other similar SSP detection failure cases. Perhaps I should look into
> that? Or wait until more people provide their views on this?

 Feel free to look into that. It shouldn't be too hard, we're already iterating
over all the arguments in the wrapper so you have an example of how to do it.
Just exit(1) immediately when you encounter an option that is not allowed.

 Regards,
 Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF