[Buildroot] [PATCH]Libssp support
Guy Benyei
guybe at mellanox.com
Thu Jun 8 11:43:57 UTC 2017
Hi Baruch,
The code I'm trying to build is not part of the buildroot package - it's a sample program I tried to compile to test the availability of the SSP feature in the GCC built by buildroot (arc/nps400 target). This feature is supported by GCC, pretty simple and useful, and apparently just needs the related libssp to be available.
I understand, that also uClibc can support SSP, but I'd prefer not to add anything to uClibc if I don't have to. Having libssp available seems to do a reasonable job for this case, without changing anything else.
Thanks
Guy
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
unsigned int __stack_chk_guard = 0xDEADBEEF;
__attribute__((noreturn))
void __stack_chk_fail(void)
{
printf("The canary died!\n");
exit(0);
}
__attribute__((noinline)) void foo(const char* str)
{
char buffer[16];
strcpy(buffer, str);
}
int main(int argc, char *argv[]) {
if (argc!=2) {
printf("Expected single command line option string to copy!\n");
return -1;
}
/* if argv[1] is at least 16 character long (17 including the trailing \0)
a buffer overrun will occur, and the __stack_chk_fail handler will be called */
foo(argv[1]);
return -1;
}
-----Original Message-----
From: Baruch Siach [mailto:baruch at tkos.co.il]
Sent: Wednesday, June 7, 2017 11:13 PM
To: Guy Benyei <guybe at mellanox.com>
Cc: buildroot at busybox.net
Subject: Re: [Buildroot] [PATCH]Libssp support
Hi Guy,
On Wed, Jun 07, 2017 at 10:41:51AM +0000, Guy Benyei wrote:
> I tried to activate gcc's -fstack-protector flag, but the compiler was
> looking for libssp:
>
> .../toolchain/bin/arceb-linux-gcc -O2 -o stack_overrun
> stack_overrun.c -fstack-protector
> .../arceb-ezchip-linux-uclibc/bin/ld: cannot find -lssp_nonshared
> .../arceb-ezchip-linux-uclibc/bin/ld: cannot find -lssp
> collect2: error: ld returned 1 exit status
What code are you trying to build? Is this part of a Buildroot package?
A sane build system must check whether the compiler supports -fstack-protector before attempting to use it.
> Building libssp seems to be disabled with no option to enable it in
> package/gcc.mk by using the --disable-libssp flag for configuring gcc.
> Applying the patch below enables the usage of libssp. Of course, it
> could be conditional with some configuration symbol, to save place
> when libssp is not needed.
> Any thoughts on it?
The internal toolchain that package/gcc/gcc.mk builds relies on ssp support from the C library. In your case this is seems to be uClibc. You need to enable BR2_TOOLCHAIN_BUILDROOT_USE_SSP (under "uClibc Options") for stack smashing protection support.
> It seems to be related to this bug:
> https://bugs.busybox.net/show_bug.cgi?id=4039
This bug is about external toolchains. Unrelated to gcc.mk that only deals with the internal toolchain.
baruch
> diff --git a/package/gcc/gcc-final/gcc-final.mk
> b/package/gcc/gcc-final/gcc-final.mk
> index e8d2e18..d0f23c9 100644
> --- a/package/gcc/gcc-final/gcc-final.mk
> +++ b/package/gcc/gcc-final/gcc-final.mk
> @@ -147,6 +147,15 @@ endef
>
> HOST_GCC_FINAL_POST_INSTALL_HOOKS += HOST_GCC_FINAL_INSTALL_LIBATOMIC
>
> +define HOST_GCC_FINAL_INSTALL_LIBSSP
> + -cp -dpf $(HOST_GCC_FINAL_GCC_LIB_DIR)/libssp* \
> + $(STAGING_DIR)/lib/
> + -cp -dpf $(HOST_GCC_FINAL_GCC_LIB_DIR)/libssp* \
> + $(TARGET_DIR)/lib/
> +endef
> +
> +HOST_GCC_FINAL_POST_INSTALL_HOOKS += HOST_GCC_FINAL_INSTALL_LIBSSP
> +
> # Handle the installation of libraries in /usr/lib
> HOST_GCC_FINAL_USR_LIBS =
>
> diff --git a/package/gcc/gcc.mk b/package/gcc/gcc.mk index
> b52f945..cca3847 100644
> --- a/package/gcc/gcc.mk
> +++ b/package/gcc/gcc.mk
> @@ -90,7 +90,6 @@ HOST_GCC_COMMON_CONF_OPTS = \
> --with-sysroot=$(STAGING_DIR) \
> --disable-__cxa_atexit \
> --with-gnu-ld \
> - --disable-libssp \
> --disable-multilib \
> --with-gmp=$(HOST_DIR)/usr \
> --with-mpc=$(HOST_DIR)/usr \
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list