[Buildroot] [PATCH] gcc: add option to build and install gcc's libssp
Guy Benyei
guybe at mellanox.com
Mon Jun 12 08:23:17 UTC 2017
When stack smashing protection is not provided by the C library, libssp
provides the functionality needed to support the -fstack-protector flag.
Signed-off-by: Guy Benyei <guybe at mellanox.com>
---
package/gcc/Config.in.host | 14 ++++++++++++++
package/gcc/gcc-final/gcc-final.mk | 11 +++++++++++
package/gcc/gcc.mk | 8 ++++++--
package/glibc/Config.in | 1 +
package/musl/Config.in | 3 ++-
package/uclibc/Config.in | 1 +
toolchain/toolchain-common.in | 3 +++
7 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/package/gcc/Config.in.host b/package/gcc/Config.in.host
index 5dcaa03..a89af6a 100644
--- a/package/gcc/Config.in.host
+++ b/package/gcc/Config.in.host
@@ -159,3 +159,17 @@ config BR2_GCC_ENABLE_GRAPHITE
help
This option enables the graphite optimizations in the
compiler.
+
+config BR2_TOOLCHAIN_INSTALL_LIBSSP
+ bool "Enable stack protection support using libssp"
+ depends on !BR2_LIBC_HAS_SSP
+ select BR2_TOOLCHAIN_HAS_SSP
+ help
+ Enable stack smashing protection support using GCCs
+ -fstack-protector option by installing libssp. This
+ option should be used only when the C library doesn't
+ support stack smashing protection.
+
+ See http://wiki.osdev.org/Stack_Smashing_Protector#libssp
+ for details.
+
diff --git a/package/gcc/gcc-final/gcc-final.mk b/package/gcc/gcc-final/gcc-final.mk
index e8d2e18..67106ed 100644
--- a/package/gcc/gcc-final/gcc-final.mk
+++ b/package/gcc/gcc-final/gcc-final.mk
@@ -147,6 +147,17 @@ endef
HOST_GCC_FINAL_POST_INSTALL_HOOKS += HOST_GCC_FINAL_INSTALL_LIBATOMIC
+define HOST_GCC_FINAL_INSTALL_LIBSSP
+ -cp -dpf $(HOST_GCC_FINAL_GCC_LIB_DIR)/libssp* \
+ $(STAGING_DIR)/lib/
+ -cp -dpf $(HOST_GCC_FINAL_GCC_LIB_DIR)/libssp* \
+ $(TARGET_DIR)/lib/
+endef
+
+ifeq ($(BR2_TOOLCHAIN_INSTALL_LIBSSP),y)
+HOST_GCC_FINAL_POST_INSTALL_HOOKS += HOST_GCC_FINAL_INSTALL_LIBSSP
+endif
+
# Handle the installation of libraries in /usr/lib
HOST_GCC_FINAL_USR_LIBS =
diff --git a/package/gcc/gcc.mk b/package/gcc/gcc.mk
index b52f945..4691846 100644
--- a/package/gcc/gcc.mk
+++ b/package/gcc/gcc.mk
@@ -90,7 +90,6 @@ HOST_GCC_COMMON_CONF_OPTS = \
--with-sysroot=$(STAGING_DIR) \
--disable-__cxa_atexit \
--with-gnu-ld \
- --disable-libssp \
--disable-multilib \
--with-gmp=$(HOST_DIR)/usr \
--with-mpc=$(HOST_DIR)/usr \
@@ -110,6 +109,11 @@ GCC_COMMON_TARGET_CXXFLAGS = $(TARGET_CXXFLAGS)
HOST_GCC_COMMON_CONF_ENV += CFLAGS_FOR_TARGET="$(GCC_COMMON_TARGET_CFLAGS)"
HOST_GCC_COMMON_CONF_ENV += CXXFLAGS_FOR_TARGET="$(GCC_COMMON_TARGET_CXXFLAGS)"
+# don't build libssp if it's not explicitly required
+ifneq ($(BR2_TOOLCHAIN_INSTALL_LIBSSP),y)
+HOST_GCC_COMMON_CONF_OPTS += --disable-libssp
+endif
+
# libitm needs sparc V9+
ifeq ($(BR2_sparc_v8)$(BR2_sparc_leon3),y)
HOST_GCC_COMMON_CONF_OPTS += --disable-libitm
@@ -286,7 +290,7 @@ endif # !BR2_GCC_ARCH_HAS_CONFIGURABLE_DEFAULTS
# available or not in the C library is not working properly for
# uClibc, so let's be explicit as well.
HOST_GCC_COMMON_MAKE_OPTS = \
- gcc_cv_libc_provides_ssp=$(if $(BR2_TOOLCHAIN_HAS_SSP),yes,no)
+ gcc_cv_libc_provides_ssp=$(if $(BR2_LIBC_HAS_SSP),yes,no)
ifeq ($(BR2_CCACHE),y)
HOST_GCC_COMMON_CCACHE_HASH_FILES += $(DL_DIR)/$(GCC_SOURCE)
diff --git a/package/glibc/Config.in b/package/glibc/Config.in
index 115388e..d5494b7 100644
--- a/package/glibc/Config.in
+++ b/package/glibc/Config.in
@@ -4,6 +4,7 @@ config BR2_PACKAGE_GLIBC
bool
default y
select BR2_PACKAGE_LINUX_HEADERS
+ select BR2_LIBC_HAS_SSP
select BR2_TOOLCHAIN_HAS_SSP
choice
diff --git a/package/musl/Config.in b/package/musl/Config.in
index bedc50c..6b3d542 100644
--- a/package/musl/Config.in
+++ b/package/musl/Config.in
@@ -4,6 +4,7 @@ config BR2_PACKAGE_MUSL
depends on BR2_TOOLCHAIN_USES_MUSL
select BR2_PACKAGE_LINUX_HEADERS
# SSP broken on i386/ppc: http://www.openwall.com/lists/musl/2016/12/04/2
- select BR2_TOOLCHAIN_HAS_SSP if !(BR2_i386 || BR2_powerpc)
+ select BR2_LIBC_HAS_SSP if !(BR2_i386 || BR2_powerpc)
+ select BR2_TOOLCHAIN_HAS_SSP if BR2_LIBC_HAS_SSP
# Compatibility headers: cdefs.h, queue.h
select BR2_PACKAGE_MUSL_COMPAT_HEADERS
diff --git a/package/uclibc/Config.in b/package/uclibc/Config.in
index b0b0b01..b87125c 100644
--- a/package/uclibc/Config.in
+++ b/package/uclibc/Config.in
@@ -71,6 +71,7 @@ config BR2_PTHREAD_DEBUG
config BR2_TOOLCHAIN_BUILDROOT_USE_SSP
bool "Enable stack protection support"
+ select BR2_LIBC_HAS_SSP
select BR2_TOOLCHAIN_HAS_SSP
help
Enable stack smashing protection support using GCCs
diff --git a/toolchain/toolchain-common.in b/toolchain/toolchain-common.in
index d670f44..3ffb5fb 100644
--- a/toolchain/toolchain-common.in
+++ b/toolchain/toolchain-common.in
@@ -45,6 +45,9 @@ config BR2_TOOLCHAIN_HAS_THREADS_NPTL
config BR2_TOOLCHAIN_HAS_SHADOW_PASSWORDS
bool
+config BR2_LIBC_HAS_SSP
+ bool
+
config BR2_TOOLCHAIN_HAS_SSP
bool
--
1.7.1
More information about the buildroot
mailing list