[Buildroot] [PATCH] Config.in: disable Fortify Source for microblaze
Giulio Benetti
giulio.benetti at benettiengineering.com
Fri Aug 20 22:59:17 UTC 2021
Hi Romain, All,
On 8/21/21 12:53 AM, Romain Naour wrote:
> As reported by Toolchain-builder project [1], the system doesn't
> boot when Fortify Source is enabled for glibc based toolchain
> (the init process hang).
>
> Also, hardening features may not be wanted or possible for such
> slow soft-core cpus [2].
>
> [1] https://gitlab.com/bootlin/toolchains-builder/-/jobs/1467624500
> [2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html
>
> Signed-off-by: Romain Naour <romain.naour at gmail.com>
> Cc: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
> Cc: Giulio Benetti <giulio.benetti at benettiengineering.com>
> ---
> With BR2_RELRO_PARTIAL enabled, the system boot.
> ---
> Config.in | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/Config.in b/Config.in
> index 2ef5d407e4..84f7fa6e8d 100644
> --- a/Config.in
> +++ b/Config.in
> @@ -853,9 +853,16 @@ endchoice
> comment "RELocation Read Only (RELRO) needs shared libraries"
> depends on !BR2_SHARED_LIBS
>
> +config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
> + bool
> + default y
> + # Microblaze glibc toolchains don't work with Fortify Source enabled > + depends on !BR2_microblaze
here you say it doesn't work with glibc toolchains, so you could add
'&& !BR2_TOOLCHAIN_USES_GLIBC'. I think it's worth if it works with
uclibc and musl.
What do you think about it?
Best regards
--
Giulio Benetti
Benetti Engineering sas
> +
> choice
> bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
> default BR2_FORTIFY_SOURCE_1
> + depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
> depends on BR2_TOOLCHAIN_USES_GLIBC
> depends on !BR2_OPTIMIZE_0
> help
>
More information about the buildroot
mailing list