[Buildroot] [PATCH] Config.in: disable Fortify Source for microblaze
Romain Naour
romain.naour at gmail.com
Sat Aug 21 12:46:34 UTC 2021
Hello Giulio,
Le 21/08/2021 à 01:09, Giulio Benetti a écrit :
> On 8/21/21 12:59 AM, Giulio Benetti wrote:
>> Hi Romain, All,
>>
>> On 8/21/21 12:53 AM, Romain Naour wrote:
>>> As reported by Toolchain-builder project [1], the system doesn't
>>> boot when Fortify Source is enabled for glibc based toolchain
>>> (the init process hang).
>>>
>>> Also, hardening features may not be wanted or possible for such
>>> slow soft-core cpus [2].
>>>
>>> [1] https://gitlab.com/bootlin/toolchains-builder/-/jobs/1467624500
>>> [2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html
>>>
>>> Signed-off-by: Romain Naour <romain.naour at gmail.com>
>>> Cc: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
>>> Cc: Giulio Benetti <giulio.benetti at benettiengineering.com>
>>> ---
>>> With BR2_RELRO_PARTIAL enabled, the system boot.
>>> ---
>>> Config.in | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>>
>>> diff --git a/Config.in b/Config.in
>>> index 2ef5d407e4..84f7fa6e8d 100644
>>> --- a/Config.in
>>> +++ b/Config.in
>>> @@ -853,9 +853,16 @@ endchoice
>>> comment "RELocation Read Only (RELRO) needs shared libraries"
>>> depends on !BR2_SHARED_LIBS
>>> +config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
>>> + bool
>>> + default y
>>> + # Microblaze glibc toolchains don't work with Fortify Source enabled >
>>> + depends on !BR2_microblaze
>>
>> here you say it doesn't work with glibc toolchains, so you could add
>> '&& !BR2_TOOLCHAIN_USES_GLIBC'. I think it's worth if it works with
>> uclibc and musl.
>
> Of course between parenthesis like:
> ```
> depends on (!BR2_microblaze && !BR2_TOOLCHAIN_USES_GLIBC)
> ```
> otherwise every toolchain which uses glibc doesn't use Fortify anymore.
>
>> What do you think about it?
Fortify Source is disabled for the same reason as for PIC/PIE even for uClibc-ng
or musl:
https://git.buildroot.net/buildroot/commit/?id=d120f844604da2295bb7bd8fc6c1f4efbe8b5792
I want to avoid the maintenance burden on such platform.
Best regards,
Romain
>>
>> Best regards
>>
>
More information about the buildroot
mailing list