From 1877bc9d8f2be143fbe530347a945850d0ecd234 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Mon, 22 Jun 2015 10:31:07 +0000 Subject: [PATCH] gcc/musl: rework SSP-support Make musl provide libssp_nonshared.a and make GCC link it unconditionally if musl is used. This should be a no-op if SSP is disabled and seems to be the only reliable way of dealing with SSP over all packages due to the mess that is linkerflags handling in packages. Signed-off-by: Steven Barth SVN-Revision: 46108 --- config/Config-build.in | 4 +- include/hardening.mk | 2 - include/package-defaults.mk | 2 +- toolchain/gcc/Config.in | 3 +- .../030-always-link-ssp-noshared.patch | 11 ---- .../patches/4.8-linaro/230-musl_libssp.patch | 13 +++++ .../patches/200-add_libssp_nonshared.patch | 58 +++++++++++++++++++ 7 files changed, 76 insertions(+), 17 deletions(-) delete mode 100644 toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch create mode 100644 toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch create mode 100644 toolchain/musl/patches/200-add_libssp_nonshared.patch diff --git a/config/Config-build.in b/config/Config-build.in index 42b8e8e5e3..35c07c63f8 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -226,11 +226,11 @@ menu "Global build settings" bool "None" config PKG_CC_STACKPROTECTOR_REGULAR bool "Regular" - select SSP_SUPPORT + select SSP_SUPPORT if !USE_MUSL depends on KERNEL_CC_STACKPROTECTOR_REGULAR config PKG_CC_STACKPROTECTOR_STRONG bool "Strong" - select SSP_SUPPORT + select SSP_SUPPORT if !USE_MUSL depends on GCC_VERSION_4_9_LINARO depends on KERNEL_CC_STACKPROTECTOR_STRONG endchoice diff --git a/include/hardening.mk b/include/hardening.mk index 8a24b3ca15..c1f0bcb19e 100644 --- a/include/hardening.mk +++ b/include/hardening.mk @@ -21,13 +21,11 @@ endif ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1) TARGET_CFLAGS += -fstack-protector - TARGET_LDFLAGS += -fstack-protector endif endif ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1) TARGET_CFLAGS += -fstack-protector-strong - TARGET_LDFLAGS += -fstack-protector-strong endif endif ifdef CONFIG_PKG_FORTIFY_SOURCE_1 diff --git a/include/package-defaults.mk b/include/package-defaults.mk index a5e9fbe915..2896b4c783 100644 --- a/include/package-defaults.mk +++ b/include/package-defaults.mk @@ -5,7 +5,7 @@ # See /LICENSE for more information. # -PKG_DEFAULT_DEPENDS = +libc +(SSP_SUPPORT&&!USE_MUSL):libssp +USE_GLIBC:librt +USE_GLIBC:libpthread +PKG_DEFAULT_DEPENDS = +libc +SSP_SUPPORT:libssp +USE_GLIBC:librt +USE_GLIBC:libpthread ifneq ($(PKG_NAME),toolchain) PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2))) diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in index 5cb4d23e16..025ea2453d 100644 --- a/toolchain/gcc/Config.in +++ b/toolchain/gcc/Config.in @@ -42,7 +42,8 @@ config EXTRA_GCC_CONFIG_OPTIONS config SSP_SUPPORT bool prompt "Enable Stack-Smashing Protection support" if TOOLCHAINOPTS - default y + depends on !USE_MUSL + default y if !USE_MUSL help Enable Stack-Smashing Protection support diff --git a/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch b/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch deleted file mode 100644 index 1208e73029..0000000000 --- a/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- gcc-4.7.4.org/gcc/gcc.c -+++ gcc-4.7.4/gcc/gcc.c -@@ -603,7 +603,7 @@ - - #ifndef LINK_SSP_SPEC - #ifdef TARGET_LIBC_PROVIDES_SSP --#define LINK_SSP_SPEC "%{fstack-protector:}" -+#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared}" - #else - #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}" - #endif diff --git a/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch b/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch new file mode 100644 index 0000000000..22176934af --- /dev/null +++ b/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch @@ -0,0 +1,13 @@ +--- gcc-4.8.1/gcc/gcc.c.orig 2013-09-24 06:27:32.133894539 +0000 ++++ gcc-4.8.1/gcc/gcc.c 2013-09-24 06:29:35.790562854 +0000 +@@ -656,7 +656,9 @@ + #endif + + #ifndef LINK_SSP_SPEC +-#ifdef TARGET_LIBC_PROVIDES_SSP ++#if DEFAULT_LIBC == LIBC_MUSL ++#define LINK_SSP_SPEC "-lssp_nonshared" ++#elif defined(TARGET_LIBC_PROVIDES_SSP) + #define LINK_SSP_SPEC "%{fstack-protector:}" + #else + #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}" diff --git a/toolchain/musl/patches/200-add_libssp_nonshared.patch b/toolchain/musl/patches/200-add_libssp_nonshared.patch new file mode 100644 index 0000000000..af0576585e --- /dev/null +++ b/toolchain/musl/patches/200-add_libssp_nonshared.patch @@ -0,0 +1,58 @@ +From 7ec87fbbc3cac99b4173d082dd6195f47c9a32e7 Mon Sep 17 00:00:00 2001 +From: Steven Barth +Date: Mon, 22 Jun 2015 11:01:56 +0200 +Subject: [PATCH] Add libssp_nonshared.a so GCC's is not needed + +Signed-off-by: Steven Barth +--- + Makefile | 10 ++++++++-- + libssp_nonshared/__stack_chk_fail_local.c | 2 ++ + 2 files changed, 10 insertions(+), 2 deletions(-) + create mode 100644 libssp_nonshared/__stack_chk_fail_local.c + +diff --git a/Makefile b/Makefile +index 2eb7b30..bfcabf7 100644 +--- a/Makefile ++++ b/Makefile +@@ -48,7 +48,7 @@ CRT_LIBS = lib/crt1.o lib/Scrt1.o lib/rcrt1.o lib/crti.o lib/crtn.o + STATIC_LIBS = lib/libc.a + SHARED_LIBS = lib/libc.so + TOOL_LIBS = lib/musl-gcc.specs +-ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS) ++ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS) lib/libssp_nonshared.a + ALL_TOOLS = tools/musl-gcc + + LDSO_PATHNAME = $(syslibdir)/ld-musl-$(ARCH)$(SUBARCH).so.1 +@@ -103,7 +103,8 @@ NOSSP_SRCS = $(wildcard crt/*.c) \ + src/env/__libc_start_main.c src/env/__init_tls.c \ + src/thread/__set_thread_area.c src/env/__stack_chk_fail.c \ + src/string/memset.c src/string/memcpy.c \ +- src/ldso/dlstart.c src/ldso/dynlink.c ++ src/ldso/dlstart.c src/ldso/dynlink.c \ ++ libssp_nonshared/__stack_chk_fail_local.c + $(NOSSP_SRCS:%.c=%.o) $(NOSSP_SRCS:%.c=%.lo): CFLAGS += $(CFLAGS_NOSSP) + + $(CRT_LIBS:lib/%=crt/%): CFLAGS += -DCRT +@@ -144,6 +145,11 @@ lib/libc.a: $(OBJS) + $(AR) rc $@ $(OBJS) + $(RANLIB) $@ + ++lib/libssp_nonshared.a: libssp_nonshared/__stack_chk_fail_local.o ++ rm -f $@ ++ $(AR) rc $@ $< ++ $(RANLIB) $@ ++ + $(EMPTY_LIBS): + rm -f $@ + $(AR) rc $@ +diff --git a/libssp_nonshared/__stack_chk_fail_local.c b/libssp_nonshared/__stack_chk_fail_local.c +new file mode 100644 +index 0000000..2b403a6 +--- /dev/null ++++ b/libssp_nonshared/__stack_chk_fail_local.c +@@ -0,0 +1,2 @@ ++extern void __stack_chk_fail(void); ++void __attribute__((visibility ("hidden"))) __stack_chk_fail_local(void) { __stack_chk_fail(); } +-- +2.1.4 +