Commit Graph

12 Commits

Author SHA1 Message Date
Matt Weber
f10822d151 toolchain/toolchain-wrapper: add BR2_SSP_* support
Migrate the stack protection flag management into the wrapper.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 12:51:21 +02:00
Matt Weber
7484c1c3b8 toolchain/toolchain-wrapper: add BR2_RELRO_
The RELRO/PIE flags are currently passed via CFLAGS/LDFLAGS and this patch
proposes moving them to the toolchain wrapper.

 (1) The flags should _always_ be passed, without leaving the possibility
     for any package to ignore them. I.e, when BR2_RELRO_FULL=y is used
     in a build, all executables should be built PIE. Passing those
     options through the wrapper ensures they are used during the build
     of all packages.

 (2) Some options are incompatible with -fPIE. For example, when
     building object files for a shared libraries, -fPIC is used, and
     -fPIE shouldn't be used in combination with -fPIE. Similarly, -r
     or -static are directly incompatible as they are different link
     time behaviors then the intent of PIE. Passing those options
     through the wrapper allows to add some "smart" logic to only pass
     -fPIE/-pie when relevant.

 (3) Some toolchain, kernel and bootloader packages may want to
     explicitly disable PIE in a build where the rest of the userspace
     has intentionally enabled it. The wrapper provides an option
     to key on the -fno-pie/-no-pie and bypass the appending of RELRO
     flags.
     The current Kernel and U-boot source trees include this option.
     8438ee76b0
     6ace36e19a
     If using PIE with a older Kernel and/or U-boot version, a backport of these
     changes  might be required. However this patchset also uses the
     __KERNEL__ and __UBOOT__ defines as a way to disable PIE.

NOTE: The current implementation via CFLAGS/LDFLAGS has caused some
build time failures as the conditional logic doesn't yet exist in
Buildroot:

https://bugs.busybox.net/show_bug.cgi?id=11206
https://bugs.busybox.net/show_bug.cgi?id=11321

Good summary of the most common build failures related to
enabling pie: https://wiki.ubuntu.com/SecurityTeam/PIE

[Peter: minor cleanups]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-20 12:50:29 +02:00
Waldemar Brodkorb
5e58509bfe toolchain-wrapper: use -ffp-contract=off on MIPS Xburst for gcc >= 4.6
Since gcc 4.6, GCC deprecated -mfused-madd, -ffp-contract=off should
be used for the Xburst workaround.

Tested with the MIPS Sourcery 2011.03 toolchain (based on gcc 4.5),
the toolchain wrapper uses -mno-fused-madd, as expected:

$ BR2_DEBUG_WRAPPER=2 ./output/host/bin/mips-linux-gnu-gcc -o toto toto.c
Toolchain wrapper executing:
    '/home/thomas/toolchains/mips-2011.03/bin/mips-linux-gnu-gcc'
    '--sysroot'
    '/home/thomas/projets/buildroot/output/host/mipsel-buildroot-linux-gnu/sysroot'
    '-mabi=32'
    '-msoft-float'
    '-mno-fused-madd'
    '-EL'
    '-march=mips32r2'
    '-o'
    'toto'
    'toto.c'

And with the MIPS Sourcery 2012.09 toolchain (based on gcc 4.7), the
toolchain wrapper uses -ffp-contract=off, as expected:

$ BR2_DEBUG_WRAPPER=2 ./output/host/bin/mips-linux-gnu-gcc -o toto toto.c
Toolchain wrapper executing:
    '/home/thomas/toolchains/mips-2012.09/bin/mips-linux-gnu-gcc'
    '--sysroot'
    '/home/thomas/projets/buildroot/output/host/mipsel-buildroot-linux-gnu/sysroot'
    '-mabi=32'
    '-msoft-float'
    '-ffp-contract=off'
    '-EL'
    '-march=mips32r2'
    '-o'
    'toto'
    'toto.c'

Fixes the ci20_defconfig build:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/60303132

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[Thomas: rework to continue supporting pre-gcc-4.6 toolchains, extend
the commit log after doing more testing.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-01 16:23:33 +02:00
Ricardo Martincoski
b17e5b2d58 toolchain/wrapper: fix code style
The header of the .mk file fits in one line, so rearrange it to be
similar to a header from a package.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-01 08:46:41 +02:00
Arnout Vandecappelle
0f9c0bf3d5 Globally replace $(HOST_DIR)/usr/bin with $(HOST_DIR)/bin
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.

This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 15:19:29 +02:00
Vicente Olivert Riera
240564a693 arch/Config.in.mips: add support for XBurst cores
The Ingenic XBurst is a MIPS32R2 microprocessor.

It has a bug in the FPU that can generate incorrect results in certain
cases. The problem shows up when you have several fused madd
instructions in sequence with dependant operands.

Using the -mno-fused-madd option prevents gcc from emitting these
instructions. This patch adds changes to the toolchain wrapper to use
that option.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-09 21:36:34 +01:00
Jérôme Pouiller
8087b02bdf toolchain/wrapper: fix 'reinstall'
toolchain-wrapper was not reinstalled. So rules toolchain-external-reinstall,
gcc-initial-reinstall, gcc-final-reinstall didn't work as expected.

In add, normalize variable name: s/TOOLCHAIN_BUILD_WRAPPER/TOOLCHAIN_WRAPPER_BUILD/

Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-10-24 23:02:33 +02:00
Yann E. MORIN
32e2636c51 toolchain/wrapper: fix potential bug in foreach loop
In Makefile, the comma ',' is used to separate the arguments passed to
functions, so we should not be allowed to use straight commas in strings
we want to expand.

For the toolchain wrapper, we need to transform a list:
    -mfoo -mbar -mbuz

into something acceptable for a C array assignment:
    "-mfoo", "-mbar", "-mbuz",

So, we use a $(foreach ...) loop for that. However, we do have a
straight comma in there.

It does not cause any issue in practice, since $(foreach) is a make
builtin function that accepts three and only three parameters.

However, this is not sane.

Change the straight comma to the usual $(comma) expansion, like we would
do for a call to any other function.

At the same time, make the code a bit easier to read, by first creating
the transformed list, and then creating the define.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-25 23:01:48 +01:00
Ray Kinsella
968f5d5e59 arch/x86: add support for Intel X1000
The Intel X1000 is the Pentium class microprocessor that ships with
Galileo Gen 1/2. This patch adds changes to arch and toolchain-wrapper
to omit the lock prefix for the X1000.

[Thomas: tweak commit log and Config.in help text.]

Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-10-20 10:04:52 +02:00
Arnout Vandecappelle
1e97b27873 ccache: support changing the output directory
When building in a different output directory than the original build,
there will currently be a lot of ccache misses because in many cases
there is some -I/... absolute path in the compilation. Ccache has an
option CCACHE_BASEDIR to substitute absolute paths with relative paths,
so they wil be the same in the hash (and in the output).

Since there are some disadvantages to this path rewriting, it is made
optional as BR2_CCACHE_USE_BASEDIR. It defaults to y because the
usefulness of ccache is severely reduced without this option.

In addition to CCACHE_BASEDIR, we also substitute away the occurences
of $(HOST_DIR) in the calculation of the compiler hash. This is done
regardless of the setting of BR2_CCACHE_USE_BASEDIR because it's
quite harmless.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-04 18:22:21 +02:00
Arnout Vandecappelle
d82f69cf10 infra: move ccache handling to the toolchain wrapper
Since we always have a toolchain wrapper now, we can move the ccache
call to the toolchain wrapper.

The hostcc ccache handling obviously stays.

The global addition of ccache to TARGET_CC/CXX is removed, but many
individual packages and infras still add it. This means we have a
chain like this: ccache -> toolchain-wrapper -> ccache -> gcc
However, this is fairly harmless: for cache misses, the inner ccache
just adds overhead and for cache hits, the inner ccache is never
called. Later patches will remove these redundant ccache calls.

As a side effect, perl now supports ccache as well.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Danomi Manchego <danomimanchego123@gmail.com>
Cc: Károly Kasza <kaszak@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-04 18:22:20 +02:00
Arnout Vandecappelle
f6ae24379b toolchain-external: move wrapper to toolchain directory
The toolchain wrapper will be reused for the internal toolchain, so it
belongs in the toolchain directory. Also, the ext- prefix is removed
from it. The build commands are moved to a new toolchain-wrapper.mk.

The wrapper arguments that are also relevant for the internal toolchain
wrapper are moved to toolchain-wrapper.mk, the rest stays in
toolchain-external.mk.

While we're at it, move the building of the toolchain wrapper to the
build step of toolchain-external. There is no specific reason to do
this, other than that it fits better semantically. Also remove the
MESSAGE call, otherwise we'd see:
>>> toolchain-external undefined Building
>>> toolchain-external undefined Building toolchain wrapper
/usr/bin/gcc ...
Having an extra "Building toolchain wrapper' message is pointless.

The useless condition on $(BR2_TARGET_OPTIMIZATION) is removed. It was
always true because it wasn't qstrip'ped first, so clearly it works
without that condition as well.

Also rewrapped some comments and removed the 'external' reference.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Cc: Jérôme Oufella <jerome.oufella@savoirfairelinux.com>
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-04 18:22:19 +02:00