NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
790d366a83
kumquat-buildroot/package/uclibc/Config.in
Romain Naour 435613ef29 toolchain: disable SSP support if CFI support in binutils is missing 
As reported by [1], SSP support is missing in the Buildroot toolchain
for microblaze even if it's requested by selecting
BR2_TOOLCHAIN_HAS_SSP config option.

In Buildroot, we are using libssp provided by the C library (glibc,
musl, uClibc-ng) when available. We are not using libssp from gcc.

So for a microblaze glibc based toolchain, the SSP support is enabled
unconditionally by a select BR2_TOOLCHAIN_HAS_SSP.

BR2_microblazeel=y
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_KERNEL_HEADERS_4_14=y
BR2_BINUTILS_VERSION_2_30_X=y
BR2_GCC_VERSION_8_X=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y

While building the toolchain, we are building host-binutils which
provide "as" (assembler) and host-gcc-initial wich provide a
minimal cross gcc (C only cross-compiler without any C library).
When SSP support is requested, gcc_cv_libc_provides_ssp=yes is
added to the make command line (see [2] for full details)

With this setting, the SSP support is requested but it's not available
in the end and the toochain build succeed.

When the microblaze toolchain is imported to Biuldroot (2018.05) as
external toolchain with BR2_TOOLCHAIN_EXTERNAL_HAS_SSP set, the build
stop with :
"SSP support not available in this toolchain, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_SSP"

The test is doing the following command line:

echo 'void main(){}' | [...]/host/bin/microblazeel-linux-gcc.br_real -Werror -fstack-protector -x c - -o [...]/build/.br-toolchain-test.tmp
cc1: error: -fstack-protector not supported for this target [-Werror]

When we look at the gcc-final log file (config.log) we can see this
error several time when using the minimal gcc (from host-gcc-initial).
So Why the minimal gcc doesn't support SSP?

When we look at the gcc-initial log file (config.log) we can see an
error with 'as':

configure:23194: checking assembler for cfi directives
configure:23209: [...]microblazeel-buildroot-linux-gnu/bin/as    -o conftest.o conftest.s >&5
conftest.s: Assembler messages:
conftest.s:2: Error: CFI is not supported for this target
conftest.s:3: Error: CFI is not supported for this target
conftest.s:4: Error: CFI is not supported for this target
conftest.s:5: Error: CFI is not supported for this target
conftest.s:6: Error: CFI is not supported for this target
conftest.s:7: Error: CFI is not supported for this target
configure:23212: $? = 1
configure: failed program was
    .text
    .cfi_startproc
    .cfi_offset 0, 0
    .cfi_same_value 1
    .cfi_def_cfa 1, 2
    .cfi_escape 1, 2, 3, 4, 5
    .cfi_endproc

This is the only relevant difference compared to a nios2 toolchain where
libssp is enabled and available (nios2 is an example).

"CFI" stand for "Control Flow Integrity" and it seems that SSP support
requires CFI target support (see [3] for some explanation).

The SSP support seems to depends on CFI support, but the toolchain
infrastructure is not detailed enough to handle the CFI dependency.

The NiosII toolchains built with binutils < 2.30 are also affected by
this issue.

This patch improve the toolchain infrastructure by adding a new
BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI blind option

Disable SSP support for microblaze entirely.
Disable SSP support for nios2 only with Binutils < 2.30.

Fixes:
https://gitlab.com/free-electrons/toolchains-builder/-/jobs/72006389

[1] https://gitlab.com/free-electrons/toolchains-builder/issues/1
[2] https://git.buildroot.net/buildroot/tree/package/gcc/gcc.mk?h=2018.05#n275
[3] https://grsecurity.net/rap_faq.php

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: adjust how the BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI option
is expressed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-04 12:49:25 +01:00

154 lines
4.6 KiB
Plaintext
Raw Blame History

if BR2_TOOLCHAIN_BUILDROOT_UCLIBC
comment "uClibc Options"
config BR2_PACKAGE_UCLIBC
bool
default y
select BR2_PACKAGE_LINUX_HEADERS
config BR2_UCLIBC_CONFIG
string "uClibc configuration file to use?"
default "package/uclibc/uClibc-ng.config"
help
Some people may wish to use their own modified uClibc
configuration file and will specify their config file
location with this option. See also docs/README in this
package. If unsure, use the default.
config BR2_UCLIBC_CONFIG_FRAGMENT_FILES
string "Additional uClibc configuration fragment files"
help
A space-separated list of configuration fragment files, that
will be merged to the main uClibc configuration file.
config BR2_TOOLCHAIN_BUILDROOT_WCHAR
bool "Enable WCHAR support"
select BR2_USE_WCHAR
help
Enable this option if you want your toolchain to support
wide characters (i.e characters longer than 8 bits, needed
for locale support).
config BR2_TOOLCHAIN_BUILDROOT_LOCALE
bool "Enable toolchain locale/i18n support"
select BR2_TOOLCHAIN_BUILDROOT_WCHAR
select BR2_ENABLE_LOCALE
select BR2_NEEDS_HOST_UTF8_LOCALE
help
Enable this option if you want your toolchain to support
localization and internationalization.
choice
prompt "Thread library implementation"
help
Use this option to select the thread library implementation
that should be used in your toolchain.
config BR2_PTHREADS_NATIVE
bool "Native POSIX Threading (NPTL)"
depends on BR2_USE_MMU
select BR2_TOOLCHAIN_HAS_THREADS
select BR2_TOOLCHAIN_HAS_THREADS_NPTL
config BR2_PTHREADS
bool "linuxthreads"
depends on BR2_m68k || BR2_microblaze || BR2_or1k || BR2_arm || BR2_armeb || BR2_xtensa
select BR2_TOOLCHAIN_HAS_THREADS
config BR2_PTHREADS_NONE
bool "none"
endchoice
config BR2_PTHREAD_DEBUG
bool "Thread library debugging"
depends on BR2_PTHREADS || BR2_PTHREADS_NATIVE
select BR2_TOOLCHAIN_HAS_THREADS_DEBUG
help
Build the thread library with debugging enabled.
config BR2_TOOLCHAIN_BUILDROOT_USE_SSP
bool "Enable stack protection support"
depends on BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI
select BR2_TOOLCHAIN_HAS_SSP
help
Enable stack smashing protection support using GCCs
-fstack-protector-all option in uClibc.
See
http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
for details.
config BR2_UCLIBC_INSTALL_UTILS
bool "Compile and install uClibc utilities"
default y
help
Enabling this option will compile and install the getconf,
ldconfig and ldd uClibc utilities for the target.
You can save ~32 KiB in target space by disabling them since
they're normally not needed.
# Mapping from the Buildroot architecture configuration options to the
# uClibc architecture names.
config BR2_UCLIBC_TARGET_ARCH
string
default "arc" if BR2_arcle || BR2_arceb
default "arm" if BR2_arm || BR2_armeb
default "m68k" if BR2_m68k
default "microblaze" if BR2_microblaze
default "mips" if BR2_mips || BR2_mipsel || BR2_mips64 || BR2_mips64el
default "or1k" if BR2_or1k
default "powerpc" if BR2_powerpc
default "sh" if BR2_sh
default "sparc" if BR2_sparc
default "xtensa" if BR2_xtensa
default "i386" if BR2_i386
default "x86_64" if BR2_x86_64
config BR2_UCLIBC_MIPS_ABI
string
default "O32" if BR2_MIPS_OABI32
default "N32" if BR2_MIPS_NABI32
default "N64" if BR2_MIPS_NABI64
depends on BR2_UCLIBC_TARGET_ARCH = "mips"
config BR2_UCLIBC_MIPS_NAN
string
default "LEGACY" if BR2_MIPS_NAN_LEGACY
default "2008" if BR2_MIPS_NAN_2008
depends on BR2_UCLIBC_TARGET_ARCH = "mips"
config BR2_UCLIBC_SH_TYPE
string
default "SH2A" if BR2_sh2a
default "SH4" if BR2_sh4 || BR2_sh4eb
depends on BR2_UCLIBC_TARGET_ARCH = "sh"
config BR2_UCLIBC_SPARC_TYPE
string
default "V7" if BR2_sparc_v7 || BR2_sparc_sparchfleon || BR2_sparc_sparcsfleon
default "V8" if BR2_sparc_v8 || BR2_sparc_sparchfleonv8 || BR2_sparc_sparcsfleonv8
depends on BR2_UCLIBC_TARGET_ARCH = "sparc"
config BR2_UCLIBC_POWERPC_TYPE
string
default "CLASSIC" if !BR2_powerpc_8540 && !BR2_powerpc_8548
default "E500" if BR2_powerpc_8540 || BR2_powerpc_8548
depends on BR2_UCLIBC_TARGET_ARCH = "powerpc"
config BR2_UCLIBC_X86_TYPE
string
default "486" if BR2_x86_i486
default "586" if BR2_x86_i586
default "586MMX" if BR2_x86_pentium_mmx
default "686" if BR2_x86_i686 || BR2_x86_pentiumpro
default "PENTIUMII" if BR2_x86_pentium2
default "PENTIUMIII" if BR2_x86_pentium3
default "PENTIUM4" if BR2_x86_pentium4 || BR2_x86_pentium_m || \
BR2_x86_nocona || BR2_x86_core2 || BR2_x86_corei7
depends on BR2_UCLIBC_TARGET_ARCH = "i386"
endif # BR2_TOOLCHAIN_BUILDROOT_UCLIBC
Reference in New Issue View Git Blame Copy Permalink