[OpenWrt-Devel] [PATCH v2] toolchain: remove gcc libssp and use libc variant
Hauke Mehrtens
hauke at hauke-m.de
Thu Jun 11 12:15:04 EDT 2020
On 6/6/20 1:42 AM, Ian Cooper wrote:
> Removes the standalone implementation of stack smashing protection
> in gcc's libssp in favour of the native implementation in musl,
> glibc and uClibc and introduces a uniform configuration interface.
>
> This also makes kernel-level stack smashing protection available
> for builds using non-musl libc (subject to architecture support).
>
> Signed-off-by: Ian Cooper <iancooper at hotmail.com>
> ---
>
> Update fixes an artefact with menuconfig which caused a toolchain
> menu option to move to the front page of menuconfig due to the
> removal of a prompt associated with a different CONFIG_ variable.
>
> NOTE: after applying this patch you must do a make dirclean as the
> entire toolchain and all packages will need to be rebuilt.
>
> This patch does not change the behaviour ot the musl toolchain.
> There are no changes to the uclibc toolchain since it's already
> being compiled with it's native ssp implementation enabled.
If a toolchain recompilation is only needed for glibc this should be ok.
>
> config/Config-build.in | 4 ----
> toolchain/Config.in | 6 +++++-
> toolchain/gcc/Config.in | 8 --------
> toolchain/glibc/common.mk | 3 ++-
> 4 files changed, 7 insertions(+), 14 deletions(-)
>
> diff --git a/config/Config-build.in b/config/Config-build.in
> index 61a9265ad7..ac1e05d2ff 100644
> --- a/config/Config-build.in
> +++ b/config/Config-build.in
> @@ -249,7 +249,6 @@ menu "Global build settings"
>
> choice
> prompt "User space Stack-Smashing Protection"
> - depends on USE_MUSL
> default PKG_CC_STACKPROTECTOR_REGULAR
> help
> Enable GCC Stack Smashing Protection (SSP) for userspace applications
> @@ -257,18 +256,15 @@ menu "Global build settings"
> bool "None"
> config PKG_CC_STACKPROTECTOR_REGULAR
> bool "Regular"
> - select GCC_LIBSSP if !USE_MUSL
> depends on KERNEL_CC_STACKPROTECTOR_REGULAR
> config PKG_CC_STACKPROTECTOR_STRONG
> bool "Strong"
> - select GCC_LIBSSP if !USE_MUSL
> depends on KERNEL_CC_STACKPROTECTOR_STRONG
Do you know why the user space stack protector depends on the kernel
stack protector? I assumed this should be independent? You should not
fix it in this patch, I am just curious and if this is not needed we
should fix it in an other patch.
> endchoice
>
> choice
> prompt "Kernel space Stack-Smashing Protection"
> default KERNEL_CC_STACKPROTECTOR_REGULAR
> - depends on USE_MUSL || !(x86_64 || i386)
> help
> Enable GCC Stack-Smashing Protection (SSP) for the kernel
> config KERNEL_CC_STACKPROTECTOR_NONE
> diff --git a/toolchain/Config.in b/toolchain/Config.in
> index 762f4e10d7..e2af1c2c8e 100644
> --- a/toolchain/Config.in
> +++ b/toolchain/Config.in
> @@ -283,8 +283,12 @@ config USE_MUSL
> default y if !TOOLCHAINOPTS && !EXTERNAL_TOOLCHAIN && !NATIVE_TOOLCHAIN && !(arc)
> bool
>
> +config GCC_LIBSSP
> + default n
> + bool
> +
As nothing activates GCC_LIBSSP it is always false. I think we can
remove this, this is not used by any package in the Kconfig part as far
as I see it and only in some Makefiles and should be removed there
later, but should not harm.
> config SSP_SUPPORT
> - default y if USE_MUSL || GCC_LIBSSP
> + default y if !PKG_CC_STACKPROTECTOR_NONE
> bool
>
> config USE_EXTERNAL_LIBC
> diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in
> index 7d7f34210a..4b2ba7aaae 100644
> --- a/toolchain/gcc/Config.in
> +++ b/toolchain/gcc/Config.in
> @@ -47,14 +47,6 @@ config GCC_DEFAULT_SSP
> help
> Use gcc configure option --enable-default-ssp to turn on -fstack-protector-strong by default.
>
> -config GCC_LIBSSP
> - bool
> - prompt "Build gcc libssp" if TOOLCHAINOPTS
> - depends on !USE_MUSL
> - default y if !USE_MUSL
> - help
> - Enable Stack-Smashing Protection support
> -
> config SJLJ_EXCEPTIONS
> bool
> prompt "Use setjump()/longjump() exceptions" if TOOLCHAINOPTS
> diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk
> index db4f0fcc0e..f0b95d3cc7 100644
> --- a/toolchain/glibc/common.mk
> +++ b/toolchain/glibc/common.mk
> @@ -39,7 +39,6 @@ ifeq ($(ARCH),mips64)
> endif
> endif
>
> -
> # -Os miscompiles w. 2.24 gcc5/gcc6
> # only -O2 tested by upstream changeset
> # "Optimize i386 syscall inlining for GCC 5"
> @@ -61,6 +60,8 @@ GLIBC_CONFIGURE:= \
> --without-cvs \
> --enable-add-ons \
> --$(if $(CONFIG_SOFT_FLOAT),without,with)-fp \
> + $(if $(CONFIG_PKG_CC_STACKPROTECTOR_REGULAR),--enable-stack-protector=yes) \
> + $(if $(CONFIG_PKG_CC_STACKPROTECTOR_STRONG),--enable-stack-protector=strong) \
> --enable-kernel=4.14.0
>
> export libc_cv_ssp=no
>
The libssp package is packaged in package/libs/toolchain/Makefile
shouldn't it be removed there too?
Then the dependency in include/package-defaults.mk can then also be removed.
Hauke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20200611/a6a6e814/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list