gcc/musl: rework SSP-support
authorSteven Barth <cyrus@openwrt.org>
Mon, 22 Jun 2015 10:31:07 +0000 (10:31 +0000)
committerSteven Barth <cyrus@openwrt.org>
Mon, 22 Jun 2015 10:31:07 +0000 (10:31 +0000)
Make musl provide libssp_nonshared.a and make GCC link it unconditionally
if musl is used. This should be a no-op if SSP is disabled and seems to be
the only reliable way of dealing with SSP over all packages due to the mess
that is linkerflags handling in packages.

Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46108

config/Config-build.in
include/hardening.mk
include/package-defaults.mk
toolchain/gcc/Config.in
toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch [deleted file]
toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch [new file with mode: 0644]
toolchain/musl/patches/200-add_libssp_nonshared.patch [new file with mode: 0644]

index 42b8e8e..35c07c6 100644 (file)
@@ -226,11 +226,11 @@ menu "Global build settings"
                        bool "None"
                config PKG_CC_STACKPROTECTOR_REGULAR
                        bool "Regular"
-                       select SSP_SUPPORT
+                       select SSP_SUPPORT if !USE_MUSL
                        depends on KERNEL_CC_STACKPROTECTOR_REGULAR
                config PKG_CC_STACKPROTECTOR_STRONG
                        bool "Strong"
-                       select SSP_SUPPORT
+                       select SSP_SUPPORT if !USE_MUSL
                        depends on GCC_VERSION_4_9_LINARO
                        depends on KERNEL_CC_STACKPROTECTOR_STRONG
        endchoice
index 8a24b3c..c1f0bcb 100644 (file)
@@ -21,13 +21,11 @@ endif
 ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
   ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
     TARGET_CFLAGS += -fstack-protector
-    TARGET_LDFLAGS += -fstack-protector
   endif
 endif
 ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
   ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
     TARGET_CFLAGS += -fstack-protector-strong
-    TARGET_LDFLAGS += -fstack-protector-strong
   endif
 endif
 ifdef CONFIG_PKG_FORTIFY_SOURCE_1
index a5e9fbe..2896b4c 100644 (file)
@@ -5,7 +5,7 @@
 # See /LICENSE for more information.
 #
 
-PKG_DEFAULT_DEPENDS = +libc +(SSP_SUPPORT&&!USE_MUSL):libssp +USE_GLIBC:librt +USE_GLIBC:libpthread
+PKG_DEFAULT_DEPENDS = +libc +SSP_SUPPORT:libssp +USE_GLIBC:librt +USE_GLIBC:libpthread
 
 ifneq ($(PKG_NAME),toolchain)
   PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))
index 5cb4d23..025ea24 100644 (file)
@@ -42,7 +42,8 @@ config EXTRA_GCC_CONFIG_OPTIONS
 config SSP_SUPPORT
        bool
        prompt "Enable Stack-Smashing Protection support" if TOOLCHAINOPTS
-       default y
+       depends on !USE_MUSL
+       default y if !USE_MUSL
        help
            Enable Stack-Smashing Protection support
 
diff --git a/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch b/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch
deleted file mode 100644 (file)
index 1208e73..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
---- gcc-4.7.4.org/gcc/gcc.c
-+++ gcc-4.7.4/gcc/gcc.c
-@@ -603,7 +603,7 @@
- #ifndef LINK_SSP_SPEC
- #ifdef TARGET_LIBC_PROVIDES_SSP
--#define LINK_SSP_SPEC "%{fstack-protector:}"
-+#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared}"
- #else
- #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}"
- #endif
diff --git a/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch b/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch
new file mode 100644 (file)
index 0000000..2217693
--- /dev/null
@@ -0,0 +1,13 @@
+--- gcc-4.8.1/gcc/gcc.c.orig   2013-09-24 06:27:32.133894539 +0000
++++ gcc-4.8.1/gcc/gcc.c        2013-09-24 06:29:35.790562854 +0000
+@@ -656,7 +656,9 @@
+ #endif
+ #ifndef LINK_SSP_SPEC
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if DEFAULT_LIBC == LIBC_MUSL
++#define LINK_SSP_SPEC "-lssp_nonshared"
++#elif defined(TARGET_LIBC_PROVIDES_SSP)
+ #define LINK_SSP_SPEC "%{fstack-protector:}"
+ #else
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}"
diff --git a/toolchain/musl/patches/200-add_libssp_nonshared.patch b/toolchain/musl/patches/200-add_libssp_nonshared.patch
new file mode 100644 (file)
index 0000000..af05765
--- /dev/null
@@ -0,0 +1,58 @@
+From 7ec87fbbc3cac99b4173d082dd6195f47c9a32e7 Mon Sep 17 00:00:00 2001
+From: Steven Barth <steven@midlink.org>
+Date: Mon, 22 Jun 2015 11:01:56 +0200
+Subject: [PATCH] Add libssp_nonshared.a so GCC's is not needed
+
+Signed-off-by: Steven Barth <steven@midlink.org>
+---
+ Makefile                                  | 10 ++++++++--
+ libssp_nonshared/__stack_chk_fail_local.c |  2 ++
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 libssp_nonshared/__stack_chk_fail_local.c
+
+diff --git a/Makefile b/Makefile
+index 2eb7b30..bfcabf7 100644
+--- a/Makefile
++++ b/Makefile
+@@ -48,7 +48,7 @@ CRT_LIBS = lib/crt1.o lib/Scrt1.o lib/rcrt1.o lib/crti.o lib/crtn.o
+ STATIC_LIBS = lib/libc.a
+ SHARED_LIBS = lib/libc.so
+ TOOL_LIBS = lib/musl-gcc.specs
+-ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS)
++ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS) lib/libssp_nonshared.a
+ ALL_TOOLS = tools/musl-gcc
+ LDSO_PATHNAME = $(syslibdir)/ld-musl-$(ARCH)$(SUBARCH).so.1
+@@ -103,7 +103,8 @@ NOSSP_SRCS = $(wildcard crt/*.c) \
+       src/env/__libc_start_main.c src/env/__init_tls.c \
+       src/thread/__set_thread_area.c src/env/__stack_chk_fail.c \
+       src/string/memset.c src/string/memcpy.c \
+-      src/ldso/dlstart.c src/ldso/dynlink.c
++      src/ldso/dlstart.c src/ldso/dynlink.c \
++      libssp_nonshared/__stack_chk_fail_local.c
+ $(NOSSP_SRCS:%.c=%.o) $(NOSSP_SRCS:%.c=%.lo): CFLAGS += $(CFLAGS_NOSSP)
+ $(CRT_LIBS:lib/%=crt/%): CFLAGS += -DCRT
+@@ -144,6 +145,11 @@ lib/libc.a: $(OBJS)
+       $(AR) rc $@ $(OBJS)
+       $(RANLIB) $@
++lib/libssp_nonshared.a: libssp_nonshared/__stack_chk_fail_local.o
++      rm -f $@
++      $(AR) rc $@ $<
++      $(RANLIB) $@
++
+ $(EMPTY_LIBS):
+       rm -f $@
+       $(AR) rc $@
+diff --git a/libssp_nonshared/__stack_chk_fail_local.c b/libssp_nonshared/__stack_chk_fail_local.c
+new file mode 100644
+index 0000000..2b403a6
+--- /dev/null
++++ b/libssp_nonshared/__stack_chk_fail_local.c
+@@ -0,0 +1,2 @@
++extern void __stack_chk_fail(void);
++void __attribute__((visibility ("hidden"))) __stack_chk_fail_local(void) { __stack_chk_fail(); }
+-- 
+2.1.4
+