[Buildroot] [git commit] toolchain: disable SSP support if CFI support in binutils is missing
Peter Korsgaard
peter at korsgaard.com
Sun Nov 25 20:44:41 UTC 2018
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at bootlin.com> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=435613ef298d49788d82f7bb2e06f944d69d890b
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> As reported by [1], SSP support is missing in the Buildroot toolchain
> for microblaze even if it's requested by selecting
> BR2_TOOLCHAIN_HAS_SSP config option.
> In Buildroot, we are using libssp provided by the C library (glibc,
> musl, uClibc-ng) when available. We are not using libssp from gcc.
> So for a microblaze glibc based toolchain, the SSP support is enabled
> unconditionally by a select BR2_TOOLCHAIN_HAS_SSP.
> BR2_microblazeel=y
> BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
> BR2_KERNEL_HEADERS_4_14=y
> BR2_BINUTILS_VERSION_2_30_X=y
> BR2_GCC_VERSION_8_X=y
> BR2_TOOLCHAIN_BUILDROOT_CXX=y
> While building the toolchain, we are building host-binutils which
> provide "as" (assembler) and host-gcc-initial wich provide a
> minimal cross gcc (C only cross-compiler without any C library).
> When SSP support is requested, gcc_cv_libc_provides_ssp=yes is
> added to the make command line (see [2] for full details)
> With this setting, the SSP support is requested but it's not available
> in the end and the toochain build succeed.
> When the microblaze toolchain is imported to Biuldroot (2018.05) as
> external toolchain with BR2_TOOLCHAIN_EXTERNAL_HAS_SSP set, the build
> stop with :
> "SSP support not available in this toolchain, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_SSP"
> The test is doing the following command line:
> echo 'void main(){}' | [...]/host/bin/microblazeel-linux-gcc.br_real -Werror -fstack-protector -x c - -o [...]/build/.br-toolchain-test.tmp
> cc1: error: -fstack-protector not supported for this target [-Werror]
> When we look at the gcc-final log file (config.log) we can see this
> error several time when using the minimal gcc (from host-gcc-initial).
> So Why the minimal gcc doesn't support SSP?
> When we look at the gcc-initial log file (config.log) we can see an
> error with 'as':
> configure:23194: checking assembler for cfi directives
> configure:23209: [...]microblazeel-buildroot-linux-gnu/bin/as -o conftest.o conftest.s >&5
> conftest.s: Assembler messages:
> conftest.s:2: Error: CFI is not supported for this target
> conftest.s:3: Error: CFI is not supported for this target
> conftest.s:4: Error: CFI is not supported for this target
> conftest.s:5: Error: CFI is not supported for this target
> conftest.s:6: Error: CFI is not supported for this target
> conftest.s:7: Error: CFI is not supported for this target
> configure:23212: $? = 1
> configure: failed program was
> .text
> .cfi_startproc
> .cfi_offset 0, 0
> .cfi_same_value 1
> .cfi_def_cfa 1, 2
> .cfi_escape 1, 2, 3, 4, 5
> .cfi_endproc
> This is the only relevant difference compared to a nios2 toolchain where
> libssp is enabled and available (nios2 is an example).
> "CFI" stand for "Control Flow Integrity" and it seems that SSP support
> requires CFI target support (see [3] for some explanation).
> The SSP support seems to depends on CFI support, but the toolchain
> infrastructure is not detailed enough to handle the CFI dependency.
> The NiosII toolchains built with binutils < 2.30 are also affected by
> this issue.
> This patch improve the toolchain infrastructure by adding a new
> BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI blind option
> Disable SSP support for microblaze entirely.
> Disable SSP support for nios2 only with Binutils < 2.30.
> Fixes:
> https://gitlab.com/free-electrons/toolchains-builder/-/jobs/72006389
> [1] https://gitlab.com/free-electrons/toolchains-builder/issues/1
> [2] https://git.buildroot.net/buildroot/tree/package/gcc/gcc.mk?h=2018.05#n275
> [3] https://grsecurity.net/rap_faq.php
> Signed-off-by: Romain Naour <romain.naour at gmail.com>
> Cc: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
> [Thomas: adjust how the BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI option
> is expressed.]
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
Committed to 2018.02.x and 2018.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list