Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancoo...@hotmail.com>
---
V3: remove all references to gcc's libssp everywhere.
Compile tested on x86_64 glibc, x86_64 musl, arc uclibc, i386 glibc
Run-tested on x86_64 glibc
Note: if applying this patch on a glibc or uclibc toolchain, you must
do a make dirclean as the toolchain and all packages will need to be
rebuilt due to elimination of gcc's libssp in those toolchains. Musl
toolchains do not require a rebuild.
config/Config-build.in | 4 ----
include/package-defaults.mk | 2 +-
package/libs/toolchain/Makefile | 41 ---------------------------------
toolchain/Config.in | 2 +-
toolchain/gcc/Config.in | 8 -------
toolchain/gcc/common.mk | 9 +-------
toolchain/glibc/common.mk | 3 ++-
7 files changed, 5 insertions(+), 64 deletions(-)
diff --git a/config/Config-build.in b/config/Config-build.in
index 61a9265ad7..ac1e05d2ff 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -249,7 +249,6 @@ menu "Global build settings"
choice
prompt "User space Stack-Smashing Protection"
- depends on USE_MUSL
default PKG_CC_STACKPROTECTOR_REGULAR
help
Enable GCC Stack Smashing Protection (SSP) for userspace
applications
@@ -257,18 +256,15 @@ menu "Global build settings"
bool "None"
config PKG_CC_STACKPROTECTOR_REGULAR
bool "Regular"
- select GCC_LIBSSP if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_REGULAR
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
- select GCC_LIBSSP if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice
choice
prompt "Kernel space Stack-Smashing Protection"
default KERNEL_CC_STACKPROTECTOR_REGULAR
- depends on USE_MUSL || !(x86_64 || i386)
help
Enable GCC Stack-Smashing Protection (SSP) for the kernel
config KERNEL_CC_STACKPROTECTOR_NONE
diff --git a/include/package-defaults.mk b/include/package-defaults.mk
index 31e331b2d5..2fed72b1a4 100644
--- a/include/package-defaults.mk
+++ b/include/package-defaults.mk
@@ -5,7 +5,7 @@
# See /LICENSE for more information.
#
-PKG_DEFAULT_DEPENDS = +libc +GCC_LIBSSP:libssp +USE_GLIBC:librt
+USE_GLIBC:libpthread
+PKG_DEFAULT_DEPENDS = +libc +USE_GLIBC:librt +USE_GLIBC:libpthread
ifneq ($(PKG_NAME),toolchain)
PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS)
$(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))
diff --git a/package/libs/toolchain/Makefile b/package/libs/toolchain/Makefile
index c13e9e4928..f92a1779da 100644
--- a/package/libs/toolchain/Makefile
+++ b/package/libs/toolchain/Makefile
@@ -83,33 +83,6 @@ define Package/libatomic/config
endmenu
endef
-define Package/libssp
-$(call Package/gcc/Default)
- DEPENDS+=@GCC_LIBSSP
- TITLE:=GCC support library
-endef
-
-define Package/libssp/config
- menu "Configuration"
- depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
-
- config LIBSSP_ROOT_DIR
- string
- prompt "libssp shared library base directory"
- depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
- default TOOLCHAIN_ROOT if !NATIVE_TOOLCHAIN
- default "/" if NATIVE_TOOLCHAIN
-
- config LIBSSP_FILE_SPEC
- string
- prompt "libssp shared library files (use wildcards)"
- depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
- default "./lib/libssp.so.*"
-
- endmenu
-endef
-
-
define Package/libstdcpp
$(call Package/gcc/Default)
NAME:=libstdc++
@@ -519,11 +492,6 @@ ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
$(CP) $(TOOLCHAIN_DIR)/lib/libgfortran.so.* $(1)/usr/lib/
endef
- define Package/libssp/install
- $(INSTALL_DIR) $(1)/lib
- $(CP) $(TOOLCHAIN_DIR)/lib/libssp.so.* $(1)/lib/
- endef
-
define Package/libstdcpp/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(TOOLCHAIN_DIR)/lib/libstdc++.so.* $(1)/usr/lib/
@@ -670,14 +638,6 @@ else
done
endef
- define Package/libssp/install
- for file in $(call qstrip,$(CONFIG_LIBSSP_FILE_SPEC)); do \
- $(INSTALL_DIR) $(1)/lib ; \
- $(CP) $(call qstrip,$(CONFIG_LIBSSP_ROOT_DIR))/$$$$file
$(1)/lib/ ; \
- done ; \
- exit 0
- endef
-
define Package/libstdcpp/install
for file in $(call qstrip,$(CONFIG_LIBSTDCPP_FILE_SPEC)); do \
$(INSTALL_DIR) $(1)/lib ; \
@@ -789,7 +749,6 @@ endif
$(eval $(call BuildPackage,libc))
$(eval $(call BuildPackage,libgcc))
$(eval $(call BuildPackage,libatomic))
-$(eval $(call BuildPackage,libssp))
$(eval $(call BuildPackage,libstdcpp))
$(eval $(call BuildPackage,libasan))
$(eval $(call BuildPackage,libtsan))
diff --git a/toolchain/Config.in b/toolchain/Config.in
index 762f4e10d7..cb557d4ad3 100644
--- a/toolchain/Config.in
+++ b/toolchain/Config.in
@@ -284,7 +284,7 @@ config USE_MUSL
bool
config SSP_SUPPORT
- default y if USE_MUSL || GCC_LIBSSP
+ default y if !PKG_CC_STACKPROTECTOR_NONE
bool
config USE_EXTERNAL_LIBC
diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in
index 7d7f34210a..4b2ba7aaae 100644
--- a/toolchain/gcc/Config.in
+++ b/toolchain/gcc/Config.in
@@ -47,14 +47,6 @@ config GCC_DEFAULT_SSP
help
Use gcc configure option --enable-default-ssp to turn on
-fstack-protector-strong by default.
-config GCC_LIBSSP
- bool
- prompt "Build gcc libssp" if TOOLCHAINOPTS
- depends on !USE_MUSL
- default y if !USE_MUSL
- help
- Enable Stack-Smashing Protection support
-
config SJLJ_EXCEPTIONS
bool
prompt "Use setjump()/longjump() exceptions" if TOOLCHAINOPTS
diff --git a/toolchain/gcc/common.mk b/toolchain/gcc/common.mk
index 7fb30285aa..ec3ea8fff1 100644
--- a/toolchain/gcc/common.mk
+++ b/toolchain/gcc/common.mk
@@ -104,6 +104,7 @@ GCC_CONFIGURE:= \
--disable-multilib \
--disable-libmpx \
--disable-nls \
+ --disable-libssp \
$(GRAPHITE_CONFIGURE) \
--with-host-libstdcxx=-lstdc++ \
$(SOFT_FLOAT_CONFIG_OPTION) \
@@ -131,14 +132,6 @@ ifneq ($(CONFIG_GCC_DEFAULT_SSP),)
--enable-default-ssp
endif
-ifneq ($(CONFIG_GCC_LIBSSP),)
- GCC_CONFIGURE+= \
- --enable-libssp
-else
- GCC_CONFIGURE+= \
- --disable-libssp
-endif
-
ifneq ($(CONFIG_EXTRA_TARGET_ARCH),)
GCC_CONFIGURE+= \
--enable-biarch \
diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk
index db4f0fcc0e..f0b95d3cc7 100644
--- a/toolchain/glibc/common.mk
+++ b/toolchain/glibc/common.mk
@@ -39,7 +39,6 @@ ifeq ($(ARCH),mips64)
endif
endif
-
# -Os miscompiles w. 2.24 gcc5/gcc6
# only -O2 tested by upstream changeset
# "Optimize i386 syscall inlining for GCC 5"
@@ -61,6 +60,8 @@ GLIBC_CONFIGURE:= \
--without-cvs \
--enable-add-ons \
--$(if $(CONFIG_SOFT_FLOAT),without,with)-fp \
+ $(if
$(CONFIG_PKG_CC_STACKPROTECTOR_REGULAR),--enable-stack-protector=yes) \
+ $(if
$(CONFIG_PKG_CC_STACKPROTECTOR_STRONG),--enable-stack-protector=strong) \
--enable-kernel=4.14.0
export libc_cv_ssp=no
--
2.25.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
