gcc/musl: rework SSP-support

Make musl provide libssp_nonshared.a and make GCC link it unconditionally if musl is used. This should be a no-op if SSP is disabled and seems to be the only reliable way of dealing with SSP over all packages due to the mess that is linkerflags handling in packages. Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46108
2015-06-22 10:31:07 +00:00 · 2015-06-22 10:31:07 +00:00 · 1877bc9d8f
commit 1877bc9d8f
parent e0a3d9d115
7 changed files with 76 additions and 17 deletions
--- a/config/Config-build.in
+++ b/config/Config-build.in
@ -226,11 +226,11 @@ menu "Global build settings"
 			bool "None"
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
-			select SSP_SUPPORT
+			select SSP_SUPPORT if !USE_MUSL
 			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
-			select SSP_SUPPORT
+			select SSP_SUPPORT if !USE_MUSL
 			depends on GCC_VERSION_4_9_LINARO
 			depends on KERNEL_CC_STACKPROTECTOR_STRONG
 	endchoice
--- a/include/hardening.mk
+++ b/include/hardening.mk
@ -21,13 +21,11 @@ endif
 ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
  ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
    TARGET_CFLAGS += -fstack-protector
    TARGET_LDFLAGS += -fstack-protector
  endif
 endif
 ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
  ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
    TARGET_CFLAGS += -fstack-protector-strong
    TARGET_LDFLAGS += -fstack-protector-strong
  endif
 endif
 ifdef CONFIG_PKG_FORTIFY_SOURCE_1
--- a/include/package-defaults.mk
+++ b/include/package-defaults.mk
@ -5,7 +5,7 @@
 # See /LICENSE for more information.
 #
-PKG_DEFAULT_DEPENDS = +libc +(SSP_SUPPORT&&!USE_MUSL):libssp +USE_GLIBC:librt +USE_GLIBC:libpthread
+PKG_DEFAULT_DEPENDS = +libc +SSP_SUPPORT:libssp +USE_GLIBC:librt +USE_GLIBC:libpthread
 ifneq ($(PKG_NAME),toolchain)
  PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))
--- a/toolchain/gcc/Config.in
+++ b/toolchain/gcc/Config.in
@ -42,7 +42,8 @@ config EXTRA_GCC_CONFIG_OPTIONS
 config SSP_SUPPORT
 	bool
 	prompt "Enable Stack-Smashing Protection support" if TOOLCHAINOPTS
-	default y
+	depends on !USE_MUSL
 	default y if !USE_MUSL
 	help
 	    Enable Stack-Smashing Protection support
--- a/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch
+++ b/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch
@ -1,11 +0,0 @@
 --- gcc-4.7.4.org/gcc/gcc.c
 +++ gcc-4.7.4/gcc/gcc.c
@@ -603,7 +603,7 @@
 #ifndef LINK_SSP_SPEC
 #ifdef TARGET_LIBC_PROVIDES_SSP
 -#define LINK_SSP_SPEC "%{fstack-protector:}"
 +#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared}"
 #else
 #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}"
 #endif
--- a/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch
+++ b/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch
@ -0,0 +1,13 @@
 --- gcc-4.8.1/gcc/gcc.c.orig	2013-09-24 06:27:32.133894539 +0000
 +++ gcc-4.8.1/gcc/gcc.c	2013-09-24 06:29:35.790562854 +0000
@@ -656,7 +656,9 @@
 #endif
 #ifndef LINK_SSP_SPEC
 -#ifdef TARGET_LIBC_PROVIDES_SSP
 +#if DEFAULT_LIBC == LIBC_MUSL
 +#define LINK_SSP_SPEC "-lssp_nonshared"
 +#elif defined(TARGET_LIBC_PROVIDES_SSP)
 #define LINK_SSP_SPEC "%{fstack-protector:}"
 #else
 #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}"
--- a/toolchain/musl/patches/200-add_libssp_nonshared.patch
+++ b/toolchain/musl/patches/200-add_libssp_nonshared.patch
@ -0,0 +1,58 @@
 From 7ec87fbbc3cac99b4173d082dd6195f47c9a32e7 Mon Sep 17 00:00:00 2001
 From: Steven Barth <steven@midlink.org>
 Date: Mon, 22 Jun 2015 11:01:56 +0200
 Subject: [PATCH] Add libssp_nonshared.a so GCC's is not needed
 Signed-off-by: Steven Barth <steven@midlink.org>
 ---
 Makefile                                  | 10 ++++++++--
 libssp_nonshared/__stack_chk_fail_local.c |  2 ++
 2 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 libssp_nonshared/__stack_chk_fail_local.c
 diff --git a/Makefile b/Makefile
 index 2eb7b30..bfcabf7 100644
 --- a/Makefile
 +++ b/Makefile
@@ -48,7 +48,7 @@ CRT_LIBS = lib/crt1.o lib/Scrt1.o lib/rcrt1.o lib/crti.o lib/crtn.o
 STATIC_LIBS = lib/libc.a
 SHARED_LIBS = lib/libc.so
 TOOL_LIBS = lib/musl-gcc.specs
 -ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS)
 +ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS) lib/libssp_nonshared.a
 ALL_TOOLS = tools/musl-gcc
 LDSO_PATHNAME = $(syslibdir)/ld-musl-$(ARCH)$(SUBARCH).so.1
@@ -103,7 +103,8 @@ NOSSP_SRCS = $(wildcard crt/*.c) \
 	src/env/__libc_start_main.c src/env/__init_tls.c \
 	src/thread/__set_thread_area.c src/env/__stack_chk_fail.c \
 	src/string/memset.c src/string/memcpy.c \
 -	src/ldso/dlstart.c src/ldso/dynlink.c
 +	src/ldso/dlstart.c src/ldso/dynlink.c \
 +	libssp_nonshared/__stack_chk_fail_local.c
 $(NOSSP_SRCS:%.c=%.o) $(NOSSP_SRCS:%.c=%.lo): CFLAGS += $(CFLAGS_NOSSP)
 $(CRT_LIBS:lib/%=crt/%): CFLAGS += -DCRT
@@ -144,6 +145,11 @@ lib/libc.a: $(OBJS)
 	$(AR) rc $@ $(OBJS)
 	$(RANLIB) $@
 +lib/libssp_nonshared.a: libssp_nonshared/__stack_chk_fail_local.o
 +	rm -f $@
 +	$(AR) rc $@ $<
 +	$(RANLIB) $@
 +
 $(EMPTY_LIBS):
 	rm -f $@
 	$(AR) rc $@
 diff --git a/libssp_nonshared/__stack_chk_fail_local.c b/libssp_nonshared/__stack_chk_fail_local.c
 new file mode 100644
 index 0000000..2b403a6
 --- /dev/null
 +++ b/libssp_nonshared/__stack_chk_fail_local.c
@@ -0,0 +1,2 @@
 +extern void __stack_chk_fail(void);
 +void __attribute__((visibility ("hidden"))) __stack_chk_fail_local(void) { __stack_chk_fail(); }
 -- 
 2.1.4