toolchain: remove gcc libssp and use libc variant

Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.

Stack smashing protection configuration options are now uniform
across all supported libc variants.

This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.

Signed-off-by: Ian Cooper <iancooper@hotmail.com>

diff --git a/config/Config-build.in b/config/Config-build.in
index 61a9265ad78d68b2c713191369049b46b3956e01..ac1e05d2ff497c30287d70cd023de8a9ce085137 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -249,7 +249,6 @@ menu "Global build settings"
 
        choice
                prompt "User space Stack-Smashing Protection"
-               depends on USE_MUSL
                default PKG_CC_STACKPROTECTOR_REGULAR
                help
                  Enable GCC Stack Smashing Protection (SSP) for userspace applications
@@ -257,18 +256,15 @@ menu "Global build settings"
                        bool "None"
                config PKG_CC_STACKPROTECTOR_REGULAR
                        bool "Regular"
-                       select GCC_LIBSSP if !USE_MUSL
                        depends on KERNEL_CC_STACKPROTECTOR_REGULAR
                config PKG_CC_STACKPROTECTOR_STRONG
                        bool "Strong"
-                       select GCC_LIBSSP if !USE_MUSL
                        depends on KERNEL_CC_STACKPROTECTOR_STRONG
        endchoice
 
        choice
                prompt "Kernel space Stack-Smashing Protection"
                default KERNEL_CC_STACKPROTECTOR_REGULAR
-               depends on USE_MUSL || !(x86_64 || i386)
                help
                  Enable GCC Stack-Smashing Protection (SSP) for the kernel
                config KERNEL_CC_STACKPROTECTOR_NONE

diff --git a/include/package-defaults.mk b/include/package-defaults.mk
index 31e331b2d5631448c69afa4b265bfb0268b394cb..2fed72b1a45ce706ad192eedb8fc35fdcce17b7d 100644 (file)
--- a/include/package-defaults.mk
+++ b/include/package-defaults.mk
@@ -5,7 +5,7 @@
 # See /LICENSE for more information.
 #
 
-PKG_DEFAULT_DEPENDS = +libc +GCC_LIBSSP:libssp +USE_GLIBC:librt +USE_GLIBC:libpthread
+PKG_DEFAULT_DEPENDS = +libc +USE_GLIBC:librt +USE_GLIBC:libpthread
 
 ifneq ($(PKG_NAME),toolchain)
   PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))

diff --git a/package/libs/toolchain/Makefile b/package/libs/toolchain/Makefile
index c13e9e4928ce09ae19a08e5b6e8d616572a68eb9..f92a1779da18b9ffa2f321f70698c997c5f3b34d 100644 (file)
--- a/package/libs/toolchain/Makefile
+++ b/package/libs/toolchain/Makefile
@@ -83,33 +83,6 @@ define Package/libatomic/config
        endmenu
 endef
 
-define Package/libssp
-$(call Package/gcc/Default)
-  DEPENDS+=@GCC_LIBSSP
-  TITLE:=GCC support library
-endef
-
-define Package/libssp/config
-       menu "Configuration"
-               depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
-
-       config LIBSSP_ROOT_DIR
-               string
-               prompt "libssp shared library base directory"
-               depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
-               default TOOLCHAIN_ROOT  if !NATIVE_TOOLCHAIN
-               default "/"  if NATIVE_TOOLCHAIN
-
-       config LIBSSP_FILE_SPEC
-               string
-               prompt "libssp shared library files (use wildcards)"
-               depends on EXTERNAL_TOOLCHAIN && PACKAGE_libssp
-               default "./lib/libssp.so.*"
-
-       endmenu
-endef
-
-
 define Package/libstdcpp
 $(call Package/gcc/Default)
   NAME:=libstdc++
@@ -519,11 +492,6 @@ ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
        $(CP) $(TOOLCHAIN_DIR)/lib/libgfortran.so.* $(1)/usr/lib/
   endef
 
-  define Package/libssp/install
-       $(INSTALL_DIR) $(1)/lib
-       $(CP) $(TOOLCHAIN_DIR)/lib/libssp.so.* $(1)/lib/
-  endef
-
   define Package/libstdcpp/install
        $(INSTALL_DIR) $(1)/usr/lib
        $(CP) $(TOOLCHAIN_DIR)/lib/libstdc++.so.* $(1)/usr/lib/
@@ -670,14 +638,6 @@ else
        done
   endef
 
-  define Package/libssp/install
-       for file in $(call qstrip,$(CONFIG_LIBSSP_FILE_SPEC)); do \
-               $(INSTALL_DIR) $(1)/lib ; \
-               $(CP) $(call qstrip,$(CONFIG_LIBSSP_ROOT_DIR))/$$$$file $(1)/lib/ ; \
-       done ; \
-       exit 0
-  endef
-
   define Package/libstdcpp/install
        for file in $(call qstrip,$(CONFIG_LIBSTDCPP_FILE_SPEC)); do \
                $(INSTALL_DIR) $(1)/lib ; \
@@ -789,7 +749,6 @@ endif
 $(eval $(call BuildPackage,libc))
 $(eval $(call BuildPackage,libgcc))
 $(eval $(call BuildPackage,libatomic))
-$(eval $(call BuildPackage,libssp))
 $(eval $(call BuildPackage,libstdcpp))
 $(eval $(call BuildPackage,libasan))
 $(eval $(call BuildPackage,libtsan))

diff --git a/toolchain/Config.in b/toolchain/Config.in
index 762f4e10d7d82ab2c5075f08ca865f4af5f3361b..cb557d4ad34e52060a37e464d56d4b6477ed6c95 100644 (file)
--- a/toolchain/Config.in
+++ b/toolchain/Config.in
@@ -284,7 +284,7 @@ config USE_MUSL
        bool
 
 config SSP_SUPPORT
-       default y if USE_MUSL || GCC_LIBSSP
+       default y if !PKG_CC_STACKPROTECTOR_NONE
        bool
 
 config USE_EXTERNAL_LIBC

diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in
index 7d7f34210a6d4ee8f5a9f192525cbdc3deb8fed1..4b2ba7aaaeae39766c9df24947890c5852299efd 100644 (file)
--- a/toolchain/gcc/Config.in
+++ b/toolchain/gcc/Config.in
@@ -47,14 +47,6 @@ config GCC_DEFAULT_SSP
        help
            Use gcc configure option --enable-default-ssp to turn on -fstack-protector-strong by default.
 
-config GCC_LIBSSP
-       bool
-       prompt "Build gcc libssp" if TOOLCHAINOPTS
-       depends on !USE_MUSL
-       default y if !USE_MUSL
-       help
-           Enable Stack-Smashing Protection support
-
 config SJLJ_EXCEPTIONS
        bool
        prompt "Use setjump()/longjump() exceptions" if TOOLCHAINOPTS

diff --git a/toolchain/gcc/common.mk b/toolchain/gcc/common.mk
index 7fb30285aa80f5b4046e8cdd7bda2a4e92557ab8..ec3ea8fff1d92ab9edde78df81073b280d3b303f 100644 (file)
--- a/toolchain/gcc/common.mk
+++ b/toolchain/gcc/common.mk
@@ -104,6 +104,7 @@ GCC_CONFIGURE:= \
                --disable-multilib \
                --disable-libmpx \
                --disable-nls \
+               --disable-libssp \
                $(GRAPHITE_CONFIGURE) \
                --with-host-libstdcxx=-lstdc++ \
                $(SOFT_FLOAT_CONFIG_OPTION) \
@@ -131,14 +132,6 @@ ifneq ($(CONFIG_GCC_DEFAULT_SSP),)
                --enable-default-ssp
 endif
 
-ifneq ($(CONFIG_GCC_LIBSSP),)
-  GCC_CONFIGURE+= \
-               --enable-libssp
-else
-  GCC_CONFIGURE+= \
-               --disable-libssp
-endif
-
 ifneq ($(CONFIG_EXTRA_TARGET_ARCH),)
   GCC_CONFIGURE+= \
                --enable-biarch \

diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk
index db4f0fcc0e22a9f4e197889b0868e4e86e338e6c..f0b95d3cc730ef62df5499701531cd7e5a8efd31 100644 (file)
--- a/toolchain/glibc/common.mk
+++ b/toolchain/glibc/common.mk
@@ -39,7 +39,6 @@ ifeq ($(ARCH),mips64)
   endif
 endif
 
-
 # -Os miscompiles w. 2.24 gcc5/gcc6
 # only -O2 tested by upstream changeset
 # "Optimize i386 syscall inlining for GCC 5"
@@ -61,6 +60,8 @@ GLIBC_CONFIGURE:= \
                --without-cvs \
                --enable-add-ons \
                --$(if $(CONFIG_SOFT_FLOAT),without,with)-fp \
+                 $(if $(CONFIG_PKG_CC_STACKPROTECTOR_REGULAR),--enable-stack-protector=yes) \
+                 $(if $(CONFIG_PKG_CC_STACKPROTECTOR_STRONG),--enable-stack-protector=strong) \
                --enable-kernel=4.14.0
 
 export libc_cv_ssp=no