aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/Config-build.in4
-rw-r--r--include/hardening.mk2
-rw-r--r--include/package-defaults.mk2
-rw-r--r--toolchain/gcc/Config.in3
-rw-r--r--toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch11
-rw-r--r--toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch13
-rw-r--r--toolchain/musl/patches/200-add_libssp_nonshared.patch58
7 files changed, 76 insertions, 17 deletions
diff --git a/config/Config-build.in b/config/Config-build.in
index 42b8e8e5e3..35c07c63f8 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -226,11 +226,11 @@ menu "Global build settings"
bool "None"
config PKG_CC_STACKPROTECTOR_REGULAR
bool "Regular"
- select SSP_SUPPORT
+ select SSP_SUPPORT if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_REGULAR
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
- select SSP_SUPPORT
+ select SSP_SUPPORT if !USE_MUSL
depends on GCC_VERSION_4_9_LINARO
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice
diff --git a/include/hardening.mk b/include/hardening.mk
index 8a24b3ca15..c1f0bcb19e 100644
--- a/include/hardening.mk
+++ b/include/hardening.mk
@@ -21,13 +21,11 @@ endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
TARGET_CFLAGS += -fstack-protector
- TARGET_LDFLAGS += -fstack-protector
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
TARGET_CFLAGS += -fstack-protector-strong
- TARGET_LDFLAGS += -fstack-protector-strong
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_1
diff --git a/include/package-defaults.mk b/include/package-defaults.mk
index a5e9fbe915..2896b4c783 100644
--- a/include/package-defaults.mk
+++ b/include/package-defaults.mk
@@ -5,7 +5,7 @@
# See /LICENSE for more information.
#
-PKG_DEFAULT_DEPENDS = +libc +(SSP_SUPPORT&&!USE_MUSL):libssp +USE_GLIBC:librt +USE_GLIBC:libpthread
+PKG_DEFAULT_DEPENDS = +libc +SSP_SUPPORT:libssp +USE_GLIBC:librt +USE_GLIBC:libpthread
ifneq ($(PKG_NAME),toolchain)
PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))
diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in
index 5cb4d23e16..025ea2453d 100644
--- a/toolchain/gcc/Config.in
+++ b/toolchain/gcc/Config.in
@@ -42,7 +42,8 @@ config EXTRA_GCC_CONFIG_OPTIONS
config SSP_SUPPORT
bool
prompt "Enable Stack-Smashing Protection support" if TOOLCHAINOPTS
- default y
+ depends on !USE_MUSL
+ default y if !USE_MUSL
help
Enable Stack-Smashing Protection support
diff --git a/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch b/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch
deleted file mode 100644
index 1208e73029..0000000000
--- a/toolchain/gcc/patches/4.8-linaro/030-always-link-ssp-noshared.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- gcc-4.7.4.org/gcc/gcc.c
-+++ gcc-4.7.4/gcc/gcc.c
-@@ -603,7 +603,7 @@
-
- #ifndef LINK_SSP_SPEC
- #ifdef TARGET_LIBC_PROVIDES_SSP
--#define LINK_SSP_SPEC "%{fstack-protector:}"
-+#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared}"
- #else
- #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}"
- #endif
diff --git a/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch b/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch
new file mode 100644
index 0000000000..22176934af
--- /dev/null
+++ b/toolchain/gcc/patches/4.8-linaro/230-musl_libssp.patch
@@ -0,0 +1,13 @@
+--- gcc-4.8.1/gcc/gcc.c.orig 2013-09-24 06:27:32.133894539 +0000
++++ gcc-4.8.1/gcc/gcc.c 2013-09-24 06:29:35.790562854 +0000
+@@ -656,7 +656,9 @@
+ #endif
+
+ #ifndef LINK_SSP_SPEC
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if DEFAULT_LIBC == LIBC_MUSL
++#define LINK_SSP_SPEC "-lssp_nonshared"
++#elif defined(TARGET_LIBC_PROVIDES_SSP)
+ #define LINK_SSP_SPEC "%{fstack-protector:}"
+ #else
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}"
diff --git a/toolchain/musl/patches/200-add_libssp_nonshared.patch b/toolchain/musl/patches/200-add_libssp_nonshared.patch
new file mode 100644
index 0000000000..af0576585e
--- /dev/null
+++ b/toolchain/musl/patches/200-add_libssp_nonshared.patch
@@ -0,0 +1,58 @@
+From 7ec87fbbc3cac99b4173d082dd6195f47c9a32e7 Mon Sep 17 00:00:00 2001
+From: Steven Barth <steven@midlink.org>
+Date: Mon, 22 Jun 2015 11:01:56 +0200
+Subject: [PATCH] Add libssp_nonshared.a so GCC's is not needed
+
+Signed-off-by: Steven Barth <steven@midlink.org>
+---
+ Makefile | 10 ++++++++--
+ libssp_nonshared/__stack_chk_fail_local.c | 2 ++
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 libssp_nonshared/__stack_chk_fail_local.c
+
+diff --git a/Makefile b/Makefile
+index 2eb7b30..bfcabf7 100644
+--- a/Makefile
++++ b/Makefile
+@@ -48,7 +48,7 @@ CRT_LIBS = lib/crt1.o lib/Scrt1.o lib/rcrt1.o lib/crti.o lib/crtn.o
+ STATIC_LIBS = lib/libc.a
+ SHARED_LIBS = lib/libc.so
+ TOOL_LIBS = lib/musl-gcc.specs
+-ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS)
++ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS) lib/libssp_nonshared.a
+ ALL_TOOLS = tools/musl-gcc
+
+ LDSO_PATHNAME = $(syslibdir)/ld-musl-$(ARCH)$(SUBARCH).so.1
+@@ -103,7 +103,8 @@ NOSSP_SRCS = $(wildcard crt/*.c) \
+ src/env/__libc_start_main.c src/env/__init_tls.c \
+ src/thread/__set_thread_area.c src/env/__stack_chk_fail.c \
+ src/string/memset.c src/string/memcpy.c \
+- src/ldso/dlstart.c src/ldso/dynlink.c
++ src/ldso/dlstart.c src/ldso/dynlink.c \
++ libssp_nonshared/__stack_chk_fail_local.c
+ $(NOSSP_SRCS:%.c=%.o) $(NOSSP_SRCS:%.c=%.lo): CFLAGS += $(CFLAGS_NOSSP)
+
+ $(CRT_LIBS:lib/%=crt/%): CFLAGS += -DCRT
+@@ -144,6 +145,11 @@ lib/libc.a: $(OBJS)
+ $(AR) rc $@ $(OBJS)
+ $(RANLIB) $@
+
++lib/libssp_nonshared.a: libssp_nonshared/__stack_chk_fail_local.o
++ rm -f $@
++ $(AR) rc $@ $<
++ $(RANLIB) $@
++
+ $(EMPTY_LIBS):
+ rm -f $@
+ $(AR) rc $@
+diff --git a/libssp_nonshared/__stack_chk_fail_local.c b/libssp_nonshared/__stack_chk_fail_local.c
+new file mode 100644
+index 0000000..2b403a6
+--- /dev/null
++++ b/libssp_nonshared/__stack_chk_fail_local.c
+@@ -0,0 +1,2 @@
++extern void __stack_chk_fail(void);
++void __attribute__((visibility ("hidden"))) __stack_chk_fail_local(void) { __stack_chk_fail(); }
+--
+2.1.4
+