From: Arnout Vandecappelle <arnout@mind.be>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v2 1/1] qemu: add patch to fix SSP support detection
Date: Thu, 12 Nov 2015 00:30:11 +0100 [thread overview]
Message-ID: <5643CF83.6000800@mind.be> (raw)
In-Reply-To: <1447280301-9225-1-git-send-email-rprebello@gmail.com>
On 11-11-15 23:18, Rodrigo Rebello wrote:
> The QEMU configure script incorrectly assumes SSP is supported by the
> toolchain in some cases where the compiler accepts -fstack-protector-*
> flags but the C library does not provide the necessary __stack_chk_*()
> functions.
>
> Even though a full compile and link test is performed by the script,
> this is done with a code fragment which does not actually meet any of
> the conditions required to cause the compiler to emit canary code when
> the -fstack-protector-strong variant is used. As no compile or link
> failure occurs in this case, a false positive is generated and a
> subsequent error is seen when the probe for pthreads is performed.
>
> The fix consists in patching the configure script to use an appropriate
> test program for the SSP support checks.
>
> Fixes:
>
> http://autobuild.buildroot.net/results/efb/efbb4e940543894b8745bb405478a096c90a5ae2/
> http://autobuild.buildroot.net/results/32d/32d6d984febad2dee1f0d31c5fa0aea823297096/
> http://autobuild.buildroot.net/results/aa6/aa6e71c957fb6f07e7bded35a8e47be4dadd042c/
> ...and many others.
>
> Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
But let's wait a day or see for upstream to comment on the patch. I have one nit:
> ---
> Changes v1 -> v2:
> - Patch the configure script instead of force disable SSP detection
> (Arnout Vandecappelle).
> ---
> ...se-appropriate-code-fragment-for-fstack-p.patch | 65 ++++++++++++++++++++++
> 1 file changed, 65 insertions(+)
> create mode 100644 package/qemu/0001-configure-use-appropriate-code-fragment-for-fstack-p.patch
>
> diff --git a/package/qemu/0001-configure-use-appropriate-code-fragment-for-fstack-p.patch b/package/qemu/0001-configure-use-appropriate-code-fragment-for-fstack-p.patch
> new file mode 100644
> index 0000000..5eee141
> --- /dev/null
> +++ b/package/qemu/0001-configure-use-appropriate-code-fragment-for-fstack-p.patch
> @@ -0,0 +1,65 @@
> +From 83897ad507f8bb332000304b96d36c109c19bfad Mon Sep 17 00:00:00 2001
> +From: Rodrigo Rebello <rprebello@gmail.com>
> +Date: Wed, 11 Nov 2015 18:39:24 -0200
> +Subject: [PATCH 1/1] configure: use appropriate code fragment for
> + -fstack-protector checks
> +Cc: qemu-trivial at nongnu.org
> +
> +The check for stack-protector support consisted in compiling and linking
> +the test program below (output by function write_c_skeleton()) with the
> +compiler flag -fstack-protector-strong first and then with
> +-fstack-protector-all if the first one failed to work:
> +
> + int main(void) { return 0; }
> +
> +This caused false positives when using certain toolchains in which the
> +compiler accepted -fstack-protector-strong but no support was provided
> +by the C library, since for this stack-protector variant the compiler
> +emits canary code only for functions that meet specific conditions
> +(local arrays, memory references to local variables, etc.) and the code
> +fragment under test included none of them (hence no stack protection
> +code generated, no link failure).
> +
> +This fix changes the test program used for -fstack-protector checks to
> +include a function that meets conditions which cause the compiler to
> +generate canary code in all variants.
> +
> +Upstream status: sent
> +
> +Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
> +---
> + configure | 18 ++++++++++++++++++
> + 1 file changed, 18 insertions(+)
> +
> +diff --git a/configure b/configure
> +index cd219d8..a6f4101 100755
> +--- a/configure
> ++++ b/configure
> +@@ -1471,6 +1471,24 @@ for flag in $gcc_flags; do
> + done
> +
> + if test "$stack_protector" != "no"; then
> ++ cat > $TMPC << EOF
> ++void foo(const char *c);
This declaration is unnecessary.
Regards,
Arnout
> ++
> ++void foo(const char *c)
> ++{
> ++ char arr[64], *p;
> ++ for (p = arr; *c; c++, p++) {
> ++ *p = *c;
> ++ }
> ++}
> ++
> ++int main(void)
> ++{
> ++ char c[] = "";
> ++ foo(c);
> ++ return 0;
> ++}
> ++EOF
> + gcc_flags="-fstack-protector-strong -fstack-protector-all"
> + sp_on=0
> + for flag in $gcc_flags; do
> +--
> +2.1.4
> +
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
next prev parent reply other threads:[~2015-11-11 23:30 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-11 22:18 [Buildroot] [PATCH v2 1/1] qemu: add patch to fix SSP support detection Rodrigo Rebello
2015-11-11 23:30 ` Arnout Vandecappelle [this message]
2015-11-11 23:49 ` Rodrigo Rebello
2015-11-12 8:19 ` Arnout Vandecappelle
2015-11-12 15:04 ` Rodrigo Rebello
2015-11-13 7:10 ` Arnout Vandecappelle
2015-11-14 3:32 ` Rodrigo Rebello
2015-11-16 6:32 ` Arnout Vandecappelle
2015-11-16 10:15 ` Rodrigo Rebello
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5643CF83.6000800@mind.be \
--to=arnout@mind.be \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox