Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Matt Weber <matthew.weber@collins.com>,
	Buildroot Mailing List <buildroot@buildroot.org>
Subject: Re: [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector
Date: Sun, 19 Dec 2021 18:13:51 +0200	[thread overview]
Message-ID: <87czlsefl3.fsf@tarshish> (raw)
In-Reply-To: <CAPi7W81Jm0zos4T9TGOsxTZJnDw5kw33=4_vEkHQcz7jwsMjxg@mail.gmail.com>

Hi Fabrice,

On Sun, Dec 19 2021, Fabrice Fontaine wrote:
> Le dim. 19 déc. 2021 à 16:38, Baruch Siach <baruch@tkos.co.il> a écrit :
>> On Sun, Dec 19 2021, Fabrice Fontaine wrote:
>> > Fix the following build failure without stack-protector raised since
>> > bump to version 3.3.1 in commit 3965f09cb427af411055a783cd14b501b2b28285
>> > and
>> > https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
>> >
>> > /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
>> > jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
>> >
>> > Fixes:
>> >  - http://autobuild.buildroot.org/results/8de/8dee462d16d934dd173d58f17933c6911e4336bf/build-end.log
>> >
>> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> > ---
>> >  ...-Makefile-add-ENABLE_STACK_PROTECTOR.patch | 52 +++++++++++++++++++
>> >  .../jitterentropy-library.mk                  |  2 +-
>> >  2 files changed, 53 insertions(+), 1 deletion(-)
>> >  create mode 100644 package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>> >
>> > diff --git a/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>> > new file mode 100644
>> > index 0000000000..c4388663b0
>> > --- /dev/null
>> > +++ b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>> > @@ -0,0 +1,52 @@
>> > +From 272ee47892563e849f6b1bf59b0173f8aa33b631 Mon Sep 17 00:00:00 2001
>> > +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> > +Date: Sun, 19 Dec 2021 11:36:13 +0100
>> > +Subject: [PATCH] Makefile: add ENABLE_STACK_PROTECTOR
>> > +
>> > +Add ENABLE_STACK_PROTECTOR as build on embedded toolchains without
>> > +stack-protector is again broken since
>> > +https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
>> > +
>> > +/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
>> > +jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
>> > +
>> > +Fixes:
>> > + - http://autobuild.buildroot.org/results/8dee462d16d934dd173d58f17933c6911e4336bf
>> > +
>> > +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> > +Signed-off-by: Stephan Mueller <smueller@chronox.de>
>> > +[Retrieved from:
>> > +https://github.com/smuellerDD/jitterentropy-library/commit/272ee47892563e849f6b1bf59b0173f8aa33b631]
>> > +---
>> > + Makefile | 11 +++++++----
>> > + 1 file changed, 7 insertions(+), 4 deletions(-)
>> > +
>> > +diff --git a/Makefile b/Makefile
>> > +index dfb96a8..c999ef5 100644
>> > +--- a/Makefile
>> > ++++ b/Makefile
>> > +@@ -2,6 +2,7 @@
>> > +
>> > + CC ?= gcc
>> > + #Hardening
>> > ++ENABLE_STACK_PROTECTOR ?= 1
>> > + CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
>> > + CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
>> > + LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
>> > +@@ -13,10 +14,12 @@ else
>> > +   GCC_GTEQ_490 := $(shell expr `$(CC) -dumpfullversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
>> > + endif
>> > +
>> > +-ifeq "$(GCC_GTEQ_490)" "1"
>> > +-  CFLAGS += -fstack-protector-strong
>> > +-else
>> > +-  CFLAGS += -fstack-protector-all
>> > ++ifeq "$(ENABLE_STACK_PROTECTOR)" "1"
>> > ++  ifeq "$(GCC_GTEQ_490)" "1"
>> > ++    CFLAGS += -fstack-protector-strong
>> > ++  else
>> > ++    CFLAGS += -fstack-protector-all
>> > ++  endif
>> > + endif
>> > +
>> > + # Change as necessary
>> > diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
>> > index 830da0e065..4cdebf46a3 100644
>> > --- a/package/jitterentropy-library/jitterentropy-library.mk
>> > +++ b/package/jitterentropy-library/jitterentropy-library.mk
>> > @@ -26,7 +26,7 @@ endif
>> >
>> >  define JITTERENTROPY_LIBRARY_BUILD_CMDS
>> >       $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
>> > -             $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
>> > +             ENABLE_STACK_PROTECTOR=0 $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
>>
>> Why disable stack protector unconditionally instead of making it depend
>> on BR2_TOOLCHAIN_HAS_SSP?
> From my understanding, passing -fstack-protector-strong or
> -fstack-protector-all will be made by the toolchain wrapper.
> So there is no need to make it conditional on BR2_SSP_STRONG or BR2_SSP_ALL

Right. I forgot about the toolchain wrapper. But it might worth mention
in the commit log, since it looks as if this commit disables stack
protection.

baruch

>>
>> >  endef
>> >
>> >  define JITTERENTROPY_LIBRARY_INSTALL_STAGING_CMDS

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2021-12-19 16:15 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-19 15:32 [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector Fabrice Fontaine
2021-12-19 15:36 ` Baruch Siach via buildroot
2021-12-19 15:59   ` Fabrice Fontaine
2021-12-19 16:13     ` Baruch Siach via buildroot [this message]
2021-12-20 22:39 ` Arnout Vandecappelle

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87czlsefl3.fsf@tarshish \
    --to=buildroot@buildroot.org \
    --cc=baruch@tkos.co.il \
    --cc=fontaine.fabrice@gmail.com \
    --cc=matthew.weber@collins.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox