[Buildroot] [BUG] boot/arm-trusted-firmware: Stack protection setting doesn't work

[Buildroot] [BUG] boot/arm-trusted-firmware: Stack protection setting doesn't work

[Daniil Stas]

The bug was introduced in commit ccac9a5bbb
("boot/arm-trusted-firmware: don't force ENABLE_STACK_PROTECTOR").

In this commit the ENABLE_STACK_PROTECTOR option was moved from make
arguments to the environment. But this value gets overwritten in
make_helpers/defaults.mk (and platform specific makefiles) before it
gets handled in the lib/stack_protector/stack_protector.mk.
So setting it via environment doesn't work.

You can check it, for example, if you compile TF-A for stm32mp157a_dk1
platform, and then check if bl32/stack_protector.o file is
built.
It gets built only with commit ccac9a5bbb being reverted.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [BUG] boot/arm-trusted-firmware: Stack protection setting doesn't work

[Baruch Siach via buildroot]

Hi Daniil Stas,

On Sun, Feb 06 2022, Daniil Stas wrote:
> The bug was introduced in commit ccac9a5bbb
> ("boot/arm-trusted-firmware: don't force ENABLE_STACK_PROTECTOR").
>
> In this commit the ENABLE_STACK_PROTECTOR option was moved from make
> arguments to the environment. But this value gets overwritten in
> make_helpers/defaults.mk (and platform specific makefiles) before it
> gets handled in the lib/stack_protector/stack_protector.mk.
> So setting it via environment doesn't work.
>
> You can check it, for example, if you compile TF-A for stm32mp157a_dk1
> platform, and then check if bl32/stack_protector.o file is
> built.
> It gets built only with commit ccac9a5bbb being reverted.

What happens when you build with a toolchain that has no SSP support
with the commit you mentioned reverted? I believe you will get a build
error similar to this one:

aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized command-line option ‘-fstack-protector-0’; did you mean ‘-fstack-protector’?
aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized command-line option ‘-fstack-protector-0’; did you mean ‘-fstack-protector’?
Makefile:1075: recipe for target '/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o' failed
make[1]: *** [/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o] Error 1

Copied from https://gitlab.com/buildroot.org/buildroot/-/jobs/1497663294.

Do you have a better suggestion?

baruch

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [BUG] boot/arm-trusted-firmware: Stack protection setting doesn't work

[Daniil Stas]

Hi, Baruch

> What happens when you build with a toolchain that has no SSP support
> with the commit you mentioned reverted? I believe you will get a build
> error similar to this one:
> 
> aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized
> command-line option ‘-fstack-protector-0’; did you mean
> ‘-fstack-protector’? aarch64-buildroot-linux-uclibc-gcc.br_real:
> error: unrecognized command-line option ‘-fstack-protector-0’; did
> you mean ‘-fstack-protector’? Makefile:1075: recipe for target
> '/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o'
> failed make[1]: ***
> [/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o]
> Error 1
> 
> Copied from
> https://gitlab.com/buildroot.org/buildroot/-/jobs/1497663294.
> 
> Do you have a better suggestion?
> 
> baruch
> 

Yes, if you pass ENABLE_STACK_PROTECTOR=0 argument to the make command
you will get this error.

I don't know what is the proper fix here...
The current TF-A documentation says that the valid
ENABLE_STACK_PROTECTOR values are: "all", "strong", "default" and
"none". And the comments in Buildroot say that's older versions didn't
support "none" value and expected "0" value instead (looks like it was
changed in TF-A commit fd7b287cbe).

Maybe Buildroot should check the TF-A version and only pass "0" to the
old versions. But I don't know if this version comparison can be
implemented in Buildroot.

Or maybe we can give user an additional option to specify how to pass
ENABLE_STACK_PROTECTOR argument, but this doesn't look very
convenient...

Or maybe it's better to patch TF-A so the newer versions treated "0"
value exactly as "none"...

Best regards,
Daniil
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot