From patchwork Wed Mar 18 21:46:22 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steven Noonan <steven@uplinklabs.net>
X-Patchwork-Id: 451643
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hemlock.osuosl.org (hemlock.osuosl.org [140.211.166.133])
	by ozlabs.org (Postfix) with ESMTP id 8877B14011D
	for <incoming@patchwork.ozlabs.org>;
	Thu, 19 Mar 2015 08:52:33 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id CE39593103;
	Wed, 18 Mar 2015 21:52:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 76DzNc2BMNFg; Wed, 18 Mar 2015 21:52:31 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 7C5F2930C9;
	Wed, 18 Mar 2015 21:52:31 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (whitealder.osuosl.org
	[140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 4FF2A1C20E8
	for <buildroot@lists.busybox.net>;
	Wed, 18 Mar 2015 21:52:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 4C7878D72A
	for <buildroot@lists.busybox.net>;
	Wed, 18 Mar 2015 21:52:30 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id IE7CfPF2OPLI for <buildroot@lists.busybox.net>;
	Wed, 18 Mar 2015 21:52:28 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-pa0-f54.google.com (mail-pa0-f54.google.com
	[209.85.220.54])
	by whitealder.osuosl.org (Postfix) with ESMTPS id A5BD58D410
	for <buildroot@busybox.net>; Wed, 18 Mar 2015 21:52:28 +0000 (UTC)
Received: by pacwe9 with SMTP id we9so54567989pac.1
	for <buildroot@busybox.net>; Wed, 18 Mar 2015 14:52:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding;
	bh=BXxLitW5KPTY4evSNsCOuW3XxTlDw1eKrgtw7k3cPZw=;
	b=izqHxYkuNo6cokuR4mGhVpuOXHSFKiY+a5bMXDp3kfq8/re0QCF85ZRTdNI2h7bsbX
	oA2/iW/GTsv3GPTyPTZA7D0lXDKIXkgB1leHa+dm6RP2vd4IfDJJiccozernSJDB2MHs
	HyxhMvG3XTe90Qzu1yJzZQQlFoBtsUEzF4PyKBWLY2O50vxGx6D50pE4ueMEEVez1sQz
	1+XnZNWo8XL38R/VMP3Rcz4QHvj76v5EPwpqi4ehsA0HM65QU2Pd0FkTuk/2464QiN5u
	UY9VBh9zRioFqzZSLc764eHGZVSINVZ6y79EZdKtM6BFvJ0vQz50PXAVBL14aB1pO2oD
	H6lw==
X-Gm-Message-State: 
 ALoCoQl1ZhNl3eXqOoMhvh6M7ONQJbbKAZvpgQnNG9uwz1zy4tmxyEeI03+xadZHvLZep7AxR/8y
X-Received: by 10.70.92.107 with SMTP id cl11mr64144592pdb.31.1426715190974;
	Wed, 18 Mar 2015 14:46:30 -0700 (PDT)
Received: from steven@uplinklabs.net ([104.152.107.133])
	by mx.google.com with ESMTPSA id
	qm6sm29216205pac.14.2015.03.18.14.46.28
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 18 Mar 2015 14:46:29 -0700 (PDT)
Received: by steven@uplinklabs.net (sSMTP sendmail emulation);
	Wed, 18 Mar 2015 14:46:27 -0700
From: Steven Noonan <steven@uplinklabs.net>
To: buildroot@busybox.net
Date: Wed, 18 Mar 2015 14:46:22 -0700
Message-Id: <1426715182-25003-1-git-send-email-steven@uplinklabs.net>
X-Mailer: git-send-email 2.3.3
MIME-Version: 1.0
Subject: [Buildroot] [PATCH] implement granular choice for stack protector
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

This allows us to choose between the varying degrees of stack-smashing
protection. The differences are documented in the GCC online documentation[1].
The -fstack-protector-full option tends to be far too aggressive and have too
much of an impact on performance to be worth doing.

[1] https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/Optimize-Options.html
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
---
 Config.in                  | 42 ++++++++++++++++++++++++++++++++++++++----
 package/Makefile.in        | 10 +++++++++-
 package/gcc/Config.in.host |  4 ++++
 3 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/Config.in b/Config.in
index 2b39d6a..0006e37 100644
--- a/Config.in
+++ b/Config.in
@@ -506,12 +506,13 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
 
 endif
 
-config BR2_ENABLE_SSP
+choice
 	bool "build code with Stack Smashing Protection"
-	depends on BR2_TOOLCHAIN_HAS_SSP
+	default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
+	default BR2_SSP_REGULAR
 	help
-	  Enable stack smashing protection support using GCCs
-	  -fstack-protector-all option.
+	  Enable stack smashing protection support using GCC's
+	  -fstack-protector option family.
 
 	  See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
 	  for details.
@@ -520,6 +521,39 @@ config BR2_ENABLE_SSP
 	  support. This is always the case for glibc and eglibc
 	  toolchain, but is optional in uClibc toolchains.
 
+config BR2_SSP_NONE
+	bool "None"
+	help
+	  Disable stack-smashing protection.
+
+config BR2_SSP_REGULAR
+	bool "-fstack-protector"
+	depends on BR2_TOOLCHAIN_HAS_SSP
+	help
+	  Emit extra code to check for buffer overflows, such as stack smashing
+	  attacks. This is done by adding a guard variable to functions with
+	  vulnerable objects. This includes functions that call alloca, and
+	  functions with buffers larger than 8 bytes. The guards are initialized
+	  when a function is entered and then checked when the function exits. If
+	  a guard check fails, an error message is printed and the program exits.
+
+config BR2_SSP_STRONG
+	bool "-fstack-protector-strong"
+	depends on BR2_TOOLCHAIN_HAS_SSP
+	depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
+	help
+	  Like -fstack-protector but includes additional functions to be protected
+	  — those that have local array definitions, or have references to local
+	  frame addresses.
+
+config BR2_SSP_ALL
+	bool "-fstack-protector-all"
+	depends on BR2_TOOLCHAIN_HAS_SSP
+	help
+	  Like -fstack-protector except that all functions are protected.
+
+endchoice
+
 comment "enabling Stack Smashing Protection requires support in the toolchain"
 	depends on !BR2_TOOLCHAIN_HAS_SSP
 
diff --git a/package/Makefile.in b/package/Makefile.in
index 803b162..68dc329 100644
--- a/package/Makefile.in
+++ b/package/Makefile.in
@@ -163,7 +163,15 @@ TARGET_CFLAGS += -msep-data
 TARGET_CXXFLAGS += -msep-data
 endif
 
-ifeq ($(BR2_ENABLE_SSP),y)
+ifeq ($(BR2_SSP_REGULAR),y)
+TARGET_CFLAGS += -fstack-protector
+TARGET_CXXFLAGS += -fstack-protector
+endif
+ifeq ($(BR2_SSP_STRONG),y)
+TARGET_CFLAGS += -fstack-protector-strong
+TARGET_CXXFLAGS += -fstack-protector-strong
+endif
+ifeq ($(BR2_SSP_ALL),y)
 TARGET_CFLAGS += -fstack-protector-all
 TARGET_CXXFLAGS += -fstack-protector-all
 endif
diff --git a/package/gcc/Config.in.host b/package/gcc/Config.in.host
index 1a5281c..410bf35 100644
--- a/package/gcc/Config.in.host
+++ b/package/gcc/Config.in.host
@@ -6,6 +6,9 @@ config BR2_GCC_NEEDS_MPC
 config BR2_GCC_SUPPORTS_GRAPHITE
 	bool
 
+config BR2_TOOLCHAIN_HAS_SSP_STRONG
+	bool
+
 choice
 	prompt "GCC compiler Version"
 	default BR2_GCC_VERSION_4_8_ARC if BR2_arc
@@ -77,6 +80,7 @@ choice
 		# PR60102 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60102
 		select BR2_GCC_NEEDS_MPC
 		select BR2_GCC_SUPPORTS_GRAPHITE
+		select BR2_TOOLCHAIN_HAS_SSP_STRONG
 
 endchoice