[Buildroot] [git commit branch/next] Config.in: disable Fortify Source for microblaze
Arnout Vandecappelle (Essensium/Mind)
arnout at mind.be
Mon Aug 23 21:08:05 UTC 2021
commit: https://git.buildroot.net/buildroot/commit/?id=2e94aeed1a97f5b66b9a8dc4f0133451b7b7b34f
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/next
As reported by Toolchain-builder project [1], the microblaze glibc
toolchain creates a system that doesn't boot when FORTIFY_SOURCE is
enabled: the init process hangs.
Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].
Note: for completeness, BR2_RELRO_PARTIAL was manually tested and it
does boot.
[1] https://gitlab.com/bootlin/toolchains-builder/-/jobs/1467624500
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html
Signed-off-by: Romain Naour <romain.naour at gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
Cc: Giulio Benetti <giulio.benetti at benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
---
Config.in | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/Config.in b/Config.in
index 2ef5d407e4..3db2c8dcab 100644
--- a/Config.in
+++ b/Config.in
@@ -853,9 +853,16 @@ endchoice
comment "RELocation Read Only (RELRO) needs shared libraries"
depends on !BR2_SHARED_LIBS
+config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
+ bool
+ default y
+ # Microblaze glibc toolchains don't work with Fortify Source enabled
+ depends on !BR2_microblaze
+
choice
bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
default BR2_FORTIFY_SOURCE_1
+ depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_USES_GLIBC
depends on !BR2_OPTIMIZE_0
help
@@ -896,6 +903,7 @@ config BR2_FORTIFY_SOURCE_2
endchoice
comment "Fortify Source needs a glibc toolchain and optimization"
+ depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
endmenu
More information about the buildroot
mailing list