blob: e9c5cd9d322795fea6bd9187c1de596c78590cdf [file] [log] [blame]
/**
* Buildroot wrapper for toolchains. This simply executes the real toolchain
* with a number of arguments (sysroot/arch/..) hardcoded, to ensure the
* toolchain uses the correct configuration.
* The hardcoded path arguments are defined relative to the actual location
* of the binary.
*
* (C) 2011 Peter Korsgaard <jacmet@sunsite.dk>
* (C) 2011 Daniel Nyström <daniel.nystrom@timeterminal.se>
* (C) 2012 Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* (C) 2013 Spenser Gilliland <spenser@gillilanding.com>
*
* This file is licensed under the terms of the GNU General Public License
* version 2. This program is licensed "as is" without any warranty of any
* kind, whether express or implied.
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <limits.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <time.h>
#include <stdbool.h>
#ifdef BR_CCACHE
static char ccache_path[PATH_MAX];
#endif
static char path[PATH_MAX];
static char sysroot[PATH_MAX];
/* As would be defined by gcc:
* https://gcc.gnu.org/onlinedocs/cpp/Standard-Predefined-Macros.html
* sizeof() on string literals includes the terminating \0. */
static char _time_[sizeof("-D__TIME__=\"HH:MM:SS\"")];
static char _date_[sizeof("-D__DATE__=\"MMM DD YYYY\"")];
/**
* GCC errors out with certain combinations of arguments (examples are
* -mfloat-abi={hard|soft} and -m{little|big}-endian), so we have to ensure
* that we only pass the predefined one to the real compiler if the inverse
* option isn't in the argument list.
* This specifies the worst case number of extra arguments we might pass
* Currently, we may have:
* -mfloat-abi=
* -march=
* -mcpu=
* -D__TIME__=
* -D__DATE__=
* -Wno-builtin-macro-redefined
* -Wl,-z,now
* -Wl,-z,relro
* -fPIE
* -pie
*/
#define EXCLUSIVE_ARGS 10
static char *predef_args[] = {
#ifdef BR_CCACHE
ccache_path,
#endif
path,
"--sysroot", sysroot,
#ifdef BR_ABI
"-mabi=" BR_ABI,
#endif
#ifdef BR_NAN
"-mnan=" BR_NAN,
#endif
#ifdef BR_FPU
"-mfpu=" BR_FPU,
#endif
#ifdef BR_SOFTFLOAT
"-msoft-float",
#endif /* BR_SOFTFLOAT */
#ifdef BR_MODE
"-m" BR_MODE,
#endif
#ifdef BR_64
"-m64",
#endif
#ifdef BR_OMIT_LOCK_PREFIX
"-Wa,-momit-lock-prefix=yes",
#endif
#ifdef BR_NO_FUSED_MADD
"-mno-fused-madd",
#endif
#ifdef BR_FP_CONTRACT_OFF
"-ffp-contract=off",
#endif
#ifdef BR_BINFMT_FLAT
"-Wl,-elf2flt",
#endif
#ifdef BR_MIPS_TARGET_LITTLE_ENDIAN
"-EL",
#endif
#if defined(BR_MIPS_TARGET_BIG_ENDIAN) || defined(BR_ARC_TARGET_BIG_ENDIAN)
"-EB",
#endif
#ifdef BR_SSP_REGULAR
"-fstack-protector",
#endif
#ifdef BR_SSP_STRONG
"-fstack-protector-strong",
#endif
#ifdef BR_SSP_ALL
"-fstack-protector-all",
#endif
#ifdef BR_ADDITIONAL_CFLAGS
BR_ADDITIONAL_CFLAGS
#endif
};
/* A {string,length} tuple, to avoid computing strlen() on constants.
* - str must be a \0-terminated string
* - len does not account for the terminating '\0'
*/
struct str_len_s {
const char *str;
size_t len;
};
/* Define a {string,length} tuple. Takes an unquoted constant string as
* parameter. sizeof() on a string literal includes the terminating \0,
* but we don't want to count it.
*/
#define STR_LEN(s) { #s, sizeof(#s)-1 }
/* List of paths considered unsafe for cross-compilation.
*
* An unsafe path is one that points to a directory with libraries or
* headers for the build machine, which are not suitable for the target.
*/
static const struct str_len_s unsafe_paths[] = {
STR_LEN(/lib),
STR_LEN(/usr/include),
STR_LEN(/usr/lib),
STR_LEN(/usr/local/include),
STR_LEN(/usr/local/lib),
{ NULL, 0 },
};
/* Unsafe options are options that specify a potentialy unsafe path,
* that will be checked by check_unsafe_path(), below.
*/
static const struct str_len_s unsafe_opts[] = {
STR_LEN(-I),
STR_LEN(-idirafter),
STR_LEN(-iquote),
STR_LEN(-isystem),
STR_LEN(-L),
{ NULL, 0 },
};
/* Check if path is unsafe for cross-compilation. Unsafe paths are those
* pointing to the standard native include or library paths.
*
* We print the arguments leading to the failure. For some options, gcc
* accepts the path to be concatenated to the argument (e.g. -I/foo/bar)
* or separated (e.g. -I /foo/bar). In the first case, we need only print
* the argument as it already contains the path (arg_has_path), while in
* the second case we need to print both (!arg_has_path).
*
* If paranoid, exit in error instead of just printing a warning.
*/
static void check_unsafe_path(const char *arg,
const char *path,
int paranoid,
int arg_has_path)
{
const struct str_len_s *p;
for (p=unsafe_paths; p->str; p++) {
if (strncmp(path, p->str, p->len))
continue;
fprintf(stderr,
"%s: %s: unsafe header/library path used in cross-compilation: '%s%s%s'\n",
program_invocation_short_name,
paranoid ? "ERROR" : "WARNING",
arg,
arg_has_path ? "" : "' '", /* close single-quote, space, open single-quote */
arg_has_path ? "" : path); /* so that arg and path are properly quoted. */
if (paranoid)
exit(1);
}
}
/* Returns false if SOURCE_DATE_EPOCH was not defined in the environment.
*
* Returns true if SOURCE_DATE_EPOCH is in the environment and represent
* a valid timestamp, in which case the timestamp is formatted into the
* global variables _date_ and _time_.
*
* Aborts if SOURCE_DATE_EPOCH was set in the environment but did not
* contain a valid timestamp.
*
* Valid values are defined in the spec:
* https://reproducible-builds.org/specs/source-date-epoch/
* but we further restrict them to be positive or null.
*/
bool parse_source_date_epoch_from_env(void)
{
char *epoch_env, *endptr;
time_t epoch;
struct tm epoch_tm;
if ((epoch_env = getenv("SOURCE_DATE_EPOCH")) == NULL)
return false;
errno = 0;
epoch = (time_t) strtoll(epoch_env, &endptr, 10);
/* We just need to test if it is incorrect, but we do not
* care why it is incorrect.
*/
if ((errno != 0) || !*epoch_env || *endptr || (epoch < 0)) {
fprintf(stderr, "%s: invalid SOURCE_DATE_EPOCH='%s'\n",
program_invocation_short_name,
epoch_env);
exit(1);
}
tzset(); /* For localtime_r(), below. */
if (localtime_r(&epoch, &epoch_tm) == NULL) {
fprintf(stderr, "%s: cannot parse SOURCE_DATE_EPOCH=%s\n",
program_invocation_short_name,
getenv("SOURCE_DATE_EPOCH"));
exit(1);
}
if (!strftime(_time_, sizeof(_time_), "-D__TIME__=\"%T\"", &epoch_tm)) {
fprintf(stderr, "%s: cannot set time from SOURCE_DATE_EPOCH=%s\n",
program_invocation_short_name,
getenv("SOURCE_DATE_EPOCH"));
exit(1);
}
if (!strftime(_date_, sizeof(_date_), "-D__DATE__=\"%b %e %Y\"", &epoch_tm)) {
fprintf(stderr, "%s: cannot set date from SOURCE_DATE_EPOCH=%s\n",
program_invocation_short_name,
getenv("SOURCE_DATE_EPOCH"));
exit(1);
}
return true;
}
int main(int argc, char **argv)
{
char **args, **cur, **exec_args;
char *relbasedir, *absbasedir;
char *progpath = argv[0];
char *basename;
char *env_debug;
char *paranoid_wrapper;
int paranoid;
int ret, i, count = 0, debug, found_shared = 0;
/* Calculate the relative paths */
basename = strrchr(progpath, '/');
if (basename) {
*basename = '\0';
basename++;
relbasedir = malloc(strlen(progpath) + 7);
if (relbasedir == NULL) {
perror(__FILE__ ": malloc");
return 2;
}
sprintf(relbasedir, "%s/..", argv[0]);
absbasedir = realpath(relbasedir, NULL);
} else {
basename = progpath;
absbasedir = malloc(PATH_MAX + 1);
ret = readlink("/proc/self/exe", absbasedir, PATH_MAX);
if (ret < 0) {
perror(__FILE__ ": readlink");
return 2;
}
absbasedir[ret] = '\0';
for (i = ret; i > 0; i--) {
if (absbasedir[i] == '/') {
absbasedir[i] = '\0';
if (++count == 2)
break;
}
}
}
if (absbasedir == NULL) {
perror(__FILE__ ": realpath");
return 2;
}
/* Fill in the relative paths */
#ifdef BR_CROSS_PATH_REL
ret = snprintf(path, sizeof(path), "%s/" BR_CROSS_PATH_REL "/%s" BR_CROSS_PATH_SUFFIX, absbasedir, basename);
#elif defined(BR_CROSS_PATH_ABS)
ret = snprintf(path, sizeof(path), BR_CROSS_PATH_ABS "/%s" BR_CROSS_PATH_SUFFIX, basename);
#else
ret = snprintf(path, sizeof(path), "%s/bin/%s" BR_CROSS_PATH_SUFFIX, absbasedir, basename);
#endif
if (ret >= sizeof(path)) {
perror(__FILE__ ": overflow");
return 3;
}
#ifdef BR_CCACHE
ret = snprintf(ccache_path, sizeof(ccache_path), "%s/bin/ccache", absbasedir);
if (ret >= sizeof(ccache_path)) {
perror(__FILE__ ": overflow");
return 3;
}
#endif
ret = snprintf(sysroot, sizeof(sysroot), "%s/" BR_SYSROOT, absbasedir);
if (ret >= sizeof(sysroot)) {
perror(__FILE__ ": overflow");
return 3;
}
cur = args = malloc(sizeof(predef_args) +
(sizeof(char *) * (argc + EXCLUSIVE_ARGS)));
if (args == NULL) {
perror(__FILE__ ": malloc");
return 2;
}
/* start with predefined args */
memcpy(cur, predef_args, sizeof(predef_args));
cur += sizeof(predef_args) / sizeof(predef_args[0]);
#ifdef BR_FLOAT_ABI
/* add float abi if not overridden in args */
for (i = 1; i < argc; i++) {
if (!strncmp(argv[i], "-mfloat-abi=", strlen("-mfloat-abi=")) ||
!strcmp(argv[i], "-msoft-float") ||
!strcmp(argv[i], "-mhard-float"))
break;
}
if (i == argc)
*cur++ = "-mfloat-abi=" BR_FLOAT_ABI;
#endif
#ifdef BR_FP32_MODE
/* add fp32 mode if soft-float is not args or hard-float overrides soft-float */
int add_fp32_mode = 1;
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-msoft-float"))
add_fp32_mode = 0;
else if (!strcmp(argv[i], "-mhard-float"))
add_fp32_mode = 1;
}
if (add_fp32_mode == 1)
*cur++ = "-mfp" BR_FP32_MODE;
#endif
#if defined(BR_ARCH) || \
defined(BR_CPU)
/* Add our -march/cpu flags, but only if none of
* -march/mtune/mcpu are already specified on the commandline
*/
for (i = 1; i < argc; i++) {
if (!strncmp(argv[i], "-march=", strlen("-march=")) ||
!strncmp(argv[i], "-mtune=", strlen("-mtune=")) ||
!strncmp(argv[i], "-mcpu=", strlen("-mcpu=" )))
break;
}
if (i == argc) {
#ifdef BR_ARCH
*cur++ = "-march=" BR_ARCH;
#endif
#ifdef BR_CPU
*cur++ = "-mcpu=" BR_CPU;
#endif
}
#endif /* ARCH || CPU */
if (parse_source_date_epoch_from_env()) {
*cur++ = _time_;
*cur++ = _date_;
/* This has existed since gcc-4.4.0. */
*cur++ = "-Wno-builtin-macro-redefined";
}
#ifdef BR2_RELRO_FULL
/* Patterned after Fedora/Gentoo hardening approaches.
* https://fedoraproject.org/wiki/Changes/Harden_All_Packages
* https://wiki.gentoo.org/wiki/Hardened/Toolchain#Position_Independent_Executables_.28PIEs.29
*
* A few checks are added to allow disabling of PIE
* 1) -fno-pie and -no-pie are used by other distros to disable PIE in
* cases where the compiler enables it by default. The logic below
* maintains that behavior.
* Ref: https://wiki.ubuntu.com/SecurityTeam/PIE
* 2) A check for -fno-PIE has been used in older Linux Kernel builds
* in a similar way to -fno-pie or -no-pie.
* 3) A check is added for Kernel and U-boot defines
* (-D__KERNEL__ and -D__UBOOT__).
*/
for (i = 1; i < argc; i++) {
/* Apply all incompatible link flag and disable checks first */
if (!strcmp(argv[i], "-r") ||
!strcmp(argv[i], "-Wl,-r") ||
!strcmp(argv[i], "-static") ||
!strcmp(argv[i], "-D__KERNEL__") ||
!strcmp(argv[i], "-D__UBOOT__") ||
!strcmp(argv[i], "-fno-pie") ||
!strcmp(argv[i], "-fno-PIE") ||
!strcmp(argv[i], "-no-pie"))
break;
/* Record that shared was present which disables -pie but don't
* break out of loop as a check needs to occur that possibly
* still allows -fPIE to be set
*/
if (!strcmp(argv[i], "-shared"))
found_shared = 1;
}
if (i == argc) {
/* Compile and link condition checking have been kept split
* between these two loops, as there maybe already are valid
* compile flags set for position independence. In that case
* the wrapper just adds the -pie for link.
*/
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-fpie") ||
!strcmp(argv[i], "-fPIE") ||
!strcmp(argv[i], "-fpic") ||
!strcmp(argv[i], "-fPIC"))
break;
}
/* Both args below can be set at compile/link time
* and are ignored correctly when not used
*/
if(i == argc)
*cur++ = "-fPIE";
if (!found_shared)
*cur++ = "-pie";
}
#endif
/* Are we building the Linux Kernel or U-Boot? */
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-D__KERNEL__") ||
!strcmp(argv[i], "-D__UBOOT__"))
break;
}
if (i == argc) {
/* https://wiki.gentoo.org/wiki/Hardened/Toolchain#Mark_Read-Only_Appropriate_Sections */
#ifdef BR2_RELRO_PARTIAL
*cur++ = "-Wl,-z,relro";
#endif
#ifdef BR2_RELRO_FULL
*cur++ = "-Wl,-z,now";
*cur++ = "-Wl,-z,relro";
#endif
}
paranoid_wrapper = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
if (paranoid_wrapper && strlen(paranoid_wrapper) > 0)
paranoid = 1;
else
paranoid = 0;
/* Check for unsafe library and header paths */
for (i = 1; i < argc; i++) {
const struct str_len_s *opt;
for (opt=unsafe_opts; opt->str; opt++ ) {
/* Skip any non-unsafe option. */
if (strncmp(argv[i], opt->str, opt->len))
continue;
/* Handle both cases:
* - path is a separate argument,
* - path is concatenated with option.
*/
if (argv[i][opt->len] == '\0') {
i++;
if (i == argc)
break;
check_unsafe_path(argv[i-1], argv[i], paranoid, 0);
} else
check_unsafe_path(argv[i], argv[i] + opt->len, paranoid, 1);
}
}
/* append forward args */
memcpy(cur, &argv[1], sizeof(char *) * (argc - 1));
cur += argc - 1;
/* finish with NULL termination */
*cur = NULL;
exec_args = args;
#ifdef BR_CCACHE
if (getenv("BR_NO_CCACHE"))
/* Skip the ccache call */
exec_args++;
#endif
/* Debug the wrapper to see actual arguments passed to
* the compiler:
* unset, empty, or 0: do not trace
* set to 1 : trace all arguments on a single line
* set to 2 : trace one argument per line
*/
if ((env_debug = getenv("BR2_DEBUG_WRAPPER"))) {
debug = atoi(env_debug);
if (debug > 0) {
fprintf(stderr, "Toolchain wrapper executing:");
#ifdef BR_CCACHE_HASH
fprintf(stderr, "%sCCACHE_COMPILERCHECK='string:" BR_CCACHE_HASH "'",
(debug == 2) ? "\n " : " ");
#endif
#ifdef BR_CCACHE_BASEDIR
fprintf(stderr, "%sCCACHE_BASEDIR='" BR_CCACHE_BASEDIR "'",
(debug == 2) ? "\n " : " ");
#endif
for (i = 0; exec_args[i]; i++)
fprintf(stderr, "%s'%s'",
(debug == 2) ? "\n " : " ", exec_args[i]);
fprintf(stderr, "\n");
}
}
#ifdef BR_CCACHE_HASH
/* Allow compilercheck to be overridden through the environment */
if (setenv("CCACHE_COMPILERCHECK", "string:" BR_CCACHE_HASH, 0)) {
perror(__FILE__ ": Failed to set CCACHE_COMPILERCHECK");
return 3;
}
#endif
#ifdef BR_CCACHE_BASEDIR
/* Allow compilercheck to be overridden through the environment */
if (setenv("CCACHE_BASEDIR", BR_CCACHE_BASEDIR, 0)) {
perror(__FILE__ ": Failed to set CCACHE_BASEDIR");
return 3;
}
#endif
if (execv(exec_args[0], exec_args))
perror(path);
free(args);
return 2;
}