toolchain: refactor Stack Smashing Protection support

This commit refactors how Stack Smashing Protection support is handled
in Buildroot:

 *) It turns the BR2_TOOLCHAIN_BUILDROOT_USE_SSP option into an option
    that only enables the SSP support in uClibc, when using the internal
    toolchain backend.

 *) It adds an hidden BR2_TOOLCHAIN_HAS_SSP option that gets enabled
    when the toolchain has SSP support. Here we have the usual dance:
    glibc/eglibc in internal/external backend always select this
    option, in the case of uClibc/internal, it gets selected when
    BR2_TOOLCHAIN_BUILDROOT_USE_SSP is enabled, in the case of
    uClibc/external, there is a new configuration option that the user
    must select (or not) depending on whether the toolchain has SSP
    support.

 *) It adds a new options BR2_ENABLE_SSP in the "Build options" menu,
    to enable the usage of SSP support, by adding
    -fstack-protector-all to the CFLAGS.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>

1 files changed, 17 insertions, 0 deletions

diff --git a/Config.in b/Config.in
index 1b30ce1dba..af720ec16f 100644
--- a/Config.in
+++ b/Config.in
@@ -402,6 +402,23 @@ config BR2_OPTIMIZE_S
 
 endchoice
 
+config BR2_ENABLE_SSP
+	bool "build code with Stack Smashing Protection"
+	depends on BR2_TOOLCHAIN_HAS_SSP
+	help
+	  Enable stack smashing protection support using GCCs
+	  -fstack-protector-all option.
+
+	  See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
+          for details.
+
+	  Note that this requires the toolchain to have SSP
+	  support. This is always the case for glibc and eglibc
+	  toolchain, but is optional in uClibc toolchains.
+
+comment "enabling Stack Smashing Protection requires support in the toolchain"
+	depends on !BR2_TOOLCHAIN_HAS_SSP
+
 config BR2_PREFER_STATIC_LIB
 	bool "prefer static libraries"
 	help