This patch is preparation for making stack protector
configurable. First step is to remove -fno-stack-protector flag from
EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case)
can enable/disable this feature by themselves.
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---
Changes in v3:
- Reword commit message
- Use CFLAGS += instead of cc-optios-add
Changes in v2:
- New in v2
---
Config.mk | 2 +-
stubdom/Makefile | 3 +++
tools/firmware/Rules.mk | 2 ++
tools/tests/x86_emulator/testcase.mk | 2 +-
xen/Makefile | 2 ++
5 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/Config.mk b/Config.mk
index fa0414055b..c9fef4659f 100644
--- a/Config.mk
+++ b/Config.mk
@@ -190,7 +190,7 @@ endif
APPEND_LDFLAGS += $(foreach i, $(APPEND_LIB), -L$(i))
APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
-EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector
+EMBEDDED_EXTRA_CFLAGS := -fno-pie
EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles
diff --git a/stubdom/Makefile b/stubdom/Makefile
index 2a81af28a1..4c9186499d 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -14,6 +14,8 @@ export debug=y
# Moved from config/StdGNU.mk
CFLAGS += -O1 -fno-omit-frame-pointer
+CFLAGS += -fno-stack-protector
+
ifeq (,$(findstring clean,$(MAKECMDGOALS)))
ifeq ($(wildcard $(MINI_OS)/Config.mk),)
$(error Please run 'make mini-os-dir' in top-level directory)
@@ -54,6 +56,7 @@ TARGET_CFLAGS += $(CFLAGS)
TARGET_CPPFLAGS += $(CPPFLAGS)
$(call cc-options-add,TARGET_CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS))
+
# Do not use host headers and libs
GCC_INSTALL = $(shell LANG=C gcc -print-search-dirs | sed -n -e 's/install: \(.*\)/\1/p')
TARGET_CPPFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__
diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk
index d3482c9ec4..be2692695d 100644
--- a/tools/firmware/Rules.mk
+++ b/tools/firmware/Rules.mk
@@ -11,6 +11,8 @@ ifneq ($(debug),y)
CFLAGS += -DNDEBUG
endif
+CFLAGS += -fno-stack-protector
+
$(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS))
$(call cc-option-add,CFLAGS,CC,-fcf-protection=none)
diff --git a/tools/tests/x86_emulator/testcase.mk b/tools/tests/x86_emulator/testcase.mk
index fc95e24589..7875b95d7c 100644
--- a/tools/tests/x86_emulator/testcase.mk
+++ b/tools/tests/x86_emulator/testcase.mk
@@ -4,7 +4,7 @@ include $(XEN_ROOT)/tools/Rules.mk
$(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS))
-CFLAGS += -fno-builtin -g0 $($(TESTCASE)-cflags)
+CFLAGS += -fno-builtin -fno-stack-protector -g0 $($(TESTCASE)-cflags)
LDFLAGS_DIRECT += $(shell { $(LD) -v --warn-rwx-segments; } >/dev/null 2>&1 && echo --no-warn-rwx-segments)
diff --git a/xen/Makefile b/xen/Makefile
index 2e1a925c84..34ed8c0fc7 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -432,6 +432,8 @@ else
CFLAGS_UBSAN :=
endif
+CFLAGS += -fno-stack-protector
+
ifeq ($(CONFIG_LTO),y)
CFLAGS += -flto
LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so
--
2.47.1On 11/12/2024 2:04 am, Volodymyr Babchuk wrote: > This patch is preparation for making stack protector > configurable. First step is to remove -fno-stack-protector flag from > EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case) > can enable/disable this feature by themselves. > > Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> This doesn't build on x86. You need this hunk too, diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index d45787665907..ff0d61d7ac39 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -17,6 +17,7 @@ obj32 := $(addprefix $(obj)/,$(obj32)) CFLAGS_x86_32 := $(subst -m64,-m32 -march=i686,$(XEN_TREEWIDE_CFLAGS)) $(call cc-options-add,CFLAGS_x86_32,CC,$(EMBEDDED_EXTRA_CFLAGS)) CFLAGS_x86_32 += -Werror -fno-builtin -g0 -msoft-float -mregparm=3 +CFLAGS_x86_32 += -fno-stack-protector CFLAGS_x86_32 += -nostdinc -include $(filter %/include/xen/config.h,$(XEN_CFLAGS)) CFLAGS_x86_32 += $(filter -I% -O%,$(XEN_CFLAGS)) -D__XEN__ because CFLAGS_x86_32 really was using -fno-stack-protector to override the compilers inbuilt choice. ~Andrew
On 11.12.2024 03:04, Volodymyr Babchuk wrote: > This patch is preparation for making stack protector > configurable. First step is to remove -fno-stack-protector flag from > EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case) > can enable/disable this feature by themselves. > > Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> with ... > --- a/stubdom/Makefile > +++ b/stubdom/Makefile > @@ -14,6 +14,8 @@ export debug=y > # Moved from config/StdGNU.mk > CFLAGS += -O1 -fno-omit-frame-pointer > > +CFLAGS += -fno-stack-protector > + > ifeq (,$(findstring clean,$(MAKECMDGOALS))) > ifeq ($(wildcard $(MINI_OS)/Config.mk),) > $(error Please run 'make mini-os-dir' in top-level directory) > @@ -54,6 +56,7 @@ TARGET_CFLAGS += $(CFLAGS) > TARGET_CPPFLAGS += $(CPPFLAGS) > $(call cc-options-add,TARGET_CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) > > + > # Do not use host headers and libs > GCC_INSTALL = $(shell LANG=C gcc -print-search-dirs | sed -n -e 's/install: \(.*\)/\1/p') > TARGET_CPPFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ ... this stray (and wrong) hunk dropped. Can likely be done while committing. Jan
© 2016 - 2024 Red Hat, Inc.