| Message ID | 20241211020424.401614-2-volodymyr_babchuk@epam.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Add stack protector | expand |
On 11.12.2024 03:04, Volodymyr Babchuk wrote: > This patch is preparation for making stack protector > configurable. First step is to remove -fno-stack-protector flag from > EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case) > can enable/disable this feature by themselves. > > Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> with ... > --- a/stubdom/Makefile > +++ b/stubdom/Makefile > @@ -14,6 +14,8 @@ export debug=y > # Moved from config/StdGNU.mk > CFLAGS += -O1 -fno-omit-frame-pointer > > +CFLAGS += -fno-stack-protector > + > ifeq (,$(findstring clean,$(MAKECMDGOALS))) > ifeq ($(wildcard $(MINI_OS)/Config.mk),) > $(error Please run 'make mini-os-dir' in top-level directory) > @@ -54,6 +56,7 @@ TARGET_CFLAGS += $(CFLAGS) > TARGET_CPPFLAGS += $(CPPFLAGS) > $(call cc-options-add,TARGET_CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) > > + > # Do not use host headers and libs > GCC_INSTALL = $(shell LANG=C gcc -print-search-dirs | sed -n -e 's/install: \(.*\)/\1/p') > TARGET_CPPFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ ... this stray (and wrong) hunk dropped. Can likely be done while committing. Jan
On 11/12/2024 2:04 am, Volodymyr Babchuk wrote: > This patch is preparation for making stack protector > configurable. First step is to remove -fno-stack-protector flag from > EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case) > can enable/disable this feature by themselves. > > Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> This doesn't build on x86. You need this hunk too, diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index d45787665907..ff0d61d7ac39 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -17,6 +17,7 @@ obj32 := $(addprefix $(obj)/,$(obj32)) CFLAGS_x86_32 := $(subst -m64,-m32 -march=i686,$(XEN_TREEWIDE_CFLAGS)) $(call cc-options-add,CFLAGS_x86_32,CC,$(EMBEDDED_EXTRA_CFLAGS)) CFLAGS_x86_32 += -Werror -fno-builtin -g0 -msoft-float -mregparm=3 +CFLAGS_x86_32 += -fno-stack-protector CFLAGS_x86_32 += -nostdinc -include $(filter %/include/xen/config.h,$(XEN_CFLAGS)) CFLAGS_x86_32 += $(filter -I% -O%,$(XEN_CFLAGS)) -D__XEN__ because CFLAGS_x86_32 really was using -fno-stack-protector to override the compilers inbuilt choice. ~Andrew
diff --git a/Config.mk b/Config.mk index fa0414055b..c9fef4659f 100644 --- a/Config.mk +++ b/Config.mk @@ -190,7 +190,7 @@ endif APPEND_LDFLAGS += $(foreach i, $(APPEND_LIB), -L$(i)) APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) -EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector +EMBEDDED_EXTRA_CFLAGS := -fno-pie EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles diff --git a/stubdom/Makefile b/stubdom/Makefile index 2a81af28a1..4c9186499d 100644 --- a/stubdom/Makefile +++ b/stubdom/Makefile @@ -14,6 +14,8 @@ export debug=y # Moved from config/StdGNU.mk CFLAGS += -O1 -fno-omit-frame-pointer +CFLAGS += -fno-stack-protector + ifeq (,$(findstring clean,$(MAKECMDGOALS))) ifeq ($(wildcard $(MINI_OS)/Config.mk),) $(error Please run 'make mini-os-dir' in top-level directory) @@ -54,6 +56,7 @@ TARGET_CFLAGS += $(CFLAGS) TARGET_CPPFLAGS += $(CPPFLAGS) $(call cc-options-add,TARGET_CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) + # Do not use host headers and libs GCC_INSTALL = $(shell LANG=C gcc -print-search-dirs | sed -n -e 's/install: \(.*\)/\1/p') TARGET_CPPFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index d3482c9ec4..be2692695d 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -11,6 +11,8 @@ ifneq ($(debug),y) CFLAGS += -DNDEBUG endif +CFLAGS += -fno-stack-protector + $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) diff --git a/tools/tests/x86_emulator/testcase.mk b/tools/tests/x86_emulator/testcase.mk index fc95e24589..7875b95d7c 100644 --- a/tools/tests/x86_emulator/testcase.mk +++ b/tools/tests/x86_emulator/testcase.mk @@ -4,7 +4,7 @@ include $(XEN_ROOT)/tools/Rules.mk $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) -CFLAGS += -fno-builtin -g0 $($(TESTCASE)-cflags) +CFLAGS += -fno-builtin -fno-stack-protector -g0 $($(TESTCASE)-cflags) LDFLAGS_DIRECT += $(shell { $(LD) -v --warn-rwx-segments; } >/dev/null 2>&1 && echo --no-warn-rwx-segments) diff --git a/xen/Makefile b/xen/Makefile index 2e1a925c84..34ed8c0fc7 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -432,6 +432,8 @@ else CFLAGS_UBSAN := endif +CFLAGS += -fno-stack-protector + ifeq ($(CONFIG_LTO),y) CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so
This patch is preparation for making stack protector configurable. First step is to remove -fno-stack-protector flag from EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case) can enable/disable this feature by themselves. Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> --- Changes in v3: - Reword commit message - Use CFLAGS += instead of cc-optios-add Changes in v2: - New in v2 --- Config.mk | 2 +- stubdom/Makefile | 3 +++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 +- xen/Makefile | 2 ++ 5 files changed, 9 insertions(+), 2 deletions(-)