diff options
| author | Robert Mustacchi <rm@joyent.com> | 2019-02-08 06:59:24 +0000 |
|---|---|---|
| committer | John Levon <john.levon@joyent.com> | 2019-10-29 16:22:06 +0000 |
| commit | b12258b69ac245658b0ca5ae070b3ff004186148 (patch) | |
| tree | de43eb89a1098f0a381f3a9c47c53c455b1866de | |
| parent | 241bfedfbd27da9d3f2aa7ffaafa5da978f23afe (diff) | |
| download | illumos-joyent-b12258b69ac245658b0ca5ae070b3ff004186148.tar.gz | |
11866 Use -fstack-protector-strong when available
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Approved by: Dan McDonald <danmcd@joyent.com>
| -rw-r--r-- | usr/src/uts/intel/Makefile.intel | 32 | ||||
| -rw-r--r-- | usr/src/uts/intel/qede/Makefile | 9 |
2 files changed, 39 insertions, 2 deletions
diff --git a/usr/src/uts/intel/Makefile.intel b/usr/src/uts/intel/Makefile.intel index ca1cce10d9..336f50de39 100644 --- a/usr/src/uts/intel/Makefile.intel +++ b/usr/src/uts/intel/Makefile.intel @@ -134,7 +134,37 @@ CFLAGS += $(SPACEFLAG) CFLAGS += $(CCUNBOUND) CFLAGS += $(CFLAGS_uts) CFLAGS += -xstrconst -CFLAGS += -_gcc=-fstack-protector + +# +# Options to control which version of stack-protector we enable. This +# gives us a bit of flexibility and is unfortunately necessary as some +# modules do not function correctly with our defaults (qede). +# +# o STACKPROTECT_ Sets the appropriate version for the compiler +# o STACKPROTECT_strong Sets us to use strong on all of the +# compilers it supports. This is the same +# as the default. +# +# o STACKPROTECT_none Disables the stack protector. +# +# o STACKPROTECT_all Enables it for everything. +# +# o STACKPROTECT_basic Enables the basic stack protector. +# +# -fstack-protector-strong is not available in our gcc4 which is why we +# have per-compiler versions below. +# +STACKPROTECT_ = -_gcc4=-fstack-protector +STACKPROTECT_ += -_gcc7=-fstack-protector-strong +STACKPROTECT_ += -_gcc8=-fstack-protector-strong +STACKPROTECT_ += -_gcc9=-fstack-protector-strong + +STACKPROTECT_strong = $(STACKPROTECT_) +STACKPROTECT_none = -_gcc=-fstack-protector-none +STACKPROTECT_all = -_gcc=-fstack-protector-all +STACKPROTECT_basic = -_gcc=-fstack-protector + +CFLAGS += $(STACKPROTECT_$(STACKPROTECT)) ASFLAGS_XARCH_32 = $(i386_ASFLAGS) ASFLAGS_XARCH_64 = $(amd64_ASFLAGS) diff --git a/usr/src/uts/intel/qede/Makefile b/usr/src/uts/intel/qede/Makefile index 1ac554f074..9fdf8cca18 100644 --- a/usr/src/uts/intel/qede/Makefile +++ b/usr/src/uts/intel/qede/Makefile @@ -10,7 +10,7 @@ # # -# Copyright (c) 2018, Joyent, Inc. +# Copyright 2019 Joyent, Inc. # UTSBASE = ../.. @@ -54,6 +54,13 @@ SMOFF += all_func_returns,indenting,no_if_block,deref_check,testing_index_after_ # real bug in qede_multicast() $(OBJS_DIR)/qede_gld.o := SMOFF += assign_vs_compare +# +# Unfortunately the default use of -fstack-protector-strong breaks the +# qede module. For the time being limit its use of stack-protector to +# the basic form (-fstack-protector). +# +STACKPROTECT=basic + ALL_TARGET = $(BINARY) $(CONFMOD) INSTALL_TARGET = $(BINARY) $(ROOTMODULE) $(ROOT_CONFFILE) |