diff options
| author | Robert Mustacchi <rm@joyent.com> | 2019-02-08 06:59:24 +0000 |
|---|---|---|
| committer | Robert Mustacchi <rm@joyent.com> | 2019-08-19 17:49:53 +0000 |
| commit | edccf53a08a5dc2a1536d248367ab3aaf477ae60 (patch) | |
| tree | 610670307d8605b1bb96c492fc6872485a66d01f /usr/src | |
| parent | 289a9bb49771505b864985403334d2f94f0ca3ec (diff) | |
| download | illumos-joyent-edccf53a08a5dc2a1536d248367ab3aaf477ae60.tar.gz | |
OS-7620 Use -fstack-protector-strong when available
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>
Approved by: John Levon <john.levon@joyent.com>
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/uts/intel/Makefile.intel | 31 | ||||
| -rw-r--r-- | usr/src/uts/intel/qede/Makefile | 9 |
2 files changed, 38 insertions, 2 deletions
diff --git a/usr/src/uts/intel/Makefile.intel b/usr/src/uts/intel/Makefile.intel index 5fd0439014..32f5ff1bad 100644 --- a/usr/src/uts/intel/Makefile.intel +++ b/usr/src/uts/intel/Makefile.intel @@ -135,7 +135,36 @@ CFLAGS += $(SPACEFLAG) CFLAGS += $(CCUNBOUND) CFLAGS += $(CFLAGS_uts) CFLAGS += -xstrconst -CFLAGS += -_gcc=-fstack-protector + +# +# Options to control which version of stack-protector we enable. This +# gives us a bit of flexibility and is unfortunately necessary as some +# modules do not function correctly with our defaults (qede). +# +# o STACKPROTECT_ Sets the appropriate version for the compiler +# o STACKPROTECT_strong Sets us to use strong on all of the +# compilers it supports. This is the same +# as the default. +# +# o STACKPROTECT_none Disables the stack protector. +# +# o STACKPROTECT_all Enables it for everything. +# +# o STACKPROTECT_basic Enables the basic stack protector. +# +# -fstack-protector-strong is not available in our gcc4 which is why we +# have per-compiler versions below. +# +STACKPROTECT_ = -_gcc4=-fstack-protector +STACKPROTECT_ += -_gcc7=-fstack-protector-strong +STACKPROTECT_ += -_gcc8=-fstack-protector-strong + +STACKPROTECT_strong = $(STACKPROTECT_) +STACKPROTECT_none = -_gcc=-fstack-protector-none +STACKPROTECT_all = -_gcc=-fstack-protector-all +STACKPROTECT_basic = -_gcc=-fstack-protector + +CFLAGS += $(STACKPROTECT_$(STACKPROTECT)) ASFLAGS_XARCH_32 = $(i386_ASFLAGS) ASFLAGS_XARCH_64 = $(amd64_ASFLAGS) diff --git a/usr/src/uts/intel/qede/Makefile b/usr/src/uts/intel/qede/Makefile index 1ac554f074..9fdf8cca18 100644 --- a/usr/src/uts/intel/qede/Makefile +++ b/usr/src/uts/intel/qede/Makefile @@ -10,7 +10,7 @@ # # -# Copyright (c) 2018, Joyent, Inc. +# Copyright 2019 Joyent, Inc. # UTSBASE = ../.. @@ -54,6 +54,13 @@ SMOFF += all_func_returns,indenting,no_if_block,deref_check,testing_index_after_ # real bug in qede_multicast() $(OBJS_DIR)/qede_gld.o := SMOFF += assign_vs_compare +# +# Unfortunately the default use of -fstack-protector-strong breaks the +# qede module. For the time being limit its use of stack-protector to +# the basic form (-fstack-protector). +# +STACKPROTECT=basic + ALL_TARGET = $(BINARY) $(CONFMOD) INSTALL_TARGET = $(BINARY) $(ROOTMODULE) $(ROOT_CONFFILE) |