diff options
author | Benjamin Herrenschmidt <benh@kernel.crashing.org> | 2017-12-20 13:16:21 +1100 |
---|---|---|
committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-20 22:15:36 -0600 |
commit | c7f2fab5c7854b11da909e79dd6c835d6ab91754 (patch) | |
tree | 5c16bd1935d557c71a0c68dd0fb6c2ebccb8b845 /Makefile.main | |
parent | f23d6c626bd657e967347bda872242427b0d9221 (diff) | |
download | skiboot-c7f2fab5c7854b11da909e79dd6c835d6ab91754.zip skiboot-c7f2fab5c7854b11da909e79dd6c835d6ab91754.tar.gz skiboot-c7f2fab5c7854b11da909e79dd6c835d6ab91754.tar.bz2 |
Add support for new gcc 7 parametrized stack protector
This gives us per-cpu guard values as well. For now I just
xor a magic constant with the CPU PIR value.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'Makefile.main')
-rw-r--r-- | Makefile.main | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/Makefile.main b/Makefile.main index 31cbab7..516afdd 100644 --- a/Makefile.main +++ b/Makefile.main @@ -19,6 +19,7 @@ try = $(shell set -e; if ($(1)) >/dev/null 2>&1; \ else echo "$(3)"; fi ) try-cflag = $(call try,$(1) $(2) -x c -c /dev/null -o /dev/null,$(2)) +test_cflag = $(call try,$(1) $(2) -x c -c /dev/null -o /dev/null,1,0) # Base warnings CWARNS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ @@ -90,20 +91,29 @@ else VALGRIND := endif -# Stack protector disabled for now. gcc tends to use the TLS to -# access the canary (depending on how gcc was built), and this won't -# work for us. -# +# Check if the new parametrized stack protector option is supported +# by gcc, otherwise disable stack protector +STACK_PROT_CFLAGS := -mstack-protector-guard=tls -mstack-protector-guard-reg=r13 +STACK_PROT_CFLAGS += -mstack-protector-guard-offset=0 +HAS_STACK_PROT := $(call test_cflag,$(CC),$(STACK_PROT_CFLAGS)) + ifeq ($(STACK_CHECK),1) -#CFLAGS += -fstack-protector-all -pg -CFLAGS += -fno-stack-protector -pg +STACK_PROT_CFLAGS += -fstack-protector-all CPPFLAGS += -DSTACK_CHECK_ENABLED +CFLAGS += -pg +else +STACK_PROT_CFLAGS += -fstack-protector +STACK_PROT_CFLAGS += $(call try-cflag,$(CC),-fstack-protector-strong) +endif + +ifeq ($(HAS_STACK_PROT),1) +CPPFLAGS += -DHAS_STACK_PROT +CFLAGS += $(STACK_PROT_CFLAGS) else CFLAGS += -fno-stack-protector -#CFLAGS += -fstack-protector -#CFLAGS += $(call try-cflag,$(CC),-fstack-protector-strong) endif + CFLAGS += $(call try-cflag,$(CC),-Wjump-misses-init) \ $(call try-cflag,$(CC),-Wsuggest-attribute=const) \ $(call try-cflag,$(CC),-Wsuggest-attribute=noreturn) \ |