[gentoo-commits] repo/gentoo:master commit in: eclass/

Sam James Sat, 07 Dec 2024 17:11:46 -0800

commit:     f82ed28a4cbf188cac0d20175d7fea963a742e25
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  7 23:36:33 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Dec  8 00:49:35 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f82ed28a


toolchain.eclass: disable CET if stage 1 compiler is Clang and -march=native

It's too much hassle to make this edge-case work for now (not really
worth it given kind of niche, not like glibc even defaults to enforcement
yet or even has a mechanism to set a default) and I've filed a bug upstream.

The problem with my previous approach (even after then trying STAGE1_TFLAGS)
is that w/ --enable-cet or bootstrap-cet at least, we end up adding
-fcf-protection after our added -fcf-protection=none.

This partly reverts commit ec6ccd63bb77770eeeb8eb220d66efafc91ac572.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 eclass/toolchain.eclass | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass
index 565a2f359488..8e91816735a9 100644
--- a/eclass/toolchain.eclass
+++ b/eclass/toolchain.eclass
@@ -775,7 +775,7 @@ tc_enable_hardened_gcc() {
                hardened_gcc_flags+=" -DDEF_GENTOO_ZNOW"
        fi
 
-       if _tc_use_if_iuse cet && [[ ${CTARGET} == *x86_64*-linux-gnu* ]] ; then
+       if _tc_use_if_iuse cet && [[ -z ${CLANG_DISABLE_CET_HACK} && ${CTARGET} 
== *x86_64*-linux-gnu* ]] ; then
                einfo "Updating gcc to use x86-64 control flow protection by 
default ..."
                hardened_gcc_flags+=" -DEXTRA_OPTIONS_CF"
        fi
@@ -1149,6 +1149,11 @@ toolchain_src_configure() {
                export ac_cv_std_swap_in_utility=no
        fi
 
+       # Workaround -march=native not working for stage1 with non-GCC (bug 
#933772).
+       if ! tc-is-gcc && [[ "${CFLAGS}${CXXFLAGS}" == *-march=native* ]] ; then
+               CLANG_DISABLE_CET_HACK=1
+       fi
+
        local flag
        for flag in $(all-flag-vars) ; do
                einfo "${flag}=\"${!flag}\""
@@ -1308,7 +1313,7 @@ toolchain_src_configure() {
                BUILD_CONFIG_TARGETS+=( bootstrap-lto )
        fi
 
-       if tc_version_is_at_least 12 && _tc_use_if_iuse cet && [[ ${CTARGET} == 
x86_64-*-gnu* ]] ; then
+       if tc_version_is_at_least 12 && _tc_use_if_iuse cet && [[ -z 
${CLANG_DISABLE_CET_HACK} && ${CTARGET} == x86_64-*-gnu* ]] ; then
                BUILD_CONFIG_TARGETS+=( bootstrap-cet )
        fi
 
@@ -1694,7 +1699,7 @@ toolchain_src_configure() {
 
                enable_cet_for 'x86_64' 'gnu' 'cet'
                enable_cet_for 'aarch64' 'gnu' 'standard-branch-protection'
-               [[ ${CTARGET} == i[34567]86-* ]] && confgcc+=( --disable-cet )
+               [[ -n ${CLANG_DISABLE_CET_HACK} || ${CTARGET} == i[34567]86-* 
]] && confgcc+=( --disable-cet )
        fi
 
        if in_iuse systemtap ; then
@@ -2261,13 +2266,6 @@ gcc_do_make() {
                        STAGE1_CXXFLAGS="-O2"
                fi
 
-               # Workaround -march=native not working for stage1 with
-               # non-GCC (bug #933772).
-               if ! tc-is-gcc ; then
-                       STAGE1_CFLAGS+=" $(test-flags-CC -fcf-protection=none)"
-                       STAGE1_CXXFLAGS+=" $(test-flags-CXX 
-fcf-protection=none)"
-               fi
-
                # We only want to use the system's CFLAGS if not building a
                # cross-compiler.
                STAGE1_CFLAGS=${STAGE1_CFLAGS-"$(get_abi_CFLAGS 
${TARGET_DEFAULT_ABI}) ${CFLAGS}"}

[gentoo-commits] repo/gentoo:master commit in: eclass/

Reply via email to