On 02.12.2024 09:06, Jan Beulich wrote: > On 30.11.2024 02:10, Volodymyr Babchuk wrote: >> This patch is preparation for making stack protector >> configurable. First step is to remove -fno-stack-protector flag from >> EMBEDDED_EXTRA_CFLAGS so separate projects (Hypervisor in this case) >> can enable/disable this feature by themselves. > > s/projects/components/ ? > >> --- a/stubdom/Makefile >> +++ b/stubdom/Makefile >> @@ -54,6 +54,8 @@ TARGET_CFLAGS += $(CFLAGS) >> TARGET_CPPFLAGS += $(CPPFLAGS) >> $(call cc-options-add,TARGET_CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) >> >> +$(call cc-option-add,TARGET_CFLAGS,CC,-fno-stack-protector) >> + >> # Do not use host headers and libs >> GCC_INSTALL = $(shell LANG=C gcc -print-search-dirs | sed -n -e 's/install: >> \(.*\)/\1/p') >> TARGET_CPPFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ >> --- a/tools/firmware/Rules.mk >> +++ b/tools/firmware/Rules.mk >> @@ -15,6 +15,8 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) >> >> $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) >> >> +$(call cc-option-add,CFLAGS,CC,-fno-stack-protector) >> + >> # Do not add the .note.gnu.property section to any of the firmware objects: >> it >> # breaks the rombios binary and is not useful for firmware anyway. >> $(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) >> --- a/tools/tests/x86_emulator/testcase.mk >> +++ b/tools/tests/x86_emulator/testcase.mk >> @@ -4,6 +4,8 @@ include $(XEN_ROOT)/tools/Rules.mk >> >> $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) >> >> +$(call cc-option-add,CFLAGS,CC,-fno-stack-protector) > > Is use of cc-option-add really necessary throughout here, when ... > >> --- a/xen/Makefile >> +++ b/xen/Makefile >> @@ -432,6 +432,8 @@ else >> CFLAGS_UBSAN := >> endif >> >> +CFLAGS += -fno-stack-protector > > ... is isn't needed here? Iirc the compiler version ranges supported don't > vary between components. Then again afaics $(EMBEDDED_EXTRA_CFLAGS) is used > by x86 only right now, and with cc-options-add, so perhaps it (a) needs > using cc-options-add here, too, and (b) it wants explaining why this needs > generalizing from x86 to all architectures. Quite possibly hypervisor use > of $(EMBEDDED_EXTRA_CFLAGS) may want generalizing separately, up front?
Correction: Except for PPC all architectures consume $(EMBEDDED_EXTRA_CFLAGS) right now. So the moving is less of a generalization than I first thought. I still need to get used to passing -R (rather than -r) to grep, to find all instances I'm after ... Jan
