From: "Jory A. Pratt" <anarchy@gentoo.org>
To: "akpm@linux-foundation.org" <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
hardened-dev@gentoo.org
Subject: [PATCH] Fix cc1 options check to ensure we do not use -fPIC when compiling
Date: Tue, 08 Sep 2009 19:47:21 -0500 [thread overview]
Message-ID: <4AA6FB19.5020800@gentoo.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 804 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have sent this to the lkml, it seems to have been pushed to the back
burner. This is a major issue effecting users/developers that are
working on a much more security enhanced system. This means any gentoo
user running a hardened toolchain will have problems building a kernel
that works as expect. This patch does nothing but pass the macro
- -D__KERNEL__ to ensure that hardened toolchain drops back to that of a
vanilla toolchain to prevent unexpected compile problems in the kernel.
Jory
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkqm+xkACgkQwnA7Q1Z0YScE9QCbBA+cHQ4Q92Ajl3DKbBqEKQT+
VPUAoKFMx2dQQI7+fGWJWaqoNS7MK1sc
=67Hv
-----END PGP SIGNATURE-----
[-- Attachment #2: fix-cc-options-test-to-ensure-we-do-not-step-on-compile-flags.patch --]
[-- Type: text/plain, Size: 1321 bytes --]
The arch/*/boot/Makefile use cc-options to check for GCC command options and
cc-options use the hardened specs when checking for GCC command options.
When -fPIE is pass to cc1 it can't use -ffreestanding or -fno-toplevel-reorder.
Then it fail to build stuff with -ffreestanding and -fno-toplevel-reorder.
Thanks to Fredric Johansson <johansson_fredric@hotmail.com> for finding the main
problem behind a failed build using a hardened toolchain.
Signed-off-by: Magnus Granberg <zorry@ume.nu>
Signed-off-by: Jory A. Pratt <anarchy@gentoo.org>
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
index c29be8f..43300b3 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
@@ -105,12 +105,12 @@ as-instr = $(call try-run,\
# Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586)
cc-option = $(call try-run,\
- $(CC) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",$(1),$(2))
+ $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",$(1),$(2))
# cc-option-yn
# Usage: flag := $(call cc-option-yn,-march=winchip-c6)
cc-option-yn = $(call try-run,\
- $(CC) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",y,n)
+ $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",y,n)
# cc-option-align
# Prefix align with either -falign or -malign
next reply other threads:[~2009-09-09 0:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-09 0:47 Jory A. Pratt [this message]
2009-09-09 1:02 ` [PATCH] Fix cc1 options check to ensure we do not use -fPIC when compiling H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AA6FB19.5020800@gentoo.org \
--to=anarchy@gentoo.org \
--cc=akpm@linux-foundation.org \
--cc=hardened-dev@gentoo.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.