From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@linaro.org>
Subject: Re: [PATCH v2] Fix building error
Date: Fri, 23 Jan 2015 11:34:40 +0000
Message-ID: <54C231D0.8010803@linaro.org>
References: <1417435968.29138.19.camel@citrix.com>	<1417443665-30809-1-git-send-email-euan.harris@citrix.com>	<54B73658.6030309@cn.fujitsu.com>
	<20150115075746.GA22946@aepfle.de>	<54B7829A.4080902@cn.fujitsu.com>
	<20150115092132.GA15492@aepfle.de>	<54B78828.3000509@cn.fujitsu.com>
	<54B78967.7090604@cn.fujitsu.com>	<21687.41950.236527.898465@mariner.uk.xensource.com>
	<1421681028.10440.108.camel@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1421681028.10440.108.camel@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <Ian.Campbell@citrix.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: Olaf Hering <olaf@aepfle.de>, Euan Harris <euan.harris@citrix.com>, Wen Congyang <wency@cn.fujitsu.com>, xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

Hi,

On 19/01/15 15:23, Ian Campbell wrote:
> On Thu, 2015-01-15 at 11:26 +0000, Ian Jackson wrote:
>> Wen Congyang writes ("[PATCH v2] Fix building error"):
>>>  ifeq ($(debug),y)
>>>  # Disable optimizations and enable debugging information for macros
>>>  CFLAGS += -O0 -g3
>>> +# _FORTIFY_SOURCE requires compiling with optimization
>>> +CFLAGS += -Wp,-U_FORTIFY_SOURCE
>>
>> I'm not entirely convinced about this.  I have two kinds of concern:
>>
>> One is practical, which is that ATM AIUI a debug build, while not
>> intended for production use, is not any less secure.  (Leaving aside
>> the ability of guests to perform a DoS with copious debugging output.)
>>
>> The other is that we seem to be entering into a battle of escalation
>> between various Makefiles.  Specifically, this seems to be a
>> workaround for a bug in some other Makefiles we are using: the bug
>> being that these other Makefiles can't cope with -O0.  And
>> unconditionally squashing the other Makefiles' options seems like a
>> big hammer.
>>
>> The fact that Fortify doesn't support -O0 is a property of Fortify
>> which ought to be encoded in Fortify (or the places where it is
>> enabled).
>>
>> Assuming that the underlying bug is intractible
> 
> I think so, see <54B73623.9040503@cn.fujitsu.com>. I suppose one could
> enter into a dialogue with Fedora about the practice of enabling these
> flags for all Python modules built on a Fedora system vs. just those
> built via RPM etc.

FWIW, I get the same error when building tools on OpenSuse.

I would find annoying to manually override the CFLAGS everytime I have
to build Xen.

Regards,

-- 
Julien Grall