Changeset View
Changeset View
Standalone View
Standalone View
sys/conf/kern.mk
Show First 20 Lines • Show All 197 Lines • ▼ Show 20 Lines | |||||
# | # | ||||
CFLAGS+= -ffreestanding | CFLAGS+= -ffreestanding | ||||
# | # | ||||
# The C standard leaves signed integer overflow behavior undefined. | # The C standard leaves signed integer overflow behavior undefined. | ||||
# gcc and clang opimizers take advantage of this. The kernel makes | # gcc and clang opimizers take advantage of this. The kernel makes | ||||
# use of signed integer wraparound mechanics so we need the compiler | # use of signed integer wraparound mechanics so we need the compiler | ||||
# to treat it as a wraparound and not take shortcuts. | # to treat it as a wraparound and not take shortcuts. | ||||
# | # | ||||
CFLAGS+= -fwrapv | CFLAGS+= -fwrapv | ||||
# | # | ||||
# GCC SSP support | # GCC SSP support | ||||
# | # | ||||
.if ${MK_SSP} != "no" && \ | .if ${MK_SSP} != "no" && \ | ||||
${MACHINE_CPUARCH} != "arm" && ${MACHINE_CPUARCH} != "mips" | ${MACHINE_CPUARCH} != "arm" && ${MACHINE_CPUARCH} != "mips" | ||||
CFLAGS+= -fstack-protector | CFLAGS+= -fstack-protector | ||||
.endif | .endif | ||||
# | # | ||||
# Retpoline speculative execution vulnerability mitigation (CVE-2017-5715) | |||||
# | |||||
.if defined(COMPILER_FEATURES) && ${COMPILER_FEATURES:Mretpoline} != "" && \ | |||||
${MK_KERNEL_RETPOLINE} != "no" | |||||
dim: Ehm, should you not check `${COMPILER_FEATURES:Mretpoline}` here? Or maybe both… | |||||
CFLAGS+= -mretpoline | |||||
.endif | |||||
Not Done Inline ActionsCanonical use is .if defined(COMPILER_FEATURES) and if COMPILER_FEATURES is unset the feature is assumed to not exist. In this case I'd rather produce an error if the feature is requested but not available, and if COMPILER_FEATURES is unset for any reason just try to set -mretpoline. We should not silently fail to apply a requested security mitigation. emaste: Canonical use is `.if defined(COMPILER_FEATURES)` and if `COMPILER_FEATURES` is unset the… | |||||
# | |||||
# Add -gdwarf-2 when compiling -g. The default starting in clang v3.4 | # Add -gdwarf-2 when compiling -g. The default starting in clang v3.4 | ||||
# and gcc 4.8 is to generate DWARF version 4. However, our tools don't | # and gcc 4.8 is to generate DWARF version 4. However, our tools don't | ||||
# cope well with DWARF 4, so force it to genereate DWARF2, which they | # cope well with DWARF 4, so force it to genereate DWARF2, which they | ||||
# understand. Do this unconditionally as it is harmless when not needed, | # understand. Do this unconditionally as it is harmless when not needed, | ||||
# but critical for these newer versions. | # but critical for these newer versions. | ||||
# | # | ||||
.if ${CFLAGS:M-g} != "" && ${CFLAGS:M-gdwarf*} == "" | .if ${CFLAGS:M-g} != "" && ${CFLAGS:M-gdwarf*} == "" | ||||
CFLAGS+= -gdwarf-2 | CFLAGS+= -gdwarf-2 | ||||
▲ Show 20 Lines • Show All 53 Lines • Show Last 20 Lines |
Ehm, should you not check ${COMPILER_FEATURES:Mretpoline} here? Or maybe both COMPILER_FEATURES *and* LINKER_FEATURES?