From owner-freebsd-arch@FreeBSD.ORG Fri May 2 15:52:45 2008 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55EAC1065679 for ; Fri, 2 May 2008 15:52:45 +0000 (UTC) (envelope-from xcllnt@mac.com) Received: from smtpoutm.mac.com (smtpoutm.mac.com [17.148.16.66]) by mx1.freebsd.org (Postfix) with ESMTP id DB95F8FC18 for ; Fri, 2 May 2008 15:52:44 +0000 (UTC) (envelope-from xcllnt@mac.com) Received: from mac.com (asmtp003-s [10.150.69.66]) by smtpoutm.mac.com (Xserve/smtpout003/MantshX 4.0) with ESMTP id m42Fqig3025479; Fri, 2 May 2008 08:52:44 -0700 (PDT) Received: from powerbook.jnpr.net (natint3.juniper.net [66.129.224.36]) (authenticated bits=0) by mac.com (Xserve/asmtp003/MantshX 4.0) with ESMTP id m42FqcDj005493 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 2 May 2008 08:52:39 -0700 (PDT) Message-Id: <8ED24288-618C-4B55-A27E-C5FAB2E046E8@mac.com> From: Marcel Moolenaar To: Jeremie Le Hen In-Reply-To: <20080502070147.GE74500@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Fri, 2 May 2008 08:52:37 -0700 References: <20080502070147.GE74500@obiwan.tataz.chchile.org> X-Mailer: Apple Mail (2.919.2) Cc: obrien@FreeBSD.org, freebsd-arch@FreeBSD.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 May 2008 15:52:45 -0000 On May 2, 2008, at 12:01 AM, Jeremie Le Hen wrote: >> Please post the patch in this thread - your webserver has been very >> difficult to contact. > > Indeed, sorry for the disturbance. I've attached the patch. This is > what you should hit the tree, except there will be a few additional > bits > to prevent self foot-shooting when people will turn -fstack-protector > into -fstack-protector-all in share/mk/bsd.sys.mk. I'm currently > working on it. Index: share/mk/bsd.sys.mk =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.sys.mk,v retrieving revision 1.44 diff -u -p -r1.44 bsd.sys.mk --- share/mk/bsd.sys.mk 22 Nov 2007 23:21:12 -0000 1.44 +++ share/mk/bsd.sys.mk 29 Mar 2008 23:13:06 -0000 @@ -74,5 +74,10 @@ CWARNFLAGS += -Werror CWARNFLAGS += -Wno-unknown-pragmas .endif +.if ${MK_SSP} != "no" && ${CC} != "icc" +CFLAGS += -fstack-protector +# Don't use -Wstack-protector as it breaks world with -Werror. +.endif + # Allow user-specified additional warning flags CFLAGS += ${CWARNFLAGS} I may be better to explicitly test for GCC. I would not assume that GCC and ICC are the only options, even if they are now. There's a second place as well... Index: sys/boot/i386/Makefile.inc =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/ Makefile.inc,v retrieving revision 1.12 diff -u -p -r1.12 Makefile.inc --- sys/boot/i386/Makefile.inc 28 Sep 2006 10:02:04 -0000 1.12 +++ sys/boot/i386/Makefile.inc 28 Mar 2008 07:41:32 -0000 @@ -24,3 +24,5 @@ BTXDIR= ${.CURDIR}/../btx BTXLDR= ${BTXDIR}/btxldr/btxldr BTXKERN= ${BTXDIR}/btx/btx BTXCRT= ${BTXDIR}/lib/crt0.o + +.include "../Makefile.inc" Index: sys/boot/i386/loader/Makefile =================================================================== RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/loader/ Makefile,v retrieving revision 1.85 diff -u -p -r1.85 Makefile --- sys/boot/i386/loader/Makefile 29 May 2007 14:35:57 -0000 1.85 +++ sys/boot/i386/loader/Makefile 16 Apr 2008 09:14:10 -0000 @@ -1,5 +1,7 @@ # $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85 2007/05/29 14:35:57 simokawa Exp $ +WITHOUT_SSP= + .include PROG= loader.sym Maybe second and third level makefiles should include ../../Makefile.inc and ../../../Makefile.inc resp. If, for arguments sake, we want to enable SSP in boot, then it's best if that only requires a single knob to be changed. This may not be a strong argument for SSP, but with Makefile.inc in place, I don't see a possible future in which another knob is added that controls overall behavior (e.g. something like the Watcom option to use argument passing in registers instead of on the stack for i386 -- you definitely want to have that apply to all code or none). Also, please make sure MK_SSP defaults to "no" on ia64. Thanks, -- Marcel Moolenaar xcllnt@mac.com