d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
94f923b69d
freebsd-dev/sys/conf/kern.mk
Ruslan Ermilov 042df2e2da Enable GCC stack protection (aka Propolice) for userland: 
- It is opt-out for now so as to give it maximum testing, but it may be
  turned opt-in for stable branches depending on the consensus.  You
  can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
  It is harmless to steal the knob as SSP symbols have been provided
  by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
  (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
  libc will be automatically downgraded to -fstack-protector because it
  breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2008-06-25 21:33:28 +00:00

116 lines
3.3 KiB
Makefile
Raw Blame History

# $FreeBSD$
#
# Warning flags for compiling the kernel and components of the kernel.
#
# Note that the newly added -Wcast-qual is responsible for generating
# most of the remaining warnings. Warnings introduced with -Wall will
# also pop up, but are easier to fix.
.if ${CC} == "icc"
#CWARNFLAGS= -w2 # use this if you are terribly bored
CWARNFLAGS=
.else
CWARNFLAGS?= -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes \
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual \
${_wundef} ${_Wno_pointer_sign} -fformat-extensions
.if !defined(WITH_GCC3)
_Wno_pointer_sign=-Wno-pointer-sign
.endif
.if !defined(NO_UNDEF)
_wundef= -Wundef
.endif
.endif
#
# The following flags are next up for working on:
# -W
#
# On the i386, do not align the stack to 16-byte boundaries. Otherwise GCC
# 2.95 adds code to the entry and exit point of every function to align the
# stack to 16-byte boundaries -- thus wasting approximately 12 bytes of stack
# per function call. While the 16-byte alignment may benefit micro benchmarks,
# it is probably an overall loss as it makes the code bigger (less efficient
# use of code cache tag lines) and uses more stack (less efficient use of data
# cache tag lines). Explicitly prohibit the use of SSE and other SIMD
# operations inside the kernel itself. These operations are exclusively
# reserved for user applications.
#
.if ${MACHINE_ARCH} == "i386" && ${CC} != "icc"
CFLAGS+= -mno-align-long-strings -mpreferred-stack-boundary=2 \
-mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-sse3
INLINE_LIMIT?= 8000
.endif
.if ${MACHINE_ARCH} == "arm"
INLINE_LIMIT?= 8000
.endif
#
# For IA-64, we use r13 for the kernel globals pointer and we only use
# a very small subset of float registers for integer divides.
#
.if ${MACHINE_ARCH} == "ia64"
CFLAGS+= -ffixed-r13 -mfixed-range=f32-f127 -fpic #-mno-sdata
INLINE_LIMIT?= 15000
.endif
#
# For sparc64 we want medlow code model, and we tell gcc to use floating
# point emulation. This avoids using floating point registers for integer
# operations which it has a tendency to do.
#
.if ${MACHINE_ARCH} == "sparc64"
CFLAGS+= -mcmodel=medany -msoft-float
INLINE_LIMIT?= 15000
.endif
#
# For AMD64, we explicitly prohibit the use of FPU, SSE and other SIMD
# operations inside the kernel itself. These operations are exclusively
# reserved for user applications.
#
.if ${MACHINE_ARCH} == "amd64"
CFLAGS+= -mcmodel=kernel -mno-red-zone \
-mfpmath=387 -mno-sse -mno-sse2 -mno-sse3 -mno-mmx -mno-3dnow \
-msoft-float -fno-asynchronous-unwind-tables
INLINE_LIMIT?= 8000
.endif
#
# For PowerPC we tell gcc to use floating point emulation. This avoids using
# floating point registers for integer operations which it has a tendency to do.
#
.if ${MACHINE_ARCH} == "powerpc"
CFLAGS+= -msoft-float
INLINE_LIMIT?= 15000
.endif
#
# For MIPS we also tell gcc to use floating point emulation and
# disable MIPS DSP ASE Instruction set.
#
.if ${MACHINE_ARCH} == "mips"
CFLAGS+= -msoft-float -mno-dsp
INLINE_LIMIT?= 15000
.endif
#
# GCC 3.0 and above like to do certain optimizations based on the
# assumption that the program is linked against libc. Stop this.
#
.if ${CC} == "icc"
CFLAGS+= -nolib_inline
.else
CFLAGS+= -ffreestanding
.endif
.if ${CC} == "icc"
CFLAGS+= -restrict
.endif
#
# GCC SSP support.
#
.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64"
CFLAGS+= -fstack-protector
.endif
Reference in New Issue View Git Blame Copy Permalink