freebsd-nq/sys/conf/kern.pre.mk
Ruslan Ermilov 042df2e2da Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
  turned opt-in for stable branches depending on the consensus.  You
  can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
  It is harmless to steal the knob as SSP symbols have been provided
  by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
  (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
  libc will be automatically downgraded to -fstack-protector because it
  breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2008-06-25 21:33:28 +00:00

165 lines
4.1 KiB
Makefile

# $FreeBSD$
# Part of a unified Makefile for building kernels. This part contains all
# of the definitions that need to be before %BEFORE_DEPEND.
.include <bsd.own.mk>
# Can be overridden by makeoptions or /etc/make.conf
KERNEL_KO?= kernel
KERNEL?= kernel
KODIR?= /boot/${KERNEL}
LDSCRIPT_NAME?= ldscript.$M
LDSCRIPT?= $S/conf/${LDSCRIPT_NAME}
M= ${MACHINE_ARCH}
AWK?= awk
LINT?= lint
NM?= nm
OBJCOPY?= objcopy
SIZE?= size
.if ${CC} == "icc"
COPTFLAGS?= -O
.else
. if defined(DEBUG)
_MINUS_O= -O
. else
_MINUS_O= -O2
. endif
. if ${MACHINE_ARCH} == "amd64"
COPTFLAGS?=-O2 -frename-registers -pipe
. else
COPTFLAGS?=${_MINUS_O} -pipe
. endif
. if !empty(COPTFLAGS:M-O[23s]) && empty(COPTFLAGS:M-fno-strict-aliasing)
COPTFLAGS+= -fno-strict-aliasing
. endif
.endif
.if !defined(NO_CPU_COPTFLAGS)
. if ${CC} == "icc"
COPTFLAGS+= ${_ICC_CPUCFLAGS:C/(-x[^M^K^W]+)[MKW]+|-x[MKW]+/\1/}
. else
COPTFLAGS+= ${_CPUCFLAGS}
. endif
.endif
.if ${CC} == "icc"
C_DIALECT=
NOSTDINC= -X
.else
C_DIALECT= -std=c99
NOSTDINC= -nostdinc
.endif
INCLUDES= ${NOSTDINC} ${INCLMAGIC} -I. -I$S
# This hack lets us use the OpenBSD altq code without spamming a new
# include path into contrib'ed source files.
INCLUDES+= -I$S/contrib/altq
.if make(depend) || make(kernel-depend)
# ... and the same for ipfilter
INCLUDES+= -I$S/contrib/ipfilter
# ... and the same for pf
INCLUDES+= -I$S/contrib/pf
# ... and the same for Atheros HAL
INCLUDES+= -I$S/dev/ath
# ... and the same for the NgATM stuff
INCLUDES+= -I$S/contrib/ngatm
# .. and the same for twa
INCLUDES+= -I$S/dev/twa
# ... and XFS
INCLUDES+= -I$S/gnu/fs/xfs/FreeBSD -I$S/gnu/fs/xfs/FreeBSD/support -I$S/gnu/fs/xfs
# ... and OpenSolaris
INCLUDES+= -I$S/contrib/opensolaris/compat
.endif
CFLAGS= ${COPTFLAGS} ${C_DIALECT} ${DEBUG} ${CWARNFLAGS}
CFLAGS+= ${INCLUDES} -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h
.if ${CC} != "icc"
CFLAGS+= -fno-common -finline-limit=${INLINE_LIMIT}
CFLAGS+= --param inline-unit-growth=100
CFLAGS+= --param large-function-growth=1000
WERROR?= -Werror
.endif
# XXX LOCORE means "don't declare C stuff" not "for locore.s".
ASM_CFLAGS= -x assembler-with-cpp -DLOCORE ${CFLAGS}
.if defined(PROFLEVEL) && ${PROFLEVEL} >= 1
.if ${CC} == "icc"
.error "Profiling doesn't work with icc yet"
.endif
CFLAGS+= -DGPROF -falign-functions=16
.if ${PROFLEVEL} >= 2
CFLAGS+= -DGPROF4 -DGUPROF
PROF= -pg -mprofiler-epilogue
.else
PROF= -pg
.endif
.endif
DEFINED_PROF= ${PROF}
# Put configuration-specific C flags last (except for ${PROF}) so that they
# can override the others.
CFLAGS+= ${CONF_CFLAGS}
# Optional linting. This can be overridden in /etc/make.conf.
LINTFLAGS= ${LINTOBJKERNFLAGS}
NORMAL_C= ${CC} -c ${CFLAGS} ${WERROR} ${PROF} ${.IMPSRC}
NORMAL_S= ${CC} -c ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}
PROFILE_C= ${CC} -c ${CFLAGS} ${WERROR} ${.IMPSRC}
NORMAL_C_NOWERROR= ${CC} -c ${CFLAGS} ${PROF} ${.IMPSRC}
NORMAL_M= ${AWK} -f $S/tools/makeobjops.awk ${.IMPSRC} -c ; \
${CC} -c ${CFLAGS} ${WERROR} ${PROF} ${.PREFIX}.c
.if defined(CTFCONVERT)
NORMAL_CTFCONVERT= ${CTFCONVERT} ${CTFFLAGS} ${.TARGET}
.else
NORMAL_CTFCONVERT=
.endif
NORMAL_LINT= ${LINT} ${LINTFLAGS} ${CFLAGS:M-[DIU]*} ${.IMPSRC}
GEN_CFILES= $S/$M/$M/genassym.c ${MFILES:T:S/.m$/.c/}
SYSTEM_CFILES= config.c env.c hints.c vnode_if.c
SYSTEM_DEP= Makefile ${SYSTEM_OBJS}
SYSTEM_OBJS= locore.o ${MDOBJS} ${OBJS}
SYSTEM_OBJS+= ${SYSTEM_CFILES:.c=.o}
SYSTEM_OBJS+= hack.So
.if defined(CTFMERGE)
SYSTEM_CTFMERGE= ${CTFMERGE} ${CTFFLAGS} -o ${.TARGET} ${SYSTEM_OBJS} vers.o
LD+= -g
.endif
SYSTEM_LD= @${LD} -Bdynamic -T ${LDSCRIPT} \
-warn-common -export-dynamic -dynamic-linker /red/herring \
-o ${.TARGET} -X ${SYSTEM_OBJS} vers.o
SYSTEM_LD_TAIL= @${OBJCOPY} --strip-symbol gcc2_compiled. ${.TARGET} ; \
${SIZE} ${.TARGET} ; chmod 755 ${.TARGET}
SYSTEM_DEP+= ${LDSCRIPT}
# MKMODULESENV is set here so that port makefiles can augment
# them.
MKMODULESENV= MAKEOBJDIRPREFIX=${.OBJDIR}/modules KMODDIR=${KODIR}
.if (${KERN_IDENT} == LINT)
MKMODULESENV+= ALL_MODULES=LINT
.endif
.if defined(MODULES_OVERRIDE)
MKMODULESENV+= MODULES_OVERRIDE="${MODULES_OVERRIDE}"
.endif
.if defined(DEBUG)
MKMODULESENV+= DEBUG_FLAGS="${DEBUG}"
.endif