Xen project Mailing List

Re: [Xen-devel] [PATCH] x86-64/EFI: add -fno-stack-protector to EFI build

To: "Daniel De Graaf" <dgdegra@xxxxxxxxxxxxx>

From: "Jan Beulich" <JBeulich@xxxxxxxx>

Date: Tue, 14 Aug 2012 15:39:56 +0100

Cc: Keir Fraser <keir@xxxxxxx>, xen-devel@xxxxxxxxxxxxx

Delivery-date: Tue, 14 Aug 2012 14:40:20 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 14.08.12 at 16:30, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: > On 08/14/2012 10:19 AM, Jan Beulich wrote: >>>>> On 14.08.12 at 15:52, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: >>> Otherwise, the build fails due to a missing __stack_chk_fail symbol. >>> >>> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> >>> --- >>> xen/arch/x86/efi/Makefile | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile >>> index 005e3e0..b727757 100644 >>> --- a/xen/arch/x86/efi/Makefile >>> +++ b/xen/arch/x86/efi/Makefile >>> @@ -1,11 +1,11 @@ >>> -CFLAGS += -fshort-wchar >>> +CFLAGS += -fshort-wchar -fno-stack-protector >> >> It shouldn't be needed here (or else the rest of the Xen build >> should fail too). Or where would that symbol magically come >> from? > > You are correct, this change is not needed. The Xen build already adds > -fno-stack-protector to CFLAGS, so this change would just duplicate it. > >>> obj-y += stub.o >>> >>> create = test -e $(1) || touch -t 199901010000 $(1) >>> >>> efi := $(filter y,$(x86_64)$(shell rm -f disabled)) >>> -efi := $(if $(efi),$(shell $(CC) -c -Werror check.c 2>disabled && echo y)) >>> +efi := $(if $(efi),$(shell $(CC) -fno-stack-protector -c -Werror check.c >>> 2>disabled && echo y)) >> >> I can see why it might be needed here, albeit I'm curious why >> this is not a problem for our builds: Are you having a compiler >> in use that had been configured in a non-standard way? Plus >> I first want to understand why this special option isn't needed >> for the rest of the build tree. > > This build was done on Gentoo using a hardened profile, which I assume > adds -fstack-protector to the default compiler flags. Compiler version > string is "gcc version 4.6.3 (Gentoo Hardened 4.6.3 p1.6, pie-0.5.2)" So I'd prefer adding $(EMBEDDED_EXTRA_CFLAGS) instead of the explicit option then, if that's okay for you too. Mind re- spinning the patch that way? Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.