* [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS
@ 2020-03-02 17:17 Junling Zheng
2020-03-02 17:17 ` [RESEND PATCH 2/2] arch-arm64.inc: Do not append aarch64 in MACHINEOVERRIDES Junling Zheng
2020-03-02 18:40 ` [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Khem Raj
0 siblings, 2 replies; 4+ messages in thread
From: Junling Zheng @ 2020-03-02 17:17 UTC (permalink / raw)
To: openembedded-core; +Cc: wangnan0
The stack protector flag is a compile option, not a link option, so
remove it from LDFLAGS.
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
---
meta/conf/distro/include/security_flags.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index aaf04e9e59..5b79340be9 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -26,8 +26,8 @@ SECURITY_STACK_PROTECTOR ?= "-fstack-protector-strong"
SECURITY_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${SECURITY_PIE_CFLAGS} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
SECURITY_NO_PIE_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
-SECURITY_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro,-z,now"
-SECURITY_X_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro"
+SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
+SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
# powerpc does not get on with pie for reasons not looked into as yet
GCCPIE_powerpc = ""
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [RESEND PATCH 2/2] arch-arm64.inc: Do not append aarch64 in MACHINEOVERRIDES
2020-03-02 17:17 [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Junling Zheng
@ 2020-03-02 17:17 ` Junling Zheng
2020-03-02 18:40 ` [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Khem Raj
1 sibling, 0 replies; 4+ messages in thread
From: Junling Zheng @ 2020-03-02 17:17 UTC (permalink / raw)
To: openembedded-core; +Cc: wangnan0
Currently, for arch-arm64, poky will append the MACHINEOVERRIDES with
"aarch64:", which has the higher priority than TRANSLATED_TARGET_ARCH.
So, for aarch64 big endian, the variable '<foo>_aarch64' will override
not only '<foo>', but also '<foo>_aarch64-be', thus we will get an
incorrect variable.
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
---
meta/conf/machine/include/arm/arch-arm64.inc | 2 --
1 file changed, 2 deletions(-)
diff --git a/meta/conf/machine/include/arm/arch-arm64.inc b/meta/conf/machine/include/arm/arch-arm64.inc
index 53f4566815..32294bd218 100644
--- a/meta/conf/machine/include/arm/arch-arm64.inc
+++ b/meta/conf/machine/include/arm/arch-arm64.inc
@@ -4,8 +4,6 @@ require conf/machine/include/arm/arch-armv7ve.inc
TUNEVALID[aarch64] = "Enable instructions for aarch64"
-MACHINEOVERRIDES =. "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', 'aarch64:', '' ,d)}"
-
# Little Endian base configs
AVAILTUNES += "aarch64 aarch64_be"
ARMPKGARCH_tune-aarch64 ?= "aarch64"
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS
2020-03-02 17:17 [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Junling Zheng
2020-03-02 17:17 ` [RESEND PATCH 2/2] arch-arm64.inc: Do not append aarch64 in MACHINEOVERRIDES Junling Zheng
@ 2020-03-02 18:40 ` Khem Raj
2020-03-03 3:22 ` Junling Zheng
1 sibling, 1 reply; 4+ messages in thread
From: Khem Raj @ 2020-03-02 18:40 UTC (permalink / raw)
To: Junling Zheng, openembedded-core; +Cc: wangnan0
On 3/2/20 9:17 AM, Junling Zheng wrote:
> The stack protector flag is a compile option, not a link option, so
> remove it from LDFLAGS.
we use compiler driver to do linking as well, what does this change fix
for you.
>
> Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
> ---
> meta/conf/distro/include/security_flags.inc | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index aaf04e9e59..5b79340be9 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -26,8 +26,8 @@ SECURITY_STACK_PROTECTOR ?= "-fstack-protector-strong"
> SECURITY_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${SECURITY_PIE_CFLAGS} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
> SECURITY_NO_PIE_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>
> -SECURITY_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro,-z,now"
> -SECURITY_X_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro"
> +SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
> +SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
>
> # powerpc does not get on with pie for reasons not looked into as yet
> GCCPIE_powerpc = ""
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS
2020-03-02 18:40 ` [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Khem Raj
@ 2020-03-03 3:22 ` Junling Zheng
0 siblings, 0 replies; 4+ messages in thread
From: Junling Zheng @ 2020-03-03 3:22 UTC (permalink / raw)
To: Khem Raj, openembedded-core; +Cc: wangnan0
On 2020/3/3 2:40, Khem Raj wrote:
>
>
> On 3/2/20 9:17 AM, Junling Zheng wrote:
>> The stack protector flag is a compile option, not a link option, so
>> remove it from LDFLAGS.
>
> we use compiler driver to do linking as well, what does this change fix for you.
>
I know that we use gcc to do linking, and this is just a code cleaning, not a bugfix :)
>>
>> Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
>> ---
>> meta/conf/distro/include/security_flags.inc | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
>> index aaf04e9e59..5b79340be9 100644
>> --- a/meta/conf/distro/include/security_flags.inc
>> +++ b/meta/conf/distro/include/security_flags.inc
>> @@ -26,8 +26,8 @@ SECURITY_STACK_PROTECTOR ?= "-fstack-protector-strong"
>> SECURITY_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${SECURITY_PIE_CFLAGS} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>> SECURITY_NO_PIE_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>> -SECURITY_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro,-z,now"
>> -SECURITY_X_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro"
>> +SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
>> +SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
>> # powerpc does not get on with pie for reasons not looked into as yet
>> GCCPIE_powerpc = ""
>>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-03-03 3:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-02 17:17 [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Junling Zheng
2020-03-02 17:17 ` [RESEND PATCH 2/2] arch-arm64.inc: Do not append aarch64 in MACHINEOVERRIDES Junling Zheng
2020-03-02 18:40 ` [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Khem Raj
2020-03-03 3:22 ` Junling Zheng
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.