All of lore.kernel.org
 help / color / mirror / Atom feed
* [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS
@ 2020-03-02 17:17 Junling Zheng
  2020-03-02 17:17 ` [RESEND PATCH 2/2] arch-arm64.inc: Do not append aarch64 in MACHINEOVERRIDES Junling Zheng
  2020-03-02 18:40 ` [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Khem Raj
  0 siblings, 2 replies; 4+ messages in thread
From: Junling Zheng @ 2020-03-02 17:17 UTC (permalink / raw)
  To: openembedded-core; +Cc: wangnan0

The stack protector flag is a compile option, not a link option, so
remove it from LDFLAGS.

Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
---
 meta/conf/distro/include/security_flags.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index aaf04e9e59..5b79340be9 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -26,8 +26,8 @@ SECURITY_STACK_PROTECTOR ?= "-fstack-protector-strong"
 SECURITY_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${SECURITY_PIE_CFLAGS} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
 SECURITY_NO_PIE_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
 
-SECURITY_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro,-z,now"
-SECURITY_X_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro"
+SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
+SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
 
 # powerpc does not get on with pie for reasons not looked into as yet
 GCCPIE_powerpc = ""
-- 
2.17.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [RESEND PATCH 2/2] arch-arm64.inc: Do not append aarch64 in MACHINEOVERRIDES
  2020-03-02 17:17 [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Junling Zheng
@ 2020-03-02 17:17 ` Junling Zheng
  2020-03-02 18:40 ` [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Khem Raj
  1 sibling, 0 replies; 4+ messages in thread
From: Junling Zheng @ 2020-03-02 17:17 UTC (permalink / raw)
  To: openembedded-core; +Cc: wangnan0

Currently, for arch-arm64, poky will append the MACHINEOVERRIDES with
"aarch64:", which has the higher priority than TRANSLATED_TARGET_ARCH.
So, for aarch64 big endian, the variable '<foo>_aarch64' will override
not only '<foo>', but also '<foo>_aarch64-be', thus we will get an
incorrect variable.

Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
---
 meta/conf/machine/include/arm/arch-arm64.inc | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta/conf/machine/include/arm/arch-arm64.inc b/meta/conf/machine/include/arm/arch-arm64.inc
index 53f4566815..32294bd218 100644
--- a/meta/conf/machine/include/arm/arch-arm64.inc
+++ b/meta/conf/machine/include/arm/arch-arm64.inc
@@ -4,8 +4,6 @@ require conf/machine/include/arm/arch-armv7ve.inc
 
 TUNEVALID[aarch64] = "Enable instructions for aarch64"
 
-MACHINEOVERRIDES =. "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', 'aarch64:', '' ,d)}"
-
 # Little Endian base configs
 AVAILTUNES += "aarch64 aarch64_be"
 ARMPKGARCH_tune-aarch64 ?= "aarch64"
-- 
2.17.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS
  2020-03-02 17:17 [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Junling Zheng
  2020-03-02 17:17 ` [RESEND PATCH 2/2] arch-arm64.inc: Do not append aarch64 in MACHINEOVERRIDES Junling Zheng
@ 2020-03-02 18:40 ` Khem Raj
  2020-03-03  3:22   ` Junling Zheng
  1 sibling, 1 reply; 4+ messages in thread
From: Khem Raj @ 2020-03-02 18:40 UTC (permalink / raw)
  To: Junling Zheng, openembedded-core; +Cc: wangnan0



On 3/2/20 9:17 AM, Junling Zheng wrote:
> The stack protector flag is a compile option, not a link option, so
> remove it from LDFLAGS.

we use compiler driver to do linking as well, what does this change fix 
for you.

> 
> Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
> ---
>   meta/conf/distro/include/security_flags.inc | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index aaf04e9e59..5b79340be9 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -26,8 +26,8 @@ SECURITY_STACK_PROTECTOR ?= "-fstack-protector-strong"
>   SECURITY_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${SECURITY_PIE_CFLAGS} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>   SECURITY_NO_PIE_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>   
> -SECURITY_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro,-z,now"
> -SECURITY_X_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro"
> +SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
> +SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
>   
>   # powerpc does not get on with pie for reasons not looked into as yet
>   GCCPIE_powerpc = ""
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS
  2020-03-02 18:40 ` [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Khem Raj
@ 2020-03-03  3:22   ` Junling Zheng
  0 siblings, 0 replies; 4+ messages in thread
From: Junling Zheng @ 2020-03-03  3:22 UTC (permalink / raw)
  To: Khem Raj, openembedded-core; +Cc: wangnan0

On 2020/3/3 2:40, Khem Raj wrote:
> 
> 
> On 3/2/20 9:17 AM, Junling Zheng wrote:
>> The stack protector flag is a compile option, not a link option, so
>> remove it from LDFLAGS.
> 
> we use compiler driver to do linking as well, what does this change fix for you.
> 

I know that we use gcc to do linking, and this is just a code cleaning, not a bugfix :)

>>
>> Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
>> ---
>>   meta/conf/distro/include/security_flags.inc | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
>> index aaf04e9e59..5b79340be9 100644
>> --- a/meta/conf/distro/include/security_flags.inc
>> +++ b/meta/conf/distro/include/security_flags.inc
>> @@ -26,8 +26,8 @@ SECURITY_STACK_PROTECTOR ?= "-fstack-protector-strong"
>>   SECURITY_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${SECURITY_PIE_CFLAGS} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>>   SECURITY_NO_PIE_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>>   -SECURITY_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro,-z,now"
>> -SECURITY_X_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro"
>> +SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
>> +SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
>>     # powerpc does not get on with pie for reasons not looked into as yet
>>   GCCPIE_powerpc = ""
>>
> 
> 




^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-03-03  3:22 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-02 17:17 [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Junling Zheng
2020-03-02 17:17 ` [RESEND PATCH 2/2] arch-arm64.inc: Do not append aarch64 in MACHINEOVERRIDES Junling Zheng
2020-03-02 18:40 ` [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS Khem Raj
2020-03-03  3:22   ` Junling Zheng

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.