[PATCH] Fix cc1 options check to ensure we do not use -fPIC whencompiling

From: Jory A. Pratt
Date: Tue Sep 08 2009 - 20:43:54 EST

Next message: Frans Pop: "Re: [long] Another BFS versus CFS shakedown"
Previous message: Linus Torvalds: "Re: Linux 2.6.31-rc9"
Next in thread: H. Peter Anvin: "Re: [PATCH] Fix cc1 options check to ensure we do not use -fPIC whencompiling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have sent this to the lkml, it seems to have been pushed to the back
burner. This is a major issue effecting users/developers that are
working on a much more security enhanced system. This means any gentoo
user running a hardened toolchain will have problems building a kernel
that works as expect. This patch does nothing but pass the macro
- -D__KERNEL__ to ensure that hardened toolchain drops back to that of a
vanilla toolchain to prevent unexpected compile problems in the kernel.

Jory
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqm+xkACgkQwnA7Q1Z0YScE9QCbBA+cHQ4Q92Ajl3DKbBqEKQT+
VPUAoKFMx2dQQI7+fGWJWaqoNS7MK1sc
=67Hv
-----END PGP SIGNATURE-----
The arch/*/boot/Makefile use cc-options to check for GCC command options and
cc-options use the hardened specs when checking for GCC command options.
When -fPIE is pass to cc1 it can't use -ffreestanding or -fno-toplevel-reorder.
Then it fail to build stuff with -ffreestanding and -fno-toplevel-reorder.
Thanks to Fredric Johansson <johansson_fredric@xxxxxxxxxxx> for finding the main
problem behind a failed build using a hardened toolchain.

Signed-off-by: Magnus Granberg <zorry@xxxxxx>
Signed-off-by: Jory A. Pratt <anarchy@xxxxxxxxxx>

diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
index c29be8f..43300b3 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
@@ -105,12 +105,12 @@ as-instr = $(call try-run,\
# Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586)

cc-option = $(call try-run,\
- $(CC) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",$(1),$(2))
+ $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",$(1),$(2))

# cc-option-yn
# Usage: flag := $(call cc-option-yn,-march=winchip-c6)
cc-option-yn = $(call try-run,\
- $(CC) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",y,n)
+ $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",y,n)

# cc-option-align
# Prefix align with either -falign or -malign

Next message: Frans Pop: "Re: [long] Another BFS versus CFS shakedown"
Previous message: Linus Torvalds: "Re: Linux 2.6.31-rc9"
Next in thread: H. Peter Anvin: "Re: [PATCH] Fix cc1 options check to ensure we do not use -fPIC whencompiling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]