Integration of ProPolice in FreeBSD

Marcel Moolenaar xcllnt at mac.com
Fri May 2 15:52:45 UTC 2008 

On May 2, 2008, at 12:01 AM, Jeremie Le Hen wrote:

>> Please post the patch in this thread - your webserver has been very
>> difficult to contact.
>
> Indeed, sorry for the disturbance.  I've attached the patch.  This is
> what you should hit the tree, except there will be a few additional  
> bits
> to prevent self foot-shooting when people will turn -fstack-protector
> into -fstack-protector-all in share/mk/bsd.sys.mk.  I'm currently
> working on it.

Index: share/mk/bsd.sys.mk
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/share/mk/bsd.sys.mk,v
retrieving revision 1.44
diff -u -p -r1.44 bsd.sys.mk
--- share/mk/bsd.sys.mk	22 Nov 2007 23:21:12 -0000	1.44
+++ share/mk/bsd.sys.mk	29 Mar 2008 23:13:06 -0000
@@ -74,5 +74,10 @@ CWARNFLAGS	+=	-Werror
  CWARNFLAGS	+=	-Wno-unknown-pragmas
  .endif

+.if ${MK_SSP} != "no" && ${CC} != "icc"
+CFLAGS		+=	-fstack-protector
+# Don't use -Wstack-protector as it breaks world with -Werror.
+.endif
+
  # Allow user-specified additional warning flags
  CFLAGS		+=	${CWARNFLAGS}


I may be better to explicitly test for GCC. I would not assume
that GCC and ICC are the only options, even if they are now.
There's a second place as well...


Index: sys/boot/i386/Makefile.inc
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/ 
Makefile.inc,v
retrieving revision 1.12
diff -u -p -r1.12 Makefile.inc
--- sys/boot/i386/Makefile.inc	28 Sep 2006 10:02:04 -0000	1.12
+++ sys/boot/i386/Makefile.inc	28 Mar 2008 07:41:32 -0000
@@ -24,3 +24,5 @@ BTXDIR=		${.CURDIR}/../btx
  BTXLDR=		${BTXDIR}/btxldr/btxldr
  BTXKERN=	${BTXDIR}/btx/btx
  BTXCRT=		${BTXDIR}/lib/crt0.o
+
+.include "../Makefile.inc"
Index: sys/boot/i386/loader/Makefile
===================================================================
RCS file: /mnt/octobre/space/freebsd-cvs/src/sys/boot/i386/loader/ 
Makefile,v
retrieving revision 1.85
diff -u -p -r1.85 Makefile
--- sys/boot/i386/loader/Makefile	29 May 2007 14:35:57 -0000	1.85
+++ sys/boot/i386/loader/Makefile	16 Apr 2008 09:14:10 -0000
@@ -1,5 +1,7 @@
  # $FreeBSD: src/sys/boot/i386/loader/Makefile,v 1.85 2007/05/29  
14:35:57 simokawa Exp $

+WITHOUT_SSP=
+
  .include <bsd.own.mk>

  PROG=		loader.sym

Maybe second and third level makefiles should include
../../Makefile.inc and ../../../Makefile.inc resp.
If, for arguments sake, we want to enable SSP in boot,
then it's best if that only requires a single knob to
be changed. This may not be a strong argument for SSP,
but with Makefile.inc in place, I don't see a possible
future in which another knob is added that controls
overall behavior (e.g. something like the Watcom option
to use argument passing in registers instead of on the
stack for i386 -- you definitely want to have that apply
to all code or none).


Also, please make sure MK_SSP defaults to "no" on ia64.

Thanks,

-- 
Marcel Moolenaar
xcllnt at mac.com

More information about the freebsd-arch mailing list