Xen project Mailing List

[Minios-devel] [UNIKRAFT PATCH v2 2/3] build: Add option to toggle the stack protection

To: "minios-devel@xxxxxxxxxxxxx" <minios-devel@xxxxxxxxxxxxx>

From: Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>

Date: Wed, 20 Nov 2019 14:02:31 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=stud.acs.upb.ro; dmarc=pass action=none header.from=stud.acs.upb.ro; dkim=pass header.d=stud.acs.upb.ro; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lCtJvZNaO6gr46eQnI75ap9BJRzwKf8EIm8xtZs/irM=; b=Eg6UoU1ZwQuOf7M7Ar8ZVdLNgUDx7kZ/rzrQ/UfMjmcY37MS9wm+DYRDjNUCd10++IoP2NNLjiw3xupOd9wKG5stUN1QU2ztqD4h5yiLqoeKpFLwSg4zIQLr/4+P5K+cyK/6rNGJtdPlmLHyIfaKnZGobECJxkEMDVdPe276Bga8xE+n0kUD3vajPcEPjJQJbfN9AD8lNk6nr24pquEMLU9xeLjsLQcBh/L/18F3exjfwcIFH7pYoh/I7+kX8dhhqaOAuET1ESV7C/svF1OyCX+yu4pU9yGONqIahNdSzSHbtC3tlxEbmp1MFos7RcwiEuH21CQnd5U2izz5LFgFUA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dvG9gjowyhIh8VCCr8WrxGwMwSEw9navKQ/9kQn07NQaOKHksLrm88iczLadSkBE8hWRblWc7H3rE01qCrVfZPFgl1QTrXtxBSM5bBV2gM83iLmhA0hRIrykad+0Dfyg8WDgXY4cgAmZW4d6eENYevUo/l+lzltkm+w4GcAk806KD+8lqsDx/bld48fcYzLq2gspVrCJQEbBDQ3vB8n9nPetjRjTHVxvTWEjKsI4htATLzVV5MHjdyovz+Pd/66cOS9fcRiRdy+MOyf+oB/gmh6glHs5ci844+Lafn+GZrAqAtom9fs645pM50Ph1Z2pgm+G2j2FVNfsSR+DnTUsRQ==

Authentication-results: spf=none (sender IP is ) smtp.mailfrom=vlad_andrei.badoiu@xxxxxxxxxxxxxxx;

Cc: "felipe.huici@xxxxxxxxx" <felipe.huici@xxxxxxxxx>, "simon.kuenzer@xxxxxxxxx" <simon.kuenzer@xxxxxxxxx>, Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>, "sharan.santhanam@xxxxxxxxx" <sharan.santhanam@xxxxxxxxx>

Delivery-date: Wed, 20 Nov 2019 14:02:47 +0000

List-id: Mini-os development list <minios-devel.lists.xenproject.org>

Thread-index: AQHVn6smsMrSMbZAOUaqTVEeytdu9w==

Thread-topic: [UNIKRAFT PATCH v2 2/3] build: Add option to toggle the stack protection

This patch adds build option to select different stack protection levels. Signed-off-by: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx> --- Config.uk | 33 +++++++++++++++++++++++++++++++++ Makefile.uk | 13 +++++++++++-- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/Config.uk b/Config.uk index 3235b914..e7845297 100644 --- a/Config.uk +++ b/Config.uk @@ -64,6 +64,39 @@ config OPTIMIZE_SIZE Optimize code for size. endchoice +choice + prompt "Stack protector level" + default STACKPROTECTOR_NONE + help + Set the stack protector level + +config STACKPROTECTOR_NONE + bool "None" + help + Do not use stack protector, use -fno-stack-protector. + +config STACKPROTECTOR_REGULAR + bool "Regular" + select LIBUKSECURITY + select LIBUKSECURITY_SSP + help + Regulat stack protector, use -fstack-protector. + +config STACKPROTECTOR_STRONG + bool "Strong" + select LIBUKSECURITY + select LIBUKSECURITY_SSP + help + Strong stack protector, use -fstack-protector-strong. + +config STACKPROTECTOR_ALL + bool "All" + select LIBUKSECURITY + select LIBUKSECURITY_SSP + help + Protect all functions, use -fstack-protector-all. +endchoice + comment "Hint: Specify a CPU type to get most benefits from performance optimization" depends on OPTIMIZE_PERF && (MARCH_X86_64_GENERIC || MARCH_ARM64_GENERIC) diff --git a/Makefile.uk b/Makefile.uk index 26ee0fda..a4e5a970 100644 --- a/Makefile.uk +++ b/Makefile.uk @@ -8,12 +8,12 @@ ASFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ -D__ASSEMBLY__ ASINCLUDES += -nostdinc -nostdlib -I$(CONFIG_UK_BASE)/include CFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ -CFLAGS += -fno-stack-protector -fno-omit-frame-pointer -fno-tree-sra +CFLAGS += -fno-omit-frame-pointer -fno-tree-sra CFLAGS += -Wall -Wextra CINCLUDES += -nostdinc -nostdlib -I$(CONFIG_UK_BASE)/include CXXFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ -CXXFLAGS += -fno-stack-protector -fno-omit-frame-pointer -fno-tree-sra +CXXFLAGS += -fno-omit-frame-pointer -fno-tree-sra CXXFLAGS += -Wall -Wextra CXXINCLUDES += -nostdinc -nostdlib -I$(CONFIG_UK_BASE)/include @@ -28,6 +28,15 @@ GOCINCLUDES += -nostdinc -nostdlib -I$(CONFIG_UK_BASE)/include LIBLDFLAGS += -nostdinc -nostdlib -Wl,--omagic -Wl,-r -Wl,-d -Wl,--build-id=none LDFLAGS += -nostdinc -nostdlib -Wl,--omagic -Wl,--build-id=none +CFLAGS-$(CONFIG_STACKPROTECTOR_NONE) += -fno-stack-protector +CXXFLAGS-$(CONFIG_STACKPROTECTOR_NONE) += -fno-stack-protector +CFLAGS-$(CONFIG_STACKPROTECTOR_REGULAR) += -fstack-protector -mstack-protector-guard=global +CXXFLAGS-$(CONFIG_STACKPROTECTOR_REGULAR) += -fstack-protector -mstack-protector-guard=global +CFLAGS-$(CONFIG_STACKPROTECTOR_STRONG) += -fstack-protector-strong -mstack-protector-guard=global +CXXFLAGS-$(CONFIG_STACKPROTECTOR_STRONG) += -fstack-protector-strong -mstack-protector-guard=global +CFLAGS-$(CONFIG_STACKPROTECTOR_ALL) += -fstack-protector-all -mstack-protector-guard=global +CXXFLAGS-$(CONFIG_STACKPROTECTOR_ALL) += -fstack-protector-all -mstack-protector-guard=global + CFLAGS-$(CONFIG_OPTIMIZE_NONE) += -O0 -fno-optimize-sibling-calls -fno-tree-vectorize CXXFLAGS-$(CONFIG_OPTIMIZE_NONE) += -O0 -fno-optimize-sibling-calls -fno-tree-vectorize GOCFLAGS-$(CONFIG_OPTIMIZE_NONE) += -O0 -fno-optimize-sibling-calls -fno-tree-vectorize -- 2.20.1 _______________________________________________ Minios-devel mailing list Minios-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/minios-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.