1 |
On Fri, 10 Jan 2014 15:08:02 -0500 |
2 |
"Anthony G. Basile" <basile@××××××××××××××.edu> wrote: |
3 |
|
4 |
> On 01/10/2014 10:50 AM, Ryan Hill wrote: |
5 |
> > Having slept on it I'm starting to agree. My first argument was that on |
6 |
> > hardened ssp is -fstack-protector-all, which is much more expensive, and it |
7 |
> > adds -fstack-check and -z,now to the linker by default as well. The pie |
8 |
> > half |
9 |
> |
10 |
> I'm pretty sure we're not adding -fstack-check unless something has |
11 |
> changed. Where are you seeing that? |
12 |
> |
13 |
> The reason I'm concerned is because of situations like bug #471756. |
14 |
> stack-check incumbers a register which in some situations (like the asm |
15 |
> in ffmpeg) can get you into trouble with not enough GENERAL_REGS. |
16 |
|
17 |
40_all_gcc48_config_esp.patch: |
18 |
|
19 |
54 + #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) |
20 |
55 + #define ESP_OPTIONS_SSP_SPEC \ |
21 |
56 + "%{nostdlib|nodefaultlibs|ffreestanding|fno-stack-protector| \ |
22 |
57 + fstack-protector|fstack-protector-all:;:-fstack-protector-all} \ |
23 |
58 + %{fstack-check|fstack-check=*:;: -fstack-check}" |
24 |
|
25 |
> > It might be useful to have these flags so we can mask them on archs that |
26 |
> > don't support ssp/pie. But that's always been true and it looks like sh is |
27 |
> > the only place we've bothered for some reason. |
28 |
> |
29 |
> Yes please. I had this issue on mips where gcc didn't support ssp for |
30 |
> early versions of gcc 4.x. |
31 |
|
32 |
There's a list of arches in every gcc ebuild that support PIE and SSP for |
33 |
both glibc and uclibc. AFAICT you would just have to remove mips from that |
34 |
list. |
35 |
|
36 |
|
37 |
-- |
38 |
Ryan Hill psn: dirtyepic_sk |
39 |
gcc-porting/toolchain/wxwidgets @ gentoo.org |
40 |
|
41 |
47C3 6D62 4864 0E49 8E9E 7F92 ED38 BD49 957A 8463 |