* [gentoo-dev] [PATCH 1/2] flag-o-matic.eclass: add -O3 to ALLOWED_FLAGS (strip-flags whitelist)
@ 2023-05-07 15:34 Sam James
2023-05-07 15:34 ` [gentoo-dev] [PATCH 2/2] flag-o-matic.eclass: drop -fstack-check from " Sam James
0 siblings, 1 reply; 2+ messages in thread
From: Sam James @ 2023-05-07 15:34 UTC (permalink / raw
To: gentoo-dev; +Cc: toolchain, Sam James
-O3 is perfectly safe in the absence of UB. And with UB, -O2 and friends can
easily break with new compiler versions and such anyway.
In addition, I'd say that -O/-O1 is probably as risky as -O3 nowadays, if not
more, because if nothing else, you don't get a bunch of hardening.
Signed-off-by: Sam James <sam@gentoo.org>
---
eclass/flag-o-matic.eclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index 6bec3df308814..3dd39c54a5317 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -47,7 +47,7 @@ setup-allowed-flags() {
# Note: shell globs and character lists are allowed
_setup-allowed-flags() {
ALLOWED_FLAGS=(
- -pipe -O '-O[12sg]' '-mcpu=*' '-march=*' '-mtune=*'
+ -pipe -O '-O[123sg]' '-mcpu=*' '-march=*' '-mtune=*'
# Hardening flags
'-fstack-protector*'
--
2.40.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-dev] [PATCH 2/2] flag-o-matic.eclass: drop -fstack-check from ALLOWED_FLAGS (strip-flags whitelist)
2023-05-07 15:34 [gentoo-dev] [PATCH 1/2] flag-o-matic.eclass: add -O3 to ALLOWED_FLAGS (strip-flags whitelist) Sam James
@ 2023-05-07 15:34 ` Sam James
0 siblings, 0 replies; 2+ messages in thread
From: Sam James @ 2023-05-07 15:34 UTC (permalink / raw
To: gentoo-dev; +Cc: toolchain, Sam James
-fstack-check is _not_ a safe flag:
* https://developers.redhat.com/blog/2017/09/25/stack-clash-mitigation-gcc-background
* https://developers.redhat.com/blog/2019/04/30/stack-clash-mitigation-in-gcc-why-fstack-check-is-not-the-answer
Nobody is really interested in maintaining this functionality upstream in GCC
anymore for this reason, it's not IIRC supported in Clang, and we're not testing
it either.
Please use the far superior -fstack-clash-protection instead.
Signed-off-by: Sam James <sam@gentoo.org>
---
eclass/flag-o-matic.eclass | 1 -
1 file changed, 1 deletion(-)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index 3dd39c54a5317..be169f934c026 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -51,7 +51,6 @@ _setup-allowed-flags() {
# Hardening flags
'-fstack-protector*'
- '-fstack-check*' -fno-stack-check
-fstack-clash-protection
'-fcf-protection=*'
-fbounds-check -fbounds-checking
--
2.40.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-05-07 15:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-07 15:34 [gentoo-dev] [PATCH 1/2] flag-o-matic.eclass: add -O3 to ALLOWED_FLAGS (strip-flags whitelist) Sam James
2023-05-07 15:34 ` [gentoo-dev] [PATCH 2/2] flag-o-matic.eclass: drop -fstack-check from " Sam James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox