From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4046315ACFC for ; Sun, 7 May 2023 15:34:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D109EE087A; Sun, 7 May 2023 15:34:24 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E28FDE0874 for ; Sun, 7 May 2023 15:34:23 +0000 (UTC) From: Sam James To: gentoo-dev@lists.gentoo.org Cc: toolchain@gentoo.org, Sam James Subject: [gentoo-dev] [PATCH 2/2] flag-o-matic.eclass: drop -fstack-check from ALLOWED_FLAGS (strip-flags whitelist) Date: Sun, 7 May 2023 16:34:01 +0100 Message-Id: <20230507153401.2766745-2-sam@gentoo.org> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230507153401.2766745-1-sam@gentoo.org> References: <20230507153401.2766745-1-sam@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 6c63ebc4-84fb-4e82-afe0-1cebfbd4fd8e X-Archives-Hash: 481e8fa4af562777426da4fd74220658 -fstack-check is _not_ a safe flag: * https://developers.redhat.com/blog/2017/09/25/stack-clash-mitigation-gcc-background * https://developers.redhat.com/blog/2019/04/30/stack-clash-mitigation-in-gcc-why-fstack-check-is-not-the-answer Nobody is really interested in maintaining this functionality upstream in GCC anymore for this reason, it's not IIRC supported in Clang, and we're not testing it either. Please use the far superior -fstack-clash-protection instead. Signed-off-by: Sam James --- eclass/flag-o-matic.eclass | 1 - 1 file changed, 1 deletion(-) diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass index 3dd39c54a5317..be169f934c026 100644 --- a/eclass/flag-o-matic.eclass +++ b/eclass/flag-o-matic.eclass @@ -51,7 +51,6 @@ _setup-allowed-flags() { # Hardening flags '-fstack-protector*' - '-fstack-check*' -fno-stack-check -fstack-clash-protection '-fcf-protection=*' -fbounds-check -fbounds-checking -- 2.40.1