mirror of
https://github.com/opnsense/src.git
synced 2026-06-11 09:41:03 -04:00
22b77e012b
Compile world with SafeStack from clang/llvm. Right now, only applications are compiled with SafeStack, not libraries. clang 3.9.0 does not support compiling shared libraries with SafeStack, though a patch has been proposed that would enable support. This is very much still a work-in-progress. More research is needed. Note that with clang's current implementation of SafeStack, ASLR and W^X are prerequisites. SafeStack currently requires ASLR and W^X in order to be effective. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> (cherry picked from commit bb9e4981334b2988325c3334fc88c89b76fea91f) (cherry picked from commit 3b3b0b08f19ec7c2f4fad06baa72e0ce2b5ac801) (cherry picked from commit 0c2abce516fcfd80a7e2424807839ad64b5cb263)
19 lines
460 B
Makefile
19 lines
460 B
Makefile
# $FreeBSD$
|
|
|
|
.include <bsd.own.mk>
|
|
|
|
SSP_CFLAGS=
|
|
|
|
.if ${MACHINE_CPUARCH} == "arm"
|
|
# Do not generate movt/movw, because the relocation fixup for them does not
|
|
# translate to the -Bsymbolic -pie format required by self_reloc() in loader(8).
|
|
# Also, the fpu is not available in a standalone environment.
|
|
.if ${COMPILER_VERSION} < 30800
|
|
CFLAGS.clang+= -mllvm -arm-use-movt=0
|
|
.else
|
|
CFLAGS.clang+= -mno-movt
|
|
.endif
|
|
CFLAGS.clang+= -mfpu=none
|
|
.endif
|
|
|
|
NOSAFESTACK= yes
|