NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0876da5ea1
kumquat-buildroot/package/intel-mediadriver/0001-Add-MEDIA-BUILD-HARDENING-option.patch
Bernd Kuhls 5563869d26 package/intel-mediadriver: bump version to 21.4.1 
Rebased patch.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-11-21 14:49:51 +01:00

107 lines
4.7 KiB
Diff
Raw Blame History

From 103c00c8d74a1cd87686850212bd93c0e4d59fc9 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Wed, 11 Aug 2021 21:34:59 +0200
Subject: [PATCH] Add MEDIA_BUILD_HARDENING option
Add MEDIA_BUILD_HARDENING option to allow the user to disable hardening
options such as stack-protector-all or FORTIFY SOURCE 2 which are not
always available (e.g. fortify source 2 is only available on glibc >= 6
and not musl/uclibc-ng)
Patch sent upstream: https://github.com/intel/media-driver/pull/1242
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Bernd: rebased for version 21.4.1]
---
cmrtlib/linux/CMakeLists.txt | 14 ++++++++++----
.../cmake/linux/media_compile_flags_linux.cmake | 12 ++++++++++--
media_driver/media_top_cmake.cmake | 8 +++++++-
3 files changed, 27 insertions(+), 7 deletions(-)
diff --git a/cmrtlib/linux/CMakeLists.txt b/cmrtlib/linux/CMakeLists.txt
index 65f71ceef..b066138d9 100644
--- a/cmrtlib/linux/CMakeLists.txt
+++ b/cmrtlib/linux/CMakeLists.txt
@@ -32,12 +32,18 @@ else()
endif()
# Set up compile options that will be used for the Linux build
-set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CPP_STANDARD_OPTION} -fPIC -fpermissive -fstack-protector-all")
-set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -fno-strict-aliasing -D_FORTIFY_SOURCE=2")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CPP_STANDARD_OPTION} -fPIC -fpermissive")
+set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -fno-strict-aliasing")
set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -D_DEBUG -D__DEBUG -O0")
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CPP_STANDARD_OPTION} -fPIC -fpermissive -fstack-protector-all")
-set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -fno-strict-aliasing -D_FORTIFY_SOURCE=2")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CPP_STANDARD_OPTION} -fPIC -fpermissive")
+set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -fno-strict-aliasing")
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -D_DEBUG -D__DEBUG -O0")
+if(MEDIA_BUILD_HARDENING)
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS} -fstack-protector-all")
+ set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -D_FORTIFY_SOURCE=2")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS} -fstack-protector-all")
+ set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -D_FORTIFY_SOURCE=2")
+endif()
if(MEDIA_BUILD_FATAL_WARNINGS)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS} -Werror")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS} -Werror")
diff --git a/media_driver/cmake/linux/media_compile_flags_linux.cmake b/media_driver/cmake/linux/media_compile_flags_linux.cmake
index 7a2bd64b6..98896b131 100755
--- a/media_driver/cmake/linux/media_compile_flags_linux.cmake
+++ b/media_driver/cmake/linux/media_compile_flags_linux.cmake
@@ -47,7 +47,6 @@ set(MEDIA_COMPILER_FLAGS_COMMON
# Other common flags
-fmessage-length=0
-fvisibility=hidden
- -fstack-protector
-fdata-sections
-ffunction-sections
-Wl,--gc-sections
@@ -64,6 +63,11 @@ set(MEDIA_COMPILER_FLAGS_COMMON
-g
)
+if(MEDIA_BUILD_HARDENING)
+ set(MEDIA_COMPILER_FLAGS_COMMON
+ ${MEDIA_COMPILER_FLAGS_COMMON}
+ -fstack-protector)
+endif()
if(${UFO_MARCH} STREQUAL "slm")
set(MEDIA_COMPILER_FLAGS_COMMON
@@ -119,9 +123,13 @@ if(${UFO_VARIANT} STREQUAL "default")
set(MEDIA_COMPILER_FLAGS_RELEASE
${MEDIA_COMPILER_FLAGS_RELEASE}
-O2
- -D_FORTIFY_SOURCE=2
-fno-omit-frame-pointer
)
+ if(MEDIA_BUILD_HARDENING)
+ set(MEDIA_COMPILER_FLAGS_RELEASE
+ ${MEDIA_COMPILER_FLAGS_RELEASE}
+ -D_FORTIFY_SOURCE=2)
+ endif()
endif()
if(NOT ${PLATFORM} STREQUAL "android")
diff --git a/media_driver/media_top_cmake.cmake b/media_driver/media_top_cmake.cmake
index f089ea45f..b0b428914 100755
--- a/media_driver/media_top_cmake.cmake
+++ b/media_driver/media_top_cmake.cmake
@@ -113,7 +113,13 @@ if(MEDIA_BUILD_FATAL_WARNINGS)
set_target_properties(${LIB_NAME_OBJ} PROPERTIES COMPILE_FLAGS "-Werror")
endif()
-set_target_properties(${LIB_NAME} PROPERTIES LINK_FLAGS "-Wl,--no-as-needed -Wl,--gc-sections -z relro -z now -fstack-protector -fPIC")
+set(MEDIA_LINK_FLAGS "-Wl,--no-as-needed -Wl,--gc-sections -z relro -z now -fPIC")
+option(MEDIA_BUILD_HARDENING "Enable hardening (stack-protector, fortify source)" ON)
+if(MEDIA_BUILD_HARDENING)
+ set(MEDIA_LINK_FLAGS "${MEDIA_LINK_FLAGS} -fstack-protector")
+endif()
+set_target_properties(${LIB_NAME} PROPERTIES LINK_FLAGS ${MEDIA_LINK_FLAGS})
+
set_target_properties(${LIB_NAME} PROPERTIES PREFIX "")
set_target_properties(${LIB_NAME_STATIC} PROPERTIES PREFIX "")
Reference in New Issue View Git Blame Copy Permalink