From f790286c330cce911868720af0c9da1acc0decb6 Mon Sep 17 00:00:00 2001
From: Andrey Churbanov <Andrey.Churbanov@intel.com>
Date: Fri, 20 Feb 2015 17:55:48 +0000
Subject: [PATCH] Added some compiler flags for security on Linux and Mac link
 stages.

llvm-svn: 230027
---
 openmp/runtime/tools/src/common-tools.mk | 35 +++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/openmp/runtime/tools/src/common-tools.mk b/openmp/runtime/tools/src/common-tools.mk
index 5c9dcb7..d291dca 100644
--- a/openmp/runtime/tools/src/common-tools.mk
+++ b/openmp/runtime/tools/src/common-tools.mk
@@ -85,11 +85,9 @@ ifneq "$(filter lin mac,$(os))" ""
     ifneq "$(CPLUSPLUS)" "on"
         c-flags += -std=gnu99
     endif
-    # Generate position-independent code (a must for shared objects).
-    ifeq "$(LINK_TYPE)" "dyna"
-        c-flags   += -fPIC
-        cxx-flags += -fPIC
-    endif
+    # Generate position-independent code (SDL requirements).
+    c-flags   += -fPIC
+    cxx-flags += -fPIC
     # Emit debugging information.
     ifeq "$(DEBUG_INFO)" "on"
         c-flags   += -g
@@ -199,16 +197,28 @@ ifneq "$(arch)" "mic"
             ld-flags += -m elf_x86_64
         endif
         ld-flags     += -x -lc -ldl
+	# SDL (Security Development Lifecycle) flags:
+	# -z noexecstack - Stack execution protection.
+	# -z relro -z now - Data relocation and protection.
+        ld-flags     += -z relro -z now
         ld-flags     += -z noexecstack
         ld-flags-dll += -soname=$(@F)
     endif
     ifeq "$(ld)" "$(c)"
         ld-out    = $(c-out)
+	# SDL (Security Development Lifecycle) flags:
+	# -z noexecstack - Stack execution protection.
+	# -z relro -z now - Data relocation and protection.
+        ld-flags     += -Wl,-z,relro -Wl,-z,now
         ld-flags += -Wl,-z,noexecstack
         ld-flags-dll += -Wl,-soname=$(@F)
     endif
     ifeq "$(ld)" "$(cxx)"
         ld-out    = $(cxx-out)
+	# SDL (Security Development Lifecycle) flags:
+	# -z noexecstack - Stack execution protection.
+	# -z relro -z now - Data relocation and protection.
+        ld-flags     += -Wl,-z,relro -Wl,-z,now
         ld-flags += -Wl,-z,noexecstack
         ld-flags-dll += -Wl,-soname=$(@F)
     endif
@@ -239,6 +249,11 @@ ifeq "$(arch)" "mic"
         ld-out   = -o$(space)
         ld-flags += -m elf_l1om_fbsd
         ld-flags-dll += -shared -x -lc
+	# SDL (Security Development Lifecycle) flags:
+	# -z noexecstack - Stack execution protection.
+	# -z relro -z now - Data relocation and protection.
+        ld-flags     += -z noexecstack
+        ld-flags     += -z relro -z now
         ld-flags-dll += -soname=$(@F)
         # Now find out path to libraries.
             ld-flags-L := $(shell $(c) -Wl,-v -\# 2>&1 | grep -e "-L")
@@ -254,10 +269,20 @@ ifeq "$(arch)" "mic"
     ifeq "$(ld)" "$(c)"
         ld-out        = $(c-out)
         ld-flags-dll += -shared -Wl,-x -Wl,-soname=$(@F)
+	# SDL (Security Development Lifecycle) flags:
+	# -z noexecstack - Stack execution protection.
+	# -z relro -z now - Data relocation and protection.
+        ld-flags     += -Wl,-z,noexecstack
+        ld-flags     += -Wl,-z,relro -Wl,-z,now
     endif
     ifeq "$(ld)" "$(cxx)"
         ld-out        = $(cxx-out)
         ld-flags-dll += -shared -Wl,-x -Wl,-soname=$(@F)
+	# SDL (Security Development Lifecycle) flags:
+	# -z noexecstack - Stack execution protection.
+	# -z relro -z now - Data relocation and protection.
+        ld-flags     += -Wl,-z,noexecstack
+        ld-flags     += -Wl,-z,relro -Wl,-z,now
     endif
 endif
 
-- 
2.7.4