From 559872b175d34a88a395821a799a8d5d79b78914 Mon Sep 17 00:00:00 2001
From: tron <tron@NetBSD.org>
Date: Thu, 12 Nov 2009 13:22:34 +0000
Subject: [PATCH] Invent a new flag "USE_SSP_DEFAULT" which defines whether we
 want to use SSP for building the whole source tree. Set this to "yes" for
 NetBSD/amd64 and NetBSD/i386. It is now possible to get the old behavior
 (build libs and certain programs with SSP) by setting "USE_SSP_DEFAULT" to
 "no".

---
 share/mk/bsd.README | 15 ++++++++++-----
 share/mk/bsd.sys.mk | 10 +++++++---
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/share/mk/bsd.README b/share/mk/bsd.README
index d2090ccf9f8e..c0cfb0910a5e 100644
--- a/share/mk/bsd.README
+++ b/share/mk/bsd.README
@@ -1,4 +1,4 @@
-#	$NetBSD: bsd.README,v 1.256 2009/10/23 22:14:37 joerg Exp $
+#	$NetBSD: bsd.README,v 1.257 2009/11/12 13:22:34 tron Exp $
 #	@(#)bsd.README	8.2 (Berkeley) 4/2/94
 
 This is the README file for the make "include" files for the NetBSD
@@ -385,9 +385,14 @@ USE_SKEY	If "no", disables building S/key authentication
 		Default: no
 
 USE_SSP		If "no", disables GCC stack protection code, which
-		detects stack overflows and aborts the program. This
-		imposes some performance penalty.
-		Default: no
+		detects stack overflows and aborts the program. The
+		stack protecion code imposes a performance penalty
+		of about 5%
+		Default: no, unless "USE_FORT" is set to "yes"
+
+USE_SSP_DEFAULT	The default of "USE_SSP" for part of the tree (e.g. kernels)
+		that are not compiled with "USE_FORT" set to "yes".
+		Default: "yes" for amd64 and i386, "no" otherwise
 
 USE_FORT 	If "yes" turns on substitute wrappers for commonly used
 		functions that do not do bounds checking regularly, but
@@ -395,7 +400,7 @@ USE_FORT 	If "yes" turns on substitute wrappers for commonly used
 		__builtin_object_size() function to determine the buffer 
 		size where it is known and detect buffer overflows.
 		These substitute functions are in /usr/include/ssp.
-		Default: no
+		Default: depends on the part of the source tree
 
 USE_YP		If "no", disables building YP (NIS) support into
 		various system utilities/libraries that support it.
diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk
index 6431e9035318..719b4d7d56eb 100644
--- a/share/mk/bsd.sys.mk
+++ b/share/mk/bsd.sys.mk
@@ -1,4 +1,4 @@
-#	$NetBSD: bsd.sys.mk,v 1.183 2009/11/12 08:51:50 tron Exp $
+#	$NetBSD: bsd.sys.mk,v 1.184 2009/11/12 13:22:34 tron Exp $
 #
 # Build definitions used for NetBSD source tree builds.
 
@@ -61,7 +61,9 @@ HAS_SSP=	yes
 
 .if ((${MACHINE_ARCH} == "amd64") || (${MACHINE_ARCH} == "i386")) && \
      defined(_SRC_TOP_) && (${_SRC_TOP_} != "")
-USE_SSP?=	yes
+USE_SSP_DEFAULT?=	yes
+.else
+USE_SSP_DEFAULT?=	no
 .endif
 
 .if defined(USE_FORT) && (${USE_FORT} != "no")
@@ -71,7 +73,9 @@ CPPFLAGS+=	-D_FORTIFY_SOURCE=2
 .endif
 .endif
 
-.if defined(USE_SSP) && (${USE_SSP} != "no") && (${BINDIR:Ux} != "/usr/mdec")
+USE_SSP?=	${USE_SSP_DEFAULT}
+
+.if (${USE_SSP} != "no") && (${BINDIR:Ux} != "/usr/mdec")
 .if ${HAS_SSP} == "yes"
 COPTS+=		-fstack-protector -Wstack-protector --param ssp-buffer-size=1
 .endif