From 268eaf9acbbef7555db02bd3f15bdad9a47d13fa Mon Sep 17 00:00:00 2001 From: Michael Matloob Date: Tue, 1 Oct 2024 15:29:36 -0400 Subject: [PATCH] cmd/go/internal/security: add -ftls-model to valid compiler flags Allow -ftls-model to be passed in to a system compiler. It does not allow arbitrary code execution. See https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-ftls-model for documentation for the -ftls-model flag. Fixes #69711 Change-Id: I842a96832e6858e62c171401d13baa3391d6d00a Reviewed-on: https://go-review.googlesource.com/c/go/+/617136 LUCI-TryBot-Result: Go LUCI Reviewed-by: Ian Lance Taylor --- src/cmd/go/internal/work/security.go | 1 + src/cmd/go/internal/work/security_test.go | 1 + 2 files changed, 2 insertions(+) diff --git a/src/cmd/go/internal/work/security.go b/src/cmd/go/internal/work/security.go index 543ab225abb..957fad1b40b 100644 --- a/src/cmd/go/internal/work/security.go +++ b/src/cmd/go/internal/work/security.go @@ -91,6 +91,7 @@ var validCompilerFlags = []*lazyregexp.Regexp{ re(`-f(no-)?visibility-inlines-hidden`), re(`-fsanitize=(.+)`), re(`-ftemplate-depth-(.+)`), + re(`-ftls-model=(global-dynamic|local-dynamic|initial-exec|local-exec)`), re(`-fvisibility=(.+)`), re(`-g([^@\-].*)?`), re(`-m32`), diff --git a/src/cmd/go/internal/work/security_test.go b/src/cmd/go/internal/work/security_test.go index 68d287ec2b4..2ce7806c421 100644 --- a/src/cmd/go/internal/work/security_test.go +++ b/src/cmd/go/internal/work/security_test.go @@ -47,6 +47,7 @@ var goodCompilerFlags = [][]string{ {"-fstack-xxx"}, {"-fno-stack-xxx"}, {"-fsanitize=hands"}, + {"-ftls-model=local-dynamic"}, {"-g"}, {"-ggdb"}, {"-march=souza"},