From 67814c90ae878996f37541b5157d83ac16fdecf1 Mon Sep 17 00:00:00 2001 From: sunsuodong Date: Sat, 14 Aug 2021 15:43:30 +0800 Subject: [PATCH] secure option --- cmake/external_libs/glog.cmake | 14 ++++--- mindspore/lite/CMakeLists.txt | 41 ++++++------------- mindspore/lite/cmake/secure_option.cmake | 32 +++++++++++++++ mindspore/lite/java/native/CMakeLists.txt | 13 ++++-- mindspore/lite/src/CMakeLists.txt | 3 -- .../lite/src/delegate/tensorrt/CMakeLists.txt | 22 ++++++++-- mindspore/lite/test/runtest.sh | 7 ++++ .../providers/NNIE/Hi3516D/compile_nnie.sh | 2 + 8 files changed, 90 insertions(+), 44 deletions(-) create mode 100644 mindspore/lite/cmake/secure_option.cmake diff --git a/cmake/external_libs/glog.cmake b/cmake/external_libs/glog.cmake index f7ab7f9871e..66f1c508218 100644 --- a/cmake/external_libs/glog.cmake +++ b/cmake/external_libs/glog.cmake @@ -1,13 +1,15 @@ -set(glog_CXXFLAGS "-D_FORTIFY_SOURCE=2 -O2 ${SECURE_CXX_FLAGS} -Dgoogle=mindspore_private") -set(glog_CFLAGS "-D_FORTIFY_SOURCE=2 -O2") -if(NOT ENABLE_GLIBCXX) - set(glog_CXXFLAGS "${glog_CXXFLAGS} -D_GLIBCXX_USE_CXX11_ABI=0") -endif() - if(BUILD_LITE) + set(glog_CXXFLAGS "-D_FORTIFY_SOURCE=2 -O2 ${SECURE_CXX_FLAGS} -Dgoogle=mindspore_private") + set(glog_CFLAGS "-D_FORTIFY_SOURCE=2 -O2 ${SECURE_C_FLAGS}") + set(glog_LDFLAGS "${SECURE_SHARED_LINKER_FLAGS}") set(glog_patch "") set(glog_lib glog) else() + set(glog_CXXFLAGS "-D_FORTIFY_SOURCE=2 -O2 ${SECURE_CXX_FLAGS} -Dgoogle=mindspore_private") + set(glog_CFLAGS "-D_FORTIFY_SOURCE=2 -O2") + if(NOT ENABLE_GLIBCXX) + set(glog_CXXFLAGS "${glog_CXXFLAGS} -D_GLIBCXX_USE_CXX11_ABI=0") + endif() set(glog_patch ${CMAKE_SOURCE_DIR}/third_party/patch/glog/glog.patch001) set(glog_lib mindspore_glog) endif() diff --git a/mindspore/lite/CMakeLists.txt b/mindspore/lite/CMakeLists.txt index b96b0e65bf6..e1c02161c03 100644 --- a/mindspore/lite/CMakeLists.txt +++ b/mindspore/lite/CMakeLists.txt @@ -2,6 +2,9 @@ cmake_minimum_required(VERSION 3.12) project(Lite) set(BUILD_LITE "on") + +include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/secure_option.cmake) + if(TOOLCHAIN_NAME STREQUAL "himix200") set(TARGET_HIMIX200 on) add_compile_definitions(SUPPORT_NNIE) @@ -238,50 +241,32 @@ if(ENABLE_ASAN) endif() set(PKG_NAME_PREFIX mindspore-lite-${MS_VERSION_MAJOR}.${MS_VERSION_MINOR}.${MS_VERSION_REVISION}) -set(CMAKE_SKIP_RPATH TURE) if(MSVC) add_compile_definitions(SUPPORT_MSVC) add_compile_definitions(_ENABLE_ATOMIC_ALIGNMENT_FIX) set(CMAKE_C_FLAGS "/O2 /EHsc /GS /Zi /utf-8") set(CMAKE_CXX_FLAGS "/O2 /EHsc /GS /Zi /utf-8 /std:c++17") - if(CMAKE_SIZEOF_VOID_P EQUAL 4) - set(CMAKE_SHARED_LINKER_FLAGS "/SAFESEH ${CMAKE_SHARED_LINKER_FLAGS}") - set(CMAKE_EXE_LINKER_FLAGS "/SAFESEH ${CMAKE_EXE_LINKER_FLAGS}") - endif() - set(CMAKE_SHARED_LINKER_FLAGS "/NXCOMPAT /DYNAMICBASE /DEBUG ${CMAKE_SHARED_LINKER_FLAGS}") - set(CMAKE_EXE_LINKER_FLAGS "/NXCOMPAT /DYNAMICBASE /DEBUG ${CMAKE_EXE_LINKER_FLAGS}") + set(CMAKE_SHARED_LINKER_FLAGS "/DEBUG ${SECURE_SHARED_LINKER_FLAGS} ${CMAKE_SHARED_LINKER_FLAGS}") + set(CMAKE_EXE_LINKER_FLAGS "/DEBUG ${SECURE_SHARED_LINKER_FLAGS} ${CMAKE_EXE_LINKER_FLAGS}") else() string(REPLACE "-g" "" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") string(REPLACE "-g" "" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") - set(LITE_COMPILE_FLAGS "-fPIC -fPIE -D_FORTIFY_SOURCE=2 -O2 -Wall -Werror -fstack-protector-strong -Wno-attributes \ - -Wno-deprecated-declarations -Wno-missing-braces") - set(CMAKE_C_FLAGS "${LITE_COMPILE_FLAGS} ${CMAKE_C_FLAGS}") - set(CMAKE_C_FLAGS_DEBUG "-DDebug -g -fvisibility=default") - set(CMAKE_CXX_FLAGS "${LITE_COMPILE_FLAGS} -Wno-overloaded-virtual ${CMAKE_CXX_FLAGS} -std=c++17") + set(CMAKE_C_FLAGS "-D_FORTIFY_SOURCE=2 -O2 -Wall -Werror -Wno-attributes -Wno-deprecated-declarations \ + -Wno-missing-braces ${SECURE_C_FLAGS} ${CMAKE_C_FLAGS}") + set(CMAKE_CXX_FLAGS "-D_FORTIFY_SOURCE=2 -O2 -Wall -Werror -Wno-attributes -Wno-deprecated-declarations \ + -Wno-missing-braces -Wno-overloaded-virtual -std=c++17 ${SECURE_CXX_FLAGS} ${CMAKE_CXX_FLAGS}") + + set(CMAKE_C_FLAGS_DEBUG "-DDebug -g -fvisibility=default") set(CMAKE_CXX_FLAGS_DEBUG "-DDebug -g -fvisibility=default") if("${CMAKE_BUILD_TYPE}" STREQUAL "Debug") string(REPLACE "-O2" "-O0" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") string(REPLACE "-O2" "-O0" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") endif() - - if(WIN32) - if(CMAKE_SIZEOF_VOID_P EQUAL 4) - set(CMAKE_SHARED_LINKER_FLAGS "-Wl,--no-seh ${CMAKE_SHARED_LINKER_FLAGS}") - set(CMAKE_EXE_LINKER_FLAGS "-Wl,--no-seh ${CMAKE_EXE_LINKER_FLAGS}") - endif() - set(CMAKE_SHARED_LINKER_FLAGS "-Wl,--nxcompat -Wl,--dynamicbase ${CMAKE_SHARED_LINKER_FLAGS}") - set(CMAKE_EXE_LINKER_FLAGS "-Wl,--nxcompat -Wl,--dynamicbase ${CMAKE_EXE_LINKER_FLAGS}") - else() - set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now -Wl,-z,noexecstack -s ${CMAKE_SHARED_LINKER_FLAGS}") - set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro,-z,now -Wl,-z,noexecstack -s -pie ${CMAKE_EXE_LINKER_FLAGS}") - if("${CMAKE_BUILD_TYPE}" STREQUAL "Debug") - string(REPLACE "-s " "" CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS}") - string(REPLACE "-s " "" CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS}") - endif() - endif() + set(CMAKE_SHARED_LINKER_FLAGS "${SECURE_SHARED_LINKER_FLAGS} ${CMAKE_SHARED_LINKER_FLAGS}") + set(CMAKE_EXE_LINKER_FLAGS "${SECURE_EXE_LINKER_FLAGS} ${CMAKE_EXE_LINKER_FLAGS}") endif() if(SUPPORT_NPU) diff --git a/mindspore/lite/cmake/secure_option.cmake b/mindspore/lite/cmake/secure_option.cmake new file mode 100644 index 00000000000..f1ff567d2ab --- /dev/null +++ b/mindspore/lite/cmake/secure_option.cmake @@ -0,0 +1,32 @@ +set(CMAKE_SKIP_RPATH TRUE) +set(CMAKE_SKIP_BUILD_RPATH TRUE) +set(CMAKE_SKIP_INSTALL_RPATH TRUE) + +if(MSVC) + set(SECURE_C_FLAGS "/GS") + set(SECURE_CXX_FLAGS "/GS") + set(SECURE_SHARED_LINKER_FLAGS "/NXCOMPAT /DYNAMICBASE") + set(SECURE_EXE_LINKER_FLAGS "/NXCOMPAT /DYNAMICBASE") + if(CMAKE_SIZEOF_VOID_P EQUAL 4) + set(SECURE_SHARED_LINKER_FLAGS "/SAFESEH ${CMAKE_SHARED_LINKER_FLAGS}") + set(SECURE_EXE_LINKER_FLAGS "/SAFESEH ${CMAKE_EXE_LINKER_FLAGS}") + endif() +else() + set(SECURE_C_FLAGS "-fPIC -fPIE -fstack-protector-strong") + set(SECURE_CXX_FLAGS "-fPIC -fPIE -fstack-protector-strong") + if(WIN32) + set(SECURE_SHARED_LINKER_FLAGS "-Wl,--nxcompat -Wl,--dynamicbase") + set(SECURE_EXE_LINKER_FLAGS "-Wl,--nxcompat -Wl,--dynamicbase") + if(CMAKE_SIZEOF_VOID_P EQUAL 4) + set(SECURE_SHARED_LINKER_FLAGS "-Wl,--no-seh ${SECURE_SHARED_LINKER_FLAGS}") + set(SECURE_EXE_LINKER_FLAGS "-Wl,--no-seh ${SECURE_EXE_LINKER_FLAGS}") + endif() + else() + set(SECURE_SHARED_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -s ") + set(SECURE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -s -pie") + if("${CMAKE_BUILD_TYPE}" STREQUAL "Debug") + string(REPLACE "-s " "" SECURE_SHARED_LINKER_FLAGS "${SECURE_SHARED_LINKER_FLAGS}") + string(REPLACE "-s " "" SECURE_EXE_LINKER_FLAGS "${SECURE_EXE_LINKER_FLAGS}") + endif() + endif() +endif() diff --git a/mindspore/lite/java/native/CMakeLists.txt b/mindspore/lite/java/native/CMakeLists.txt index 1b7a4e38e57..bc7837d4229 100644 --- a/mindspore/lite/java/native/CMakeLists.txt +++ b/mindspore/lite/java/native/CMakeLists.txt @@ -2,7 +2,10 @@ cmake_minimum_required(VERSION 3.10) project(Lite-java) set(BUILD_LITE "on") -set(CMAKE_SKIP_RPATH TURE) + +set(CMAKE_SKIP_RPATH TRUE) +set(CMAKE_SKIP_BUILD_RPATH TRUE) +set(CMAKE_SKIP_INSTALL_RPATH TRUE) if(PLATFORM_ARM64 OR PLATFORM_ARM32) set(PLATFORM_ARM "on") @@ -24,8 +27,12 @@ else() set(CMAKE_CXX_FLAGS "-Wno-error=maybe-uninitialized ${CMAKE_CXX_FLAGS}") endif() if(NOT WIN32) - set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now -Wl,-z,noexecstack ${CMAKE_SHARED_LINKER_FLAGS}") - set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro,-z,now -Wl,-z,noexecstack ${CMAKE_EXE_LINKER_FLAGS}") + set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro,-z,now -Wl,-z,noexecstack -s ${CMAKE_SHARED_LINKER_FLAGS}") + set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro,-z,now -Wl,-z,noexecstack -s -pie ${CMAKE_EXE_LINKER_FLAGS}") + if("${CMAKE_BUILD_TYPE}" STREQUAL "Debug") + string(REPLACE "-s " "" CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS}") + string(REPLACE "-s " "" CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS}") + endif() endif() endif() diff --git a/mindspore/lite/src/CMakeLists.txt b/mindspore/lite/src/CMakeLists.txt index 7e337463d7f..c1f233651de 100644 --- a/mindspore/lite/src/CMakeLists.txt +++ b/mindspore/lite/src/CMakeLists.txt @@ -3,9 +3,6 @@ if(ENABLE_V0) add_definitions(-DENABLE_V0) endif() include_directories(${CCSRC_DIR}/backend/kernel_compiler/cpu) -set(LITE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..) -include_directories(${LITE_DIR}/nnacl/) -include_directories(${LITE_DIR}/nnacl/optimize) if(PLATFORM_ARM32 OR PLATFORM_ARM64) #for performance diff --git a/mindspore/lite/src/delegate/tensorrt/CMakeLists.txt b/mindspore/lite/src/delegate/tensorrt/CMakeLists.txt index ccf4b2b9a3f..3d621fe0ba3 100644 --- a/mindspore/lite/src/delegate/tensorrt/CMakeLists.txt +++ b/mindspore/lite/src/delegate/tensorrt/CMakeLists.txt @@ -6,17 +6,31 @@ file(GLOB_RECURSE TENSORRT_RUNTIME_SRC ${CMAKE_CURRENT_SOURCE_DIR}/../delegate_utils.cc ) add_library(libcudart SHARED IMPORTED) -set_target_properties(libcudart PROPERTIES IMPORTED_LOCATION - ${CUDA_LIB_PATH}/libcudart.so) +set_target_properties(libcudart PROPERTIES IMPORTED_LOCATION ${CUDA_LIB_PATH}/libcudart.so) + +add_library(libcudnn SHARED IMPORTED) +set_target_properties(libcudnn PROPERTIES IMPORTED_LOCATION ${CUDA_LIB_PATH}/libcudnn.so.8) + +add_library(libnvrtc SHARED IMPORTED) +set_target_properties(libnvrtc PROPERTIES IMPORTED_LOCATION ${CUDA_LIB_PATH}/libnvrtc.so.11.1) + +add_library(libcublas SHARED IMPORTED) +set_target_properties(libcublas PROPERTIES IMPORTED_LOCATION ${CUDA_LIB_PATH}/libcublas.so.11) + +add_library(libcublasLt SHARED IMPORTED) +set_target_properties(libcublasLt PROPERTIES IMPORTED_LOCATION ${CUDA_LIB_PATH}/libcublasLt.so.11) add_library(libnvinfer SHARED IMPORTED) -set_target_properties(libnvinfer PROPERTIES IMPORTED_LOCATION - ${TENSORRT_LIB_PATH}/libnvinfer.so) +set_target_properties(libnvinfer PROPERTIES IMPORTED_LOCATION ${TENSORRT_LIB_PATH}/libnvinfer.so) add_library(tensorrt_kernel_mid OBJECT ${TENSORRT_RUNTIME_SRC}) add_dependencies(tensorrt_kernel_mid fbs_src) target_link_libraries( tensorrt_kernel_mid libcudart + libcudnn + libnvrtc + libcublas + libcublasLt libnvinfer ) diff --git a/mindspore/lite/test/runtest.sh b/mindspore/lite/test/runtest.sh index 91a33f61883..73311bf7a67 100644 --- a/mindspore/lite/test/runtest.sh +++ b/mindspore/lite/test/runtest.sh @@ -12,6 +12,13 @@ mkdir -pv ${CUR_DIR}/do_test # prepare data for ut cd ${CUR_DIR}/do_test cp ${BUILD_DIR}/test/lite-test ./ +cp ${BUILD_DIR}/googletest/googlemock/gtest/libgtest.so ./ +tar -xzf ../../../../output/mindspore-lite-*.tar.gz --strip-components=3 --wildcards *runtime/lib/*.so* || true +tar -xzf ../../../../output/mindspore-lite-*.tar.gz --strip-components=4 --wildcards *converter/lib/*.so* || true +tar -xzf ../../../../output/mindspore-lite-*.tar.gz --strip-components=5 --wildcards *libjpeg-turbo/lib/*.so* || true +ls -l *.so* +export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:./ + cp -r ${CUR_DIR}/ut/src/runtime/kernel/arm/test_data/* ./ cp -r ${CUR_DIR}/ut/tools/converter/parser/tflite/test_data/* ./ # prepare data for dataset diff --git a/mindspore/lite/tools/providers/NNIE/Hi3516D/compile_nnie.sh b/mindspore/lite/tools/providers/NNIE/Hi3516D/compile_nnie.sh index 4810b6239f1..89c451ed77b 100644 --- a/mindspore/lite/tools/providers/NNIE/Hi3516D/compile_nnie.sh +++ b/mindspore/lite/tools/providers/NNIE/Hi3516D/compile_nnie.sh @@ -14,6 +14,8 @@ function Run_Build_x86() { rm -rf ${nnie_code_path}/mindspore/mindspore/lite/tools/converter/nnie/third_party/ms_lite/ mkdir -p ${nnie_code_path}/mindspore/mindspore/lite/tools/converter/nnie/third_party/ms_lite/ || exit 1 cp -r ./tools/ ${nnie_code_path}/mindspore/mindspore/lite/tools/converter/nnie/third_party/ms_lite/ || exit 1 + mkdir -pv ${open_source_ms_path}/mindspore/lite/test/do_test + cp ./tools/converter/lib/*.so* ${open_source_ms_path}/mindspore/lite/test/do_test # compile nnie converter so export MSLITE_ENABLE_NNIE=on