From e9c3a35574db133eed0d23cf233e53722cf7cc88 Mon Sep 17 00:00:00 2001
From: Flatcar Buildbot <buildbot@flatcar-linux.org>
Date: Mon, 23 Oct 2023 07:12:34 +0000
Subject: [PATCH] eclass/flag-o-matic: Sync with Gentoo

It's from Gentoo commit b81724af911b1c7f0473cd850ab29c74733c5f30.
---
 .../portage-stable/eclass/flag-o-matic.eclass            | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/portage-stable/eclass/flag-o-matic.eclass b/sdk_container/src/third_party/portage-stable/eclass/flag-o-matic.eclass
index c0b042d534..382573b806 100644
--- a/sdk_container/src/third_party/portage-stable/eclass/flag-o-matic.eclass
+++ b/sdk_container/src/third_party/portage-stable/eclass/flag-o-matic.eclass
@@ -47,7 +47,7 @@ setup-allowed-flags() {
 # Note: shell globs and character lists are allowed
 _setup-allowed-flags() {
 	ALLOWED_FLAGS=(
-		-pipe -O '-O[123szg]' '-mcpu=*' '-march=*' '-mtune=*'
+		-pipe -O '-O[123szg]' '-mcpu=*' '-march=*' '-mtune=*' '-mfpmath=*'
 		-flto '-flto=*' -fno-lto
 
 		# Hardening flags
@@ -56,11 +56,16 @@ _setup-allowed-flags() {
 		'-fcf-protection=*'
 		-fbounds-check -fbounds-checking
 		-fno-PIE -fno-pie -nopie -no-pie
+		-fharden-compares -fharden-conditional-branches
+		-fharden-control-flow-redundancy -fhardcfr-skip-leaf
+		-fhardcfr-check-exceptions -fhardcfr-check-returning-calls
+		'-fhardcfr-check-noreturn-calls=*'
 		# Spectre mitigations, bug #646076
 		'-mindirect-branch=*'
 		-mindirect-branch-register
 		'-mfunction-return=*'
 		-mretpoline
+		'-mharden-sls=*'
 		'-mbranch-protection=*'
 
 		# Misc
@@ -133,6 +138,8 @@ _setup-allowed-flags() {
 		# Allow explicit stack realignment to run non-conformant
 		# binaries: bug #677852
 		-mstackrealign
+		'-mpreferred-stack-boundary=*'
+		'-mincoming-stack-boundary=*'
 	)
 	ALLOWED_FLAGS+=(
 		# Clang-only