[libvirt] [PATCH 3/3] build: prefer -fstack-protector-strong to -all
Daniel P. Berrange
berrange at redhat.com
Wed Jun 11 09:36:27 UTC 2014
On Wed, Jun 11, 2014 at 11:00:22AM +0200, Ján Tomko wrote:
> Check upfront if it's supported, to avoid putting both of them
> on the command line.
> ---
> m4/virt-compile-warnings.m4 | 22 ++++++++++++++++++----
> 1 file changed, 18 insertions(+), 4 deletions(-)
>
> diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
> index 196afa7..6d632f9 100644
> --- a/m4/virt-compile-warnings.m4
> +++ b/m4/virt-compile-warnings.m4
> @@ -156,6 +156,15 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
> wantwarn="$wantwarn -Wframe-larger-than=4096"
> dnl wantwarn="$wantwarn -Wframe-larger-than=256"
>
> + AC_CACHE_CHECK([whether the C compiler supports stack-protector-strong],
> + [lv_cv_gcc_fstack_protector_strong], [
> + save_CFLAGS=$CFLAGS
> + CFLAGS='-fstack-protector-strong -Werror'
> + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]])],
> + [lv_cv_gcc_fstack_protector_strong=yes],
> + [lv_cv_gcc_fstack_protector_strong=no])
> + CFLAGS=$save_CFLAGS])
This is really re-inventing the gnulib compiler arg checking which
I don't think is desirable.
> @@ -164,13 +173,18 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
> dnl "error: -fstack-protector not supported for this target [-Werror]"
> ;;
> *-*-linux*)
> - dnl Fedora only uses -fstack-protector, but doesn't seem to
> - dnl be great overhead in adding -fstack-protector-all instead
> + dnl Prefer -fstack-protector-strong if it's available.
> + dnl There doesn't seem to be great overhead in adding
> + dnl -fstack-protector-all instead of -fstack-protector.
> dnl
> - dnl We also don't need ssp-buffer-size with -all,
> + dnl We also don't need ssp-buffer-size with -all or -strong,
> dnl since functions are protected regardless of buffer size.
> dnl wantwarn="$wantwarn --param=ssp-buffer-size=4"
> - wantwarn="$wantwarn -fstack-protector-all"
> + if test "$lv_cv_gcc_fstack_protector_strong" = yes; then
> + wantwarn="$wantwarn -fstack-protector-strong"
> + else
> + wantwarn="$wantwarn -fstack-protector-all"
> + fi
> ;;
> *-*-freebsd*)
> dnl FreeBSD ships old gcc 4.2.1 which doesn't handle
I'd suggest we only list 'wantwarn="$wantwarn -fstack-protector-strong'
here. Then, after the 'gl_WARN_ADD' call has processed everything in
$wantwarn we check to see if $WARNING_CFLAGS contains the desired
-fstack-protector-strong arg and if not, we call gl_WARN_ADD for
-fstack-protector-all
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list