[dm-devel] [PATCH] multipath-tools: Makefile.inc: add test for -D_FORTIFY_SOURCE=3
Martin Liška
mliska at suse.cz
Tue May 10 06:59:58 UTC 2022
On 5/9/22 23:15, Benjamin Marzinski wrote:
> On Mon, May 09, 2022 at 05:21:27PM +0200, mwilck at suse.com wrote:
>> From: Martin Wilck <mwilck at suse.com>
Reviewed-by: Martin Liska <mliska at suse.cz>
>
> Reviewed-by: Benjamin Marzinski <bmarzins at redhat.com>
>
>>
>> 6186645 ("Fix possibility to redefine -D_FORTIFY_SOURCE macro.")
>> does not work as-is, because OPTFLAGS can't be used to override CPPFLAGS.
>> Instead, add a test for support of -D_FORTIFY_SOURCE=3, and use it
>> automatically if supported. The test uses similar logic as e.g.
>> https://sourceware.org/git/?p=elfutils.git;a=commit;h=29859f2e79ef3c650ee9712cae990c6a7f787a7d
>>
>> This test works in environments with glibc 2.33 or newer. On older distributions,
>> -D_FORTIFY_SOURCE=3 does not cause an error, and will thus be used. In this
>> case, it has the same effect as -D_FORTIFY_SOURCE=2. On alpine Linux (musl
>> libc), -D_FORTIFY_SOURCE=3 generates an error.
>>
>> Fixes: 6186645 ("Fix possibility to redefine -D_FORTIFY_SOURCE macro.")
>> Signed-off-by: Martin Wilck <mwilck at suse.com>
>> ---
>> Makefile.inc | 16 +++++++++++++++-
>> 1 file changed, 15 insertions(+), 1 deletion(-)
>>
>> diff --git a/Makefile.inc b/Makefile.inc
>> index cef7a06..b915c06 100644
>> --- a/Makefile.inc
>> +++ b/Makefile.inc
>> @@ -117,6 +117,20 @@ TEST_CC_OPTION = $(shell \
>> echo "$(2)"; \
>> fi)
>>
>> +# "make" on some distros will fail on explicit '#' or '\#' in the program text below
>> +__HASH__ := \#
>> +# Check if _DFORTIFY_SOURCE=3 is supported.
>> +# On some distros (e.g. Debian Buster) it will be falsely reported as supported
>> +# but it doesn't seem to make a difference wrt the compilation result.
>> +FORTIFY_OPT := $(shell \
>> + if /bin/echo -e '$(__HASH__)include <string.h>\nint main(void) { return 0; }' | \
>> + $(CC) -o /dev/null -c -O2 -Werror -D_FORTIFY_SOURCE=3 -xc - 2>/dev/null; \
>> + then \
>> + echo "-D_FORTIFY_SOURCE=3"; \
>> + else \
>> + echo "-D_FORTIFY_SOURCE=2"; \
>> + fi)
>> +
>> STACKPROT := $(call TEST_CC_OPTION,-fstack-protector-strong,-fstack-protector)
>> ERROR_DISCARDED_QUALIFIERS := $(call TEST_CC_OPTION,-Werror=discarded-qualifiers,)
>> WNOCLOBBERED := $(call TEST_CC_OPTION,-Wno-clobbered -Wno-error=clobbered,)
>> @@ -126,7 +140,7 @@ OPTFLAGS := -O2 -g $(STACKPROT) --param=ssp-buffer-size=4
>> WARNFLAGS := -Werror -Wall -Wextra -Wformat=2 $(WFORMATOVERFLOW) -Werror=implicit-int \
>> -Werror=implicit-function-declaration -Werror=format-security \
>> $(WNOCLOBBERED) -Werror=cast-qual $(ERROR_DISCARDED_QUALIFIERS)
>> -CPPFLAGS := -D_FORTIFY_SOURCE=2
>> +CPPFLAGS := $(FORTIFY_OPT)
>> CFLAGS := --std=gnu99 $(CFLAGS) $(OPTFLAGS) $(WARNFLAGS) -pipe \
>> -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \
>> -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP
>> --
>> 2.36.0
>
More information about the dm-devel
mailing list