[libvirt] [PATCH 3/3] build: prefer -fstack-protector-strong to -all

Ján Tomko jtomko at redhat.com
Wed Jun 11 09:00:22 UTC 2014 

Check upfront if it's supported, to avoid putting both of them
on the command line.
---
 m4/virt-compile-warnings.m4 | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index 196afa7..6d632f9 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -156,6 +156,15 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
     wantwarn="$wantwarn -Wframe-larger-than=4096"
     dnl wantwarn="$wantwarn -Wframe-larger-than=256"
 
+    AC_CACHE_CHECK([whether the C compiler supports stack-protector-strong],
+      [lv_cv_gcc_fstack_protector_strong], [
+      save_CFLAGS=$CFLAGS
+      CFLAGS='-fstack-protector-strong -Werror'
+      AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]])],
+      [lv_cv_gcc_fstack_protector_strong=yes],
+      [lv_cv_gcc_fstack_protector_strong=no])
+      CFLAGS=$save_CFLAGS])
+
     # Extra special flags
     dnl -fstack-protector stuff passes gl_WARN_ADD with gcc
     dnl on Mingw32, but fails when actually used
@@ -164,13 +173,18 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
        dnl "error: -fstack-protector not supported for this target [-Werror]"
        ;;
        *-*-linux*)
-       dnl Fedora only uses -fstack-protector, but doesn't seem to
-       dnl be great overhead in adding -fstack-protector-all instead
+       dnl Prefer -fstack-protector-strong if it's available.
+       dnl There doesn't seem to be great overhead in adding
+       dnl -fstack-protector-all instead of -fstack-protector.
        dnl
-       dnl We also don't need ssp-buffer-size with -all,
+       dnl We also don't need ssp-buffer-size with -all or -strong,
        dnl since functions are protected regardless of buffer size.
        dnl wantwarn="$wantwarn --param=ssp-buffer-size=4"
-       wantwarn="$wantwarn -fstack-protector-all"
+       if test "$lv_cv_gcc_fstack_protector_strong" = yes; then
+           wantwarn="$wantwarn -fstack-protector-strong"
+       else
+           wantwarn="$wantwarn -fstack-protector-all"
+       fi
        ;;
        *-*-freebsd*)
        dnl FreeBSD ships old gcc 4.2.1 which doesn't handle
-- 
1.8.5.5

More information about the libvir-list mailing list