[libvirt] [PATCHv2] build: prefer -fstack-protector-strong to -all

Daniel P. Berrange berrange at redhat.com
Wed Jun 11 12:22:32 UTC 2014


On Wed, Jun 11, 2014 at 02:11:46PM +0200, Ján Tomko wrote:
> Try -fstack-protector-strong first on Linux. If that fails,
> fall back to -fstack-protector-all.
> ---
>  m4/virt-compile-warnings.m4 | 22 ++++++++++++++++++----
>  1 file changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
> index 196afa7..532a777 100644
> --- a/m4/virt-compile-warnings.m4
> +++ b/m4/virt-compile-warnings.m4
> @@ -164,13 +164,14 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
>         dnl "error: -fstack-protector not supported for this target [-Werror]"
>         ;;
>         *-*-linux*)
> -       dnl Fedora only uses -fstack-protector, but doesn't seem to
> -       dnl be great overhead in adding -fstack-protector-all instead
> +       dnl Prefer -fstack-protector-strong if it's available.
> +       dnl There doesn't seem to be great overhead in adding
> +       dnl -fstack-protector-all instead of -fstack-protector.
>         dnl
> -       dnl We also don't need ssp-buffer-size with -all,
> +       dnl We also don't need ssp-buffer-size with -all or -strong,
>         dnl since functions are protected regardless of buffer size.
>         dnl wantwarn="$wantwarn --param=ssp-buffer-size=4"
> -       wantwarn="$wantwarn -fstack-protector-all"
> +       wantwarn="$wantwarn -fstack-protector-strong"
>         ;;
>         *-*-freebsd*)
>         dnl FreeBSD ships old gcc 4.2.1 which doesn't handle
> @@ -201,6 +202,19 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
>        gl_WARN_ADD([$w])
>      done
>  
> +    case $host in
> +        *-*-linux*)
> +        dnl Fall back to -fstack-protector-all if -strong is not available
> +        case $WARN_CFLAGS in
> +        *-fstack-protector-strong*)
> +        ;;
> +        *)
> +            gl_WARN_ADD(["-fstack-protector-all"])
> +        ;;
> +        esac
> +        ;;
> +    esac
> +
>      # Silence certain warnings in gnulib, and use improved glibc headers
>      AC_DEFINE([lint], [1],
>        [Define to 1 if the compiler is checking for lint.])

ACK


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list