|
 |
958e1b |
From 3938c85004bbd742c5a8c7e1480ed14c2420cd9d Mon Sep 17 00:00:00 2001
|
|
|
958e1b |
From: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
958e1b |
Date: Tue, 26 Aug 2014 13:33:14 +0200
|
|
|
958e1b |
Subject: [PATCH 1/6] Enforce stack protector usage
|
|
|
958e1b |
|
|
|
958e1b |
Message-id: <1409059994-2966-1-git-send-email-mrezanin@redhat.com>
|
|
|
958e1b |
Patchwork-id: 60699
|
|
|
958e1b |
O-Subject: [RHEL-7.1 qemu-kvm PATCH] Enforce stack protector usage
|
|
|
958e1b |
Bugzilla: 1064260
|
|
|
958e1b |
RH-Acked-by: Amos Kong <akong@redhat.com>
|
|
|
958e1b |
RH-Acked-by: Jeff Nelson <jenelson@redhat.com>
|
|
|
958e1b |
RH-Acked-by: Fam Zheng <famz@redhat.com>
|
|
|
958e1b |
|
|
|
958e1b |
From: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
958e1b |
|
|
|
958e1b |
If --enable-stack-protector is used is used, configure script try to use
|
|
|
958e1b |
--fstack-protector-strong. In case it's not supported, --fstack-protector-all
|
|
|
958e1b |
is enabled. If both protectors are not supported, configure does not use
|
|
|
958e1b |
any protector at all without any notification.
|
|
|
958e1b |
|
|
|
958e1b |
This patch reports error when user requests stack protector to be used and
|
|
|
958e1b |
both protector modes are not supported. Behavior is not changed in case
|
|
|
958e1b |
user do not use any of --enable-stack-protector/--disable-stack-protector.
|
|
|
958e1b |
|
|
|
958e1b |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
958e1b |
[Fix non-POSIX operator in test. - Paolo]
|
|
|
958e1b |
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
958e1b |
|
|
|
958e1b |
(cherry picked from commit 3b463a3fa8f7690ffa3ef273993dff349b3a73d3)
|
|
|
958e1b |
|
|
|
958e1b |
Conflicts:
|
|
|
958e1b |
configure - upstream use -fstack-protector-all as second option
|
|
|
958e1b |
we used -fstack-protector.
|
|
|
958e1b |
Updated to upstream behavior
|
|
|
958e1b |
|
|
|
958e1b |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
958e1b |
---
|
|
|
958e1b |
configure | 9 ++++++++-
|
|
|
958e1b |
1 files changed, 8 insertions(+), 1 deletions(-)
|
|
|
958e1b |
|
|
|
958e1b |
diff --git a/configure b/configure
|
|
|
958e1b |
index 4552e08..0c666e5 100755
|
|
|
958e1b |
--- a/configure
|
|
|
958e1b |
+++ b/configure
|
|
|
958e1b |
@@ -1303,14 +1303,21 @@ for flag in $gcc_flags; do
|
|
|
958e1b |
done
|
|
|
958e1b |
|
|
|
958e1b |
if test "$stack_protector" != "no" ; then
|
|
|
958e1b |
- gcc_flags="-fstack-protector-strong -fstack-protector"
|
|
|
958e1b |
+ gcc_flags="-fstack-protector-strong -fstack-protector-all"
|
|
|
958e1b |
+ sp_on=0
|
|
|
958e1b |
for flag in $gcc_flags; do
|
|
|
958e1b |
if compile_prog "-Werror $flag" "" ; then
|
|
|
958e1b |
QEMU_CFLAGS="$QEMU_CFLAGS $flag"
|
|
|
958e1b |
LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,$flag"
|
|
|
958e1b |
+ sp_on=1
|
|
|
958e1b |
break
|
|
|
958e1b |
fi
|
|
|
958e1b |
done
|
|
|
958e1b |
+ if test "$stack_protector" = yes; then
|
|
|
958e1b |
+ if test $sp_on = 0; then
|
|
|
958e1b |
+ error_exit "Stack protector not supported"
|
|
|
958e1b |
+ fi
|
|
|
958e1b |
+ fi
|
|
|
958e1b |
fi
|
|
|
958e1b |
|
|
|
958e1b |
# Workaround for http://gcc.gnu.org/PR55489. Happens with -fPIE/-fPIC and
|
|
|
958e1b |
--
|
|
|
958e1b |
1.7.1
|
|
|
958e1b |
|