From: Miroslav Rezanina <>
Date: Tue, 26 Aug 2014
Subject: [PATCH 1/6] Enforce stack protector usage

Bugzilla: 1064260
If --enable-stack-protector is used is used, configure script try to use
--fstack-protector-strong. In case it's not supported, --fstack-protector-all
is enabled. If both protectors are not supported, configure does not use
any protector at all without any notification.

This patch reports error when user requests stack protector to be used and
both protector modes are not supported. Behavior is not changed in case
user do not use any of --enable-stack-protector/--disable-stack-protector.

Signed-off-by: Miroslav Rezanina <>
Signed-off-by: Paolo Bonzini <>

	configure - upstream use -fstack-protector-all as second option
                we used -fstack-protector.
                Updated to upstream behavior

Signed-off-by: Miroslav Rezanina <>
diff --git a/configure b/configure
index 4552e08..0c666e5 100755
--- a/configure
+++ b/configure
@@ -1303,14 +1303,21 @@ for flag in $gcc_flags; do
 if test "$stack_protector" != "no" ; then
-  gcc_flags="-fstack-protector-strong -fstack-protector"
+  gcc_flags="-fstack-protector-strong -fstack-protector-all"
+  sp_on=0
   for flag in $gcc_flags; do
     if compile_prog "-Werror $flag" "" ; then
+      sp_on=1
+  if test "$stack_protector" = yes; then
+    if test $sp_on = 0; then
+      error_exit "Stack protector not supported"
+    fi
+  fi
 # Workaround for  Happens with -fPIE/-fPIC and