Enforce stack protector usage

If --enable-stack-protector is used is used, configure script try to use --fstack-protector-strong. In case it's not supported, --fstack-protector-all is enabled. If both protectors are not supported, configure does not use any protector at all without any notification. This patch reports error when user requests stack protector to be used and both protector modes are not supported. Behavior is not changed in case user do not use any of --enable-stack-protector/--disable-stack-protector. Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> [Fix non-POSIX operator in test. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-07-21 02:15:04 +00:00 · 2014-07-02 10:05:24 +02:00 · 2014-07-02 10:05:24 +02:00 · 3b463a3fa8
parent 30e5210a70
commit 3b463a3fa8
1 changed files with 8 additions and 1 deletions
--- a/9
+++ b/9
@ -1489,8 +1489,9 @@ for flag in $gcc_flags; do
    fi
 done

-if test "$stack_protector" != "no" ; then
+if test "$stack_protector" != "no"; then
  gcc_flags="-fstack-protector-strong -fstack-protector-all"
+  sp_on=0
  for flag in $gcc_flags; do
    # We need to check both a compile and a link, since some compiler
    # setups fail only on a .c->.o compile and some only at link time
@ -1498,9 +1499,15 @@ if test "$stack_protector" != "no" ; then
       compile_prog "-Werror $flag" ""; then
      QEMU_CFLAGS="$QEMU_CFLAGS $flag"
      LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,$flag"
+      sp_on=1
      break
    fi
  done
+  if test "$stack_protector" = yes; then
+    if test $sp_on = 0; then
+      error_exit "Stack protector not supported"
+    fi
+  fi
 fi

 # Workaround for http://gcc.gnu.org/PR55489.  Happens with -fPIE/-fPIC and