From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Cc: Siddhesh Poyarekar <siddhesh@sourceware.org>,
Mark Wielaard <mark@klomp.org>
Subject: [PATCH] configure: Test for _FORTIFY_SOURCE=3 support.
Date: Thu, 10 Mar 2022 18:06:52 +0100 [thread overview]
Message-ID: <20220310170652.22420-1-mark@klomp.org> (raw)
_FORTIFY_SOURCE=3 adds extra glibc (dynamic) fortification checks
when using GCC 12.
This adds a configure check to see if -D_FORTIFY_SOURCE=3 can be used.
If not, configure will fall back to -D_FORTIFY_SOURCE=2.
On some older glibc versions (glibc 2.17) using -D_FORTIFY_SOURCE=3
provides the same fortification as _FORTIFY_SOURCE=2. On some newer
glibc versions and older GCC (glibc 2.34 amd gcc 11) using
-D_FORTIFY_SOURCE=3 produces a not supported warning (and we fall
back to -D_FORTIFY_SOURCE=2). With newer glibc and newer GCC versions
(glibc 2.35 and gcc 12) -D_FORTIFY_SOURCE=3 will use the newer dynamic
fortification checks.
This patch also makes sure that AC_PROG_CXX is used earlier so that
CXXFLAGS is always setup correctly (even if we then don't use it).
And it outputs both the CFLAGS and CXXFLAGS as used at the end.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
https://code.wildebeest.org/git/user/mjw/elfutils/commit/?h=_FORTIFY_SOURCE3
ChangeLog | 6 ++++++
configure.ac | 37 +++++++++++++++++++++++++++----------
2 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f00db17b..bfa666c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2022-03-10 Mark Wielaard <mark@klomp.org>
+
+ * configure.ac: Move AC_PROG_CXX earlier. Check for both
+ -D_FORTIFY_SOURCE=3 and -D_FORTIFY_SOURCE=2 support. Also
+ set CXXFLAGS. Output final CFLAGS and CXXFLAGS setting.
+
2021-12-04 Mark Wielaard <mark@klomp.org>
* configure.ac: Add --enable-sanitize-address.
diff --git a/configure.ac b/configure.ac
index 48071165..52882fa9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,6 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
dnl Configure input file for elfutils. -*-autoconf-*-
dnl
dnl Copyright (C) 1996-2019 Red Hat, Inc.
+dnl Copyright (C) 2022 Mark J. Wielaard <mark@klomp.org>
dnl
dnl This file is part of elfutils.
dnl
@@ -88,6 +89,7 @@ AS_IF([test "$use_locks" = yes],
AH_TEMPLATE([USE_LOCKS], [Defined if libraries should be thread-safe.])
AC_PROG_CC_C99
+AC_PROG_CXX
AC_PROG_RANLIB
AC_PROG_YACC
AM_PROG_LEX
@@ -231,25 +233,38 @@ AC_CACHE_CHECK([whether fts.h is bad when included (with LFS)], ac_cv_bad_fts,
AS_IF([test "x$ac_cv_bad_fts" = "xyes"],
[CFLAGS="$CFLAGS -DBAD_FTS=1" CXXFLAGS="$CXXFLAGS -DBAD_FTS=1"])
-# See if we can add -D_FORTIFY_SOURCE=2. Don't do it if it is already
+# See if we can add -D_FORTIFY_SOURCE=2 or =3. Don't do it if it is already
# (differently) defined or if it generates warnings/errors because we
# don't use the right optimisation level (string.h will warn about that).
-AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CFLAGS])
+AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 or =3 to CFLAGS])
case "$CFLAGS" in
- *-D_FORTIFY_SOURCE=2*)
+ *-D_FORTIFY_SOURCE=*)
AC_MSG_RESULT([no, already there])
;;
*)
save_CFLAGS="$CFLAGS"
- CFLAGS="-D_FORTIFY_SOURCE=2 $CFLAGS -Werror"
+ # Try 3 first.
+ CFLAGS="-D_FORTIFY_SOURCE=3 $save_CFLAGS -Werror"
+ fortified_cflags=""
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
#include <string.h>
int main() { return 0; }
- ]])], [ AC_MSG_RESULT([yes])
- CFLAGS="-D_FORTIFY_SOURCE=2 $save_CFLAGS" ],
- [ AC_MSG_RESULT([no])
- CFLAGS="$save_CFLAGS"])
- ;;
+ ]])], [ AC_MSG_RESULT([yes -D_FORTIFY_SOURCE=3])
+ fortified_cflags="-D_FORTIFY_SOURCE=3" ], [])
+
+ # If that didn't work, try 2.
+ if test -z "$fortified_cflags"; then
+ CFLAGS="-D_FORTIFY_SOURCE=2 $save_CFLAGS -Werror"
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+ #include <string.h>
+ int main() { return 0; }
+ ]])], [ AC_MSG_RESULT([yes -D_FORTIFY_SOURCE=2])
+ fortified_cflags="-D_FORTIFY_SOURCE=2" ],
+ [ AC_MSG_RESULT([no, cannot be used])])
+ fi
+ CFLAGS="$fortified_cflags $save_CFLAGS"
+ CXXFLAGS="$fortified_cflags $CXXFLAGS"
+ ;;
esac
dnl enable debugging of branch prediction.
@@ -757,7 +772,6 @@ AM_CONDITIONAL([DUMMY_LIBDEBUGINFOD],[test "x$enable_libdebuginfod" = "xdummy"])
# Look for libmicrohttpd, libarchive, sqlite for debuginfo server
# minimum versions as per rhel7.
AC_ARG_ENABLE([debuginfod],AC_HELP_STRING([--enable-debuginfod], [Build debuginfod server]))
-AC_PROG_CXX
AS_IF([test "x$enable_debuginfod" != "xno"], [
AC_MSG_NOTICE([checking debuginfod C++11 support, --disable-debuginfod to skip])
AX_CXX_COMPILE_STDCXX(11, noext, mandatory)
@@ -804,6 +818,9 @@ AC_MSG_NOTICE([
Maintainer mode : ${enable_maintainer_mode}
build arch : ${ac_cv_build}
+ CFLAGS=${CFLAGS}
+ CXXFLAGS=${CXXFLAGS}
+
RECOMMENDED FEATURES (should all be yes)
gzip support : ${with_zlib}
bzip2 support : ${with_bzlib}
--
2.18.4
next reply other threads:[~2022-03-10 17:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-10 17:06 Mark Wielaard [this message]
2022-03-14 11:56 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220310170652.22420-1-mark@klomp.org \
--to=mark@klomp.org \
--cc=elfutils-devel@sourceware.org \
--cc=siddhesh@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).