From 98c011bb8d3805dbd59d606753533fc0c8b12a64 Mon Sep 17 00:00:00 2001 From: Nate Ohlson Date: Mon, 22 Jul 2024 16:39:45 -0500 Subject: [PATCH 1/5] Make fortify source option check -Werror --- configure | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/configure b/configure index 7b3dfa71a2a192..52988f77f6d926 100755 --- a/configure +++ b/configure @@ -9788,13 +9788,13 @@ if test "$enable_slower_safety" = "yes" then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=3" >&5 printf %s "checking whether C compiler accepts -D_FORTIFY_SOURCE=3... " >&6; } -if test ${ax_cv_check_cflags___D_FORTIFY_SOURCE_3+y} +if test ${ax_cv_check_cflags__Werror__D_FORTIFY_SOURCE_3+y} then : printf %s "(cached) " >&6 else $as_nop ax_check_save_flags=$CFLAGS - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=3" + CFLAGS="$CFLAGS -Werror -D_FORTIFY_SOURCE=3" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9808,16 +9808,16 @@ main (void) _ACEOF if ac_fn_c_try_compile "$LINENO" then : - ax_cv_check_cflags___D_FORTIFY_SOURCE_3=yes + ax_cv_check_cflags__Werror__D_FORTIFY_SOURCE_3=yes else $as_nop - ax_cv_check_cflags___D_FORTIFY_SOURCE_3=no + ax_cv_check_cflags__Werror__D_FORTIFY_SOURCE_3=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___D_FORTIFY_SOURCE_3" >&5 -printf "%s\n" "$ax_cv_check_cflags___D_FORTIFY_SOURCE_3" >&6; } -if test "x$ax_cv_check_cflags___D_FORTIFY_SOURCE_3" = xyes +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags__Werror__D_FORTIFY_SOURCE_3" >&5 +printf "%s\n" "$ax_cv_check_cflags__Werror__D_FORTIFY_SOURCE_3" >&6; } +if test "x$ax_cv_check_cflags__Werror__D_FORTIFY_SOURCE_3" = xyes then : BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3" else $as_nop From 505016a69866700be9f8b6f75ac44193d207abb7 Mon Sep 17 00:00:00 2001 From: Nate Ohlson Date: Tue, 23 Jul 2024 03:33:30 -0500 Subject: [PATCH 2/5] Move fortify source to disable safety for testing --- configure | 30 +++++++++++++++--------------- configure.ac | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/configure b/configure index 52988f77f6d926..4a3e6dbfe7e744 100755 --- a/configure +++ b/configure @@ -9771,21 +9771,6 @@ else $as_nop printf "%s\n" "$as_me: WARNING: -Wtrampolines not supported" >&2;} fi -fi - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --enable-slower-safety" >&5 -printf %s "checking for --enable-slower-safety... " >&6; } -# Check whether --enable-slower-safety was given. -if test ${enable_slower_safety+y} -then : - enableval=$enable_slower_safety; -fi - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_slower_safety" >&5 -printf "%s\n" "$enable_slower_safety" >&6; } - -if test "$enable_slower_safety" = "yes" -then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=3" >&5 printf %s "checking whether C compiler accepts -D_FORTIFY_SOURCE=3... " >&6; } if test ${ax_cv_check_cflags__Werror__D_FORTIFY_SOURCE_3+y} @@ -9827,6 +9812,21 @@ fi fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --enable-slower-safety" >&5 +printf %s "checking for --enable-slower-safety... " >&6; } +# Check whether --enable-slower-safety was given. +if test ${enable_slower_safety+y} +then : + enableval=$enable_slower_safety; +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_slower_safety" >&5 +printf "%s\n" "$enable_slower_safety" >&6; } + +if test "$enable_slower_safety" = "yes" +then +fi + case $GCC in yes) CFLAGS_NODIST="$CFLAGS_NODIST -std=c11" diff --git a/configure.ac b/configure.ac index 1275c199a7cf1c..c0a5b7eae8048c 100644 --- a/configure.ac +++ b/configure.ac @@ -2510,6 +2510,7 @@ if test "$disable_safety" = "no" then AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [BASECFLAGS="$BASECFLAGS -fstack-protector-strong"], [AC_MSG_WARN([-fstack-protector-strong not supported])], [-Werror]) AX_CHECK_COMPILE_FLAG([-Wtrampolines], [BASECFLAGS="$BASECFLAGS -Wtrampolines"], [AC_MSG_WARN([-Wtrampolines not supported])], [-Werror]) + AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])], [-Werror]) fi AC_MSG_CHECKING([for --enable-slower-safety]) @@ -2519,7 +2520,6 @@ AC_MSG_RESULT([$enable_slower_safety]) if test "$enable_slower_safety" = "yes" then - AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])]) fi case $GCC in From 63f9f2a1fed850c6be45742900f53e62caf81bdc Mon Sep 17 00:00:00 2001 From: Nate Ohlson Date: Tue, 23 Jul 2024 13:04:07 -0500 Subject: [PATCH 3/5] Remove empty if block in configure for testing --- configure.ac | 4 ---- 1 file changed, 4 deletions(-) diff --git a/configure.ac b/configure.ac index c0a5b7eae8048c..064bd74d73c850 100644 --- a/configure.ac +++ b/configure.ac @@ -2518,10 +2518,6 @@ AC_ARG_ENABLE([slower-safety], [AS_HELP_STRING([--enable-slower-safety], [enable usage of the security compiler options with performance overhead])],[]) AC_MSG_RESULT([$enable_slower_safety]) -if test "$enable_slower_safety" = "yes" -then -fi - case $GCC in yes) CFLAGS_NODIST="$CFLAGS_NODIST -std=c11" From ea8ded757cebef1d2dd4e8e662e523fae365e1c2 Mon Sep 17 00:00:00 2001 From: Nate Ohlson Date: Tue, 23 Jul 2024 14:31:12 -0500 Subject: [PATCH 4/5] Update configure for testing --- configure | 4 ---- 1 file changed, 4 deletions(-) diff --git a/configure b/configure index 4a3e6dbfe7e744..7adaff077fae25 100755 --- a/configure +++ b/configure @@ -9823,10 +9823,6 @@ fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_slower_safety" >&5 printf "%s\n" "$enable_slower_safety" >&6; } -if test "$enable_slower_safety" = "yes" -then -fi - case $GCC in yes) CFLAGS_NODIST="$CFLAGS_NODIST -std=c11" From 46404d8d236f2bd98b0e933f7b9dd0c0af78da35 Mon Sep 17 00:00:00 2001 From: Nate Ohlson Date: Wed, 24 Jul 2024 18:56:28 -0500 Subject: [PATCH 5/5] Revert test config --- configure | 26 +++++++++++++++----------- configure.ac | 6 +++++- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/configure b/configure index 7adaff077fae25..52988f77f6d926 100755 --- a/configure +++ b/configure @@ -9771,6 +9771,21 @@ else $as_nop printf "%s\n" "$as_me: WARNING: -Wtrampolines not supported" >&2;} fi +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --enable-slower-safety" >&5 +printf %s "checking for --enable-slower-safety... " >&6; } +# Check whether --enable-slower-safety was given. +if test ${enable_slower_safety+y} +then : + enableval=$enable_slower_safety; +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_slower_safety" >&5 +printf "%s\n" "$enable_slower_safety" >&6; } + +if test "$enable_slower_safety" = "yes" +then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=3" >&5 printf %s "checking whether C compiler accepts -D_FORTIFY_SOURCE=3... " >&6; } if test ${ax_cv_check_cflags__Werror__D_FORTIFY_SOURCE_3+y} @@ -9812,17 +9827,6 @@ fi fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --enable-slower-safety" >&5 -printf %s "checking for --enable-slower-safety... " >&6; } -# Check whether --enable-slower-safety was given. -if test ${enable_slower_safety+y} -then : - enableval=$enable_slower_safety; -fi - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_slower_safety" >&5 -printf "%s\n" "$enable_slower_safety" >&6; } - case $GCC in yes) CFLAGS_NODIST="$CFLAGS_NODIST -std=c11" diff --git a/configure.ac b/configure.ac index 064bd74d73c850..5bde6803cd5a7b 100644 --- a/configure.ac +++ b/configure.ac @@ -2510,7 +2510,6 @@ if test "$disable_safety" = "no" then AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [BASECFLAGS="$BASECFLAGS -fstack-protector-strong"], [AC_MSG_WARN([-fstack-protector-strong not supported])], [-Werror]) AX_CHECK_COMPILE_FLAG([-Wtrampolines], [BASECFLAGS="$BASECFLAGS -Wtrampolines"], [AC_MSG_WARN([-Wtrampolines not supported])], [-Werror]) - AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])], [-Werror]) fi AC_MSG_CHECKING([for --enable-slower-safety]) @@ -2518,6 +2517,11 @@ AC_ARG_ENABLE([slower-safety], [AS_HELP_STRING([--enable-slower-safety], [enable usage of the security compiler options with performance overhead])],[]) AC_MSG_RESULT([$enable_slower_safety]) +if test "$enable_slower_safety" = "yes" +then + AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])], [-Werror]) +fi + case $GCC in yes) CFLAGS_NODIST="$CFLAGS_NODIST -std=c11"