Message ID | 20220509152127.7257-1-mwilck@suse.com (mailing list archive) |
---|---|
State | Not Applicable, archived |
Delegated to: | christophe varoqui |
Headers | show |
Series | multipath-tools: Makefile.inc: add test for -D_FORTIFY_SOURCE=3 | expand |
On Mon, May 09, 2022 at 05:21:27PM +0200, mwilck@suse.com wrote: > From: Martin Wilck <mwilck@suse.com> Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com> > > 6186645 ("Fix possibility to redefine -D_FORTIFY_SOURCE macro.") > does not work as-is, because OPTFLAGS can't be used to override CPPFLAGS. > Instead, add a test for support of -D_FORTIFY_SOURCE=3, and use it > automatically if supported. The test uses similar logic as e.g. > https://sourceware.org/git/?p=elfutils.git;a=commit;h=29859f2e79ef3c650ee9712cae990c6a7f787a7d > > This test works in environments with glibc 2.33 or newer. On older distributions, > -D_FORTIFY_SOURCE=3 does not cause an error, and will thus be used. In this > case, it has the same effect as -D_FORTIFY_SOURCE=2. On alpine Linux (musl > libc), -D_FORTIFY_SOURCE=3 generates an error. > > Fixes: 6186645 ("Fix possibility to redefine -D_FORTIFY_SOURCE macro.") > Signed-off-by: Martin Wilck <mwilck@suse.com> > --- > Makefile.inc | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > > diff --git a/Makefile.inc b/Makefile.inc > index cef7a06..b915c06 100644 > --- a/Makefile.inc > +++ b/Makefile.inc > @@ -117,6 +117,20 @@ TEST_CC_OPTION = $(shell \ > echo "$(2)"; \ > fi) > > +# "make" on some distros will fail on explicit '#' or '\#' in the program text below > +__HASH__ := \# > +# Check if _DFORTIFY_SOURCE=3 is supported. > +# On some distros (e.g. Debian Buster) it will be falsely reported as supported > +# but it doesn't seem to make a difference wrt the compilation result. > +FORTIFY_OPT := $(shell \ > + if /bin/echo -e '$(__HASH__)include <string.h>\nint main(void) { return 0; }' | \ > + $(CC) -o /dev/null -c -O2 -Werror -D_FORTIFY_SOURCE=3 -xc - 2>/dev/null; \ > + then \ > + echo "-D_FORTIFY_SOURCE=3"; \ > + else \ > + echo "-D_FORTIFY_SOURCE=2"; \ > + fi) > + > STACKPROT := $(call TEST_CC_OPTION,-fstack-protector-strong,-fstack-protector) > ERROR_DISCARDED_QUALIFIERS := $(call TEST_CC_OPTION,-Werror=discarded-qualifiers,) > WNOCLOBBERED := $(call TEST_CC_OPTION,-Wno-clobbered -Wno-error=clobbered,) > @@ -126,7 +140,7 @@ OPTFLAGS := -O2 -g $(STACKPROT) --param=ssp-buffer-size=4 > WARNFLAGS := -Werror -Wall -Wextra -Wformat=2 $(WFORMATOVERFLOW) -Werror=implicit-int \ > -Werror=implicit-function-declaration -Werror=format-security \ > $(WNOCLOBBERED) -Werror=cast-qual $(ERROR_DISCARDED_QUALIFIERS) > -CPPFLAGS := -D_FORTIFY_SOURCE=2 > +CPPFLAGS := $(FORTIFY_OPT) > CFLAGS := --std=gnu99 $(CFLAGS) $(OPTFLAGS) $(WARNFLAGS) -pipe \ > -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \ > -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP > -- > 2.36.0 -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
On 5/9/22 23:15, Benjamin Marzinski wrote: > On Mon, May 09, 2022 at 05:21:27PM +0200, mwilck@suse.com wrote: >> From: Martin Wilck <mwilck@suse.com> Reviewed-by: Martin Liska <mliska@suse.cz> > > Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com> > >> >> 6186645 ("Fix possibility to redefine -D_FORTIFY_SOURCE macro.") >> does not work as-is, because OPTFLAGS can't be used to override CPPFLAGS. >> Instead, add a test for support of -D_FORTIFY_SOURCE=3, and use it >> automatically if supported. The test uses similar logic as e.g. >> https://sourceware.org/git/?p=elfutils.git;a=commit;h=29859f2e79ef3c650ee9712cae990c6a7f787a7d >> >> This test works in environments with glibc 2.33 or newer. On older distributions, >> -D_FORTIFY_SOURCE=3 does not cause an error, and will thus be used. In this >> case, it has the same effect as -D_FORTIFY_SOURCE=2. On alpine Linux (musl >> libc), -D_FORTIFY_SOURCE=3 generates an error. >> >> Fixes: 6186645 ("Fix possibility to redefine -D_FORTIFY_SOURCE macro.") >> Signed-off-by: Martin Wilck <mwilck@suse.com> >> --- >> Makefile.inc | 16 +++++++++++++++- >> 1 file changed, 15 insertions(+), 1 deletion(-) >> >> diff --git a/Makefile.inc b/Makefile.inc >> index cef7a06..b915c06 100644 >> --- a/Makefile.inc >> +++ b/Makefile.inc >> @@ -117,6 +117,20 @@ TEST_CC_OPTION = $(shell \ >> echo "$(2)"; \ >> fi) >> >> +# "make" on some distros will fail on explicit '#' or '\#' in the program text below >> +__HASH__ := \# >> +# Check if _DFORTIFY_SOURCE=3 is supported. >> +# On some distros (e.g. Debian Buster) it will be falsely reported as supported >> +# but it doesn't seem to make a difference wrt the compilation result. >> +FORTIFY_OPT := $(shell \ >> + if /bin/echo -e '$(__HASH__)include <string.h>\nint main(void) { return 0; }' | \ >> + $(CC) -o /dev/null -c -O2 -Werror -D_FORTIFY_SOURCE=3 -xc - 2>/dev/null; \ >> + then \ >> + echo "-D_FORTIFY_SOURCE=3"; \ >> + else \ >> + echo "-D_FORTIFY_SOURCE=2"; \ >> + fi) >> + >> STACKPROT := $(call TEST_CC_OPTION,-fstack-protector-strong,-fstack-protector) >> ERROR_DISCARDED_QUALIFIERS := $(call TEST_CC_OPTION,-Werror=discarded-qualifiers,) >> WNOCLOBBERED := $(call TEST_CC_OPTION,-Wno-clobbered -Wno-error=clobbered,) >> @@ -126,7 +140,7 @@ OPTFLAGS := -O2 -g $(STACKPROT) --param=ssp-buffer-size=4 >> WARNFLAGS := -Werror -Wall -Wextra -Wformat=2 $(WFORMATOVERFLOW) -Werror=implicit-int \ >> -Werror=implicit-function-declaration -Werror=format-security \ >> $(WNOCLOBBERED) -Werror=cast-qual $(ERROR_DISCARDED_QUALIFIERS) >> -CPPFLAGS := -D_FORTIFY_SOURCE=2 >> +CPPFLAGS := $(FORTIFY_OPT) >> CFLAGS := --std=gnu99 $(CFLAGS) $(OPTFLAGS) $(WARNFLAGS) -pipe \ >> -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \ >> -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP >> -- >> 2.36.0 > -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
diff --git a/Makefile.inc b/Makefile.inc index cef7a06..b915c06 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -117,6 +117,20 @@ TEST_CC_OPTION = $(shell \ echo "$(2)"; \ fi) +# "make" on some distros will fail on explicit '#' or '\#' in the program text below +__HASH__ := \# +# Check if _DFORTIFY_SOURCE=3 is supported. +# On some distros (e.g. Debian Buster) it will be falsely reported as supported +# but it doesn't seem to make a difference wrt the compilation result. +FORTIFY_OPT := $(shell \ + if /bin/echo -e '$(__HASH__)include <string.h>\nint main(void) { return 0; }' | \ + $(CC) -o /dev/null -c -O2 -Werror -D_FORTIFY_SOURCE=3 -xc - 2>/dev/null; \ + then \ + echo "-D_FORTIFY_SOURCE=3"; \ + else \ + echo "-D_FORTIFY_SOURCE=2"; \ + fi) + STACKPROT := $(call TEST_CC_OPTION,-fstack-protector-strong,-fstack-protector) ERROR_DISCARDED_QUALIFIERS := $(call TEST_CC_OPTION,-Werror=discarded-qualifiers,) WNOCLOBBERED := $(call TEST_CC_OPTION,-Wno-clobbered -Wno-error=clobbered,) @@ -126,7 +140,7 @@ OPTFLAGS := -O2 -g $(STACKPROT) --param=ssp-buffer-size=4 WARNFLAGS := -Werror -Wall -Wextra -Wformat=2 $(WFORMATOVERFLOW) -Werror=implicit-int \ -Werror=implicit-function-declaration -Werror=format-security \ $(WNOCLOBBERED) -Werror=cast-qual $(ERROR_DISCARDED_QUALIFIERS) -CPPFLAGS := -D_FORTIFY_SOURCE=2 +CPPFLAGS := $(FORTIFY_OPT) CFLAGS := --std=gnu99 $(CFLAGS) $(OPTFLAGS) $(WARNFLAGS) -pipe \ -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \ -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP