958e1b
From 3938c85004bbd742c5a8c7e1480ed14c2420cd9d Mon Sep 17 00:00:00 2001
958e1b
From: Miroslav Rezanina <mrezanin@redhat.com>
958e1b
Date: Tue, 26 Aug 2014 13:33:14 +0200
958e1b
Subject: [PATCH 1/6] Enforce stack protector usage
958e1b
958e1b
Message-id: <1409059994-2966-1-git-send-email-mrezanin@redhat.com>
958e1b
Patchwork-id: 60699
958e1b
O-Subject: [RHEL-7.1 qemu-kvm PATCH] Enforce stack protector usage
958e1b
Bugzilla: 1064260
958e1b
RH-Acked-by: Amos Kong <akong@redhat.com>
958e1b
RH-Acked-by: Jeff Nelson <jenelson@redhat.com>
958e1b
RH-Acked-by: Fam Zheng <famz@redhat.com>
958e1b
958e1b
From: Miroslav Rezanina <mrezanin@redhat.com>
958e1b
958e1b
If --enable-stack-protector is used is used, configure script try to use
958e1b
--fstack-protector-strong. In case it's not supported, --fstack-protector-all
958e1b
is enabled. If both protectors are not supported, configure does not use
958e1b
any protector at all without any notification.
958e1b
958e1b
This patch reports error when user requests stack protector to be used and
958e1b
both protector modes are not supported. Behavior is not changed in case
958e1b
user do not use any of --enable-stack-protector/--disable-stack-protector.
958e1b
958e1b
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
958e1b
[Fix non-POSIX operator in test. - Paolo]
958e1b
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
958e1b
958e1b
(cherry picked from commit 3b463a3fa8f7690ffa3ef273993dff349b3a73d3)
958e1b
958e1b
Conflicts:
958e1b
	configure - upstream use -fstack-protector-all as second option
958e1b
                we used -fstack-protector.
958e1b
                Updated to upstream behavior
958e1b
958e1b
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
958e1b
---
958e1b
 configure |    9 ++++++++-
958e1b
 1 files changed, 8 insertions(+), 1 deletions(-)
958e1b
958e1b
diff --git a/configure b/configure
958e1b
index 4552e08..0c666e5 100755
958e1b
--- a/configure
958e1b
+++ b/configure
958e1b
@@ -1303,14 +1303,21 @@ for flag in $gcc_flags; do
958e1b
 done
958e1b
 
958e1b
 if test "$stack_protector" != "no" ; then
958e1b
-  gcc_flags="-fstack-protector-strong -fstack-protector"
958e1b
+  gcc_flags="-fstack-protector-strong -fstack-protector-all"
958e1b
+  sp_on=0
958e1b
   for flag in $gcc_flags; do
958e1b
     if compile_prog "-Werror $flag" "" ; then
958e1b
       QEMU_CFLAGS="$QEMU_CFLAGS $flag"
958e1b
       LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,$flag"
958e1b
+      sp_on=1
958e1b
       break
958e1b
     fi
958e1b
   done
958e1b
+  if test "$stack_protector" = yes; then
958e1b
+    if test $sp_on = 0; then
958e1b
+      error_exit "Stack protector not supported"
958e1b
+    fi
958e1b
+  fi
958e1b
 fi
958e1b
 
958e1b
 # Workaround for http://gcc.gnu.org/PR55489.  Happens with -fPIE/-fPIC and
958e1b
-- 
958e1b
1.7.1
958e1b