Patchwork [14/14] Add -fstack-protector-all to CFLAGS

login
register
mail settings
Submitter Kirill A. Shutemov
Date Dec. 31, 2009, 1:34 a.m.
Message ID <1262223266-19191-5-git-send-email-kirill@shutemov.name>
Download mbox | patch
Permalink /patch/41959/
State New
Headers show

Comments

Kirill A. Shutemov - Dec. 31, 2009, 1:34 a.m.
-fstack-protector-all emit extra code to check for buffer overflows,
such as stack smashing attacks.  This is done by adding a guard
variable to functions with vulnerable objects.

Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
---
 configure |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
Arnaud Patard (Rtp) - Dec. 31, 2009, 10:58 a.m.
"Kirill A. Shutemov" <kirill@shutemov.name> writes:
Hi,

> -fstack-protector-all emit extra code to check for buffer overflows,
> such as stack smashing attacks.  This is done by adding a guard
> variable to functions with vulnerable objects.
>
> Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
> ---
>  configure |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/configure b/configure
> index 0cdcdb3..16b70d8 100755
> --- a/configure
> +++ b/configure
> @@ -98,6 +98,7 @@ QEMU_CFLAGS="-Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes $
>  QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS"
>  QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS"
>  QEMU_CFLAGS="-D_FORTIFY_SOURCE=2 $QEMU_CFLAGS"
> +QEMU_CFLAGS="-fstack-protector-all $QEMU_CFLAGS"

afaik not all arches out there are supporting
-fstack-protector-all (to be more precise, some have no stack protector
support at all). iirc, gcc will emit a warning and still compile
but would be nice to avoid a warning.

Arnaud
Kirill A. Shutemov - Jan. 2, 2010, 2:06 a.m.
On Thu, Dec 31, 2009 at 12:58 PM, Arnaud Patard
<arnaud.patard@rtp-net.org> wrote:
> "Kirill A. Shutemov" <kirill@shutemov.name> writes:
> Hi,
>
>> -fstack-protector-all emit extra code to check for buffer overflows,
>> such as stack smashing attacks.  This is done by adding a guard
>> variable to functions with vulnerable objects.
>>
>> Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
>> ---
>>  configure |    1 +
>>  1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/configure b/configure
>> index 0cdcdb3..16b70d8 100755
>> --- a/configure
>> +++ b/configure
>> @@ -98,6 +98,7 @@ QEMU_CFLAGS="-Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes $
>>  QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS"
>>  QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS"
>>  QEMU_CFLAGS="-D_FORTIFY_SOURCE=2 $QEMU_CFLAGS"
>> +QEMU_CFLAGS="-fstack-protector-all $QEMU_CFLAGS"
>
> afaik not all arches out there are supporting
> -fstack-protector-all (to be more precise, some have no stack protector
> support at all). iirc, gcc will emit a warning and still compile
> but would be nice to avoid a warning.

Thanks. Will be fixed.

Patch

diff --git a/configure b/configure
index 0cdcdb3..16b70d8 100755
--- a/configure
+++ b/configure
@@ -98,6 +98,7 @@  QEMU_CFLAGS="-Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes $
 QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS"
 QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS"
 QEMU_CFLAGS="-D_FORTIFY_SOURCE=2 $QEMU_CFLAGS"
+QEMU_CFLAGS="-fstack-protector-all $QEMU_CFLAGS"
 QEMU_CFLAGS="-I. -I\$(SRC_PATH) $QEMU_CFLAGS"
 LDFLAGS="-g $LDFLAGS"