From patchwork Thu Mar 10 17:06:52 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Wielaard <mark@klomp.org>
X-Patchwork-Id: 51863
Return-Path: <elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 0B6E93858425
	for <patchwork@sourceware.org>; Thu, 10 Mar 2022 17:07:18 +0000 (GMT)
X-Original-To: elfutils-devel@sourceware.org
Delivered-To: elfutils-devel@sourceware.org
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
 by sourceware.org (Postfix) with ESMTPS id 6DAA33858D39;
 Thu, 10 Mar 2022 17:07:09 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6DAA33858D39
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
Received: from tarox.wildebeest.org (83-87-18-245.cable.dynamic.v4.ziggo.nl
 [83.87.18.245])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id 66B8230006D6;
 Thu, 10 Mar 2022 18:07:02 +0100 (CET)
Received: by tarox.wildebeest.org (Postfix, from userid 1000)
 id 6F1A0425A458; Thu, 10 Mar 2022 18:07:01 +0100 (CET)
From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Subject: [PATCH] configure: Test for _FORTIFY_SOURCE=3 support.
Date: Thu, 10 Mar 2022 18:06:52 +0100
Message-Id: <20220310170652.22420-1-mark@klomp.org>
X-Mailer: git-send-email 2.18.4
X-Spam-Status: No, score=-10.0 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
Cc: Mark Wielaard <mark@klomp.org>,
 Siddhesh Poyarekar <siddhesh@sourceware.org>
Errors-To: elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Elfutils-devel"
 <elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org>

_FORTIFY_SOURCE=3 adds extra glibc (dynamic) fortification checks
when using GCC 12.

This adds a configure check to see if -D_FORTIFY_SOURCE=3 can be used.
If not, configure will fall back to -D_FORTIFY_SOURCE=2.

On some older glibc versions (glibc 2.17) using -D_FORTIFY_SOURCE=3
provides the same fortification as _FORTIFY_SOURCE=2. On some newer
glibc versions and older GCC (glibc 2.34 amd gcc 11) using
-D_FORTIFY_SOURCE=3 produces a not supported warning (and we fall
back to -D_FORTIFY_SOURCE=2). With newer glibc and newer GCC versions
(glibc 2.35 and gcc 12) -D_FORTIFY_SOURCE=3 will use the newer dynamic
fortification checks.

This patch also makes sure that AC_PROG_CXX is used earlier so that
CXXFLAGS is always setup correctly (even if we then don't use it).
And it outputs both the CFLAGS and CXXFLAGS as used at the end.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

https://code.wildebeest.org/git/user/mjw/elfutils/commit/?h=_FORTIFY_SOURCE3

 ChangeLog    |  6 ++++++
 configure.ac | 37 +++++++++++++++++++++++++++----------
 2 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f00db17b..bfa666c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2022-03-10  Mark Wielaard  <mark@klomp.org>
+
+	* configure.ac: Move AC_PROG_CXX earlier. Check for both
+	-D_FORTIFY_SOURCE=3 and -D_FORTIFY_SOURCE=2 support. Also
+	set CXXFLAGS. Output final CFLAGS and CXXFLAGS setting.
+
 2021-12-04  Mark Wielaard  <mark@klomp.org>
 
 	* configure.ac: Add --enable-sanitize-address.
diff --git a/configure.ac b/configure.ac
index 48071165..52882fa9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,6 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
 dnl Configure input file for elfutils.                     -*-autoconf-*-
 dnl
 dnl Copyright (C) 1996-2019 Red Hat, Inc.
+dnl Copyright (C) 2022 Mark J. Wielaard <mark@klomp.org>
 dnl
 dnl This file is part of elfutils.
 dnl
@@ -88,6 +89,7 @@ AS_IF([test "$use_locks" = yes],
 AH_TEMPLATE([USE_LOCKS], [Defined if libraries should be thread-safe.])
 
 AC_PROG_CC_C99
+AC_PROG_CXX
 AC_PROG_RANLIB
 AC_PROG_YACC
 AM_PROG_LEX
@@ -231,25 +233,38 @@ AC_CACHE_CHECK([whether fts.h is bad when included (with LFS)], ac_cv_bad_fts,
 AS_IF([test "x$ac_cv_bad_fts" = "xyes"],
       [CFLAGS="$CFLAGS -DBAD_FTS=1" CXXFLAGS="$CXXFLAGS -DBAD_FTS=1"])
 
-# See if we can add -D_FORTIFY_SOURCE=2. Don't do it if it is already
+# See if we can add -D_FORTIFY_SOURCE=2 or =3. Don't do it if it is already
 # (differently) defined or if it generates warnings/errors because we
 # don't use the right optimisation level (string.h will warn about that).
-AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CFLAGS])
+AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 or =3 to CFLAGS])
 case "$CFLAGS" in
-  *-D_FORTIFY_SOURCE=2*)
+  *-D_FORTIFY_SOURCE=*)
     AC_MSG_RESULT([no, already there])
     ;;
   *)
     save_CFLAGS="$CFLAGS"
-    CFLAGS="-D_FORTIFY_SOURCE=2 $CFLAGS -Werror"
+    # Try 3 first.
+    CFLAGS="-D_FORTIFY_SOURCE=3 $save_CFLAGS -Werror"
+    fortified_cflags=""
     AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
       #include <string.h>
       int main() { return 0; }
-    ]])], [ AC_MSG_RESULT([yes])
-            CFLAGS="-D_FORTIFY_SOURCE=2 $save_CFLAGS" ],
-          [ AC_MSG_RESULT([no])
-            CFLAGS="$save_CFLAGS"])
-  ;;
+    ]])], [ AC_MSG_RESULT([yes -D_FORTIFY_SOURCE=3])
+            fortified_cflags="-D_FORTIFY_SOURCE=3" ], [])
+
+    # If that didn't work, try 2.
+    if test -z "$fortified_cflags"; then
+      CFLAGS="-D_FORTIFY_SOURCE=2 $save_CFLAGS -Werror"
+      AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+        #include <string.h>
+        int main() { return 0; }
+      ]])], [ AC_MSG_RESULT([yes -D_FORTIFY_SOURCE=2])
+              fortified_cflags="-D_FORTIFY_SOURCE=2" ],
+              [ AC_MSG_RESULT([no, cannot be used])])
+    fi
+    CFLAGS="$fortified_cflags $save_CFLAGS"
+    CXXFLAGS="$fortified_cflags $CXXFLAGS"
+    ;;
 esac
 
 dnl enable debugging of branch prediction.
@@ -757,7 +772,6 @@ AM_CONDITIONAL([DUMMY_LIBDEBUGINFOD],[test "x$enable_libdebuginfod" = "xdummy"])
 # Look for libmicrohttpd, libarchive, sqlite for debuginfo server
 # minimum versions as per rhel7.
 AC_ARG_ENABLE([debuginfod],AC_HELP_STRING([--enable-debuginfod], [Build debuginfod server]))
-AC_PROG_CXX
 AS_IF([test "x$enable_debuginfod" != "xno"], [
     AC_MSG_NOTICE([checking debuginfod C++11 support, --disable-debuginfod to skip])
     AX_CXX_COMPILE_STDCXX(11, noext, mandatory)
@@ -804,6 +818,9 @@ AC_MSG_NOTICE([
     Maintainer mode                    : ${enable_maintainer_mode}
     build arch                         : ${ac_cv_build}
 
+    CFLAGS=${CFLAGS}
+    CXXFLAGS=${CXXFLAGS}
+
   RECOMMENDED FEATURES (should all be yes)
     gzip support                       : ${with_zlib}
     bzip2 support                      : ${with_bzlib}