diff options
| author | Mike Frysinger <vapier@gentoo.org> | 2015-10-19 13:07:28 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-10-19 15:36:48 -0400 |
| commit | 6ab674ebff5e60c62b126d0ac2e774e581916afe (patch) | |
| tree | 72e72448b982e3715630f091e3be4612244f6589 /configure | |
| parent | cf6d542db3dfe26402b6adaa740a578b54767f65 (diff) | |
| download | glibc-6ab674ebff5e60c62b126d0ac2e774e581916afe.tar.gz glibc-6ab674ebff5e60c62b126d0ac2e774e581916afe.tar.xz glibc-6ab674ebff5e60c62b126d0ac2e774e581916afe.zip | |
use -fstack-protector-strong when available
With gcc-4.9, a new -fstack-protector-strong flag is available that is between -fstack-protector (pretty weak) and -fstack-protector-all (pretty strong) that provides good trade-offs between overhead but still providing good coverage. Update the places in glibc that use ssp to use this flag when it's available. This also kills off the indirection of hardcoding the flag name in the Makefiles and adding it based on a have-ssp boolean. Instead, the build always expands the $(stack-protector) variable to the best ssp setting. This makes the build logic a bit simpler and allows people to easily set to a diff flag like: make stack-protector=-fstack-protector-all
Diffstat (limited to 'configure')
| -rwxr-xr-x | configure | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/configure b/configure index 3285213cb7..bd4cabdfe8 100755 --- a/configure +++ b/configure @@ -621,7 +621,7 @@ LIBGD libc_cv_cc_loop_to_function libc_cv_cc_submachine libc_cv_cc_nofma -libc_cv_ssp +stack_protector fno_unit_at_a_time libc_cv_output_format libc_cv_hashstyle @@ -6050,6 +6050,33 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp" >&5 $as_echo "$libc_cv_ssp" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fstack-protector-strong" >&5 +$as_echo_n "checking for -fstack-protector-strong... " >&6; } +if ${libc_cv_ssp_strong+:} false; then : + $as_echo_n "(cached) " >&6 +else + if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -Werror -fstack-protector-strong -xc /dev/null -S -o /dev/null' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + libc_cv_ssp_strong=yes +else + libc_cv_ssp_strong=no +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp_strong" >&5 +$as_echo "$libc_cv_ssp_strong" >&6; } + +stack_protector= +if test "$libc_cv_ssp_strong" = "yes"; then + stack_protector="-fstack-protector-strong" +elif test "$libc_cv_ssp" = "yes"; then + stack_protector="-fstack-protector" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc puts quotes around section names" >&5 $as_echo_n "checking whether cc puts quotes around section names... " >&6; } |