* [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error
@ 2018-12-26 14:54 bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux bill.c.roberts
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: bill.c.roberts @ 2018-12-26 14:54 UTC (permalink / raw)
To: selinux; +Cc: sds, William Roberts
From: William Roberts <william.c.roberts@intel.com>
Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
<command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
<command-line>:0:0: note: this is the location of the previous definition
Correct this by undefining it first and redefining it. Also, the previous
command line option was using -Wp which is passing the value *AS IS* to the
pre-processor rather than to the compiler driver. The C pre-processor has
an undocumented interface subject to change per man 1 gcc. Just use the
-D option to specify this value.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
libselinux/src/Makefile | 2 +-
libselinux/utils/Makefile | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 977b5c8cfcca..6263d11393e6 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
- -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wp,-D_FORTIFY_SOURCE
+ -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE
else
EXTRA_CFLAGS = -Wunused-command-line-argument
endif
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index d06ffd66893b..890ff36f3bbc 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
-Woverflow -Wpointer-to-int-cast -Wpragmas \
-Wno-missing-field-initializers -Wno-sign-compare \
- -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE \
+ -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE \
-fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
-fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
-Werror -Wno-aggregate-return -Wno-redundant-decls \
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux
2018-12-26 14:54 [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
@ 2018-12-26 14:54 ` bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 3/3] Makefile: add -Wstrict-overflow=5 to CFLAGS bill.c.roberts
2018-12-27 14:29 ` [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error Jason Zaman
2 siblings, 0 replies; 5+ messages in thread
From: bill.c.roberts @ 2018-12-26 14:54 UTC (permalink / raw)
To: selinux; +Cc: sds, William Roberts
From: William Roberts <william.c.roberts@intel.com>
Use -D_FO0RTIFY_SOURCE=2 when building libselinux and it's util library.
Note that this can be overridden by setting CFLAGS during the build.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
libselinux/src/Makefile | 2 +-
libselinux/utils/Makefile | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 6263d11393e6..1a9223c0027d 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
- -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE
+ -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
else
EXTRA_CFLAGS = -Wunused-command-line-argument
endif
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index 890ff36f3bbc..e7a75121f049 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
-Woverflow -Wpointer-to-int-cast -Wpragmas \
-Wno-missing-field-initializers -Wno-sign-compare \
- -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE \
+ -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \
-fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
-fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
-Werror -Wno-aggregate-return -Wno-redundant-decls \
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [V2 PATCH 3/3] Makefile: add -Wstrict-overflow=5 to CFLAGS
2018-12-26 14:54 [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux bill.c.roberts
@ 2018-12-26 14:54 ` bill.c.roberts
2018-12-27 14:29 ` [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error Jason Zaman
2 siblings, 0 replies; 5+ messages in thread
From: bill.c.roberts @ 2018-12-26 14:54 UTC (permalink / raw)
To: selinux; +Cc: sds, William Roberts
From: William Roberts <william.c.roberts@intel.com>
Build with strict overflow checking enabled. If the compiler optimizes
code that could be removed due to undefined signed overflow, then the
compiler will issue a warning.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
libselinux/src/Makefile | 3 ++-
libselinux/utils/Makefile | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 1a9223c0027d..8891086e4af6 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -64,7 +64,8 @@ ifeq ($(COMPILER), gcc)
EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
- -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+ -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \
+ -Wstrict-overflow=5
else
EXTRA_CFLAGS = -Wunused-command-line-argument
endif
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index e7a75121f049..361506384d08 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -33,7 +33,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \
-fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
-fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
- -Werror -Wno-aggregate-return -Wno-redundant-decls \
+ -Werror -Wno-aggregate-return -Wno-redundant-decls -Wstrict-overflow=5 \
$(EXTRA_CFLAGS)
LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-z,relro
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error
2018-12-26 14:54 [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 3/3] Makefile: add -Wstrict-overflow=5 to CFLAGS bill.c.roberts
@ 2018-12-27 14:29 ` Jason Zaman
2018-12-31 16:08 ` William Roberts
2 siblings, 1 reply; 5+ messages in thread
From: Jason Zaman @ 2018-12-27 14:29 UTC (permalink / raw)
To: bill.c.roberts; +Cc: selinux, sds, William Roberts
On Wed, Dec 26, 2018 at 06:54:26AM -0800, bill.c.roberts@gmail.com wrote:
> From: William Roberts <william.c.roberts@intel.com>
>
> Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
> <command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
> <command-line>:0:0: note: this is the location of the previous definition
>
> Correct this by undefining it first and redefining it. Also, the previous
> command line option was using -Wp which is passing the value *AS IS* to the
> pre-processor rather than to the compiler driver. The C pre-processor has
> an undocumented interface subject to change per man 1 gcc. Just use the
> -D option to specify this value.
>
> Signed-off-by: William Roberts <william.c.roberts@intel.com>
Acked-by: Jason Zaman <jason@perfinion.com>
The whole series looks good to me, go ahead and apply it. I dont think
the other parts have had _FORTIFY_SOURCE so after next release (probably
too soon to apply it now?) we might want to add these same warnings to
everything else not only libselinux.
-- Jason
> ---
> libselinux/src/Makefile | 2 +-
> libselinux/utils/Makefile | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> index 977b5c8cfcca..6263d11393e6 100644
> --- a/libselinux/src/Makefile
> +++ b/libselinux/src/Makefile
> @@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
> EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
> -Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
> -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
> - -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wp,-D_FORTIFY_SOURCE
> + -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE
> else
> EXTRA_CFLAGS = -Wunused-command-line-argument
> endif
> diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
> index d06ffd66893b..890ff36f3bbc 100644
> --- a/libselinux/utils/Makefile
> +++ b/libselinux/utils/Makefile
> @@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
> -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
> -Woverflow -Wpointer-to-int-cast -Wpragmas \
> -Wno-missing-field-initializers -Wno-sign-compare \
> - -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE \
> + -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE \
> -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
> -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
> -Werror -Wno-aggregate-return -Wno-redundant-decls \
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error
2018-12-27 14:29 ` [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error Jason Zaman
@ 2018-12-31 16:08 ` William Roberts
0 siblings, 0 replies; 5+ messages in thread
From: William Roberts @ 2018-12-31 16:08 UTC (permalink / raw)
To: Jason Zaman; +Cc: selinux, Stephen Smalley, William Roberts
On Thu, Dec 27, 2018 at 6:29 AM Jason Zaman <jason@perfinion.com> wrote:
>
> On Wed, Dec 26, 2018 at 06:54:26AM -0800, bill.c.roberts@gmail.com wrote:
> > From: William Roberts <william.c.roberts@intel.com>
> >
> > Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
> > <command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
> > <command-line>:0:0: note: this is the location of the previous definition
> >
> > Correct this by undefining it first and redefining it. Also, the previous
> > command line option was using -Wp which is passing the value *AS IS* to the
> > pre-processor rather than to the compiler driver. The C pre-processor has
> > an undocumented interface subject to change per man 1 gcc. Just use the
> > -D option to specify this value.
> >
> > Signed-off-by: William Roberts <william.c.roberts@intel.com>
>
> Acked-by: Jason Zaman <jason@perfinion.com>
merged: https://github.com/SELinuxProject/selinux/pull/120
>
> The whole series looks good to me, go ahead and apply it. I dont think
> the other parts have had _FORTIFY_SOURCE so after next release (probably
> too soon to apply it now?) we might want to add these same warnings to
> everything else not only libselinux.
>
> -- Jason
>
> > ---
> > libselinux/src/Makefile | 2 +-
> > libselinux/utils/Makefile | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> > index 977b5c8cfcca..6263d11393e6 100644
> > --- a/libselinux/src/Makefile
> > +++ b/libselinux/src/Makefile
> > @@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
> > EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
> > -Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
> > -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
> > - -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wp,-D_FORTIFY_SOURCE
> > + -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE
> > else
> > EXTRA_CFLAGS = -Wunused-command-line-argument
> > endif
> > diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
> > index d06ffd66893b..890ff36f3bbc 100644
> > --- a/libselinux/utils/Makefile
> > +++ b/libselinux/utils/Makefile
> > @@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
> > -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
> > -Woverflow -Wpointer-to-int-cast -Wpragmas \
> > -Wno-missing-field-initializers -Wno-sign-compare \
> > - -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE \
> > + -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE \
> > -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
> > -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
> > -Werror -Wno-aggregate-return -Wno-redundant-decls \
> > --
> > 2.7.4
> >
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-12-31 16:08 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-26 14:54 [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 3/3] Makefile: add -Wstrict-overflow=5 to CFLAGS bill.c.roberts
2018-12-27 14:29 ` [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error Jason Zaman
2018-12-31 16:08 ` William Roberts
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.