SELinux Archive on lore.kernel.org
 help / Atom feed
* [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error
@ 2018-12-26 14:54 bill.c.roberts
  2018-12-26 14:54 ` [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux bill.c.roberts
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: bill.c.roberts @ 2018-12-26 14:54 UTC (permalink / raw)
  To: selinux; +Cc: sds, William Roberts

From: William Roberts <william.c.roberts@intel.com>

Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
<command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
<command-line>:0:0: note: this is the location of the previous definition

Correct this by undefining it first and redefining it. Also, the previous
command line option was using -Wp which is passing the value *AS IS* to the
pre-processor rather than to the compiler driver. The C pre-processor has
an undocumented interface subject to change per man 1 gcc. Just use the
-D option to specify this value.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 libselinux/src/Makefile   | 2 +-
 libselinux/utils/Makefile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 977b5c8cfcca..6263d11393e6 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
 EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
 	-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
 	-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
-	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wp,-D_FORTIFY_SOURCE
+	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE
 else
 EXTRA_CFLAGS = -Wunused-command-line-argument
 endif
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index d06ffd66893b..890ff36f3bbc 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
           -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
           -Woverflow -Wpointer-to-int-cast -Wpragmas \
           -Wno-missing-field-initializers -Wno-sign-compare \
-          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE \
+          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE \
           -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
           -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
           -Werror -Wno-aggregate-return -Wno-redundant-decls \
-- 
2.7.4


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux
  2018-12-26 14:54 [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
@ 2018-12-26 14:54 ` bill.c.roberts
  2018-12-26 14:54 ` [V2 PATCH 3/3] Makefile: add -Wstrict-overflow=5 to CFLAGS bill.c.roberts
  2018-12-27 14:29 ` [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error Jason Zaman
  2 siblings, 0 replies; 5+ messages in thread
From: bill.c.roberts @ 2018-12-26 14:54 UTC (permalink / raw)
  To: selinux; +Cc: sds, William Roberts

From: William Roberts <william.c.roberts@intel.com>

Use -D_FO0RTIFY_SOURCE=2 when building libselinux and it's util library.
Note that this can be overridden by setting CFLAGS during the build.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 libselinux/src/Makefile   | 2 +-
 libselinux/utils/Makefile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 6263d11393e6..1a9223c0027d 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
 EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
 	-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
 	-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
-	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE
+	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
 else
 EXTRA_CFLAGS = -Wunused-command-line-argument
 endif
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index 890ff36f3bbc..e7a75121f049 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
           -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
           -Woverflow -Wpointer-to-int-cast -Wpragmas \
           -Wno-missing-field-initializers -Wno-sign-compare \
-          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE \
+          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \
           -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
           -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
           -Werror -Wno-aggregate-return -Wno-redundant-decls \
-- 
2.7.4


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [V2 PATCH 3/3] Makefile: add -Wstrict-overflow=5 to CFLAGS
  2018-12-26 14:54 [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
  2018-12-26 14:54 ` [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux bill.c.roberts
@ 2018-12-26 14:54 ` bill.c.roberts
  2018-12-27 14:29 ` [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error Jason Zaman
  2 siblings, 0 replies; 5+ messages in thread
From: bill.c.roberts @ 2018-12-26 14:54 UTC (permalink / raw)
  To: selinux; +Cc: sds, William Roberts

From: William Roberts <william.c.roberts@intel.com>

Build with strict overflow checking enabled. If the compiler optimizes
code that could be removed due to undefined signed overflow, then the
compiler will issue a warning.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 libselinux/src/Makefile   | 3 ++-
 libselinux/utils/Makefile | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 1a9223c0027d..8891086e4af6 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -64,7 +64,8 @@ ifeq ($(COMPILER), gcc)
 EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
 	-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
 	-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
-	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \
+	-Wstrict-overflow=5
 else
 EXTRA_CFLAGS = -Wunused-command-line-argument
 endif
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index e7a75121f049..361506384d08 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -33,7 +33,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
           -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \
           -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
           -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
-          -Werror -Wno-aggregate-return -Wno-redundant-decls \
+          -Werror -Wno-aggregate-return -Wno-redundant-decls -Wstrict-overflow=5 \
           $(EXTRA_CFLAGS)
 
 LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-z,relro
-- 
2.7.4


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error
  2018-12-26 14:54 [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
  2018-12-26 14:54 ` [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux bill.c.roberts
  2018-12-26 14:54 ` [V2 PATCH 3/3] Makefile: add -Wstrict-overflow=5 to CFLAGS bill.c.roberts
@ 2018-12-27 14:29 ` Jason Zaman
  2018-12-31 16:08   ` William Roberts
  2 siblings, 1 reply; 5+ messages in thread
From: Jason Zaman @ 2018-12-27 14:29 UTC (permalink / raw)
  To: bill.c.roberts; +Cc: selinux, sds, William Roberts

On Wed, Dec 26, 2018 at 06:54:26AM -0800, bill.c.roberts@gmail.com wrote:
> From: William Roberts <william.c.roberts@intel.com>
> 
> Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
> <command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
> <command-line>:0:0: note: this is the location of the previous definition
> 
> Correct this by undefining it first and redefining it. Also, the previous
> command line option was using -Wp which is passing the value *AS IS* to the
> pre-processor rather than to the compiler driver. The C pre-processor has
> an undocumented interface subject to change per man 1 gcc. Just use the
> -D option to specify this value.
> 
> Signed-off-by: William Roberts <william.c.roberts@intel.com>

Acked-by: Jason Zaman <jason@perfinion.com>

The whole series looks good to me, go ahead and apply it. I dont think
the other parts have had _FORTIFY_SOURCE so after next release (probably
too soon to apply it now?) we might want to add these same warnings to
everything else not only libselinux.

-- Jason

> ---
>  libselinux/src/Makefile   | 2 +-
>  libselinux/utils/Makefile | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> index 977b5c8cfcca..6263d11393e6 100644
> --- a/libselinux/src/Makefile
> +++ b/libselinux/src/Makefile
> @@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
>  EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
>  	-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
>  	-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
> -	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wp,-D_FORTIFY_SOURCE
> +	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE
>  else
>  EXTRA_CFLAGS = -Wunused-command-line-argument
>  endif
> diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
> index d06ffd66893b..890ff36f3bbc 100644
> --- a/libselinux/utils/Makefile
> +++ b/libselinux/utils/Makefile
> @@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
>            -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
>            -Woverflow -Wpointer-to-int-cast -Wpragmas \
>            -Wno-missing-field-initializers -Wno-sign-compare \
> -          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE \
> +          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE \
>            -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
>            -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
>            -Werror -Wno-aggregate-return -Wno-redundant-decls \
> -- 
> 2.7.4
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error
  2018-12-27 14:29 ` [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error Jason Zaman
@ 2018-12-31 16:08   ` William Roberts
  0 siblings, 0 replies; 5+ messages in thread
From: William Roberts @ 2018-12-31 16:08 UTC (permalink / raw)
  To: Jason Zaman; +Cc: selinux, Stephen Smalley, William Roberts

On Thu, Dec 27, 2018 at 6:29 AM Jason Zaman <jason@perfinion.com> wrote:
>
> On Wed, Dec 26, 2018 at 06:54:26AM -0800, bill.c.roberts@gmail.com wrote:
> > From: William Roberts <william.c.roberts@intel.com>
> >
> > Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
> > <command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
> > <command-line>:0:0: note: this is the location of the previous definition
> >
> > Correct this by undefining it first and redefining it. Also, the previous
> > command line option was using -Wp which is passing the value *AS IS* to the
> > pre-processor rather than to the compiler driver. The C pre-processor has
> > an undocumented interface subject to change per man 1 gcc. Just use the
> > -D option to specify this value.
> >
> > Signed-off-by: William Roberts <william.c.roberts@intel.com>
>
> Acked-by: Jason Zaman <jason@perfinion.com>

merged: https://github.com/SELinuxProject/selinux/pull/120

>
> The whole series looks good to me, go ahead and apply it. I dont think
> the other parts have had _FORTIFY_SOURCE so after next release (probably
> too soon to apply it now?) we might want to add these same warnings to
> everything else not only libselinux.
>
> -- Jason
>
> > ---
> >  libselinux/src/Makefile   | 2 +-
> >  libselinux/utils/Makefile | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> > index 977b5c8cfcca..6263d11393e6 100644
> > --- a/libselinux/src/Makefile
> > +++ b/libselinux/src/Makefile
> > @@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
> >  EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
> >       -Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
> >       -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
> > -     -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wp,-D_FORTIFY_SOURCE
> > +     -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE
> >  else
> >  EXTRA_CFLAGS = -Wunused-command-line-argument
> >  endif
> > diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
> > index d06ffd66893b..890ff36f3bbc 100644
> > --- a/libselinux/utils/Makefile
> > +++ b/libselinux/utils/Makefile
> > @@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
> >            -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
> >            -Woverflow -Wpointer-to-int-cast -Wpragmas \
> >            -Wno-missing-field-initializers -Wno-sign-compare \
> > -          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE \
> > +          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE \
> >            -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
> >            -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
> >            -Werror -Wno-aggregate-return -Wno-redundant-decls \
> > --
> > 2.7.4
> >

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-26 14:54 [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 2/3] build: set _FORTIFY_SOURCE=2 in libselinux bill.c.roberts
2018-12-26 14:54 ` [V2 PATCH 3/3] Makefile: add -Wstrict-overflow=5 to CFLAGS bill.c.roberts
2018-12-27 14:29 ` [V2 PATCH 1/3] Makefile: fix _FORTIFY_SOURCE redefined build error Jason Zaman
2018-12-31 16:08   ` William Roberts

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox