--- a/configure.ac 2012-02-02 11:20:32.000000000 +0100 +++ b/configure.ac 2012-07-01 00:44:27.845218414 +0200 @@ -424,6 +424,36 @@ AC_ARG_ENABLE(libssp, ENABLE_LIBSSP=$enableval, ENABLE_LIBSSP=yes) +# Check whether --enable-espf was given and target have the support. +AC_ARG_ENABLE([espf], +[AS_HELP_STRING([--enable-espf[=ARG]], + [Enable Stack protector, Position independent executable and + Fortify_source as default. If we have suppot for it when compiling. + Linux targets supported x86, x32 and x86_64. + @<:@ARG={all,pie,ssp,no}@:>@ ])], +set_enable_espf=$enableval, +set_enable_espf=no) +case "${set_enable_espf}" in + all|pie|ssp) + case $target in + i?86*-*-linux* | x86_??*-*-linux*) + enable_espf=yes + ;; + *) + enable_espf=no + AC_MSG_WARN([*** --enable-espf is not supported on this $target target.]) + ;; + esac + ;; + no) + enable_espf=no + ;; + *) + AC_MSG_ERROR([invalid --enable-espf argument]) + ;; +esac +AC_SUBST([enable_espf]) + # Save it here so that, even in case of --enable-libgcj, if the Java # front-end isn't enabled, we still get libgcj disabled. libgcj_saved=$libgcj @@ -3213,6 +3242,11 @@ if test "$GCC" = yes -a "$ENABLE_BUILD_W CFLAGS="$saved_CFLAGS" fi +# Disable -fstack-protector on stage1 +if test x$enable_espf = xyes; then + stage1_cflags="$stage1_cflags -fno-stack-protector" +fi + AC_SUBST(stage1_cflags) # Enable --enable-checking in stage1 of the compiler. --- a/gcc/configure.ac 2012-02-22 12:27:45.000000000 +0100 +++ b/gcc/configure.ac 2012-07-01 00:43:14.054216215 +0200 @@ -5193,6 +5193,156 @@ if test x"${LINKER_HASH_STYLE}" != x; th [The linker hash style]) fi +# -------------- +# Espf checks +# -------------- + +# Check whether --enable-espf was given and target have the support. +AC_ARG_ENABLE([espf], +[AS_HELP_STRING([--enable-espf[=ARG]], + [Enable Stack protector, Position independent executable and + Fortify_source as default. If we have suppot for it when compiling. + Linux targets supported x86, x32 and x86_64. + @<:@ARG={all,pie,ssp,no}@:>@ ])], +set_enable_espf=$enableval, +set_enable_espf=no) +case "${set_enable_espf}" in + all|pie|ssp) + AC_MSG_CHECKING(if $target support espf) + case $target in + i?86*-*-linux* | x86_??*-*-linux*) + enable_espf=yes + AC_DEFINE(ENABLE_ESPF, 1, + [Define if your target support espf and you have enable it.]) + ;; + *) + enable_espf=no + AC_MSG_WARN([*** --enable-espf is not supported on this $target target.]) + ;; + esac + AC_MSG_RESULT($enable_espf) + ;; + no) + enable_espf=no + ;; + *) + AC_MSG_ERROR([invalid --enable-espf argument]) + ;; +esac +AC_SUBST([enable_espf]) +if test x$enable_espf = xyes ; then + +# Check for FORTIFY_SOURCE support in target C library. + AC_CACHE_CHECK(for _FORTIFY_SOURCE support in target C library, + gcc_cv_libc_provides_fortify, + [gcc_cv_libc_provides_fortify=no + case "$target" in + *-*-linux*) + [# glibc 2.8 and later provides _FORTIFY_SOURCE. + # uClibc 0.9.32 and later provides _FORTIFY_SOURCE. + if test -f $target_header_dir/features.h; then + if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ + $target_header_dir/features.h > /dev/null \ + && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \ + $target_header_dir/features.h > /dev/null; then + gcc_cv_libc_provides_fortify=yes + elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ + $target_header_dir/features.h > /dev/null; then + if test -f $target_header_dir/bits/uClibc_config.h && \ + $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ + $target_header_dir/bits/uClibc_config.h > /dev/null; then + gcc_cv_libc_provides_fortify=yes + else + gcc_cv_libc_provides_fortify=no + fi + fi + fi] + ;; + *) gcc_cv_libc_provides_fortify=no ;; + esac]) + + AC_MSG_CHECKING(if we can default to use -fPIE and link with -pie) + enable_espf_pie=no + if test x$gcc_cv_ld_pie = xyes ;then + if test x$set_enable_espf = xall || test x$set_enable_espf = xpie; then + saved_LDFLAGS="$LDFLAGS" + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fPIE -Werror" + LDFLAGS="$LDFLAGS -fPIE -pie" + AC_TRY_LINK(,, + [AC_MSG_RESULT([yes]); enable_espf_pie=yes],) + LDFLAGS="$saved_LDFLAGS" + CFLAGS="$saved_CFLAGS" + fi + fi + if test x$enable_espf_pie = xyes ; then + AC_DEFINE(ENABLE_ESPF_PIE, 1, + [Define if your compiler will default to use -fPIE and link with -pie.]) + else + AC_MSG_RESULT([no]) + fi + + AC_MSG_CHECKING(if we can default to use -fstack-protector) + ssp_link_test=no + enable_espf_ssp=no + if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = xyes; then + if $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ + $target_header_dir/features.h > /dev/null; then + if test -f $target_header_dir/bits/uClibc_config.h && \ + $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ + $target_header_dir/bits/uClibc_config.h > /dev/null && \ + $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_HAS_TLS__[ ]+1' \ + $target_header_dir/bits/uClibc_config.h > /dev/null; then + ssp_link_test=yes + fi + else + ssp_link_test=yes + fi + fi + if test x$ssp_link_test=xyes; then + if test x$set_enable_espf = xall || test x$set_enable_espf = xssp; then + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -O2 -fstack-protector -Werror" + AC_TRY_LINK(,, + [AC_MSG_RESULT([yes]); enable_espf_ssp=yes],) + CFLAGS="$saved_CFLAGS" + fi + fi + if test x$enable_espf_ssp = xyes ; then + AC_DEFINE(ENABLE_ESPF_SSP, 1, + [Define if your compiler will default to use -fstack-protector.]) + else + AC_MSG_RESULT([no]) + fi + + AC_MSG_CHECKING(if we can default to use -D_FORTIFY_SOURCE=2) + if test x$gcc_cv_libc_provides_fortify = xyes; then + saved_CFLAGS="$CFLAGS" + saved_CPPFLAGS="$CPPFLAGS" + CFLAGS="$CFLAGS -O2 -Werror" + CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + AC_TRY_LINK([ + #include + #include + #include + ],[ + open ("/tmp/foo", O_WRONLY | O_CREAT); + ], + [AC_MSG_RESULT([no]); enable_espf_fortify=no], + [AC_MSG_RESULT([yes]); enable_espf_fortify=yes]) + CFLAGS="$saved_CFLAGS" + CPPFLAGS="$saved_CPPFLAGS" + else + AC_MSG_RESULT([no]) + enable_espf_fortify=no + fi + if test x$enable_espf_fortify = xyes ; then + AC_DEFINE(ENABLE_ESPF_FORTIFY, 1, + [Define if your compiler will default to use -D_FORTIFY_SOURCE=2.]) + fi + +fi + # Configure the subdirectories # AC_CONFIG_SUBDIRS($subdirs)