diff options
author | Reiner Herrmann <reiner@reiner-h.de> | 2019-06-21 14:29:11 +0200 |
---|---|---|
committer | Reiner Herrmann <reiner@reiner-h.de> | 2019-06-21 14:54:58 +0200 |
commit | 2c64d1fdd395e439bfbde415656326ed2c32f79a (patch) | |
tree | 68b1aafeb216b4414d63aa32d76ea71ed649b502 | |
parent | import ax_check_compile_flag macro from autoconf-archive (diff) | |
download | firejail-2c64d1fdd395e439bfbde415656326ed2c32f79a.tar.gz firejail-2c64d1fdd395e439bfbde415656326ed2c32f79a.tar.zst firejail-2c64d1fdd395e439bfbde415656326ed2c32f79a.zip |
use AX_CHECK_COMPILE_FLAG to check for spectre flags
Fixes #2661
-rwxr-xr-x | configure | 86 | ||||
-rw-r--r-- | configure.ac | 33 |
2 files changed, 71 insertions, 48 deletions
@@ -2095,6 +2095,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu | |||
2095 | 2095 | ||
2096 | #AC_CONFIG_HEADERS([config.h]) | 2096 | #AC_CONFIG_HEADERS([config.h]) |
2097 | 2097 | ||
2098 | |||
2099 | |||
2098 | ac_ext=c | 2100 | ac_ext=c |
2099 | ac_cpp='$CPP $CPPFLAGS' | 2101 | ac_cpp='$CPP $CPPFLAGS' |
2100 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | 2102 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' |
@@ -3101,46 +3103,81 @@ fi | |||
3101 | 3103 | ||
3102 | 3104 | ||
3103 | HAVE_SPECTRE="no" | 3105 | HAVE_SPECTRE="no" |
3104 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc or clang compiler" >&5 | ||
3105 | $as_echo_n "checking for Spectre mitigation support in gcc or clang compiler... " >&6; } | ||
3106 | if test "$CC" = "gcc"; then : | ||
3107 | 3106 | ||
3108 | HAVE_SPECTRE="yes" | 3107 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5 |
3109 | $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no" | 3108 | $as_echo_n "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; } |
3110 | rm -f dummy.o | 3109 | if ${ax_cv_check_cflags___mindirect_branch_thunk+:} false; then : |
3111 | if test "$HAVE_SPECTRE" = "yes"; then : | 3110 | $as_echo_n "(cached) " >&6 |
3111 | else | ||
3112 | 3112 | ||
3113 | EXTRA_CFLAGS+=" -mindirect-branch=thunk " | 3113 | ax_check_save_flags=$CFLAGS |
3114 | CFLAGS="$CFLAGS -mindirect-branch=thunk" | ||
3115 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3116 | /* end confdefs.h. */ | ||
3114 | 3117 | ||
3118 | int | ||
3119 | main () | ||
3120 | { | ||
3121 | |||
3122 | ; | ||
3123 | return 0; | ||
3124 | } | ||
3125 | _ACEOF | ||
3126 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3127 | ax_cv_check_cflags___mindirect_branch_thunk=yes | ||
3128 | else | ||
3129 | ax_cv_check_cflags___mindirect_branch_thunk=no | ||
3115 | fi | 3130 | fi |
3131 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3132 | CFLAGS=$ax_check_save_flags | ||
3133 | fi | ||
3134 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5 | ||
3135 | $as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; } | ||
3136 | if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then : | ||
3137 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk" | ||
3116 | 3138 | ||
3139 | else | ||
3140 | : | ||
3117 | fi | 3141 | fi |
3118 | if test "$CC" = "clang"; then : | ||
3119 | 3142 | ||
3120 | HAVE_SPECTRE="yes" | 3143 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mretpoline" >&5 |
3121 | $CC -mretpoline -c dummy.c || HAVE_SPECTRE="no" | 3144 | $as_echo_n "checking whether C compiler accepts -mretpoline... " >&6; } |
3122 | rm -f dummy.o | 3145 | if ${ax_cv_check_cflags___mretpoline+:} false; then : |
3123 | if test "$HAVE_SPECTRE" = "yes"; then : | 3146 | $as_echo_n "(cached) " >&6 |
3147 | else | ||
3124 | 3148 | ||
3125 | EXTRA_CFLAGS+=" -mretpoline " | 3149 | ax_check_save_flags=$CFLAGS |
3150 | CFLAGS="$CFLAGS -mretpoline" | ||
3151 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3152 | /* end confdefs.h. */ | ||
3126 | 3153 | ||
3127 | fi | 3154 | int |
3155 | main () | ||
3156 | { | ||
3128 | 3157 | ||
3158 | ; | ||
3159 | return 0; | ||
3160 | } | ||
3161 | _ACEOF | ||
3162 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3163 | ax_cv_check_cflags___mretpoline=yes | ||
3164 | else | ||
3165 | ax_cv_check_cflags___mretpoline=no | ||
3129 | fi | 3166 | fi |
3130 | if test "$HAVE_SPECTRE" = "yes"; then : | 3167 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext |
3131 | 3168 | CFLAGS=$ax_check_save_flags | |
3132 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
3133 | $as_echo "yes" >&6; } | ||
3134 | |||
3135 | fi | 3169 | fi |
3136 | if test "$HAVE_SPECTRE" = "no"; then : | 3170 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5 |
3137 | 3171 | $as_echo "$ax_cv_check_cflags___mretpoline" >&6; } | |
3138 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: ... not available" >&5 | 3172 | if test "x$ax_cv_check_cflags___mretpoline" = xyes; then : |
3139 | $as_echo "... not available" >&6; } | 3173 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline" |
3140 | 3174 | ||
3175 | else | ||
3176 | : | ||
3141 | fi | 3177 | fi |
3142 | 3178 | ||
3143 | 3179 | ||
3180 | |||
3144 | HAVE_APPARMOR="" | 3181 | HAVE_APPARMOR="" |
3145 | # Check whether --enable-apparmor was given. | 3182 | # Check whether --enable-apparmor was given. |
3146 | if test "${enable_apparmor+set}" = set; then : | 3183 | if test "${enable_apparmor+set}" = set; then : |
@@ -3154,7 +3191,6 @@ if test "x$enable_apparmor" = "xyes"; then : | |||
3154 | 3191 | ||
3155 | fi | 3192 | fi |
3156 | 3193 | ||
3157 | |||
3158 | ac_ext=c | 3194 | ac_ext=c |
3159 | ac_cpp='$CPP $CPPFLAGS' | 3195 | ac_cpp='$CPP $CPPFLAGS' |
3160 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | 3196 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' |
diff --git a/configure.ac b/configure.ac index 40ead1604..f14b3812c 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -3,35 +3,22 @@ AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com) | |||
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
6 | AC_CONFIG_MACRO_DIR([m4]) | ||
7 | |||
6 | AC_PROG_CC | 8 | AC_PROG_CC |
7 | #AC_PROG_CXX | 9 | #AC_PROG_CXX |
8 | AC_PROG_INSTALL | 10 | AC_PROG_INSTALL |
9 | AC_PROG_RANLIB | 11 | AC_PROG_RANLIB |
10 | 12 | ||
11 | HAVE_SPECTRE="no" | 13 | HAVE_SPECTRE="no" |
12 | AC_MSG_CHECKING(for Spectre mitigation support in gcc or clang compiler) | 14 | AX_CHECK_COMPILE_FLAG( |
13 | AS_IF([test "$CC" = "gcc"], [ | 15 | [-mindirect-branch=thunk], |
14 | HAVE_SPECTRE="yes" | 16 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"] |
15 | $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no" | 17 | ) |
16 | rm -f dummy.o | 18 | AX_CHECK_COMPILE_FLAG( |
17 | AS_IF([test "$HAVE_SPECTRE" = "yes"], [ | 19 | [-mretpoline], |
18 | EXTRA_CFLAGS+=" -mindirect-branch=thunk " | 20 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"] |
19 | ]) | 21 | ) |
20 | ]) | ||
21 | AS_IF([test "$CC" = "clang"], [ | ||
22 | HAVE_SPECTRE="yes" | ||
23 | $CC -mretpoline -c dummy.c || HAVE_SPECTRE="no" | ||
24 | rm -f dummy.o | ||
25 | AS_IF([test "$HAVE_SPECTRE" = "yes"], [ | ||
26 | EXTRA_CFLAGS+=" -mretpoline " | ||
27 | ]) | ||
28 | ]) | ||
29 | AS_IF([test "$HAVE_SPECTRE" = "yes"], [ | ||
30 | AC_MSG_RESULT(yes) | ||
31 | ]) | ||
32 | AS_IF([test "$HAVE_SPECTRE" = "no"], [ | ||
33 | AC_MSG_RESULT(... not available) | ||
34 | ]) | ||
35 | AC_SUBST([EXTRA_CFLAGS]) | 22 | AC_SUBST([EXTRA_CFLAGS]) |
36 | 23 | ||
37 | HAVE_APPARMOR="" | 24 | HAVE_APPARMOR="" |