use AX_CHECK_COMPILE_FLAG to check for spectre flags

Fixes #2661
netblue30 · Jun 21, 2019 · 2c64d1f · 2c64d1f
1 parent 75b4b95
commit 2c64d1f
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 48 deletions.
diff --git a/configure b/configure
@@ -2095,6 +2095,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 #AC_CONFIG_HEADERS([config.h])
 
+
+
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -3101,46 +3103,81 @@ fi
 
 
 HAVE_SPECTRE="no"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc or clang compiler" >&5
-$as_echo_n "checking for Spectre mitigation support in gcc or clang compiler... " >&6; }
-if test "$CC" = "gcc"; then :
 
- HAVE_SPECTRE="yes"
- $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no"
- rm -f dummy.o
- if test "$HAVE_SPECTRE" = "yes"; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5
+$as_echo_n "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; }
+if ${ax_cv_check_cflags___mindirect_branch_thunk+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
 
- EXTRA_CFLAGS+=" -mindirect-branch=thunk "
+ ax_check_save_flags=$CFLAGS
+ CFLAGS="$CFLAGS -mindirect-branch=thunk"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
 
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ax_cv_check_cflags___mindirect_branch_thunk=yes
+else
+ ax_cv_check_cflags___mindirect_branch_thunk=no
 fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ CFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5
+$as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; }
+if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then :
+ HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"
 
+else
+ :
 fi
-if test "$CC" = "clang"; then :
 
- HAVE_SPECTRE="yes"
- $CC -mretpoline -c dummy.c || HAVE_SPECTRE="no"
- rm -f dummy.o
- if test "$HAVE_SPECTRE" = "yes"; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mretpoline" >&5
+$as_echo_n "checking whether C compiler accepts -mretpoline... " >&6; }
+if ${ax_cv_check_cflags___mretpoline+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
 
- EXTRA_CFLAGS+=" -mretpoline "
+ ax_check_save_flags=$CFLAGS
+ CFLAGS="$CFLAGS -mretpoline"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
 
-fi
+int
+main ()
+{
 
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ax_cv_check_cflags___mretpoline=yes
+else
+ ax_cv_check_cflags___mretpoline=no
 fi
-if test "$HAVE_SPECTRE" = "yes"; then :
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ CFLAGS=$ax_check_save_flags
 fi
-if test "$HAVE_SPECTRE" = "no"; then :
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ... not available" >&5
-$as_echo "... not available" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5
+$as_echo "$ax_cv_check_cflags___mretpoline" >&6; }
+if test "x$ax_cv_check_cflags___mretpoline" = xyes; then :
+ HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"
 
+else
+ :
 fi
 
 
+
 HAVE_APPARMOR=""
 # Check whether --enable-apparmor was given.
 if test "${enable_apparmor+set}" = set; then :
@@ -3154,7 +3191,6 @@ if test "x$enable_apparmor" = "xyes"; then :
 
 fi
 
-
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'

diff --git a/configure.ac b/configure.ac
@@ -3,35 +3,22 @@ AC_INIT(firejail, 0.9.61, [email protected], , https://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
 
+AC_CONFIG_MACRO_DIR([m4])
+
 AC_PROG_CC
 #AC_PROG_CXX
 AC_PROG_INSTALL
 AC_PROG_RANLIB
 
 HAVE_SPECTRE="no"
-AC_MSG_CHECKING(for Spectre mitigation support in gcc or clang compiler)
-AS_IF([test "$CC" = "gcc"], [
- HAVE_SPECTRE="yes"
- $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no"
- rm -f dummy.o
- AS_IF([test "$HAVE_SPECTRE" = "yes"], [
- EXTRA_CFLAGS+=" -mindirect-branch=thunk "
- ])
-])
-AS_IF([test "$CC" = "clang"], [
- HAVE_SPECTRE="yes"
- $CC -mretpoline -c dummy.c || HAVE_SPECTRE="no"
- rm -f dummy.o
- AS_IF([test "$HAVE_SPECTRE" = "yes"], [
- EXTRA_CFLAGS+=" -mretpoline "
- ])
-])
-AS_IF([test "$HAVE_SPECTRE" = "yes"], [
- AC_MSG_RESULT(yes)
-])
-AS_IF([test "$HAVE_SPECTRE" = "no"], [
- AC_MSG_RESULT(... not available)
-])
+AX_CHECK_COMPILE_FLAG(
+ [-mindirect-branch=thunk],
+ [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"]
+)
+AX_CHECK_COMPILE_FLAG(
+ [-mretpoline],
+ [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"]
+)
 AC_SUBST([EXTRA_CFLAGS])
 
 HAVE_APPARMOR=""