From 2c64d1fdd395e439bfbde415656326ed2c32f79a Mon Sep 17 00:00:00 2001 From: Reiner Herrmann Date: Fri, 21 Jun 2019 14:29:11 +0200 Subject: [PATCH] use AX_CHECK_COMPILE_FLAG to check for spectre flags Fixes #2661 --- configure | 86 +++++++++++++++++++++++++++++++++++++--------------- configure.ac | 33 ++++++-------------- 2 files changed, 71 insertions(+), 48 deletions(-) diff --git a/configure b/configure index d47e0cbb01d..c3bca4bb891 100755 --- a/configure +++ b/configure @@ -2095,6 +2095,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu #AC_CONFIG_HEADERS([config.h]) + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -3101,46 +3103,81 @@ fi HAVE_SPECTRE="no" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc or clang compiler" >&5 -$as_echo_n "checking for Spectre mitigation support in gcc or clang compiler... " >&6; } -if test "$CC" = "gcc"; then : - HAVE_SPECTRE="yes" - $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no" - rm -f dummy.o - if test "$HAVE_SPECTRE" = "yes"; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5 +$as_echo_n "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; } +if ${ax_cv_check_cflags___mindirect_branch_thunk+:} false; then : + $as_echo_n "(cached) " >&6 +else - EXTRA_CFLAGS+=" -mindirect-branch=thunk " + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -mindirect-branch=thunk" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags___mindirect_branch_thunk=yes +else + ax_cv_check_cflags___mindirect_branch_thunk=no fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5 +$as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; } +if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then : + HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk" +else + : fi -if test "$CC" = "clang"; then : - HAVE_SPECTRE="yes" - $CC -mretpoline -c dummy.c || HAVE_SPECTRE="no" - rm -f dummy.o - if test "$HAVE_SPECTRE" = "yes"; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mretpoline" >&5 +$as_echo_n "checking whether C compiler accepts -mretpoline... " >&6; } +if ${ax_cv_check_cflags___mretpoline+:} false; then : + $as_echo_n "(cached) " >&6 +else - EXTRA_CFLAGS+=" -mretpoline " + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -mretpoline" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ -fi +int +main () +{ + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags___mretpoline=yes +else + ax_cv_check_cflags___mretpoline=no fi -if test "$HAVE_SPECTRE" = "yes"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags fi -if test "$HAVE_SPECTRE" = "no"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ... not available" >&5 -$as_echo "... not available" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5 +$as_echo "$ax_cv_check_cflags___mretpoline" >&6; } +if test "x$ax_cv_check_cflags___mretpoline" = xyes; then : + HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline" +else + : fi + HAVE_APPARMOR="" # Check whether --enable-apparmor was given. if test "${enable_apparmor+set}" = set; then : @@ -3154,7 +3191,6 @@ if test "x$enable_apparmor" = "xyes"; then : fi - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' diff --git a/configure.ac b/configure.ac index 40ead160410..f14b3812c2c 100644 --- a/configure.ac +++ b/configure.ac @@ -3,35 +3,22 @@ AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com) AC_CONFIG_SRCDIR([src/firejail/main.c]) #AC_CONFIG_HEADERS([config.h]) +AC_CONFIG_MACRO_DIR([m4]) + AC_PROG_CC #AC_PROG_CXX AC_PROG_INSTALL AC_PROG_RANLIB HAVE_SPECTRE="no" -AC_MSG_CHECKING(for Spectre mitigation support in gcc or clang compiler) -AS_IF([test "$CC" = "gcc"], [ - HAVE_SPECTRE="yes" - $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no" - rm -f dummy.o - AS_IF([test "$HAVE_SPECTRE" = "yes"], [ - EXTRA_CFLAGS+=" -mindirect-branch=thunk " - ]) -]) -AS_IF([test "$CC" = "clang"], [ - HAVE_SPECTRE="yes" - $CC -mretpoline -c dummy.c || HAVE_SPECTRE="no" - rm -f dummy.o - AS_IF([test "$HAVE_SPECTRE" = "yes"], [ - EXTRA_CFLAGS+=" -mretpoline " - ]) -]) -AS_IF([test "$HAVE_SPECTRE" = "yes"], [ - AC_MSG_RESULT(yes) -]) -AS_IF([test "$HAVE_SPECTRE" = "no"], [ - AC_MSG_RESULT(... not available) -]) +AX_CHECK_COMPILE_FLAG( + [-mindirect-branch=thunk], + [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"] +) +AX_CHECK_COMPILE_FLAG( + [-mretpoline], + [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"] +) AC_SUBST([EXTRA_CFLAGS]) HAVE_APPARMOR=""