[tor-commits] [tor/master] Check linking of hardening options, give better warnings if it fails.

[nickm at torproject.org]

commit d9080f5d3a03a5a241f7f6b2234d69a32f27a531
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon May 16 09:37:27 2016 -0400

    Check linking of hardening options, give better warnings if it fails.
    
    Previously we'd only check whether the hardening options succeeded
    at the compile step. Now we'll try to link with them too, and tell
    the user in advance if something seems likely to go wrong.
    
    Closes ticket 18895.
---
 changes/bug18895 |  6 ++++++
 configure.ac     | 25 ++++++++++++++++++++-----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/changes/bug18895 b/changes/bug18895
new file mode 100644
index 0000000..9ad857c
--- /dev/null
+++ b/changes/bug18895
@@ -0,0 +1,6 @@
+  o Minor features (build):
+    - When building on a system without runtime support for some of the
+      runtime hardening options, try to log a useful warning at configuration
+      time, rather than an incomprehensible warning at link time.
+      If expensive hardening was requested, this warning becomes an error.
+      Closes ticket 18895.
diff --git a/configure.ac b/configure.ac
index 8eb57f8..d658ef6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -787,14 +787,29 @@ m4_ifdef([AS_VAR_IF],[
        TOR_CHECK_CFLAGS(-fPIE)
        TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
     fi
-    TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, , CFLAGS_FTRAPV="-ftrapv", true)
-    TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, , CFLAGS_FWRAPV="-fwrapv", true)
+    TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
+    TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)
+    if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
+      AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
+    fi
 fi
 
 if test "x$enable_expensive_hardening" = "xyes"; then
-   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], , CFLAGS_ASAN="-fsanitize=address", true)
-   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=undefined], , CFLAGS_UBSAN="-fsanitize=undefined", true)
-   TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
+   if test "$tor_cv_cflags__ftrapv" != "yes"; then
+     AC_MSG_ERROR([You requested expensive hardening, but the compiler does not seem to support -ftrapv.])
+   fi
+
+   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], also_link, CFLAGS_ASAN="-fsanitize=address", true)
+    if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
+      AC_MSG_ERROR([The compiler supports -fsanitize=address, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libubsan.so, and with Clang you need libclang_rt.ubsan*])
+    fi
+
+   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=undefined], also_link, CFLAGS_UBSAN="-fsanitize=undefined", true)
+    if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
+      AC_MSG_ERROR([The compiler supports -fsanitize=undefined, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libasan.so, and with Clang you need libclang_rt.ubsan*])
+    fi
+
+TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
 fi
 
 CFLAGS_BUGTRAP="$CFLAGS_FTRAPV $CFLAGS_ASAN $CFLAGS_UBSAN"