зеркало из https://github.com/mozilla/gecko-dev.git
Backed out changeset 1ee72d1a9430 (bug 1418052) for Linux x64 asan build bustages on /builds/worker/workspace/build/src/config/recurse.mk:32 r=backout on a CLOSED TREE
This commit is contained in:
Родитель
79d933ec34
Коммит
c3a26ac81a
|
@ -7,6 +7,10 @@ AC_DEFUN([MOZ_CONFIG_SANITIZE], [
|
|||
dnl ========================================================
|
||||
dnl = Use Address Sanitizer
|
||||
dnl ========================================================
|
||||
MOZ_ARG_ENABLE_BOOL(address-sanitizer,
|
||||
[ --enable-address-sanitizer Enable Address Sanitizer (default=no)],
|
||||
MOZ_ASAN=1,
|
||||
MOZ_ASAN= )
|
||||
if test -n "$MOZ_ASAN"; then
|
||||
MOZ_LLVM_HACKS=1
|
||||
if test -n "$CLANG_CL"; then
|
||||
|
|
|
@ -170,6 +170,7 @@ def old_configure_options(*options):
|
|||
'--cache-file',
|
||||
'--datadir',
|
||||
'--enable-accessibility',
|
||||
'--enable-address-sanitizer',
|
||||
'--enable-alsa',
|
||||
'--enable-bundled-fonts',
|
||||
'--enable-content-sandbox',
|
||||
|
|
|
@ -1291,63 +1291,19 @@ wine = check_prog('WINE', ['wine'], when=depends(target, host)
|
|||
# Security Hardening
|
||||
# ==============================================================
|
||||
|
||||
js_option('--enable-address-sanitizer', help='Enable Address Sanitizer')
|
||||
|
||||
|
||||
@depends('--enable-address-sanitizer')
|
||||
def asan(value):
|
||||
return value
|
||||
|
||||
|
||||
add_old_configure_assignment('MOZ_ASAN', asan)
|
||||
|
||||
option('--enable-hardening', env='MOZ_SECURITY_HARDENING',
|
||||
help='Enables security hardening compiler options')
|
||||
|
||||
|
||||
@depends('--enable-hardening', '--enable-address-sanitizer',
|
||||
'--enable-optimize', c_compiler, target)
|
||||
def security_hardening_cflags(hardening_flag, asan, optimize, c_compiler, target):
|
||||
compiler_is_gccish = c_compiler.type in ('gcc', 'clang')
|
||||
|
||||
flags = []
|
||||
js_flags = []
|
||||
|
||||
# FORTIFY_SOURCE ------------------------------------
|
||||
# If hardening is explicitly enabled, or not explicitly disabled
|
||||
if hardening_flag.origin == "default" or hardening_flag:
|
||||
# Require optimization for FORTIFY_SOURCE. See Bug 1417452
|
||||
# Also, undefine it before defining it just in case a distro adds it, see Bug 1418398
|
||||
if compiler_is_gccish and optimize and not asan:
|
||||
# Don't enable FORTIFY_SOURCE on Android on the top-level, but do enable in js/
|
||||
if target.os != 'Android':
|
||||
flags.append("-U_FORTIFY_SOURCE")
|
||||
flags.append("-D_FORTIFY_SOURCE=2")
|
||||
js_flags.append("-U_FORTIFY_SOURCE")
|
||||
js_flags.append("-D_FORTIFY_SOURCE=2")
|
||||
|
||||
# If ASAN _is_ on, undefine FOTIFY_SOURCE just to be safe
|
||||
if asan:
|
||||
flags.append("-U_FORTIFY_SOURCE")
|
||||
js_flags.append("-U_FORTIFY_SOURCE")
|
||||
|
||||
# fstack-protector ------------------------------------
|
||||
# Enable only if --enable-hardening is passed
|
||||
if hardening_flag and compiler_is_gccish and not asan:
|
||||
flags.append("-fstack-protector-strong")
|
||||
|
||||
return namespace(
|
||||
flags=flags,
|
||||
js_flags=js_flags,
|
||||
)
|
||||
@depends('--enable-hardening', c_compiler)
|
||||
def security_hardening_cflags(value, c_compiler):
|
||||
if value and c_compiler.type in ['gcc', 'clang']:
|
||||
return '-fstack-protector-strong'
|
||||
|
||||
|
||||
add_old_configure_assignment('MOZ_HARDENING_CFLAGS', security_hardening_cflags.flags)
|
||||
add_old_configure_assignment('MOZ_HARDENING_CFLAGS_JS', security_hardening_cflags.js_flags)
|
||||
add_old_configure_assignment('HARDENING_CFLAGS', security_hardening_cflags)
|
||||
imply_option('--enable-pie', depends_if('--enable-hardening')(lambda v: v))
|
||||
|
||||
# ==============================================================
|
||||
|
||||
option(env='RUSTFLAGS',
|
||||
nargs=1,
|
||||
help='Rust compiler flags')
|
||||
|
|
|
@ -557,12 +557,23 @@ esac
|
|||
MOZ_DOING_LTO(lto_is_enabled)
|
||||
|
||||
dnl ========================================================
|
||||
dnl Add optional and non-optional hardening flags from toolchain.configure
|
||||
dnl Add optional and non-optional hardening flags
|
||||
dnl ========================================================
|
||||
|
||||
CFLAGS="$CFLAGS $MOZ_HARDENING_CFLAGS_JS"
|
||||
CPPFLAGS="$CPPFLAGS $MOZ_HARDENING_CFLAGS_JS"
|
||||
CXXFLAGS="$CXXFLAGS $MOZ_HARDENING_CFLAGS_JS"
|
||||
dnl In at least glibc-2.25, _FORTIFY_SOURCE requires compiling
|
||||
dnl with optimization (Bug 1417452)
|
||||
|
||||
dnl Note that in the top-level old-configure.in, we don't enable
|
||||
dnl FORTIFY_SOURCE on Android. But in js/ we *can* enable it on
|
||||
dnl Android, so we do.
|
||||
|
||||
if test -n "$MOZ_OPTIMIZE"; then
|
||||
if test "$GNU_CC" -o -n "${CLANG_CC}${CLANG_CL}"; then
|
||||
CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
|
||||
CPPFLAGS="$CPPFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
|
||||
CXXFLAGS="$CXXFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl ========================================================
|
||||
dnl System overrides of the defaults for target
|
||||
|
|
|
@ -503,10 +503,28 @@ fi
|
|||
dnl ========================================================
|
||||
dnl Add optional and non-optional hardening flags
|
||||
dnl ========================================================
|
||||
CFLAGS="$CFLAGS $HARDENING_CFLAGS"
|
||||
CPPFLAGS="$CPPFLAGS $HARDENING_CFLAGS"
|
||||
CXXFLAGS="$CXXFLAGS $HARDENING_CFLAGS"
|
||||
|
||||
CFLAGS="$CFLAGS $MOZ_HARDENING_CFLAGS"
|
||||
CPPFLAGS="$CPPFLAGS $MOZ_HARDENING_CFLAGS"
|
||||
CXXFLAGS="$CXXFLAGS $MOZ_HARDENING_CFLAGS"
|
||||
dnl In at least glibc-2.25, _FORTIFY_SOURCE requires compiling
|
||||
dnl with optimization (Bug 1417452)
|
||||
if test -n "$MOZ_OPTIMIZE"; then
|
||||
if test "$GNU_CC" -o -n "${CLANG_CC}${CLANG_CL}"; then
|
||||
case $OS_TARGET in
|
||||
Android)
|
||||
dnl FORTIFY_SOURCE is not supported on Android on the
|
||||
dnl top-level old-configure.in at this time.
|
||||
dnl See Bug 1415595
|
||||
;;
|
||||
*)
|
||||
CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
|
||||
CPPFLAGS="$CPPFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
|
||||
CXXFLAGS="$CXXFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl ========================================================
|
||||
dnl GNU specific defaults
|
||||
|
|
Загрузка…
Ссылка в новой задаче