Delete broken checks for GCC version that break -fstack-protector-strong#478
Delete broken checks for GCC version that break -fstack-protector-strong#478bgotowal merged 1 commit intointel:mainfrom
Conversation
|
Fixes #447 |
berrange
force-pushed
the
gcc-version-checks
branch
from
48310df to
d9bee99
Compare
bgotowal
left a comment
bgotowal
left a comment
There was a problem hiding this comment.
Thank you for proposing the changes!
As noted in #447, we've done modifications in similar areas as part of flag usage refactor in 8814a5e.
Yet, I still see some of you changes worth merging as apparently we've not covered all the fixes. Unsure if you're willing to resolve the conflicts to proceed with this PR...
Looking forward to hearing from you!
Sure, I'll put this on my to do list to rebase and drop any obsolete pieces. |
The expr comparison is performing a string comparison and is thus broken for any GCC version >= 10, preventing use of -fstack-protector-strong Since GCC 4.9 was released almost 10 years ago (Aug 2016), it is reasonable to drop the conditional check and assume -fstack-protector-strong is always available for GCC. A number of equivalent changes tht assume -fstack-protector-strong were also already made in commit 8814a5e Author: aplatasz <anna.platasz@intel.com> Date: Wed Jan 21 09:58:00 2026 +0100 Security related flags added Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
berrange
force-pushed
the
gcc-version-checks
branch
from
d9bee99 to
128eb5a
Compare
|
This is now rebased to latest git main |
bgotowal
left a comment
bgotowal
left a comment
There was a problem hiding this comment.
LGTM! Thanks for adjusting the code to the recent changes and contributing to DCAP!
| else | ||
| Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong | ||
| endif | ||
| Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections |
There was a problem hiding this comment.
Hi @berrange! Just noticed, unfortunately post merging, that here we miss the -fstack-protector-strong added at the end.
I think we can fix it internally and push in the next release cycle as this is not critical here in the samples.
There was a problem hiding this comment.
Opps, sorry about that mess up.
3 participants
The expr comparison is performing a string comparison and is thus broken for any GCC version >= 10, preventing use of -fstack-protector-strong
Since GCC 4.9 was released over 9 years ago (Aug 2016), it is thought reasonable to just drop the conditional check and assume -fstack-protector-strong is always available for GCC.