From a1f6030def1353fa6cdbe4d96600e3eca3f45122 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 25 Jan 2018 09:35:58 +0000 Subject: [PATCH] build: passing the "-z defs" linker flag to prevent undefined symbols Undefined symbols are a bad thing in general because they can get resolved in unexpected ways at runtime if multiple sources provide the same symbol name. For example both glibc and libtirpc may provide XDR symbols and we want to ensure that we resolve to libtirpc if that's what we originally built against. The toolchain maintainers thus strongly recommend that all applications use the '-z defs' linker flag to prevent undefined symbols. This is shortly becoming part of the default linker flags for RPMs. As an added benefit this aligns Linux builds with Windows builds, where the linker has never permitted undefined symbols. Signed-off-by: Daniel P. Berrange --- configure.ac | 1 + daemon/Makefile.am | 2 ++ m4/virt-linker-no-undefined.m4 | 32 +++++++++++++++++++++++++++ src/Makefile.am | 40 ++++++++++++++++++++-------------- tools/Makefile.am | 1 + 5 files changed, 60 insertions(+), 16 deletions(-) create mode 100644 m4/virt-linker-no-undefined.m4 diff --git a/configure.ac b/configure.ac index 4cccf7f4de..7997ec5a14 100644 --- a/configure.ac +++ b/configure.ac @@ -237,6 +237,7 @@ LIBVIRT_COMPILE_WARNINGS LIBVIRT_COMPILE_PIE LIBVIRT_LINKER_RELRO LIBVIRT_LINKER_NO_INDIRECT +LIBVIRT_LINKER_NO_UNDEFINED LIBVIRT_ARG_APPARMOR LIBVIRT_ARG_ATTR diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 9c1dfcfac6..77dfd8943a 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -125,6 +125,7 @@ libvirtd_conf_la_LDFLAGS = \ $(PIE_LDFLAGS) \ $(COVERAGE_LDFLAGS) \ $(NO_INDIRECT_LDFLAGS) \ + $(NO_UNDEFINED_LDFLAGS) \ $(NULL) libvirtd_conf_la_LIBADD = $(LIBXML_LIBS) @@ -158,6 +159,7 @@ libvirtd_LDFLAGS = \ $(PIE_LDFLAGS) \ $(COVERAGE_LDFLAGS) \ $(NO_INDIRECT_LDFLAGS) \ + $(NO_UNDEFINED_LDFLAGS) \ $(NULL) libvirtd_LDADD = \ diff --git a/m4/virt-linker-no-undefined.m4 b/m4/virt-linker-no-undefined.m4 new file mode 100644 index 0000000000..532b0de212 --- /dev/null +++ b/m4/virt-linker-no-undefined.m4 @@ -0,0 +1,32 @@ +dnl +dnl Check for -z defs linker flag +dnl +dnl Copyright (C) 2013-2018 Red Hat, Inc. +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl . +dnl + +AC_DEFUN([LIBVIRT_LINKER_NO_UNDEFINED],[ + AC_MSG_CHECKING([for how to stop undefined symbols at link time]) + + NO_UNDEFINED_LDFLAGS= + ld_help=`$LD --help 2>&1` + case $ld_help in + *"-z defs"*) NO_UNDEFINED_LDFLAGS="-Wl,-z -Wl,defs" ;; + esac + AC_SUBST([NO_UNDEFINED_LDFLAGS]) + + AC_MSG_RESULT([$NO_UNDEFINED_LDFLAGS]) +]) diff --git a/src/Makefile.am b/src/Makefile.am index 38efde012e..2cfa36a142 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -52,6 +52,7 @@ AM_LDFLAGS = $(DRIVER_MODULES_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) AM_LDFLAGS_MOD = -module -avoid-version $(AM_LDFLAGS) +AM_LDFLAGS_MOD_NOUNDEF = $(AM_LDFLAGS_MOD) $(NO_UNDEFINED_LDFLAGS) POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)" @@ -1342,7 +1343,7 @@ libvirt_driver_xen_la_SOURCES = libvirt_driver_xen_la_LIBADD = libvirt_driver_xen_impl.la mod_LTLIBRARIES += libvirt_driver_xen.la libvirt_driver_xen_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_xen_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_xen_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_xen_impl_la_CFLAGS = \ $(XEN_CFLAGS) \ @@ -1388,7 +1389,7 @@ libvirt_driver_vbox_la_LIBADD = libvirt_driver_vbox_impl.la mod_LTLIBRARIES += \ libvirt_driver_vbox.la libvirt_driver_vbox_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_vbox_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_vbox_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_vbox_impl_la_CFLAGS = \ -I$(srcdir)/conf \ @@ -1417,10 +1418,11 @@ libvirt_driver_libxl_la_SOURCES = libvirt_driver_libxl_la_LIBADD = libvirt_driver_libxl_impl.la mod_LTLIBRARIES += libvirt_driver_libxl.la libvirt_driver_libxl_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_libxl_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_libxl_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_libxl_impl_la_CFLAGS = \ $(LIBXL_CFLAGS) \ + $(LIBXML_CFLAGS) \ -I$(srcdir)/access \ -I$(srcdir)/conf \ -I$(srcdir)/secret \ @@ -1428,6 +1430,7 @@ libvirt_driver_libxl_impl_la_CFLAGS = \ $(AM_CFLAGS) libvirt_driver_libxl_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_libxl_impl_la_LIBADD = $(LIBXL_LIBS) \ + $(LIBXML_LIBS) \ libvirt_xenconfig_libxl.la libvirt_driver_libxl_impl_la_SOURCES = $(LIBXL_DRIVER_SOURCES) @@ -1446,11 +1449,12 @@ libvirt_driver_qemu_la_SOURCES = libvirt_driver_qemu_la_LIBADD = libvirt_driver_qemu_impl.la mod_LTLIBRARIES += libvirt_driver_qemu.la libvirt_driver_qemu_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_qemu_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_qemu_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_qemu_impl_la_CFLAGS = \ $(GNUTLS_CFLAGS) \ $(LIBNL_CFLAGS) \ + $(SELINUX_CFLAGS) \ $(XDR_CFLAGS) \ -I$(srcdir)/access \ -I$(srcdir)/conf \ @@ -1460,6 +1464,7 @@ libvirt_driver_qemu_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_qemu_impl_la_LIBADD = $(CAPNG_LIBS) \ $(GNUTLS_LIBS) \ $(LIBNL_LIBS) \ + $(SELINUX_LIBS) \ $(LIBXML_LIBS) \ $(NULL) libvirt_driver_qemu_impl_la_SOURCES = $(QEMU_DRIVER_SOURCES) @@ -1481,7 +1486,7 @@ libvirt_driver_lxc_la_SOURCES = libvirt_driver_lxc_la_LIBADD = libvirt_driver_lxc_impl.la mod_LTLIBRARIES += libvirt_driver_lxc.la libvirt_driver_lxc_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_lxc_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_lxc_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_lxc_impl_la_CFLAGS = \ $(LIBNL_CFLAGS) \ @@ -1518,7 +1523,7 @@ libvirt_driver_uml_la_SOURCES = libvirt_driver_uml_la_LIBADD = libvirt_driver_uml_impl.la mod_LTLIBRARIES += libvirt_driver_uml.la libvirt_driver_uml_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_uml_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_uml_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_uml_impl_la_CFLAGS = \ -I$(srcdir)/access \ @@ -1590,7 +1595,7 @@ libvirt_driver_vz_la_SOURCES = libvirt_driver_vz_la_LIBADD = libvirt_driver_vz_impl.la mod_LTLIBRARIES += libvirt_driver_vz.la libvirt_driver_vz_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_vz_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_vz_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_vz_impl_la_CFLAGS = \ -I$(srcdir)/conf \ -I$(srcdir)/access \ @@ -1606,7 +1611,7 @@ libvirt_driver_bhyve_la_SOURCES = libvirt_driver_bhyve_la_LIBADD = libvirt_driver_bhyve_impl.la mod_LTLIBRARIES += libvirt_driver_bhyve.la libvirt_driver_bhyve_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_bhyve_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_bhyve_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_bhyve_impl_la_CFLAGS = \ -I$(srcdir)/access \ @@ -1632,7 +1637,7 @@ libvirt_driver_network_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la \ $(LIBNL_LIBS) \ $(DBUS_LIBS) \ $(NULL) -libvirt_driver_network_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_network_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_network_impl_la_CFLAGS = \ $(LIBNL_CFLAGS) \ @@ -1652,7 +1657,7 @@ libvirt_driver_interface_la_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ $(AM_CFLAGS) $(LIBNL_CFLAGS) -libvirt_driver_interface_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_interface_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_interface_la_LIBADD = if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) @@ -1673,7 +1678,7 @@ libvirt_driver_secret_la_CFLAGS = \ -I$(srcdir)/conf \ $(AM_CFLAGS) libvirt_driver_secret_la_LIBADD = libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES) endif WITH_SECRETS @@ -1701,7 +1706,7 @@ libvirt_driver_storage_la_SOURCES = libvirt_driver_storage_la_LIBADD = libvirt_driver_storage_impl.la mod_LTLIBRARIES += libvirt_driver_storage.la libvirt_driver_storage_la_LIBADD += libvirt.la ../gnulib/lib/libgnu.la -libvirt_driver_storage_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_storage_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_SOURCES) @@ -1855,7 +1860,7 @@ libvirt_driver_nodedev_la_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ $(AM_CFLAGS) $(LIBNL_CFLAGS) -libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_nodedev_la_LIBADD = if WITH_LIBVIRTD @@ -1880,7 +1885,7 @@ noinst_LTLIBRARIES += libvirt_driver_nwfilter_impl.la libvirt_driver_nwfilter_la_SOURCES = libvirt_driver_nwfilter_la_LIBADD = libvirt_driver_nwfilter_impl.la mod_LTLIBRARIES += libvirt_driver_nwfilter.la -libvirt_driver_nwfilter_la_LDFLAGS = $(AM_LDFLAGS_MOD) +libvirt_driver_nwfilter_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_nwfilter_impl_la_CFLAGS = \ $(LIBPCAP_CFLAGS) \ $(LIBNL_CFLAGS) \ @@ -2389,6 +2394,7 @@ libvirt_la_LDFLAGS = \ $(VERSION_SCRIPT_FLAGS)$(LIBVIRT_SYMBOL_FILE) \ -version-info $(LIBVIRT_VERSION_INFO) \ $(LIBVIRT_NODELETE) \ + $(NO_UNDEFINED_LDFLAGS) \ $(AM_LDFLAGS) \ $(NULL) libvirt_la_BUILT_LIBADD += ../gnulib/lib/libgnu.la @@ -2591,7 +2597,7 @@ lockd_la_SOURCES = \ lockd_la_CFLAGS = -I$(srcdir)/conf \ $(XDR_CFLAGS) \ $(AM_CFLAGS) -lockd_la_LDFLAGS = $(AM_LDFLAGS_MOD) +lockd_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) lockd_la_LIBADD = libvirt.la ../gnulib/lib/libgnu.la augeas_DATA += locking/libvirt_lockd.aug if WITH_DTRACE_PROBES @@ -2631,6 +2637,7 @@ virtlockd_CFLAGS = \ virtlockd_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ + $(NO_UNDEFINED_LDFLAGS) \ $(NULL) virtlockd_LDADD = \ libvirt_driver_admin.la \ @@ -2658,6 +2665,7 @@ virtlogd_CFLAGS = \ virtlogd_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ + $(NO_UNDEFINED_LDFLAGS) \ $(NULL) virtlogd_LDADD = \ libvirt_driver_admin.la \ @@ -2872,7 +2880,7 @@ if WITH_SANLOCK lockdriver_LTLIBRARIES += sanlock.la sanlock_la_SOURCES = $(LOCK_DRIVER_SANLOCK_SOURCES) sanlock_la_CFLAGS = -I$(srcdir)/conf $(AM_CFLAGS) -sanlock_la_LDFLAGS = $(AM_LDFLAGS_MOD) +sanlock_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) sanlock_la_LIBADD = -lsanlock_client libvirt.la ../gnulib/lib/libgnu.la augeas_DATA += locking/libvirt_sanlock.aug diff --git a/tools/Makefile.am b/tools/Makefile.am index 4c33e78a1d..85e640b9e7 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -35,6 +35,7 @@ AM_CFLAGS = \ AM_LDFLAGS = \ $(RELRO_LDFLAGS) \ $(NO_INDIRECT_LDFLAGS) \ + $(NO_UNDEFINED_LDFLAGS) \ $(NULL) ICON_FILES = \ -- GitLab