Bug 454251

Summary: kvm: Build qemu with $RPM_OPT_FLAGS
Product: [Fedora] Fedora Reporter: Mark McLoughlin <markmc>
Component: qemuAssignee: David Woodhouse <dwmw2>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: berrange, clalance, dwmw2, gcosta, katzj, markmc, poelstra, virt-maint, xen-maint
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-25 12:00:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark McLoughlin 2008-07-07 09:04:09 UTC 
Looking at e.g.:
  http://kojipkgs.fedoraproject.org/packages/kvm/70/2.fc10/data/logs/i386/build.log

you see:

gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
-fasynchronous-unwind-tables  -m32 -D__i386__ -I
/builddir/build/BUILD/kvm-70/kernel/include -O1 -MMD -MF ./.kvmtrace.d -g
-fomit-frame-pointer -Wall  -fno-stack-protector   -I ../libkvm   -c -o
kvmtrace.o kvmtrace.c
gcc -I /builddir/build/BUILD/kvm-70/qemu/../libkvm  -DCONFIG_X86 -Wall -O2 -g
-fno-strict-aliasing  -m32 -I. -I/builddir/build/BUILD/kvm-70/qemu -MMD -MP
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-I/builddir/build/BUILD/kvm-70/qemu/slirp -c -o block-qcow.o block-qcow.c

i.e. user/ is being built with $RPM_OPT_FLAGS, but not qemu/

That means we're missing e.g. compile-time buffer overflow detection
(-D_FORTIFY_SOURCE=2) and runtime stack smashing detection (-fstack-protector
--param=ssp-buffer-size=4)

Most packages use the %configure which picks up $RPM_OPT_FLAGS automatically,
but it's probably not suitable here ...

Looks like passing --qemu-cflags="$RPM_OPT_CFLAGS" will do the trick
Comment 1 Daniel Berrangé 2008-07-07 09:08:37 UTC 
I'd be rather wary of making this change - historically the QEMU code generator
has been very sensitive to compiler flags, breaking if you even look at it in a
funny way.

Be sure to try and complete an installation of x86_64 and i686 with it falling
back to non-KVM emulated mode, before pushing a formal build with this change
Comment 2 Mark McLoughlin 2008-07-07 09:42:09 UTC 
Boot tested a KVM guest on i686 with this
Comment 3 Daniel Berrangé 2009-03-11 12:41:56 UTC 
Reassigning: The kvm package no longer exists in rawhide/F11, since it is now
part of 'qemu'.
Comment 4 Daniel Berrangé 2009-03-11 12:48:58 UTC 
This is still broken even with latest QEMU. The GCC command line is missing all the RPM opt flags


$ rpmbuild --eval '%{optflags}'
-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic

None of those are present in the GCC run during QEMU builds.
Comment 5 Glauber Costa 2009-03-12 13:11:20 UTC 
included in last build
Comment 6 Mark McLoughlin 2009-03-25 12:00:21 UTC 
* Wed Mar 11 2009 Glauber Costa <glommer> - 2:0.10-0.8.kvm20090310git
- Using RPM_OPT_FLAGS in configure