454251 – kvm: Build qemu with $RPM_OPT_FLAGS

Bug 454251 - kvm: Build qemu with $RPM_OPT_FLAGS

Summary: kvm: Build qemu with $RPM_OPT_FLAGS

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	qemu
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	David Woodhouse
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-07-07 09:04 UTC by Mark McLoughlin
Modified:	2009-03-25 12:00 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-03-25 12:00:21 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mark McLoughlin 2008-07-07 09:04:09 UTC

Looking at e.g.:
  http://kojipkgs.fedoraproject.org/packages/kvm/70/2.fc10/data/logs/i386/build.log

you see:

gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
-fasynchronous-unwind-tables  -m32 -D__i386__ -I
/builddir/build/BUILD/kvm-70/kernel/include -O1 -MMD -MF ./.kvmtrace.d -g
-fomit-frame-pointer -Wall  -fno-stack-protector   -I ../libkvm   -c -o
kvmtrace.o kvmtrace.c
gcc -I /builddir/build/BUILD/kvm-70/qemu/../libkvm  -DCONFIG_X86 -Wall -O2 -g
-fno-strict-aliasing  -m32 -I. -I/builddir/build/BUILD/kvm-70/qemu -MMD -MP
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-I/builddir/build/BUILD/kvm-70/qemu/slirp -c -o block-qcow.o block-qcow.c

i.e. user/ is being built with $RPM_OPT_FLAGS, but not qemu/

That means we're missing e.g. compile-time buffer overflow detection
(-D_FORTIFY_SOURCE=2) and runtime stack smashing detection (-fstack-protector
--param=ssp-buffer-size=4)

Most packages use the %configure which picks up $RPM_OPT_FLAGS automatically,
but it's probably not suitable here ...

Looks like passing --qemu-cflags="$RPM_OPT_CFLAGS" will do the trick

Comment 1 Daniel Berrangé 2008-07-07 09:08:37 UTC

I'd be rather wary of making this change - historically the QEMU code generator
has been very sensitive to compiler flags, breaking if you even look at it in a
funny way.

Be sure to try and complete an installation of x86_64 and i686 with it falling
back to non-KVM emulated mode, before pushing a formal build with this change

Comment 2 Mark McLoughlin 2008-07-07 09:42:09 UTC

Boot tested a KVM guest on i686 with this

Comment 3 Daniel Berrangé 2009-03-11 12:41:56 UTC

Reassigning: The kvm package no longer exists in rawhide/F11, since it is now
part of 'qemu'.

Comment 4 Daniel Berrangé 2009-03-11 12:48:58 UTC

This is still broken even with latest QEMU. The GCC command line is missing all the RPM opt flags


$ rpmbuild --eval '%{optflags}'
-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic

None of those are present in the GCC run during QEMU builds.

Comment 5 Glauber Costa 2009-03-12 13:11:20 UTC

included in last build

Comment 6 Mark McLoughlin 2009-03-25 12:00:21 UTC

* Wed Mar 11 2009 Glauber Costa <glommer> - 2:0.10-0.8.kvm20090310git
- Using RPM_OPT_FLAGS in configure

Note You need to log in before you can comment on or make changes to this bug.